_pages_current+0x18f/0x280 [ 2687.030397] ? sg_build_indirect.isra.0+0x448/0x710 [ 2687.031337] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2687.032281] ? sg_build_indirect.isra.0+0x710/0x710 [ 2687.033161] ? vprintk_func+0x93/0x140 [ 2687.033862] ? record_print_text.cold+0x16/0x16 [ 2687.034693] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2687.035557] ? trace_hardirqs_on+0x5b/0x180 [ 2687.036330] sg_write.part.0+0x69e/0xaa0 [ 2687.037048] ? sg_new_write.isra.0+0x770/0x770 [ 2687.037849] ? find_held_lock+0x2c/0x110 [ 2687.038559] ? __might_fault+0xd3/0x180 [ 2687.039245] ? lock_downgrade+0x6d0/0x6d0 [ 2687.039981] ? _cond_resched+0x12/0x80 [ 2687.040650] ? inode_security+0x107/0x140 [ 2687.041373] ? avc_policy_seqno+0x9/0x70 [ 2687.042089] ? selinux_file_permission+0x92/0x520 [ 2687.042926] ? security_file_permission+0x24e/0x570 [ 2687.043846] sg_write+0x87/0x120 [ 2687.044441] do_iter_write+0x482/0x670 [ 2687.045120] ? import_iovec+0x83/0xb0 [ 2687.045798] vfs_writev+0x1ae/0x620 [ 2687.046427] ? vfs_iter_write+0xa0/0xa0 [ 2687.047130] ? __fget_files+0x26d/0x4c0 [ 2687.047823] ? lock_downgrade+0x6d0/0x6d0 [ 2687.048541] ? find_held_lock+0x2c/0x110 [ 2687.049271] ? __fget_files+0x296/0x4c0 [ 2687.049961] ? __fget_light+0xea/0x290 [ 2687.050664] do_writev+0x139/0x300 [ 2687.051292] ? vfs_writev+0x620/0x620 [ 2687.051960] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2687.052887] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2687.053772] do_syscall_64+0x33/0x40 [ 2687.054405] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2687.055294] RIP: 0033:0x7f26a81efb19 [ 2687.055957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2687.059081] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2687.060432] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2687.061676] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2687.062890] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2687.064132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2687.065375] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2687.081319] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 12:23:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x8000000, 0x0, 0x0) 12:23:26 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {0x0, 0x0, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:23:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xa000000, 0x0, 0x0) 12:23:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x400300, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:23:26 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400), 0x0, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:23:26 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:23:26 executing program 5: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x2}, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="6744669800"/16], 0x10) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000001500)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="faffff7f000000002e2f66696c6530004d2723ce44513dc62749e4d25c87063133999edf37df28442defbfa48268184e79f25d77492cdffa5bccd4cd6cd5f215a6fac2e84637b94d6bad3552918efa66b3192e247d1e1afb2317afed1362c4bd41b8998cb1c98af24e9800c1b01c3a8a457c02de1d6b2116b646732dc32de49476d4927a768d636923b180380e113071f6e0e3966cbc9cb6e36c050d15524a5c1202d921eba4224d30c9eef444b7401d94b4e858b9a3213b96940682e2fb6483446fa4200713057603a83e417fd377d1a258ecb53621c8527239260c4c2a44faa2535a8df199fd4eb5893e02d188455371a17697ebb6c803669a8536cfa40aa1a85e511f5e4737a8183227a1d642792bac97610c03bdf5e99cb4be9d7347fe0fe1a0c91affe55b9b227fa720910dea8ccc90bdfeb80b1b67d2ddc00dff1cb0d73512a0f762f3"]) syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_POLL_ADD={0x6, 0x1, 0x0, @fd=r5, 0x0, 0x0, 0x0, {0x404}, 0x1}, 0x400) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) io_setup(0x400, &(0x7f0000000180)=0x0) io_getevents(r7, 0xffffffffffffffff, 0x0, 0x0, 0x0) io_getevents(r7, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x77359400}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = dup(r8) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) io_cancel(r7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x4, r0, &(0x7f0000000500)="8283aed682b80b0b71608a36e1786649a344ec038784b4a8fb361a77d25b78b99448361f2f71ea90622f8461f3ad13cc85ef65088c4069855b80032260d4fba8000a6d0cbd2b5da6fc828aeb591afaee6157877193fc0c7fb873fad859ab8a5ed356021c530c133c395876c2cee2b89fb86f6b06de9c86823d9fb10a086481cf7bc89b43bbf6f7f1a4a9d6e6ddca9bff978705d99699b15d3f37d2e0d3ca406138a1babc281c15d0bc6c9e9f41fc5a5710ff38624fba18e37996ab276eb2879c74cf33d6dadf2ea9cbe3a42a1db942109228f059a7f35e442608dac3d81f1c6e4501d9657bb769bb42bcdb68bd7d47709e3ecc80bd5b30f5b3d4203e8b53dad559531128768fca08a3f0749a57c45ce3d90379f86b8d6293c98a228e23756de37707ed105ac839d65e9e91bcb4f274cb5e4a38cceccfe6280ffb410e3e4c119ed3d4258dfad01251c76c3d3e2d56a8a93c5ffa5dfd3261143fdc7f5c2639aa512dca9f5c4a62e5aacbc4052d804afc4c1382c926c6334015cd3a0348387e673030e1785582a352fd66d11d465d1e03e407c19c55e915b620f717a4122f70cfee3a93d6713941ff56194dadaf69354af14a458a03557b77d17b6377b08cd9d0d3a02ee3a9b5fce97a4d34b0d2d106c68df05333237d7c5cb37e55c4857edb665ff357308c523191bb16ca616f45f9d5397f6e81739548d1ced6095e9d41a560e517354ccd1a1f502581bb42883465459a366f81ffaedcb5aa3bb70f5456c2af109791d09670cf14b4c4a468489ad60bcbd6f7bbc545e5d28593a8d97c1cab8c19ee7c4b28210f623321fd0e5ad532e2633dadcda62e2c2a23d2c4f800347a062b2cea357c15083dd274ca1361d48c834d951acd27e0fe0ae1e1e53bd788f80390954aa2f898b0c3a244519bf6f54c4aec1f95ea0596eb29ae7e6af37d1a59c704ef75cd598147bcb3a28102fd2d295e3145c204696d45c1b8ca1425065bf4931d484d62dd1069b8b02af1254593447988430b34c2463c7f261afe3eb93652d542558b96ee19756e015c543ca2501adbfde6f931c626048fd0f2e8aa353a865a0eda3a2ba990aa198e3b74a8a0999bfc71e450989c883302cabc2ce2b13bbc02b96969455cdedc86808edfe22d0e98d2413988eb778ace143bbd9e684067b74451ccaf5d367caea115426f1097fa641b2b58bafc088351041607423b99adaf083cb64ed64335f935cd14465f50c5905ddf2fa6e2a10a789c065d975837d6416ffa55822a27ef1ad4687f73a2f0c9fdc462dbcd168ec87fd9d29e855fda4307eb1ec04422e4d5a83cf01bbba921d3c3020363ead2ca8be25bfc9022dd2937d77a8bfbe41e4ecb53f08d7dcf41a6505740a79f11732810507f85eb2d3a5ec3fa75a96abb61b7669839e5f737449cd83a37dd03f1e18004d095651800676b1220081590bc6a6a08265ba91da098146a8478a554653e8125077c95f1b225347a6a6f9ca0c8f94d9871ae4ffe6cffb4b70149f30d9d8cc3d93b8f04d65265600974f7c69969143ea91b8a2a051e0ead3a3cf0c4c04e23f37f4d7c771ea10c513c5b493361a4881727d37786d14aca70fff2493eab384d8420eba47085249bb51374a1f571ff3d53711f2d61abc5dff30de20d46f21147700cc29f671059f0bf9b5616b3de26f6389d2ab2fbd0acdf340d256a28cc8eeb511100cc0fb514bcdd9cd9ef2fee9866e8d3c9b5cfc6a383b2b6ba2410a6c80cfe4cd634d273b8a6ca9f54e8d5f1410a0cd9d4f3c3d7862430ab0ee7943f54c1f7a39046b850ebb45ff6a03e2752d14b62c7c18338e71afe949471514dd79526d8b0c9de26bd42a7f408fea1c0f2b6424eeadeb8a68717f7b879f3f2b2a8d58b3f891797c94e3d2636078d439f7fa38ba638473cec5912f4b67ae472dec0cb303b4339eb7d13af544834944bcbffebf7b39d99dbb7ecc641a6ed39cd2d83f941114b2a9d33b3b4fb052c02acb3a7f1942c61a66b32506752aa4ee6b6da7e5d77c722855aeaff130646aa5233daf65048c41eaed7e1d721f0eb23b7826e6edb2f7a89a241ba3d0c468ce415622177a2d2204b46cde1551464816ef9b91ed5d13a716170d013661eda5af425b57a93d0f0fb18203fb44515a970c764b7c4a308d0d38bb2a7914936606737962da8d9623896a0df806273f90d8822f9a4a111259cd74522bd135bc543356c0ffc4d32f6e3f22ba1575bf5ffe8f84c49a541d266df539f6964a3d4c176bbb3ef9d5c6e0a8cf1d8c3fd8f0092daff703f6a479160249076cead54edc17e07d682fa039a2a3639619ee2081eacc3bfcdad3a9f303d6c1cbb192ecd6a11fbbb105cd66df67d47da82fa799ca0b269b20776f5b95034b46e67f0ab4285b6c85b1e46ac5044929b21e2adb05f090dc140839b17f4281943c7129b25f582e3732d476debe313f7f3574e01281304077c457f2e530d5ac526f20cefb75306f1ca77f60fef2a1d1325ab908ed17bd94612e83c016ca78bdb40fdbdb888500d35d544c7de1795eb99406efe3dad783e296b6d8da2bff936c4b34a976def36762fd7a9611129923a780d70a0faf283b7df78f9ef9020a3153ef430c85f73ca149cc9884d341e9683dd72b928922d3b2af8f121ca9b83dcb12f012f811f7b4d7bb5f2d19faf66bd19ddc3eb51f907956fec55127828d0d298c102e7033fc4a04bc5a0ccbe6f6d2c56738b56fa73c0b5e461c975ae020e7e4281bcd0f21ac3c7dac7e970404b16745ddcdaecb5a3dd04557a6c433f91246c1b75cdde5ace2bc40f5e56f6d5cf6616df1fcce161ed5311bcc4896066149b6edc55083f81eb35dbc8ff0da9472be1fafeeff18799772107bb589b195dace96d8795da4731ea79d18fdf8dbc3a70db62f8d39f5fab949a5f71fe21f9fc494d86711a13ca103ff7eb8484b64f82efc3379b08e5fe90644e454adab145a31b30ff6475e96fe1700e59a292396c1fa40bb373053a0d510714b9e0bd0d91ec04f9c29f53b1fd6ccf2476728a6029b8f7435d3ee9c6a20f0281ef47893d15ca435178e3b6b4080e0e0d625ab221c122757503c87cb32e885a9bba9f34bded1564b0409335c72ac05e1794765a1d7d644b5f7d88cf729594f0aac45ab4c65aafab92a8d4816c50bb63f8cbc5d38142c63994bf9752ae2f7d3cd74970d31d24a30f6e97534c3c87fb8fbbbd22b77f99bc3c8291ec232f8b39fb88d68e31b214203de4322fb35d587844baa7be83b3ba5f0afd2e0023b6bdf5e14a83df512011575264037b3b9bb1fad08a1c42e42c6866e72d607d647261cb3953fcf201ca357dd5fd1efdc2fbf1ee47b854361552a85493464e12892179feb2ece79fb47a756d8b4c968eb402f8c6d95721efb502d46f049ae45bdfc2af3b194862a0ddf8edcb78f17a22f2345d0ffe38f71f1e329f27f3d58cf0f12654030192c441d2ac115242188b41bdac7b8efc24af5768bc0b2234fb331e05efefbded9a418d687ce718e82810ac8afef4b40f3d26794d8665091668ac85976dbe4ac2f867b71be6f96a960c2d819a39b26e42dc220f119fdc93113cc40adfa237fbbb449f1fec2d2e9ccbbbc412a9f422a5fdc3629d77a1f26036b1420e09a013fc56480f212ac6f34c847718a3ce02108b20a559e13547f6e0be684422481dfc9f4ee246e1cc45927c01560ab586a4f34d01141bfb00aa12605fd0fb0dee4a94690f4f73add22eb0553e00cee3ecd1526477847bc72d70b5e548ee446a2e13ae8c6039c92010afff1ebc8a0bfe6fa9d2ef3204cce7562d7add8faf8d8207f1c4c25d4482d2d063d6ba57f23a01da6007c5115a34577b3fcbb65df68c907ccafd83a2b5046d64f9a80f1bf69a87cf035bbfe2640ccced9134df5c4566fa732c0ef635fe84afb66250a85a8f4c6239a07bcd58255319d9dd096fe099d4a934c8c10c09fd7b57cdfeb5404351cffad10a63961350bbfa3c6a917afc484493853e881250c11d1763d1519df3df86c37b5a5b76f4220ee3a26d8d2de0440e6a52fd7f4d6369162cff5aea064e55bb905fd0188c5a0b04fe606602cffe92422de511ddefd6d7a34cae15cb4f459100af6a47c3d823b70df7618c8dbb526d01f19aa9c633aefb63cde83ec8074a4b698005df0e7e177d7cae4c7815e64b1d087071d0750b422ef7cdb28bab50daadac4f7df9df0b7ab27b982578b86a00a505c322535ebab1f8fae8d2f0ac5702f48440937490d7dbc3a4ba6f3968aca9ff5279497e3e75074504eac4db5cacd0d667582ed03c0d2f2d1da3e25589447ee67f3d898da37c5f1c6726c5ea2f4b876bdb9156b056be31b954e413d820e93b7770d5e9c1c7503055dd2376248379a20df5cf9279f29850763a6a9ec9db68069f641e3039a41e6f5bd929c99cd723390ec5a9a4046cc12a857927cbdbedfb4313609b3396cbd4d0fa2bf12b8f02ce8bc3a5ec2208b7dab238751aeea175020187a0094f7d44192033d837be54d812326a10cff3aa35e6d907dc9914de1e866f8e6eb29d027f5d605d5e48f4dff5173d55d38e14641e76205d2af778c4ec0a21d6ba9b991162ef5aee604dc6d5cdf76ace89f19574b8d63e2dc0275887d6f445475eb2544101f010a4e4b5696e572537b4fec1221c6d7179d42c5a173fb8eb5c5d596f49f3939951b2ffee06b90fe137b8e85a9d9153b4d79374e26591a08d4213fc585c5333f9733626b9ddbce73ce0d5ff3fd84581aab43d21cbb4ab03dfbf090868fba0702897d525f0cdef7135f752029dbeac06fc43c275b206d20bb8bd0eb7f971661076bea5dd4626811c314d120e31a5962cdf248cf4685bbc09ff17cf572a2aab1a079bd050d9ec3f3f68e1884b1b64abf3393b2f167ba44b81b95740d562cc73f89850ef34dcf3ffe56ddb2b1fcd82b58ed969655bbeaff6aef3aa8083b8a0f254f44ec3aad90c4314329c228524e35de986a668e5c1da54901f646cc0239b5ba866d1a1faa865218f213fafc7649263c0186e8d53302d7f55a34240256f929828b0a071a1dee6c390929809add66829fe0e4ccc4a2467bf2310873c7c0aaefc4b04add17b46d311e8a382c6548fcced2a0ebd18f095f24669903b324e49be17ba88efb827e6a61158d4b62662363937ae9f55b57808465633ef1c77908b2b61286619aae93b9d361e9323999f0ea9c824422f138af01e476a57a9bde7f8f36de65d3402b06b8cdf35ac0c0c9ee9a41d436b7ed63beea2c7a8460745a67b5509c962941558e0177c6ebbc71ce97a663935221ec917ffb8e0fb28813bc752644e895fd39457864db1c43ab7506ca6c157cc062dc3de987a824616b93c2cd5a228760aba7e9fa415b366c28a743bb4ced041826eae3a0f8784a7ffb0ae61646712c02176ccd5470f229693f915ce39d4b00e480ecb691aa3d2ceb26852a547e8cb1859fcac1a10fa35b68edf102e117f66d28a326df9d4ceaa062eeae179a8d1cede3bb2a1cd5a044a6ba14539f471652c88345d1b133f265efcb4320f96ab29ccd1ff5255a37fc156386ba804d12d1c7e16fff98e8d4fcc3ec460a61ff1fc61ddc1977855cc67ad06834b2da8fdc03d74179b9a56ce651690bef5b514759a8a1546da40a4c708dd13fda0990ae364275c060c250ac85fb223342cc97f165be077aff4c8fb0f3e81d412483b8f6d6ce8912daeecc8fcb34357b1dc0a0e7a9751db5f68d67e9dcbd8b9ea279e055890809661b239d0fa44ef976cbe0360d70828c7699171a28b2e0e6cf1832bcf7ce319f6eb2987d18a843dbe1641137cce", 0x1000, 0x8001, 0x0, 0x0, r9}, &(0x7f0000000080)) 12:23:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xc000000, 0x0, 0x0) 12:23:26 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 38) 12:23:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0xf0ffff, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:23:26 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) umount2(&(0x7f0000000080)='./file0\x00', 0xc) syz_open_dev$tty20(0xc, 0x4, 0x0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0xc) [ 2687.379042] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2687.379042] program syz-executor.4 not setting count and/or reply_len properly 12:23:26 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400), 0x0, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2687.393021] FAULT_INJECTION: forcing a failure. [ 2687.393021] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2687.394208] CPU: 1 PID: 24979 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2687.394852] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2687.395633] Call Trace: [ 2687.395890] dump_stack+0x107/0x167 [ 2687.396238] should_fail.cold+0x5/0xa [ 2687.396627] copy_page_from_iter+0x40a/0x900 [ 2687.397070] blk_rq_map_user_iov+0x138b/0x1a60 [ 2687.397507] ? perf_trace_lock+0xac/0x490 [ 2687.397898] ? __lockdep_reset_lock+0x180/0x180 [ 2687.398332] ? __lockdep_reset_lock+0x180/0x180 [ 2687.398769] ? blk_rq_unmap_user+0x750/0x750 [ 2687.399191] ? find_held_lock+0x2c/0x110 [ 2687.399584] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2687.400080] ? lock_downgrade+0x6d0/0x6d0 [ 2687.400466] ? import_single_range+0x24d/0x2e0 [ 2687.400911] blk_rq_map_user+0x103/0x170 [ 2687.401316] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2687.401778] ? alloc_pages_current+0x18f/0x280 [ 2687.402213] ? sg_build_indirect.isra.0+0x448/0x710 [ 2687.402691] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2687.403201] ? sg_build_indirect.isra.0+0x710/0x710 [ 2687.403682] ? vprintk_func+0x93/0x140 [ 2687.404051] ? record_print_text.cold+0x16/0x16 [ 2687.404494] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2687.404893] ? trace_hardirqs_on+0x5b/0x180 [ 2687.405234] sg_write.part.0+0x69e/0xaa0 [ 2687.405565] ? sg_new_write.isra.0+0x770/0x770 [ 2687.405942] ? find_held_lock+0x2c/0x110 [ 2687.406260] ? __might_fault+0xd3/0x180 [ 2687.406570] ? lock_downgrade+0x6d0/0x6d0 [ 2687.406892] ? _cond_resched+0x12/0x80 [ 2687.407195] ? inode_security+0x107/0x140 [ 2687.407527] ? avc_policy_seqno+0x9/0x70 [ 2687.407845] ? selinux_file_permission+0x92/0x520 [ 2687.408225] ? security_file_permission+0x24e/0x570 [ 2687.408615] sg_write+0x87/0x120 [ 2687.408886] do_iter_write+0x482/0x670 [ 2687.409188] ? import_iovec+0x83/0xb0 [ 2687.409487] vfs_writev+0x1ae/0x620 [ 2687.409775] ? vfs_iter_write+0xa0/0xa0 [ 2687.410083] ? __fget_files+0x26d/0x4c0 [ 2687.410386] ? lock_downgrade+0x6d0/0x6d0 [ 2687.410709] ? find_held_lock+0x2c/0x110 [ 2687.411050] ? __fget_files+0x296/0x4c0 [ 2687.411373] ? __fget_light+0xea/0x290 [ 2687.411692] do_writev+0x139/0x300 [ 2687.411984] ? vfs_writev+0x620/0x620 [ 2687.412278] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2687.412681] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2687.413088] do_syscall_64+0x33/0x40 [ 2687.413378] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2687.413772] RIP: 0033:0x7f26a81efb19 [ 2687.414065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2687.415478] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2687.416073] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2687.416642] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2687.417192] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2687.417738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2687.418285] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:23:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x10000000, 0x0, 0x0) 12:23:26 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400), 0x0, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:23:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x40000000, 0x0, 0x0) 12:23:26 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='ramfs\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x81, 0x0, 0x0, 0x0, 0x5e, 0x20100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23cd072444fb8c97, @perf_config_ext={0x1, 0x8}, 0x0, 0x0, 0x0, 0xe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb98d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x300b4e2, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8914, &(0x7f0000000140)={'lo\x00'}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'gretap0\x00'}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r3, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syzkaller1\x00'}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000180)={@loopback}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8914, &(0x7f0000000140)={'lo\x00'}) sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYRESHEX=r4, @ANYRES16, @ANYBLOB="010000000000000000007e00000008000300", @ANYRES32=0x0, @ANYBLOB="6d6e09ca044e459fc753aa7728297fa689f90e8b8ef0926627986bfba2d209000000000000b22211d6cc3f97cd8950088e1fd6d3d8554bb81c3261e804728fab2b561d1d3c03b4b091ee0aa949520b04223af6a5c19000e7ffffffffffffff00"], 0x1c}}, 0x0) 12:23:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x1000000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:23:26 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 39) 12:23:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x48000000, 0x0, 0x0) [ 2687.594488] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2687.594488] program syz-executor.4 not setting count and/or reply_len properly 12:23:26 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="0300000004000000", 0x8, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2687.602772] FAULT_INJECTION: forcing a failure. [ 2687.602772] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2687.603737] CPU: 1 PID: 25067 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2687.604252] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2687.604850] Call Trace: [ 2687.605056] dump_stack+0x107/0x167 [ 2687.605330] should_fail.cold+0x5/0xa [ 2687.605620] copy_page_from_iter+0x40a/0x900 [ 2687.605952] blk_rq_map_user_iov+0x138b/0x1a60 [ 2687.606296] ? perf_trace_lock+0xac/0x490 [ 2687.606610] ? __lockdep_reset_lock+0x180/0x180 [ 2687.606958] ? __lockdep_reset_lock+0x180/0x180 [ 2687.607299] ? blk_rq_unmap_user+0x750/0x750 [ 2687.607659] ? find_held_lock+0x2c/0x110 [ 2687.607989] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2687.608382] ? lock_downgrade+0x6d0/0x6d0 [ 2687.608705] ? import_single_range+0x24d/0x2e0 [ 2687.609072] blk_rq_map_user+0x103/0x170 [ 2687.609372] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2687.609737] ? alloc_pages_current+0x18f/0x280 [ 2687.610096] ? sg_build_indirect.isra.0+0x448/0x710 [ 2687.610476] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2687.610872] ? sg_build_indirect.isra.0+0x710/0x710 [ 2687.611248] ? vprintk_func+0x93/0x140 [ 2687.611548] ? record_print_text.cold+0x16/0x16 [ 2687.611895] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2687.612263] ? trace_hardirqs_on+0x5b/0x180 [ 2687.612591] sg_write.part.0+0x69e/0xaa0 [ 2687.612897] ? sg_new_write.isra.0+0x770/0x770 [ 2687.613242] ? find_held_lock+0x2c/0x110 [ 2687.613551] ? __might_fault+0xd3/0x180 [ 2687.613841] ? lock_downgrade+0x6d0/0x6d0 [ 2687.614163] ? _cond_resched+0x12/0x80 [ 2687.614449] ? inode_security+0x107/0x140 [ 2687.614764] ? avc_policy_seqno+0x9/0x70 [ 2687.615068] ? selinux_file_permission+0x92/0x520 [ 2687.615465] ? security_file_permission+0x24e/0x570 [ 2687.615867] sg_write+0x87/0x120 [ 2687.616131] do_iter_write+0x482/0x670 [ 2687.616425] ? import_iovec+0x83/0xb0 [ 2687.616717] vfs_writev+0x1ae/0x620 [ 2687.616990] ? vfs_iter_write+0xa0/0xa0 [ 2687.617288] ? __fget_files+0x26d/0x4c0 [ 2687.617589] ? lock_downgrade+0x6d0/0x6d0 [ 2687.617893] ? find_held_lock+0x2c/0x110 [ 2687.618203] ? __fget_files+0x296/0x4c0 [ 2687.618515] ? __fget_light+0xea/0x290 [ 2687.618831] do_writev+0x139/0x300 [ 2687.619109] ? vfs_writev+0x620/0x620 [ 2687.619393] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2687.619798] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2687.620179] do_syscall_64+0x33/0x40 [ 2687.620455] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2687.620835] RIP: 0033:0x7f26a81efb19 [ 2687.621113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2687.622437] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2687.622997] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2687.623555] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2687.624107] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2687.624633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2687.625157] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:23:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x4c000000, 0x0, 0x0) 12:23:41 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10, 0x0}, 0x404c008) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup(r2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000340)=0x6c800) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x9, 0x2, 0x7, 0x0, 0x9, 0x2440, 0xcc9d3cedfc9f7956, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x48, 0x0, @perf_bp={&(0x7f0000000040)}, 0x40008, 0x7fffffff, 0x3, 0x3, 0x100, 0x100, 0x5, 0x0, 0x7fff, 0x0, 0x5}, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0x2) r4 = fcntl$dupfd(r1, 0x0, r1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14e0ffff1c00214c0000000000400000a5000200"], 0x14}}, 0x0) connect$inet6(r4, &(0x7f0000000380)={0xa, 0x4e22, 0x140000, @empty, 0x3}, 0x1c) sendmsg$NL80211_CMD_GET_WIPHY(r6, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x0, 0x2, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x4040081) sendmsg$inet6(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) 12:23:41 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, 0x0, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:23:41 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) sendmsg$NL80211_CMD_STOP_NAN(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r2, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x53}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x40) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="340056f16fbe75cad5c3aa009844a0dd7c2014a7c50d9ec0f743e60da2f08a11da49daf6dad2160bdf39de343dbb72c47a11855714fa3c8f721dafc7a17dbc5d63", @ANYRES16=r0, @ANYBLOB="010000000000000000008900000008000300806c335df852817c246a6f34cea63a2e082ff4d7b71f3b49c0621d0a55678ef882b8f44658b2572646e1f1e12fca98", @ANYRES32], 0x34}}, 0x4c004) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f0000000140)={[{@delalloc}]}) 12:23:41 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x543, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x0, 0x0) r2 = dup2(r0, r1) r3 = syz_io_uring_setup(0x1432, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000001180), &(0x7f0000000140)) mount$9p_fd(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="89c3e5d5b0b6ffc1c59ad809fd928975a2ac322e433ac5785bde5ba5ef4b158814b7cc098b08849ea23d4d87942a25ff43988f779aa7e2fa5130339bb3b3edb0a60afc2e6a0c2dc67a95f8a761518d"]) 12:23:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x2000000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:23:41 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="0300000004000000", 0x8, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:23:41 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x68000000, 0x0, 0x0) 12:23:41 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 40) [ 2702.255823] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2702.255823] program syz-executor.4 not setting count and/or reply_len properly [ 2702.265004] FAULT_INJECTION: forcing a failure. [ 2702.265004] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2702.266558] CPU: 1 PID: 25133 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2702.267331] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2702.268292] Call Trace: [ 2702.268406] 9pnet: Insufficient options for proto=fd [ 2702.268600] dump_stack+0x107/0x167 [ 2702.268624] should_fail.cold+0x5/0xa [ 2702.269923] copy_page_from_iter+0x40a/0x900 [ 2702.270442] blk_rq_map_user_iov+0x138b/0x1a60 [ 2702.270971] ? perf_trace_lock+0xac/0x490 [ 2702.271444] ? __lockdep_reset_lock+0x180/0x180 [ 2702.271985] ? __lockdep_reset_lock+0x180/0x180 [ 2702.272514] ? blk_rq_unmap_user+0x750/0x750 [ 2702.273018] ? find_held_lock+0x2c/0x110 [ 2702.273489] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2702.274087] ? lock_downgrade+0x6d0/0x6d0 [ 2702.274565] ? import_single_range+0x24d/0x2e0 [ 2702.275090] blk_rq_map_user+0x103/0x170 [ 2702.275558] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2702.276109] ? alloc_pages_current+0x18f/0x280 [ 2702.276633] ? sg_build_indirect.isra.0+0x448/0x710 [ 2702.277205] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2702.277812] ? sg_build_indirect.isra.0+0x710/0x710 [ 2702.278385] ? vprintk_func+0x93/0x140 [ 2702.278843] ? record_print_text.cold+0x16/0x16 [ 2702.279380] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2702.279964] ? trace_hardirqs_on+0x5b/0x180 [ 2702.280464] sg_write.part.0+0x69e/0xaa0 [ 2702.280930] ? sg_new_write.isra.0+0x770/0x770 [ 2702.281457] ? find_held_lock+0x2c/0x110 [ 2702.281921] ? __might_fault+0xd3/0x180 [ 2702.282374] ? lock_downgrade+0x6d0/0x6d0 [ 2702.282866] ? _cond_resched+0x12/0x80 [ 2702.283312] ? inode_security+0x107/0x140 [ 2702.283795] ? avc_policy_seqno+0x9/0x70 [ 2702.284252] ? selinux_file_permission+0x92/0x520 [ 2702.284811] ? security_file_permission+0x24e/0x570 [ 2702.285378] sg_write+0x87/0x120 [ 2702.285769] do_iter_write+0x482/0x670 [ 2702.286211] ? import_iovec+0x83/0xb0 [ 2702.286642] vfs_writev+0x1ae/0x620 [ 2702.287063] ? vfs_iter_write+0xa0/0xa0 [ 2702.287520] ? __fget_files+0x26d/0x4c0 [ 2702.287987] ? lock_downgrade+0x6d0/0x6d0 [ 2702.288455] ? find_held_lock+0x2c/0x110 [ 2702.288933] ? __fget_files+0x296/0x4c0 [ 2702.289399] ? __fget_light+0xea/0x290 [ 2702.289850] do_writev+0x139/0x300 [ 2702.290259] ? vfs_writev+0x620/0x620 [ 2702.290699] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2702.291295] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2702.291899] do_syscall_64+0x33/0x40 [ 2702.292321] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2702.292907] RIP: 0033:0x7f26a81efb19 [ 2702.293328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2702.295402] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2702.296287] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2702.297089] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2702.297895] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2702.298713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2702.299511] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:23:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x3000000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:23:41 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x6c000000, 0x0, 0x0) 12:23:41 executing program 1: preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000040)={0x9, 0x4, 0x6, 0x6d, 0x401}) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x101}, 0x4c20, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x400, 0x11) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001d00210c0000000000000000040002f5eafc0014001180809801a7b0c7dba29475f251c7ffa5624587326e21cc79f06e2edac250e5a292495cb3848342780f5a63dc67c5c3d9a7718b773915e95eb586d4395ba144a28e3bd522bedc13b085cef5ab9acfe39e15109d333abd55df0570b4f692c950f0bcbd0afa6baa63202c5a198c0f23783b7ac343b2bbbd9f67a7cc2820604b2f990a20303f6b7e003ff27564fb40e4abe298ff965aea497ae9a345f7696e8bf236ac24ce14a5c06f70ffa097e85af2cff87ed50bfb25408b58b2"], 0x28}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={0x14, 0x1d, 0xc21, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup(r2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0xca, 0x81, 0x2, 0xb8, 0x0, 0x8000, 0x20002, 0xc, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x401, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x11000, 0x9, 0xfff, 0x8, 0x7b0, 0x7, 0x1ff, 0x0, 0x4, 0x0, 0xfffffffffffffff9}, 0xffffffffffffffff, 0x6, r3, 0x0) 12:23:41 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x4000, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="177f97b28df9c604d70513be1c265d9e4f414e6eb8cb5c785fc2142b071cd78f679ced6fde70e42ed7ee9f02fd46ba3728fdf9a6a43dbab5dc7a6ce2ee35074f16b7cffdc900da5cad75994153a9256371dd99421322df942f5966227507984b0811312aa1c77d4296fda181f1ced94df90d000000"], 0x30}}, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x8000) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) fork() r1 = fork() capget(&(0x7f0000000380)={0x19980330, r1}, &(0x7f00000003c0)={0x4b, 0x3f, 0x8000, 0x4, 0x6, 0x1}) fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000380)=ANY=[], 0xa) r2 = fork() fork() ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100)=0x0) fcntl$lock(r0, 0x5, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x9, r3}) r4 = fork() ptrace$cont(0x9, r2, 0x7fffffff, 0x4) syz_80211_inject_frame(&(0x7f0000000240)=@device_b, &(0x7f0000000800)=@ctrl_frame=@ba={{}, {0x3}, @device_a, @broadcast, @basic={{0x0, 0x0, 0x0, 0x0, 0x9}, {0x5, 0x7}, "57cf630272c011587d991632bc3b7c03b005ca23b7f51316e197e66814a31f45893089b3e38e93b5ac4ece6f7bab2ed145903c7a008c3f61b187d00d0f58b1aa3d5fabc5bb8068cae8d5447bca52ee5f59ab20245d9e5d6e29cbc88311404c906acb4d92e600ec49526c40d470b424d6b0ba21e5f687cb07ec9737d4f1f54471"}}, 0x94) syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f00000008c0)=@data_frame={@qos_ht={{{@type10={{0x0, 0x2, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1}, {0x6}, @initial, @broadcast, @device_a, {0xd, 0x3}}, {0x2, 0x0, 0x3, 0x0, 0x7f}}, {@type01={{0x0, 0x2, 0xb, 0x0, 0x1, 0x0, 0x1}, {0x7194}, @device_b, @random="643d6e85945e", @from_mac, {0x4, 0x7}}, {0x8, 0x0, 0x3, 0x1, 0x4}}}, @ver_80211n={0x0, 0x9, 0x2, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1}}, @random="2bec0f2d38bf6b786519d98d94e55356246b46cff50b71a2c85818a8dadb0d231d0426ea7670d73c7f45c36355098b114439bd411b37dbb6b9fd5a91990644d01d55947eb6dbfb18ad1ba56ca52156f8efdcc60113fcef46856d0e5c2092cd31796163fd45250cc34e309eda1df79549bcb3e37ddb989034b4df265279d237847e8330d327872a897c2c20fdb9f722a6331f1421c114c8219f911c7d8f10823752a68f8cf6cc36cb6c089ddfad3754d7cec395fce4a2066e6be8d74d9007042950399775182963683a062eee6062ba58894b5640106594803f0d826acfbceb0b203c4c2e25e765250f035f4a58c5f40d4867a4070d9dff7645eca4bb5ebc917d1f8466d9776853f47e8e0e6074c9d4dd55cae8a3f0b4bb682e4183920891e4ae06795166c7d5bfbb549c2a526feaff445b42c98dd517d24e4f791ac0fab75b2bb9e2f5a806a0cd361ea4d9b0ef6d8121f21bb5a566ce887be444a229fbb86ebef6a844e74c6459f44a88d710e3d870954eb132cd32f29fb6ae5d2e164ce5de9bbd6e3a0f050d3a105d929b97dfc6f87e79fe0a2f3eae5d0f9f134d9ebc57f81bcbb214ea7d20798befcf5fae47bc3416938b48a2067629e5c5a24f182f52803232dab48acd97844dc5e00081da6c4ebf33d42a070f29dcc615b6a333983dd4eee757a63eb3db2746492ca9ffd8d37fb4bd122422d5ed07380ef4daf6acb35abed7919a74cd2403a979e9455a5017baf6bb8d0afa389734f44e2f74bdfcac366382e62c3e0d71065798c00ebd32f5f8a09524d3f82466ee32feadde7afd1da4629c65aaeac75610f414a77438db6dd4541c8e919566fc49177f5a787f86ad77ac0e0148ed65d147ed95bdd2370f4e0f92293c7739f3be06214c6230b1ebf0fc8d9a759ca93e0a2e1ffc72c18320d8f722d47ab05546e0c3f30db724359e239615d40d7dc00a39c70a2b457ff7c0134fe8f892b328e66d66fff9fd2c7f4115eead78f7898ec8133a7816647d6c10c49c3de6155790235dcc392ceb327a5412f0cc4263a8518e39b359f335b35d2bbae4080dfb7867527bfdc7d826aa38105b0ad15b4c9e1aee0bb87440acd3882e018a29816c8e7e17d3936f925036d56154410b2f530222249bff6efb7d1ed41fb705c0afd927ab0f151e74f8dafa6a07e617a0bb0215fcb41701c05927b9729a8f99fc9d5648c4803c223c26613aa069dd64a349b0d6e390e0f1339512b3b87c7b41436c1385ee6f3b1ed5de658ae6ba8541cd0fc1531a0e4521db03645095e61e86831079db26f104d333e0728e"}, 0x3d3) ptrace(0x4208, r4) [ 2702.368115] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 12:23:41 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="0300000004000000", 0x8, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:23:41 executing program 3: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup(r1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = dup(r3) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r5 = epoll_create1(0x80000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = dup(r6) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f00000000c0)={0xffffffffffffffff, 0xfffffffffffffffb, 0x1000, 0x8001}) ioctl$LOOP_SET_FD(r8, 0x4c00, r5) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40100, 0x8c) syncfs(r0) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r9, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r9, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) ioctl$BTRFS_IOC_QUOTA_RESCAN(r9, 0x4040942c, &(0x7f0000000100)={0x0, 0x5, [0x90, 0x2, 0xca, 0x3, 0x0, 0x8000]}) 12:23:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x4000000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:23:41 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 41) 12:23:41 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x74000000, 0x0, 0x0) [ 2702.580462] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2702.580462] program syz-executor.4 not setting count and/or reply_len properly [ 2702.582749] FAULT_INJECTION: forcing a failure. [ 2702.582749] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2702.583815] CPU: 0 PID: 25272 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2702.584423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2702.585155] Call Trace: [ 2702.585393] dump_stack+0x107/0x167 [ 2702.585736] should_fail.cold+0x5/0xa [ 2702.586088] copy_page_from_iter+0x40a/0x900 [ 2702.586490] blk_rq_map_user_iov+0x138b/0x1a60 [ 2702.586905] ? perf_trace_lock+0xac/0x490 [ 2702.587274] ? __lockdep_reset_lock+0x180/0x180 [ 2702.587714] ? __lockdep_reset_lock+0x180/0x180 [ 2702.588124] ? blk_rq_unmap_user+0x750/0x750 [ 2702.588520] ? find_held_lock+0x2c/0x110 [ 2702.588888] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2702.589357] ? lock_downgrade+0x6d0/0x6d0 [ 2702.589720] ? import_single_range+0x24d/0x2e0 [ 2702.590134] blk_rq_map_user+0x103/0x170 [ 2702.590497] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2702.590915] ? alloc_pages_current+0x18f/0x280 [ 2702.591330] ? sg_build_indirect.isra.0+0x448/0x710 [ 2702.591777] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2702.592255] ? sg_build_indirect.isra.0+0x710/0x710 [ 2702.592697] ? vprintk_func+0x93/0x140 [ 2702.593042] ? record_print_text.cold+0x16/0x16 [ 2702.593450] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2702.593898] ? trace_hardirqs_on+0x5b/0x180 [ 2702.594284] sg_write.part.0+0x69e/0xaa0 [ 2702.594644] ? sg_new_write.isra.0+0x770/0x770 [ 2702.595050] ? find_held_lock+0x2c/0x110 [ 2702.595413] ? __might_fault+0xd3/0x180 [ 2702.595772] ? lock_downgrade+0x6d0/0x6d0 [ 2702.596147] ? _cond_resched+0x12/0x80 [ 2702.596493] ? inode_security+0x107/0x140 [ 2702.596864] ? avc_policy_seqno+0x9/0x70 [ 2702.597225] ? selinux_file_permission+0x92/0x520 [ 2702.597653] ? security_file_permission+0x24e/0x570 [ 2702.598096] sg_write+0x87/0x120 [ 2702.598402] do_iter_write+0x482/0x670 [ 2702.598749] ? import_iovec+0x83/0xb0 [ 2702.599085] vfs_writev+0x1ae/0x620 [ 2702.599405] ? vfs_iter_write+0xa0/0xa0 [ 2702.599772] ? __fget_files+0x26d/0x4c0 [ 2702.600124] ? lock_downgrade+0x6d0/0x6d0 [ 2702.600488] ? find_held_lock+0x2c/0x110 [ 2702.600870] ? __fget_files+0x296/0x4c0 [ 2702.601238] ? __fget_light+0xea/0x290 [ 2702.601596] do_writev+0x139/0x300 [ 2702.601910] ? vfs_writev+0x620/0x620 [ 2702.602248] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2702.602706] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2702.603162] do_syscall_64+0x33/0x40 [ 2702.603485] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2702.603907] RIP: 0033:0x7f26a81efb19 [ 2702.604214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2702.605816] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2702.606477] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2702.607109] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2702.607736] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2702.608360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2702.608982] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2702.615106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 12:23:56 executing program 3: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x4f4f, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x40}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FALLOCATE={0x11, 0x59f5ee0a7c70a1ba, 0x0, @fd, 0x3, 0x0, 0x1, 0x0, 0x1, {0x0, r5}}, 0xbd53) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x5, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r7}}, 0xffffffff) bind$bt_l2cap(r6, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r6, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index, 0x0, 0x0, 0xda08, 0x0, 0x0, {0x0, r5, r6}}, 0x9) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 12:23:56 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000", 0xc, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:23:56 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, 0x0, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:23:56 executing program 5: perf_event_open(&(0x7f0000000480)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x6941091430c23080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x161001, 0x0) getdents64(r0, &(0x7f0000001400)=""/53, 0x35) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = syz_open_procfs(0x0, &(0x7f0000001080)='mountinfo\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp\x00') pread64(r2, &(0x7f0000000300)=""/166, 0xa6, 0x2) pread64(r1, &(0x7f0000000080)=""/4095, 0xfff, 0x5b) r3 = fcntl$getown(r1, 0x9) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000001240), 0x0, &(0x7f0000001280)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_none}], [{@smackfsdef={'smackfsdef', 0x3d, 'mountinfo\x00'}}, {@euid_eq}]}}) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000240), 0x141043, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000001080)='mountinfo\x00') pread64(r4, &(0x7f0000000080)=""/4095, 0xfff, 0x5b) openat(r0, &(0x7f00000011c0)='./file1\x00', 0x2a040, 0x2) ioctl$FIGETBSZ(r4, 0x2, &(0x7f0000001180)) r5 = dup2(0xffffffffffffffff, r0) perf_event_open(&(0x7f0000001100)={0x2, 0x80, 0x6, 0x1, 0x9, 0x3, 0x0, 0x4, 0x4000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x200, 0x0, @perf_bp={&(0x7f00000010c0), 0x1}, 0x1031a, 0x1, 0x401, 0x9, 0x4, 0x200, 0x3, 0x0, 0x7, 0x0, 0x4}, r3, 0x8, r5, 0x2) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="408c0f00000b222c5b05ed889da825000000000000", @ANYBLOB="00f700"], 0x340}, 0x1, 0x0, 0x0, 0x80c8}, 0x0) 12:23:56 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 42) 12:23:56 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x5000000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:23:56 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x7a000000, 0x0, 0x0) 12:23:56 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3875, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r3, 0x0}, 0x0) syz_io_uring_setup(0x7bb8, &(0x7f0000000080)={0x0, 0xac02, 0x20, 0x2, 0x1e3, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000140), &(0x7f0000000180)=0x0) r5 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) syz_io_uring_submit(r1, r4, &(0x7f0000000240)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, r5}}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4, 0x0, 0x0) [ 2717.673441] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2717.673441] program syz-executor.4 not setting count and/or reply_len properly [ 2717.685366] FAULT_INJECTION: forcing a failure. [ 2717.685366] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2717.687260] CPU: 1 PID: 25299 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2717.688370] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2717.689684] Call Trace: [ 2717.690106] dump_stack+0x107/0x167 [ 2717.690704] should_fail.cold+0x5/0xa [ 2717.691347] copy_page_from_iter+0x40a/0x900 [ 2717.692099] blk_rq_map_user_iov+0x138b/0x1a60 [ 2717.692872] ? perf_trace_lock+0xac/0x490 [ 2717.693562] ? __lockdep_reset_lock+0x180/0x180 [ 2717.694336] ? __lockdep_reset_lock+0x180/0x180 [ 2717.695110] ? blk_rq_unmap_user+0x750/0x750 [ 2717.695844] ? find_held_lock+0x2c/0x110 [ 2717.696531] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2717.697414] ? lock_downgrade+0x6d0/0x6d0 [ 2717.698081] ? import_single_range+0x24d/0x2e0 [ 2717.698848] blk_rq_map_user+0x103/0x170 [ 2717.699527] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2717.700333] ? alloc_pages_current+0x18f/0x280 [ 2717.701086] ? sg_build_indirect.isra.0+0x448/0x710 [ 2717.701924] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2717.702812] ? sg_build_indirect.isra.0+0x710/0x710 [ 2717.703641] ? vprintk_func+0x93/0x140 [ 2717.703808] 9pnet: Insufficient options for proto=fd [ 2717.704310] ? record_print_text.cold+0x16/0x16 [ 2717.705974] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2717.706821] ? trace_hardirqs_on+0x5b/0x180 [ 2717.707543] sg_write.part.0+0x69e/0xaa0 [ 2717.708234] ? sg_new_write.isra.0+0x770/0x770 [ 2717.708997] ? find_held_lock+0x2c/0x110 [ 2717.709687] ? __might_fault+0xd3/0x180 [ 2717.710351] ? lock_downgrade+0x6d0/0x6d0 [ 2717.711060] ? _cond_resched+0x12/0x80 [ 2717.711712] ? inode_security+0x107/0x140 [ 2717.712411] ? avc_policy_seqno+0x9/0x70 [ 2717.713092] ? selinux_file_permission+0x92/0x520 [ 2717.713917] ? security_file_permission+0x24e/0x570 [ 2717.714759] sg_write+0x87/0x120 [ 2717.715331] do_iter_write+0x482/0x670 [ 2717.715992] ? import_iovec+0x83/0xb0 [ 2717.716642] vfs_writev+0x1ae/0x620 [ 2717.717256] ? vfs_iter_write+0xa0/0xa0 [ 2717.717960] ? __fget_files+0x26d/0x4c0 [ 2717.717986] ? lock_downgrade+0x6d0/0x6d0 [ 2717.718003] ? find_held_lock+0x2c/0x110 [ 2717.718040] ? __fget_files+0x296/0x4c0 [ 2717.718075] ? __fget_light+0xea/0x290 [ 2717.721378] do_writev+0x139/0x300 [ 2717.721977] ? vfs_writev+0x620/0x620 [ 2717.722613] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2717.723473] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2717.724354] do_syscall_64+0x33/0x40 [ 2717.724974] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2717.725825] RIP: 0033:0x7f26a81efb19 [ 2717.726438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2717.729428] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2717.730684] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2717.731865] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2717.733052] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2717.734236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2717.735416] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:23:57 executing program 5: r0 = signalfd(0xffffffffffffffff, 0x0, 0x0) fcntl$setpipe(r0, 0x407, 0x4) r1 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="eb9a"]) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x9, 0x0) ioctl$EVIOCSABS20(r3, 0x401845e0, &(0x7f0000000100)={0x3, 0xfff, 0x7fffffff, 0x81, 0x5, 0xefd}) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r2, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYBLOB="02090000000000000101000740000000000e20090005000000000000000000000000000000a000000000000000040000000000000003000000000000000300000000000000060000eb00000000c204000000000000000000", @ANYRESHEX, @ANYRESDEC, @ANYRES16=r3], 0x58) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002700)='/proc/stat\x00', 0x0, 0x0) close(0xffffffffffffffff) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) fcntl$addseals(r0, 0x409, 0x1) openat(r4, &(0x7f0000000140)='./file0\x00', 0x204000, 0xb2e7ed7a8340d36f) r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendfile(r5, r4, &(0x7f0000000040)=0xb, 0x80000001) openat(r4, &(0x7f00000001c0)='./file0\x00', 0x40000, 0xc0) socket$nl_generic(0x10, 0x3, 0x10) r6 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FITRIM(r6, 0xc0185879, &(0x7f00000000c0)={0x0, 0xfffefffffffffffd}) 12:23:57 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xa1ffffff, 0x0, 0x0) 12:23:57 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x6000000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:23:57 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000", 0xc, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:24:11 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={0x14, 0x1d, 0xc21, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}}, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000040)=0x4, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000880)={0x14, 0x42, 0x69844ea0a6ddcd11, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0) 12:24:11 executing program 3: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x4f4f, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x40}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FALLOCATE={0x11, 0x59f5ee0a7c70a1ba, 0x0, @fd, 0x3, 0x0, 0x1, 0x0, 0x1, {0x0, r5}}, 0xbd53) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x5, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r7}}, 0xffffffff) bind$bt_l2cap(r6, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r6, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index, 0x0, 0x0, 0xda08, 0x0, 0x0, {0x0, r5, r6}}, 0x9) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 12:24:11 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000", 0xc, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:24:11 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 43) 12:24:11 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xe7000000, 0x0, 0x0) 12:24:11 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x7000000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:24:11 executing program 5: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000", 0xc, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:24:11 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, 0x0, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:24:11 executing program 3: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x4f4f, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x40}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FALLOCATE={0x11, 0x59f5ee0a7c70a1ba, 0x0, @fd, 0x3, 0x0, 0x1, 0x0, 0x1, {0x0, r5}}, 0xbd53) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x5, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r7}}, 0xffffffff) bind$bt_l2cap(r6, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r6, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index, 0x0, 0x0, 0xda08, 0x0, 0x0, {0x0, r5, r6}}, 0x9) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2732.522209] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2732.522209] program syz-executor.4 not setting count and/or reply_len properly [ 2732.524343] FAULT_INJECTION: forcing a failure. [ 2732.524343] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2732.525436] CPU: 0 PID: 25432 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2732.526077] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2732.526824] Call Trace: [ 2732.527070] dump_stack+0x107/0x167 [ 2732.527401] should_fail.cold+0x5/0xa [ 2732.527767] copy_page_from_iter+0x40a/0x900 [ 2732.528195] blk_rq_map_user_iov+0x138b/0x1a60 [ 2732.528614] ? perf_trace_lock+0xac/0x490 [ 2732.528978] ? __lockdep_reset_lock+0x180/0x180 [ 2732.529400] ? __lockdep_reset_lock+0x180/0x180 [ 2732.529819] ? blk_rq_unmap_user+0x750/0x750 [ 2732.530224] ? find_held_lock+0x2c/0x110 [ 2732.530603] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2732.531083] ? lock_downgrade+0x6d0/0x6d0 [ 2732.531457] ? import_single_range+0x24d/0x2e0 [ 2732.531870] blk_rq_map_user+0x103/0x170 [ 2732.532250] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2732.532690] ? alloc_pages_current+0x18f/0x280 [ 2732.533101] ? sg_build_indirect.isra.0+0x448/0x710 [ 2732.533559] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2732.534039] ? sg_build_indirect.isra.0+0x710/0x710 [ 2732.534488] ? vprintk_func+0x93/0x140 [ 2732.534849] ? record_print_text.cold+0x16/0x16 [ 2732.535276] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2732.535741] ? trace_hardirqs_on+0x5b/0x180 [ 2732.536150] sg_write.part.0+0x69e/0xaa0 [ 2732.536520] ? sg_new_write.isra.0+0x770/0x770 [ 2732.536935] ? find_held_lock+0x2c/0x110 [ 2732.537307] ? __might_fault+0xd3/0x180 [ 2732.537671] ? lock_downgrade+0x6d0/0x6d0 [ 2732.538050] ? _cond_resched+0x12/0x80 [ 2732.538404] ? inode_security+0x107/0x140 [ 2732.538782] ? avc_policy_seqno+0x9/0x70 [ 2732.539149] ? selinux_file_permission+0x92/0x520 [ 2732.539585] ? security_file_permission+0x24e/0x570 [ 2732.540038] sg_write+0x87/0x120 [ 2732.540359] do_iter_write+0x482/0x670 [ 2732.540722] ? import_iovec+0x83/0xb0 [ 2732.541074] vfs_writev+0x1ae/0x620 [ 2732.541410] ? vfs_iter_write+0xa0/0xa0 [ 2732.541775] ? __fget_files+0x26d/0x4c0 [ 2732.542139] ? lock_downgrade+0x6d0/0x6d0 [ 2732.542518] ? find_held_lock+0x2c/0x110 [ 2732.542899] ? __fget_files+0x296/0x4c0 [ 2732.543268] ? __fget_light+0xea/0x290 [ 2732.543628] do_writev+0x139/0x300 [ 2732.543954] ? vfs_writev+0x620/0x620 [ 2732.544309] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2732.544786] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2732.545260] do_syscall_64+0x33/0x40 [ 2732.545602] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2732.546072] RIP: 0033:0x7f26a81efb19 [ 2732.546414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2732.548058] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2732.548759] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2732.549394] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2732.550041] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2732.550681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2732.551318] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2732.557823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2732.605372] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue 12:24:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xfeffffff, 0x0, 0x0) 12:24:26 executing program 3: r0 = creat(0x0, 0x0) open_by_handle_at(r0, 0x0, 0x0) ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000000)={0x6, 0x5, 0x1}) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x3, 0x2, &(0x7f0000000100)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x100000000}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[]) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000340)={0x3}) chdir(&(0x7f0000000040)='./file0\x00') perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pwrite64(r1, &(0x7f00000000c0)="04", 0x1, 0x3ff03) 12:24:26 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 44) 12:24:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x9000000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:24:26 executing program 1: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x4f4f, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x40}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FALLOCATE={0x11, 0x59f5ee0a7c70a1ba, 0x0, @fd, 0x3, 0x0, 0x1, 0x0, 0x1, {0x0, r5}}, 0xbd53) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x5, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r7}}, 0xffffffff) bind$bt_l2cap(r6, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r6, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index, 0x0, 0x0, 0xda08, 0x0, 0x0, {0x0, r5, r6}}, 0x9) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 12:24:26 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d400", 0xe, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:24:26 executing program 5: r0 = epoll_create1(0x80000) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup3(r0, r1, 0x80000) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="340002000000010000000000000000000000000008000000faffff7418000080fe000d00fc0200"/52], 0x34}}, 0x4040) write$bt_hci(r1, &(0x7f00000001c0)={0x1, @le_set_ext_adv_enable={{0x2039, 0x6a}, {0x0, 0x6, "0f8dc11b1c002f7a900da45c61e076f6ed761d698970354781f9fdb8ec3675a926bc8ae947d9d473663c8a02ad03414b6ab490623b512af716dc78900e7400fe67c495c4d8d427efb05065c558cfa6ef8d1637016cb6a76aa826d39152974fc18fa2a8fd8c9cb280"}}}, 0x6e) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa04}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="580000d2ad947480e940b8fe5d8b5601b000020200000000000000000000050000094400018014000180080001000a01010208000200ac1e01010c000280050001000500010000000000060003400004"], 0x58}, 0x1, 0x0, 0x0, 0x20000010}, 0x4011) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup(r2) ioctl$sock_bt_hci(r3, 0x400448e3, &(0x7f0000000280)="826497db066820f81305a2099eb9f514936de8d4b01e90f89327118528d0f84947cf5142b4575dd63471a4341f2faf7bbefaf683bf111df81faffe46b5befe5f2ce9c9c2e53c877aac716ac3cd03cfcde9676f53da99f7cb7926117be7490794876e1f5dda47") 12:24:26 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0), 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) [ 2747.173862] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2747.173862] program syz-executor.4 not setting count and/or reply_len properly [ 2747.196924] FAULT_INJECTION: forcing a failure. [ 2747.196924] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2747.198967] CPU: 1 PID: 25568 Comm: syz-executor.4 Not tainted 5.10.209 #1 12:24:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xffffffa1, 0x0, 0x0) [ 2747.200100] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2747.201647] Call Trace: [ 2747.202087] dump_stack+0x107/0x167 [ 2747.202689] should_fail.cold+0x5/0xa [ 2747.203319] copy_page_from_iter+0x40a/0x900 [ 2747.204053] blk_rq_map_user_iov+0x138b/0x1a60 [ 2747.204822] ? perf_trace_lock+0xac/0x490 [ 2747.205503] ? __lockdep_reset_lock+0x180/0x180 [ 2747.206270] ? __lockdep_reset_lock+0x180/0x180 [ 2747.207033] ? blk_rq_unmap_user+0x750/0x750 [ 2747.207759] ? find_held_lock+0x2c/0x110 [ 2747.208441] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2747.209311] ? lock_downgrade+0x6d0/0x6d0 [ 2747.209992] ? import_single_range+0x24d/0x2e0 [ 2747.210746] blk_rq_map_user+0x103/0x170 [ 2747.211412] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2747.212187] ? alloc_pages_current+0x18f/0x280 [ 2747.212944] ? sg_build_indirect.isra.0+0x448/0x710 [ 2747.213772] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2747.214640] ? sg_build_indirect.isra.0+0x710/0x710 [ 2747.215457] ? vprintk_func+0x93/0x140 [ 2747.216100] ? record_print_text.cold+0x16/0x16 [ 2747.216848] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2747.217673] ? trace_hardirqs_on+0x5b/0x180 [ 2747.218373] sg_write.part.0+0x69e/0xaa0 [ 2747.219046] ? sg_new_write.isra.0+0x770/0x770 [ 2747.219781] ? find_held_lock+0x2c/0x110 [ 2747.220465] ? __might_fault+0xd3/0x180 [ 2747.221095] ? lock_downgrade+0x6d0/0x6d0 [ 2747.221798] ? _cond_resched+0x12/0x80 [ 2747.222417] ? inode_security+0x107/0x140 [ 2747.223101] ? avc_policy_seqno+0x9/0x70 [ 2747.223773] ? selinux_file_permission+0x92/0x520 [ 2747.224587] ? security_file_permission+0x24e/0x570 [ 2747.225412] sg_write+0x87/0x120 [ 2747.225980] do_iter_write+0x482/0x670 [ 2747.226627] ? import_iovec+0x83/0xb0 [ 2747.227261] vfs_writev+0x1ae/0x620 [ 2747.227863] ? vfs_iter_write+0xa0/0xa0 [ 2747.228521] ? __fget_files+0x26d/0x4c0 [ 2747.229179] ? lock_downgrade+0x6d0/0x6d0 [ 2747.229857] ? find_held_lock+0x2c/0x110 [ 2747.230515] ? __fget_files+0x296/0x4c0 [ 2747.231187] ? __fget_light+0xea/0x290 [ 2747.231834] do_writev+0x139/0x300 [ 2747.232428] ? vfs_writev+0x620/0x620 [ 2747.233062] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2747.233915] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2747.234771] do_syscall_64+0x33/0x40 [ 2747.235380] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2747.236218] RIP: 0033:0x7f26a81efb19 [ 2747.236839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2747.239822] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2747.241046] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2747.242215] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2747.243381] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2747.244557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2747.245719] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:24:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xfffffffe, 0x0, 0x0) 12:24:26 executing program 5: r0 = perf_event_open(&(0x7f00000009c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x6010, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x6}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000140)=0x7f, 0x4) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) sendmsg$inet(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10, 0x0}, 0x404c008) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$inet6(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000bc0)='+', 0x1fc0}], 0x1}, 0x0) write(r2, &(0x7f0000000380)="071e9f7358ec922343d9786f7c2147c81e6890a8016fb53a5ffc4951d0a6a9f38dda8a9bae8f6f3750405ca0111cc8069cb8ebd8c8564cc6aff4e3631e4eb8ebf43b0e3a61bb5878257df934ab1c2df75a49f4d39cf7effe02c00c95f02860e708", 0x61) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') readv(r3, &(0x7f0000000840)=[{&(0x7f0000000400)=""/190}, {&(0x7f00000004c0)=""/203}, {&(0x7f00000005c0)=""/252}, {&(0x7f0000000180)=""/6}, {&(0x7f0000000c00)=""/4096}, {&(0x7f00000006c0)=""/146}, {&(0x7f0000000780)=""/140}], 0x1000027f) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lseek(r0, 0xffffffff, 0x4) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x173000, 0x0) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x100000, &(0x7f0000000440)=ANY=[]) sendmsg$inet6(r2, &(0x7f0000000940)={&(0x7f0000000240)={0xa, 0x4e24, 0x80, @dev={0xfe, 0x80, '\x00', 0x23}, 0x7}, 0x1c, &(0x7f0000000900)=[{&(0x7f00000008c0)="f280874127d9ba", 0x7}], 0x1}, 0x7afb926527da743b) mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000001e00)={{0x7f, 0x45, 0x4c, 0x46, 0xf9, 0xfc, 0x7, 0xc0, 0x5, 0x2, 0x6, 0x2, 0x23f, 0x40, 0x34a, 0x5, 0x3f, 0x38, 0x2, 0x0, 0x2, 0x5}, [{0x3, 0x9, 0x1000, 0x81, 0x7, 0x80000001, 0x7, 0x8}, {0x4, 0x1, 0x804, 0x9, 0x1000, 0x100000001, 0x5, 0x4}], "f88b37bd764df2cadaa7850aa1ca15dddedc90b4f532ea13a2ff7cf283923d030c886578", ['\x00']}, 0x1d4) mount$bind(&(0x7f0000000980)='./file0/../file0\x00', &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x2013c1a, 0x0) 12:24:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0xf000000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:24:26 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d400", 0xe, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:24:26 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x58, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x2800018, &(0x7f0000000240)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') perf_event_open(&(0x7f0000001d80)={0x1, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) llistxattr(0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fadvise64(r0, 0x0, 0x0, 0x1) r1 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x0, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) openat(r1, &(0x7f0000000200)='./file1\x00', 0xb00, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x220000, 0x10) ioctl$SG_IO(r4, 0x2285, 0x0) unlinkat(r4, &(0x7f00000001c0)='./file1\x00', 0x0) sendfile(r2, r3, 0x0, 0x100000001) 12:24:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x20000000000000, 0x0, 0x0) 12:24:26 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0), 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) [ 2747.416462] audit: type=1326 audit(1708431866.664:344): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25690 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2748.248697] audit: type=1326 audit(1708431867.496:345): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25690 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:24:40 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x1e040000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:24:40 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d400", 0xe, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:24:40 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x100000000000000, 0x0, 0x0) 12:24:40 executing program 3: sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, 0x0, 0x0) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x20ff, &(0x7f0000000080)={0x0, 0xd52, 0x10}, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) io_uring_enter(r1, 0x1d99, 0xd4e7, 0x3, &(0x7f0000000140)={[0x3]}, 0x8) pread64(0xffffffffffffffff, &(0x7f00000001c0)=""/122, 0x7a, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x2) io_setup(0x3e3, &(0x7f0000000580)=0x0) io_submit(r3, 0x3, &(0x7f0000000540)=[&(0x7f0000000080)={0x4004800, 0x500, 0x0, 0x0, 0x0, r2, 0x0}, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000340)}]) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) 12:24:40 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000240)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') mount$cgroup(0x0, 0x0, &(0x7f0000000100), 0x180010, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) rename(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file2\x00') r1 = creat(&(0x7f0000000200)='./file1\x00', 0x2) chroot(&(0x7f0000000280)='./file2\x00') r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) signalfd(r0, &(0x7f0000000480)={[0x7]}, 0x8) fcntl$dupfd(0xffffffffffffffff, 0x0, r2) r3 = openat(r1, &(0x7f0000001a00)='./file1\x00', 0x42, 0x4) io_setup(0x5, &(0x7f0000000040)=0x0) chroot(&(0x7f0000000440)='./file2\x00') io_submit(r4, 0x1, &(0x7f00000008c0)=[&(0x7f0000000200)={0x0, 0x0, 0x5, 0x0, 0x0, r3, 0x0}]) openat$incfs(r3, &(0x7f0000000300)='.pending_reads\x00', 0xc6000, 0x8) unlink(&(0x7f0000000340)='./file2\x00') openat(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x410000, 0x1c) stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)) 12:24:40 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 45) 12:24:40 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0), 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:24:40 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, 0x0, 0x0) readv(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f00000004c0)={0x150, r1, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0xd0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6da}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc736}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x446b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x6c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffff8001}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "a32ed3e78c7c4dc55414d6171bbfac9d9fc2a2737cb3ac039420e781754ae1cdfd"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x79e}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x1}, 0x4008000) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x94, r1, 0x800, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x26}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffff80000000}, @TIPC_NLA_NET_ID={0x8}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x20040000}, 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x121341, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) [ 2761.415112] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2761.415112] program syz-executor.4 not setting count and/or reply_len properly [ 2761.424974] audit: type=1326 audit(1708431880.672:346): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25813 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2761.438296] FAULT_INJECTION: forcing a failure. [ 2761.438296] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2761.440019] CPU: 0 PID: 25814 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2761.440960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2761.442062] Call Trace: [ 2761.442534] dump_stack+0x107/0x167 [ 2761.442556] should_fail.cold+0x5/0xa [ 2761.442577] copy_page_from_iter+0x40a/0x900 [ 2761.442604] blk_rq_map_user_iov+0x138b/0x1a60 [ 2761.442629] ? perf_trace_lock+0xac/0x490 [ 2761.442646] ? __lockdep_reset_lock+0x180/0x180 [ 2761.442663] ? __lockdep_reset_lock+0x180/0x180 [ 2761.442679] ? blk_rq_unmap_user+0x750/0x750 [ 2761.442700] ? find_held_lock+0x2c/0x110 [ 2761.442723] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2761.442738] ? lock_downgrade+0x6d0/0x6d0 [ 2761.442750] ? import_single_range+0x24d/0x2e0 [ 2761.442771] blk_rq_map_user+0x103/0x170 [ 2761.442789] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2761.442807] ? alloc_pages_current+0x18f/0x280 [ 2761.442826] ? sg_build_indirect.isra.0+0x448/0x710 [ 2761.442853] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2761.442880] ? sg_build_indirect.isra.0+0x710/0x710 [ 2761.442900] ? vprintk_func+0x93/0x140 [ 2761.442919] ? record_print_text.cold+0x16/0x16 [ 2761.442940] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2761.442953] ? trace_hardirqs_on+0x5b/0x180 [ 2761.442981] sg_write.part.0+0x69e/0xaa0 [ 2761.443000] ? sg_new_write.isra.0+0x770/0x770 [ 2761.443021] ? find_held_lock+0x2c/0x110 [ 2761.443042] ? __might_fault+0xd3/0x180 [ 2761.443057] ? lock_downgrade+0x6d0/0x6d0 [ 2761.443085] ? _cond_resched+0x12/0x80 [ 2761.443099] ? inode_security+0x107/0x140 [ 2761.443124] ? avc_policy_seqno+0x9/0x70 [ 2761.462322] ? selinux_file_permission+0x92/0x520 [ 2761.463107] serio: Serial port tty27 [ 2761.463656] ? security_file_permission+0x24e/0x570 [ 2761.463681] sg_write+0x87/0x120 [ 2761.463704] do_iter_write+0x482/0x670 [ 2761.463729] ? import_iovec+0x83/0xb0 [ 2761.463752] vfs_writev+0x1ae/0x620 [ 2761.466789] ? vfs_iter_write+0xa0/0xa0 [ 2761.467359] ? __fget_files+0x26d/0x4c0 [ 2761.468017] ? lock_downgrade+0x6d0/0x6d0 [ 2761.468618] ? find_held_lock+0x2c/0x110 [ 2761.469296] ? __fget_files+0x296/0x4c0 [ 2761.469889] ? __fget_light+0xea/0x290 [ 2761.470537] do_writev+0x139/0x300 [ 2761.471011] ? vfs_writev+0x620/0x620 [ 2761.471519] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2761.472390] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2761.473137] do_syscall_64+0x33/0x40 [ 2761.473748] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2761.474479] RIP: 0033:0x7f26a81efb19 [ 2761.475093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2761.477500] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2761.478743] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2761.479683] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2761.480631] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2761.481552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2761.482461] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:24:40 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:24:40 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x9effffff, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2761.551680] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=25820 comm=syz-executor.1 [ 2761.556161] serio: Serial port tty27 12:24:40 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0xf0ffffff, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:24:40 executing program 3: sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, 0x0, 0x0) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x20ff, &(0x7f0000000080)={0x0, 0xd52, 0x10}, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) io_uring_enter(r1, 0x1d99, 0xd4e7, 0x3, &(0x7f0000000140)={[0x3]}, 0x8) pread64(0xffffffffffffffff, &(0x7f00000001c0)=""/122, 0x7a, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x2) io_setup(0x3e3, &(0x7f0000000580)=0x0) io_submit(r3, 0x3, &(0x7f0000000540)=[&(0x7f0000000080)={0x4004800, 0x500, 0x0, 0x0, 0x0, r2, 0x0}, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000340)}]) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) 12:24:40 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 46) 12:24:40 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:24:41 executing program 5: perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x8b244, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x1000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_SPLICE={0x1e, 0x1, 0x0, @fd_index=0x4, 0x8, {0x0, r2}, 0xbc, 0x4, 0x0, {0x0, 0x0, r1}}, 0x9) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 2761.782027] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2761.782027] program syz-executor.4 not setting count and/or reply_len properly [ 2761.806675] serio: Serial port tty27 [ 2761.817077] FAULT_INJECTION: forcing a failure. [ 2761.817077] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2761.818380] CPU: 0 PID: 25940 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2761.819120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2761.820006] Call Trace: [ 2761.820298] dump_stack+0x107/0x167 [ 2761.820717] should_fail.cold+0x5/0xa [ 2761.821133] copy_page_from_iter+0x40a/0x900 [ 2761.821623] blk_rq_map_user_iov+0x138b/0x1a60 [ 2761.822125] ? perf_trace_lock+0xac/0x490 [ 2761.822573] ? __lockdep_reset_lock+0x180/0x180 [ 2761.823072] ? __lockdep_reset_lock+0x180/0x180 [ 2761.823578] ? blk_rq_unmap_user+0x750/0x750 [ 2761.824059] ? find_held_lock+0x2c/0x110 [ 2761.824517] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2761.825094] ? lock_downgrade+0x6d0/0x6d0 [ 2761.825540] ? import_single_range+0x24d/0x2e0 [ 2761.826038] blk_rq_map_user+0x103/0x170 [ 2761.826482] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2761.826990] ? alloc_pages_current+0x18f/0x280 [ 2761.827488] ? sg_build_indirect.isra.0+0x448/0x710 [ 2761.828039] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2761.828624] ? sg_build_indirect.isra.0+0x710/0x710 [ 2761.829170] ? vprintk_func+0x93/0x140 [ 2761.829597] ? record_print_text.cold+0x16/0x16 [ 2761.830106] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2761.830649] ? trace_hardirqs_on+0x5b/0x180 [ 2761.831133] sg_write.part.0+0x69e/0xaa0 [ 2761.831588] ? sg_new_write.isra.0+0x770/0x770 [ 2761.832089] ? find_held_lock+0x2c/0x110 [ 2761.832546] ? __might_fault+0xd3/0x180 [ 2761.832981] ? lock_downgrade+0x6d0/0x6d0 [ 2761.833439] ? _cond_resched+0x12/0x80 [ 2761.833860] ? inode_security+0x107/0x140 [ 2761.834306] ? avc_policy_seqno+0x9/0x70 [ 2761.834741] ? selinux_file_permission+0x92/0x520 [ 2761.835270] ? security_file_permission+0x24e/0x570 [ 2761.835818] sg_write+0x87/0x120 [ 2761.836195] do_iter_write+0x482/0x670 [ 2761.836634] ? import_iovec+0x83/0xb0 [ 2761.837053] vfs_writev+0x1ae/0x620 [ 2761.837455] ? vfs_iter_write+0xa0/0xa0 [ 2761.837881] ? __fget_files+0x26d/0x4c0 [ 2761.838313] ? lock_downgrade+0x6d0/0x6d0 [ 2761.838768] ? find_held_lock+0x2c/0x110 [ 2761.839216] ? __fget_files+0x296/0x4c0 [ 2761.839661] ? __fget_light+0xea/0x290 [ 2761.840094] do_writev+0x139/0x300 [ 2761.840488] ? vfs_writev+0x620/0x620 [ 2761.840910] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2761.841466] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2761.842030] do_syscall_64+0x33/0x40 [ 2761.842434] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2761.842994] RIP: 0033:0x7f26a81efb19 [ 2761.843399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2761.845369] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2761.846186] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2761.846950] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2761.847714] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2761.848478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2761.849242] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:24:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0xfffff000, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:24:41 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) [ 2762.028220] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=25976 comm=syz-executor.1 [ 2762.258270] audit: type=1326 audit(1708431881.506:347): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=25813 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:24:56 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x114, 0x22, 0x200, 0x70bd27, 0x25dfdbff, {0x15}, [@generic="8c7757a5cadf32f6a421e8ebb0e509c2abd67ee0c12934f1abd0aa", @generic="eb67f07f38f30fd56090d50e73021b2e5db61cf8eb4746f18d965b362d1daceef1fdbd20309d4858b8086cff33fa2d57d07a76586bfec9d769dd6deae28c41823597eea90538b409466e7153873ee9562b95e6fec39347ab01225abfbe44f45fc00492e13c3358d55abc41f7a6fe43945a5b1179e0ab6bb4aa6381ee14dac8ffbc5745936f2894a6d20ecf4ee4a796b651b3facd83abd69d274ba2261359f8798aa05c14b246d77f20c97d82d1840420db2e12ac02cddbeac7c518074bd6f14b15f0ef6402c67d7864ccd73fcbe3c2a4f72453c9c6ea8d804e47a8de05da548d62ffa721c0"]}, 0x114}, 0x1, 0x0, 0x0, 0x4008010}, 0x40000c0) syncfs(r0) 12:24:56 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x200000000000000, 0x0, 0x0) 12:24:56 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:24:56 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 47) 12:24:56 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:24:56 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0xffffff7f, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:24:56 executing program 5: r0 = socket$inet(0x2, 0x3, 0x80) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000000), 0x400000d, 0x100000000000000) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000180)={@private=0xa010100, @remote, r1}, 0xc) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000580)={&(0x7f0000000400)={0x170, 0x0, 0x4, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xd0, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xba, 0x5, "c4fe7465c396ab30e0f95f50b6acc8f7a46ed402b6bfe60db83d93a92cd6cb27d570e78a3ec7571a3752b043377d16e654905283ae200e6363141e718d2297f3f24fba9e3f700fc9ce7dac87b70da0780cb2802fff0a7b2cf46bc177bddf5816cc5fe64b7c0e198a28b4014013207bc1576fae6d92495dfd01656fbe310c824df9409c452375b5a5d716ea5a52b099662b16d688d1c7ff5e4035055e089eabfd701d11d5b69b7a4f2d42384b932ef57486e6d5fdd49c"}, @ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}]}]}]}, @ETHTOOL_A_DEBUG_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}]}, @ETHTOOL_A_DEBUG_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x40880}, 0x80c0) epoll_create(0x7ffd) socket$inet6_udplite(0xa, 0x2, 0x88) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0xc}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c40)=ANY=[@ANYBLOB="240700002600010100000000000000000000000010070080a0823ab4d171784e7421e5a515bcf596f53000b41360badf5763dd357e2c27e6853680f63da96332b0d998d47191a93e10a92e32736db0a2b8e22e6db2f1837e8408bdf46095e2b07f8895092a4e7319a289943028967f6054cd0758de52859f2fa8155d007376c83d00df638fd4fe266ab5384bad204b12ad8cac7e91da4a9f26b70cdade62e70e7c4f9baaa1943f6a03215f4899d9e6056ec2a2a316ac8e2aff612cd1cbce2b4a8c0f89f8bb044e8ed4f290260f2013cad60c144e1c6899ad590e903dafa8e3fba40b6cb0afa70c4c59f5e9d2ef16b01d748057d8419df2f26d8dac27f994400c4dff4fd3ea4071f4a9dcc353484bd8c0ad0a5d09c8a9ef75ebe9886e3ea7be3da83f969755dd35e93ee592bc7bb2a83d9ae49ce0d03e8ce24f8ec14c60869e01ad31a156de2c24ea7b9311cf203d31a1457c2288e8ba77cb967aeffbdc59a15992d536d13de6bd127e74402e7077974e32c3fbb5d9e6b48ee60cb49cd99b86c529460137b6e06636129a3211f2b9a700b84e39b08ddd6aff60dd6b813dc6f77fcab6c947f20ca632eacaa7937cfb58fe981bab41cf440894ccfe1da8e7a2c83c636b78a7731fd3495c1bf89fff8c297b8cfe41e334a9e997a61a761d410de787cf6d7c1061a591782f0a6d0379b0d511dc15b7dde2f8adbbab24f6b790e38b6e935679587c80cb5be17ab91c9ff07962a155dd34333695ec066ece51eb05c4ff1aff6080f0aa2a8662ce798ee5f2a63197b105d3a3e1958b0df668004d29d6eab70083b0321739912f5b20042e2abe3cf8ad4f10e24e59fdd4e4dadf3c95a994b5f4f4e12a1d5cc1be222a3b229b843c41a7b7f2783b235d94b928119fe8c50c7017691071cf7da9bee6c1c8fd937ade29077c8064ddc6ec6d93916fba56ec58da5023aa42361c7ba88e0fdfeeee69b062f9237b39758b2a3aa8be07285eacd8872d24d58f425eab1d602f453e67031d0a83c356faf8be03f27178f9127654667c6c61d1b733cf534cdf66243e8d1f95137cec0debab44b72f3ce44b6561bf526177c058712262b1dc0a6c909077e8f93136f990040baacbbc0e4c84ebcb3a06722a4e983981c469de9694de72fecf9b0b2e4e7ce88a578494f30b28c3c8ed4a3c0461b57baf2def80f7c8d976fe474b6a0fd8c44e2409a71edb821a986f370b3c47813951544302da9737232a1456569e13febc8b1a9247aa4706000000d82d7bd73f0cd0ad2462432676a4c448265ff00cf83a4ffeb1cc378033214e9b95280fca5d5aac88c842807f63b2acecf732d4fcd80b65ba02b2f5988aec389047fb8698cb6161f6870a9f7ad62f7ec0adde9c82e3fdbc44d044b8d2fd08e1c52c2c630cbb7937612fd19e24836ab3ba760cb5b51ceeaf22322f30b860a4ea350dea4bdcc3de1a91de2f81d6cf6147be60586d0db98f9d7ab62fb0fab2533259b46465a9de6cafd75407e6b5ad4b111447c604b30d834122186b8454b4d6eb5a859f09883faf227902878f01f685d999dac960f4e244ad296bd91377ae58bc016ddaa2e46755441980eb21d8f8210b12d2d8611a7cb470e6404970a8e92228eff69f837c3903639ca1f51524d5765b891270de81abe2ed65383258ab27c4ce9b32de6074bd2a51888fe1275884614b0dd88dd65fdb3fa805869c265a5e9f475680ad26c9de0329c17bc1d41fd3ad87bdcc88a33d8b439c85531cc3c88c751844cc1ef6059354cc39ee8f2a799afb9b5ca35633e08c1f57fe4d9c6530933ec09f13515dd9605f25cb9ddbbe40974f9253e66fe46f57fc53a5bc18d740def7c0f396e78591e348d2fb26d48fdf40f1bb3576bee728ffd8656edb46795eafc0c1667bc3326684c5b61176654aea78f2630bef981bf5952a5b663132c3744d5ce698eb3c41204d546710da48e380073fd0a4fb9e119b746b60efe53cf96d5de3ed45184402afb2b53634501fdf04865c21f88b209ea47c7c78bf3a35e9214c993f48d44f74403726921b55b92921849dc215e79ded39380c4f5b2faebcaa731cd1821815d558992c94ec0760345e7e89b49dad1fc124866a1ebb0926086588b68d5fea4860e24a5bf0c1e79643396c51bd3ea4bd2bee40e2537e06260f5d9ae9973084b320903a39a72040ce1bc8e2402ab8d1e84d36e5c519277d9273482cff0fd94f6c08afd1b9f3dbaf5c93ad705db76ed13269698f9f8da340dea68de821b7e761dacba2a2373995407a6afdc9627b387231794f5433e7e941a61dab8e632870f63b75dfd4afbc3996b30893d5941a46f05949fab0ebce1d3f8a4296d43a9884086147ef082443b4f7cbf2a6b96ef7340c1df71033f4d84ea0d47394da72b6a69794a8de549ef67b46ca37e0a62632191235445785e44ffef46930d77a419f2ff08981558e7d25cf465186b5cc7e2ea45b7a2f510d0913d43577091e81a679c90d031e5513ed20bfb11e4adddce440a0d0c9ca0bc438c129f440426afd3aecf01d0431e819926be25f2e7f93bfe6f66fbe5b13fcd0e33f2ebc670c000000000000000000000031dda9e66c8f3fba93d8001aa290d121234956992eed25a01c1ab373d4ee839d62473949d59219b0e2e650ca7077a252d48f7e1a42c62025476f2f2f32c2fb1686f47506b2880be54efccfb869c7f114e1a31cc5825dc733b437e9ab051f5d8c3c60deb870146838dcd1ed3b5ab5cf7ad4c58bb020963ab7244c77cdcaa7833a4559150fe1722cd939fe32d678832efd7c2b979e07f30ea0d23a77b2fdaa847ad3200fd04c50fd0edff3e96c45fb2ec5e7a9326c776f407d070b80a70bb1c989bdcfbf69d3bf9e7d43a65afe00abb6c98df4a2aea6"], 0x724}}, 0x0) r3 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180), &(0x7f0000002a40)) io_uring_enter(r3, 0x2914, 0xfff7fffc, 0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000000)={0x8020}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000340)={'sit0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x4, 0x7b, 0x3, 0x7f7c02b2, 0x2d, @ipv4={'\x00', '\xff\xff', @empty}, @local, 0x8, 0xe18, 0xd6, 0x2}}) close(r4) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x8}) r5 = dup(0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000600000008000300", @ANYRES32, @ANYBLOB], 0x24}}, 0x0) 12:24:56 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x47e2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ftruncate(r0, 0x1000003) r2 = dup2(r0, r1) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000680)={{{@in6=@mcast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@empty}}, &(0x7f0000000780)=0xe8) syz_mount_image$iso9660(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x1f, 0x7, &(0x7f00000005c0)=[{&(0x7f0000000200), 0x0, 0x1ff}, {&(0x7f0000000240)="24b8ff723c032261c5c3f8010a114ab068a24111ddc88df785c32afc2b9289b85a81bf09f95d01649546b80022c8", 0x2e, 0x9}, {&(0x7f0000001400)="ab8048cf4209d59fd18d7067898ad8bd5bd394297771ad3cf4a7d0490cfe59f0580eced5e767ae2eb638633f4d5a0430642b71d0f475e7167a8b7f658a5d644b68457ae70606a4a98fce260d01f5c25c7c48db13265707590679affe119ce51f32d978f4df0b064544ee76785e03730274ebd8dd6f043ac66c31e20151be753f0bce2e60b93e0f6d3f962bb6d978b72a2cce4b2f74c3b893c9f3f0cc9a2e5514f6dacc6d89db62562af622098301cf8fa241ec1b2dc3123617e474f09e7678e091731ddc7f4b39953921196d1d8f95569b6480bc11744927169a6d197e1fd99cd9e5fe6afeab802eb15e67b8ebbff7a1a32bcd8fe202f1a914f40ba25bef21ebf384643f7bc87a7b244b03fad950e1313aac8af0ffbc19a3b89987df3c1406c4a1ed783ade54bc76eb34fb4c8ceee1e62db3e87a296f51478f6f6f1bcfa070a1e12fbb31384926aa6f2e977e894a0a445df64da311cede01afd753e16bdef0bc9f601573ac3cd79d163cc02492d0926d57c2f00e0d72882805dc668d9d29c90b9b8f5a2c3ea4dd6abf56678e73ad2556a4dbdac84f7efd7632429f44aa4f1214326513302d1dd938257ba6af05e2da32316ec70c534bd0e53190ce97ea57f7014581910dedcc3754835c0ac22604fdf55158bc1474ff855adafefeaf34f20d0a112e94959002db2774caa44cb316c34b04be16474d0812db50022493330f9cff3cfd33307fb65fec3f1acdd4265f3a639833a249e41bb14bf7044c7ea5ae56e8c56a57287ff2c4cf14e6be40deae5009e603b23b32e05fcec19c9d9e8e9ecca9742438aba5269ae4d147c9f0dad999cea346c501ea396beea61e41ecd647a4b6c4a6c58face76eb08e203edd6b449c4c9033898de55a78cc44e686cc23ebc1ea7c2697d776bba13f60691bb3e8a15a2d370c604ea225ba58f63ebcf1ebd7f98d9c1fc3e0cff3288d455850a1396dab8e5c0d793a883576e0b2d579b74ceb010d0ca962a617599014d3a8082c9a5e596ced1d5f00122893a486655d5c819b4408c47fb97653846dc5f105b4d727eb1c39d95c5d08584996a51b64963e7a092bb926d12b9f23af5f3dd2730ca795029f3f40281960f492ec77d1b30b6c4a9e3fccd7b50f22951eb0eb6c11716a0e3a04f14d4626689dc81ada6982003c5fb74a2aeee46eb1e7b30f112c2855885e863f6fd441b41bae96cfafd8dcea24dffbc48c52078541ca64b4903aa9181b3cb779de634f96c54bc58a274916ff7af171093d3a086d68e2a1d16401403312bb04d1ee9d64a1c046c70331aecf85eb5458433b5df23e9997c9d029868dbd463cf61b5683e9c2d4afadf5d8649939bc80292a4bee728126765fd28d1c72fa0b88de5959cffcb870199f8296f13a36a555646af4fc474a9da4f09252faedf3d109a6f2e8e39e4808f550fb9f0791495f2639004f9fec8d8b253282bc20c1149c21553c5c28eedd7feaf49590cda00af7fe8c04e4c1d236062c2ce76fd3dc7631714794902493ca84211b788ae96bc0a65d1b45151fe1dbb66b78f08fa40dceb45322034fe9052cbbb9f98e601450bb8898fa857b6d077234d10e830ec9a6b01083195e5cc0f5516a5c7cb0ab948628bec992a03e48bb7815b80f949f0d0756dd29427bf041ec43a049417092009edfc2b087ae4613d61046e6e1acd47877c060c4ed26e68223f428d203b77648c879938de0ace0fd49786fbc1d5e83f8a276a5011c76ba7e78ff6680ee2c1674a33e1ef749c9d57f66d42f2cbbdfe2000dee1e47b091a1015c96edc35f488890b7dfdfa903348e07a77f18fc1ddd41f8573383ccd2c75c5c182615c09c1234929a796087236248068b95f4d97b086939d6cca55558f9f10220d3482ebfd06ed53138f7ccb54f5910dd0a1d098fe06a909d42e7927a551f727de933ff021e0bf43a4c49bd7fdc2a2015a4506b193660d320f8508b383ac6a4876766c6bd8554c2d513fbafc3e63511d017e6880d671dbc06f136f8ce84ee846e2415ded3e9fe210e44b595746d6ad5af9e2a5358529cba56273d49f0f68287c7f1bfdcb69085b1629c9f5b897a79ee0764bf8d8694f12061e3b64b06be1030930fc4354745a79af81d68160a5ab0c3ece0e10751522d57a7b6f923c938673a21271bf72fec8db285f942778bebef9440f52eb69389cf154efd1bd5c45ab877c97c2ec5f1f542da3113b3adf71db6cfdd3e9c7592292fa68da6013ee07c3245bffbaf945b12faa36f7c2209c04df6384dbd7839c112cb5cc902429ebe9e33f758e6ff6e052ee7fbdafd682192c9f40bff080f6582be3ecc08d66e9ff9dc0418fd958f4400aa0400de17f7dd8f1dfb98da8d9492ae2d58313906844244530ac9dc553902019850887dac4e523ee3a4cf60258f8ece628e0bf0c297d898c3566f016b5824e2b867ed76dec038ce6c648afafbc2cd60c55a2b61731fb9bae53b6e3f71c03b3d322978481fad49ec4407cba8a9c7d4cae652aef0d547aa91fa9c9d068c2a2377e353cb366a6680d10f4c3d4b670dfca303640573e6be2f9d716e128969c8316e0ad1988fe28bfc82a55702f039384c2375eee450d614d023b29b2ece44be8ba1a99dd2e4ab9d4a07b6fc981aee276a733e1307918ec4d29a624f52ce3b80d78149a3823ca8ab45d34da5da7771e21c4c46273f2e5dca3be9ef250d3215c8ac77b651d946695e910242e390aef26e0b4d69e3dbcd836d50d7811f1b6b23bc54621c038a6931d23a929d63e8d4f95fc8e26b28eeca643ec8a75d5621b9932592acda56c858398017b4c3e46c1452d6715b428c87e5c76af8729510ebf160c28053b5882f3f5d22e29ff0f70b8526f9cda25bef2f697e177bcedac976efbe879bbec80861f2a66bbb18fbcf4b3b31e08276149ea9f273b357775497132e0a44c48d28b4c7a1124147aa165f757648f64ec55f2a327b462e91bb92d6eb11b56e7f91cb0fe602b8ed1f2bd375870eb04b10decf004588decf66836ef01dbf35e5575600f19900d3054fbe8af68f48fcf11460515ff180577e709f8bc56f57a536d4128e205953e20ac1589fbe034ccf8b5ad6a75cde7f47a73f0d3488a28c5d86ca1e470c5357f08c2d9dcdb96dd9e35c7e662d79cd8dacd091d8c695bccfd46764f7ca6703ec3386d1919c695529c9f9a751eba65f9fc6d979f3b9dce201a396d61c5f436a9fdda5f9156d2dea7986f371aeabe6c135c3a06636aabad361be28fa65f3e36cdcb8d1565f72aa299c7f4c56fd4cd3f8238a7e037f6f6ad1b69355c23bdd011588b2ac82c3dcde910ff1d8a489e754163ac1ccfc2de5859fe736843481eed8735128901bd6c25e7e94d9893865e47900bc49637f1ac7707c1438d3c3f4329a37b0ef5fa176cfac3c84cd32895bbb06647fbe03a3c02c9c80f9112e5f1f32e9efd40b540016f78eb6a88ff25a4a0073712f68b32e73f4cd8d480b5b2c037379418a1c92aff609cca291b3c8f908314f9ee11bc3278fed2088a859bbdec809b0b57539f2a3df7da00c2db2f0b3aa1e099661b66f6fc0b7a99b6bf275715da2c4edc8fe57dbbcd64a8ad570afe340ff3a11ed0d2d7c7a3589990e36da568eb13650f208fe32039a938fcdc0870b668ee2aed11a8078b4b59464bdc111f93054142c32a4a233c664db7e238d05b104c765e7ddf2aa1e17d4c7d0f2d2712b59111793745da46ced25f10ac6e004278f701e42f269a45ef6a0394e3d1c7447006d456ca727047b7aea13acadf4bb49d893dc8dab6347d6f50de3db47c891bfb10f83a777c106adba20a213c9ef60f4bf49646536029c0f93ece29f6b160e83255ae6752a1d87de02e87cdc3d941b39fc04b902205a83161ee7268cd8760b1efaf9ca4f72e66a81b1867d68859a6e1c2f28fb300df4a9922fa4edf7b264860342ca775c786c77c70f7ebbf56bf64d4b18ba814335703e650f4579d6e85b3acd2b4d5292017a3bcb4934a2627d6ab44184077ec3fcc39ad7f89957626335247ed5cd92cee257eb12141d0bbe2db66962e5d7b4b4f20b1d95eda246dd22ba632110483204c482ecc08c45be4156e6431fd740d34c5714c3da17a8f852c9efdb691a73dcfafac3c003d1a0c9d5cd89737293d46669f7262b84eae5bbca4003b6f727daa8644057e50ab2d39ff3cc1f6d1ba70626bd6944bd33923fc089494d24e1e298bdb68dc71d73d2f16b7779f54e74679f5aa3be8d9ca1a67264901511570f6c963b69f27ffbf9e5cb23ab590aff66da005e490e758a2bae4d07767ab3f98d4e1818cf3b61f4bf89bd5a9587a4bfd103b53ca7c42b9aebbcdd0c0301c62351bf91fc0c60c720346edbe80a8ab05543ff7aeb33adc4a1cab86abc4bbc38487d4a34bcf4fcee66795599a5841454e9cf9dde63f38451c7acc9beb976b0a327c705aac47cb24ae6da6c372d1b4dd29ea4214b592011f1ff66f515decd77303cd2d10d90c6555646c775aa37c61350fa42f7fd21ad157b3b74b865048796df83a3c6a800980d995af2e8c664df5745b4bbbe8cc18657eb75fdde7aa392c53d4bc62dbe9a9a1a0db0ab58844a866a4d74b45101daaf20322613130b40a893ee3c4ee2ad0b02cac309178bb91f1285d05b30a34824e6cd3956f007c8a66a74ebcab1765da8d50a1423444b5060d066daa7b9d7b37d4ed2d87188ac6b5dc5ab9627e42bea2a66c44b0a9cd338b949971c001f5579941c66e4de3f1b9568c08095cf503cc9ca5e1a1846525136d242e52a5477a54665cae8a681951e429157e99b572b9a143bdc60fc19d72a85b4246dfdee408186eefaedf0aff51fe50e1577889fc9f173dd5b9a4cbd499b97785b372c72c1d94fd18d89f02d3f60cc0d9bfb38cfcf1089cb0305018d5091c424323eff42687b7a5cf3a32b2f47952fa38799bb66c503f190860943ab02429dbbfa78095d2306000bf2afdee8c85451d7137545b78f272efbd572e035f7b4dde00d320761d02348160328f648f4fc47845f163bc7820a4cad643db34408c4a7bc7289e10771b89c1b1219c848b6840bdaaa1d8abb8a51946a0b15ef4b437a17e2d6bafa0a8f83868ee9f461edb00f38c9ce5bef2c6cb691e2869c61dec30a3e41c1cb80fba9509b13d8d3a444f4a058ac4df6dfb7a390bd16a12bdd650a5278d718fba86c5be0d6bcff07fbe7d5b43689b5ea904eaed27e924ec20d251ed107ef98c5cdcb9e44dda78b1f3b1775b358e334947fa9bcf69644cd7cf06a82d8065122efe5076cae737d5055ccad570e4a3ad4d566c6481340f70f3e8a059b7fc24bf159375f88115d11a27708aaa018216a332bb5db2e3197c76048f5a65e728c17ea647088af8c49db1050ae54ed5db96477edb6ab287823e0249c82e830ba6126dba4cbf7860fcbd2044fb3b02283683981b0d5a8342f52373620ca74a03ace9244f8923e0d8c2c438a3d3b035e4ebabf76c5f749ec3c8f8859acfe78796a2f4b4e9fb720cfb4da77b0c0f251e58cb0a8b5ad95327107f9701eedf7e99045012912279e998e560e0be8799c661276af3e82af238d97460b3d814b1298ba0e6d8020d2eaafa427669af932a04c40b439c8702d941d08680e3bc2a4658e69ab869ac95ee9f74f035b602d73fd8588c46a5d3abd4610a181e950dd4c6ea3d7ddc36fa7d1c4a648cf013ae400ed7f25808dd8c379f90150fcefb8abef34524538907da2609d76b57e022451517635072a8027132233409839574de011defee6b181eba277301e26a3d517844fcbca7d605ee8c0960b91fa789f51db48fbb5f3c03f62", 0x1000, 0x8000}, {&(0x7f0000000340)="150992c8f211e1088ab021663b8702b66b7233b73b2fc8f27d26c86c345393b14ff4f275c1ee8e628a673a2a1b613fb56304fa168c48223296b406ea0e230b8ae635ad6d9b1fac479de228eb22c01921d8c4e0e0295886f97db9b2101ed4f432e239c2a7f3d73cdc10fe5765350aed365a1063567ef5fb93f1293e6ea37be70e67e85a2ec258d390a9158c870c19fc8c0ad908d8019c8359e32aa2f1783de958d93343570e66785938207278c6614ffcf2250c512c70259d904498462da37bd7e706aa059e1bc411210a5a6c4bc3d0a141bbf90e0d7ba316f82aa0ee0cb7a7a2adbf360d31ec", 0xe6, 0x401}, {&(0x7f0000000440)="550e55664940ab4f42f8f593a2578942c9e4f39bcd142b738e66673c2a46fc9b8edcbb67055509fc4678125faeaf17985364c0609171a0a6b6a8284e409015782f333825add7e8c9332e81ee49f6ee668f6914277e7ec6cad2083ee8353d46592c545bd6e73b2e64a4d9dcf0b517664b575ddb232f9be9cf4cf1c6a6efa0a62da0305bb32cd73f26dc9330ce0b40adbaad28acf6f00627aaa828239b46681399d5065078a02feb6bfa2e42a4e3951801762971eb7e883f1f327d70c2e8fcb5be356a71ed51c58f874b44e7c499de615b829c3f65c08af4e05332ad4c005468661f3d757056", 0xe5, 0x4}, {&(0x7f0000000280)="5dc7acf0439ec743bd786bb6615d09cc21d85c95f310519713d0a0942785ae864733a17fe5438e7ae7d7186fc83bf9468f910f3531fe3639d35e91cdd32bdd1cbb2d6b4dec0411c391857c1d1f79b8aa9906fcf8aa3163a612", 0x59, 0x9}, {&(0x7f0000000540)="f116a799c8fbfeb6850bbfa8603fbf7c66e948c9af8a1e07e8bde17756e001ed1e70822d6f35e624c8f91d36ee55fb422b3c191cb6ca90935e5e63dc4c73b932db4333577c9523d0741b65a1b044cd", 0x4f, 0xef}], 0x4, &(0x7f00000007c0)={[{@map_acorn}, {@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@map_off}, {@utf8}], [{@fowner_lt={'fowner<', r4}}, {@appraise_type}]}) bind$bt_l2cap(r3, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r3, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) connect$bt_l2cap(r2, &(0x7f0000000200)={0x1f, 0x3, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x6, 0x2}, 0xe) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, r3, 0x80, &(0x7f0000000040)=@nfc_llcp={0x27, 0x1, 0x2, 0x1, 0x40, 0x0, "83da65d774e1d3f632b6df5021d19f73424c44264e3566867d70c648f7987f3a2144c4dc95c7d57d75ba922f14d4f167de4cb40ade9997a47268e43149e20a", 0x27}, 0x0, 0x0, 0x1}, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) write$binfmt_script(r1, &(0x7f0000000300)={'#! ', './file0'}, 0xb) [ 2777.662251] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2777.662251] program syz-executor.4 not setting count and/or reply_len properly [ 2777.673157] audit: type=1326 audit(1708431896.921:348): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26067 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2777.676956] FAULT_INJECTION: forcing a failure. [ 2777.676956] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2777.678188] CPU: 0 PID: 26064 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2777.678817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2777.679565] Call Trace: [ 2777.679812] dump_stack+0x107/0x167 [ 2777.680148] should_fail.cold+0x5/0xa [ 2777.680494] copy_page_from_iter+0x40a/0x900 [ 2777.680927] blk_rq_map_user_iov+0x138b/0x1a60 [ 2777.681343] ? perf_trace_lock+0xac/0x490 [ 2777.681714] ? __lockdep_reset_lock+0x180/0x180 [ 2777.682134] ? __lockdep_reset_lock+0x180/0x180 [ 2777.682550] ? blk_rq_unmap_user+0x750/0x750 [ 2777.682951] ? find_held_lock+0x2c/0x110 [ 2777.683326] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2777.683806] ? lock_downgrade+0x6d0/0x6d0 [ 2777.684176] ? import_single_range+0x24d/0x2e0 [ 2777.684592] blk_rq_map_user+0x103/0x170 [ 2777.684976] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2777.685407] ? alloc_pages_current+0x18f/0x280 [ 2777.685838] ? sg_build_indirect.isra.0+0x448/0x710 [ 2777.686292] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2777.686776] ? sg_build_indirect.isra.0+0x710/0x710 [ 2777.687229] ? vprintk_func+0x93/0x140 [ 2777.687580] ? record_print_text.cold+0x16/0x16 [ 2777.688003] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2777.688457] ? trace_hardirqs_on+0x5b/0x180 [ 2777.688878] sg_write.part.0+0x69e/0xaa0 [ 2777.689248] ? sg_new_write.isra.0+0x770/0x770 [ 2777.689664] ? find_held_lock+0x2c/0x110 [ 2777.690036] ? __might_fault+0xd3/0x180 [ 2777.690393] ? lock_downgrade+0x6d0/0x6d0 [ 2777.690780] ? _cond_resched+0x12/0x80 [ 2777.691136] ? inode_security+0x107/0x140 [ 2777.691510] ? avc_policy_seqno+0x9/0x70 [ 2777.691874] ? selinux_file_permission+0x92/0x520 [ 2777.692316] ? security_file_permission+0x24e/0x570 [ 2777.692806] sg_write+0x87/0x120 [ 2777.693119] do_iter_write+0x482/0x670 [ 2777.693473] ? import_iovec+0x83/0xb0 [ 2777.693814] vfs_writev+0x1ae/0x620 [ 2777.694132] ? vfs_iter_write+0xa0/0xa0 [ 2777.694491] ? __fget_files+0x26d/0x4c0 [ 2777.694833] ? lock_downgrade+0x6d0/0x6d0 [ 2777.695211] ? find_held_lock+0x2c/0x110 [ 2777.695588] ? __fget_files+0x296/0x4c0 [ 2777.695957] ? __fget_light+0xea/0x290 [ 2777.696313] do_writev+0x139/0x300 [ 2777.696647] ? vfs_writev+0x620/0x620 [ 2777.697004] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2777.697475] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2777.697949] do_syscall_64+0x33/0x40 [ 2777.698282] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2777.698739] RIP: 0033:0x7f26a81efb19 [ 2777.699080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2777.700741] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2777.701418] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2777.702048] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2777.702689] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2777.703323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2777.703955] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:24:56 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0xffffff9e, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:24:57 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0xfffffff0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:24:57 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:24:57 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 48) 12:24:57 executing program 1: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r0, 0x2) readv(r0, &(0x7f0000001400)=[{&(0x7f0000000000)=""/245, 0xf5}, {0x0}], 0x2) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r3, &(0x7f0000000340), 0x10) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r3}, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x1, 0x0, r0, 0x0, &(0x7f0000000100)="43a25d4ee27a0f60a7474e7a45b47e281f3c1b0422fb6e928d1e1e1104eeb3d7ccddbd3d0281415f3b23bd6ef77aee5a6f13bb0a3d8542dda170b5383d97d213992deb", 0x43, 0x0, 0x1}, 0x10000) [ 2777.868964] netlink: 1792 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2777.896688] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2777.896688] program syz-executor.4 not setting count and/or reply_len properly [ 2777.902900] FAULT_INJECTION: forcing a failure. [ 2777.902900] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2777.903984] CPU: 0 PID: 26150 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2777.904609] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2777.905380] Call Trace: [ 2777.905626] dump_stack+0x107/0x167 [ 2777.905959] should_fail.cold+0x5/0xa [ 2777.906319] copy_page_from_iter+0x40a/0x900 [ 2777.906725] blk_rq_map_user_iov+0x138b/0x1a60 [ 2777.907149] ? perf_trace_lock+0xac/0x490 [ 2777.907525] ? __lockdep_reset_lock+0x180/0x180 [ 2777.907938] ? __lockdep_reset_lock+0x180/0x180 [ 2777.908339] ? blk_rq_unmap_user+0x750/0x750 [ 2777.908767] ? find_held_lock+0x2c/0x110 [ 2777.909144] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2777.909633] ? lock_downgrade+0x6d0/0x6d0 [ 2777.909995] ? import_single_range+0x24d/0x2e0 [ 2777.910415] blk_rq_map_user+0x103/0x170 [ 2777.910789] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2777.911214] ? alloc_pages_current+0x18f/0x280 [ 2777.911648] ? sg_build_indirect.isra.0+0x448/0x710 [ 2777.912087] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2777.912576] ? sg_build_indirect.isra.0+0x710/0x710 [ 2777.913034] ? vprintk_func+0x93/0x140 [ 2777.913390] ? record_print_text.cold+0x16/0x16 [ 2777.913816] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2777.914274] ? trace_hardirqs_on+0x5b/0x180 [ 2777.914671] sg_write.part.0+0x69e/0xaa0 [ 2777.915040] ? sg_new_write.isra.0+0x770/0x770 [ 2777.915466] ? find_held_lock+0x2c/0x110 [ 2777.915843] ? __might_fault+0xd3/0x180 [ 2777.916205] ? lock_downgrade+0x6d0/0x6d0 [ 2777.916587] ? _cond_resched+0x12/0x80 [ 2777.916960] ? inode_security+0x107/0x140 [ 2777.917336] ? avc_policy_seqno+0x9/0x70 [ 2777.917702] ? selinux_file_permission+0x92/0x520 [ 2777.918149] ? security_file_permission+0x24e/0x570 [ 2777.918607] sg_write+0x87/0x120 [ 2777.918915] do_iter_write+0x482/0x670 [ 2777.919268] ? import_iovec+0x83/0xb0 [ 2777.919616] vfs_writev+0x1ae/0x620 [ 2777.919948] ? vfs_iter_write+0xa0/0xa0 [ 2777.920308] ? __fget_files+0x26d/0x4c0 [ 2777.920690] ? lock_downgrade+0x6d0/0x6d0 [ 2777.921061] ? find_held_lock+0x2c/0x110 [ 2777.921422] ? __fget_files+0x296/0x4c0 [ 2777.921789] ? __fget_light+0xea/0x290 [ 2777.922146] do_writev+0x139/0x300 [ 2777.922463] ? vfs_writev+0x620/0x620 [ 2777.922810] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2777.923264] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2777.923740] do_syscall_64+0x33/0x40 [ 2777.924065] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2777.924530] RIP: 0033:0x7f26a81efb19 [ 2777.924869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2777.926522] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2777.927214] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2777.927857] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2777.928493] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2777.929156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2777.929805] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:24:57 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x114, 0x22, 0x200, 0x70bd27, 0x25dfdbff, {0x15}, [@generic="8c7757a5cadf32f6a421e8ebb0e509c2abd67ee0c12934f1abd0aa", @generic="eb67f07f38f30fd56090d50e73021b2e5db61cf8eb4746f18d965b362d1daceef1fdbd20309d4858b8086cff33fa2d57d07a76586bfec9d769dd6deae28c41823597eea90538b409466e7153873ee9562b95e6fec39347ab01225abfbe44f45fc00492e13c3358d55abc41f7a6fe43945a5b1179e0ab6bb4aa6381ee14dac8ffbc5745936f2894a6d20ecf4ee4a796b651b3facd83abd69d274ba2261359f8798aa05c14b246d77f20c97d82d1840420db2e12ac02cddbeac7c518074bd6f14b15f0ef6402c67d7864ccd73fcbe3c2a4f72453c9c6ea8d804e47a8de05da548d62ffa721c0"]}, 0x114}, 0x1, 0x0, 0x0, 0x4008010}, 0x40000c0) syncfs(r0) 12:24:57 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0xffffffff, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2777.968716] cgroup: fork rejected by pids controller in /syz5 12:25:10 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x300000000000000, 0x0, 0x0) 12:25:10 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_config_ext, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f00000000c0)={0x0, 0x0, 0x402}) openat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x105142, 0x88) r2 = creat(&(0x7f0000000040)='./file1\x00', 0x8e) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x80000001}}, './file1\x00'}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x20) r4 = socket$netlink(0x10, 0x3, 0xa) sendfile(r4, r3, 0x0, 0x4000007ffffffc) io_uring_enter(r3, 0x7980, 0x10, 0x3, 0x0, 0xfffffdce) shutdown(0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4000, 0x0) 12:25:10 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:25:10 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 49) 12:25:10 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'}) r1 = openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) write$binfmt_script(r2, &(0x7f0000000180)={'#! ', './file0', [{0x20, '\x00'}, {0x20, '\'{'}, {0x20, '@-(]'}], 0xa, "9e5556ffa04a44bdccc6392ea4d623a85a25a9ad3681d6b46c26af9ca51dafc80002898ae9b8b661d718f6f6fb07c82af10bb09db769abe2fd90f0f42ef608e63b4c716ad97f7d593a83a73811165896eced92c7bded6aa866d1b260eb041a0305635314cba9e540e6affd2b021606dc88a51640b9092f1d37bef504de"}, 0x92) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f00000003c0)) ioctl$TCSETSF(r1, 0x5404, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001740)=[{0x0}, {0x0}, {&(0x7f0000000540)=""/209, 0xd1}, {&(0x7f0000000640)=""/4096, 0x1000}], 0x4, 0x9, 0x2) syz_open_dev$vcsn(0x0, 0x0, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) unshare(0x48020200) 12:25:10 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:25:10 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0xf, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:25:10 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x114, 0x22, 0x200, 0x70bd27, 0x25dfdbff, {0x15}, [@generic="8c7757a5cadf32f6a421e8ebb0e509c2abd67ee0c12934f1abd0aa", @generic="eb67f07f38f30fd56090d50e73021b2e5db61cf8eb4746f18d965b362d1daceef1fdbd20309d4858b8086cff33fa2d57d07a76586bfec9d769dd6deae28c41823597eea90538b409466e7153873ee9562b95e6fec39347ab01225abfbe44f45fc00492e13c3358d55abc41f7a6fe43945a5b1179e0ab6bb4aa6381ee14dac8ffbc5745936f2894a6d20ecf4ee4a796b651b3facd83abd69d274ba2261359f8798aa05c14b246d77f20c97d82d1840420db2e12ac02cddbeac7c518074bd6f14b15f0ef6402c67d7864ccd73fcbe3c2a4f72453c9c6ea8d804e47a8de05da548d62ffa721c0"]}, 0x114}, 0x1, 0x0, 0x0, 0x4008010}, 0x40000c0) syncfs(r0) [ 2791.313617] audit: type=1326 audit(1708431910.557:349): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26308 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:25:10 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x14, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2791.397487] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2791.397487] program syz-executor.4 not setting count and/or reply_len properly [ 2791.401144] FAULT_INJECTION: forcing a failure. [ 2791.401144] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2791.403273] CPU: 0 PID: 26324 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2791.404491] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2791.405871] Call Trace: [ 2791.406315] dump_stack+0x107/0x167 [ 2791.406920] should_fail.cold+0x5/0xa [ 2791.407539] copy_page_from_iter+0x40a/0x900 [ 2791.408260] blk_rq_map_user_iov+0x138b/0x1a60 [ 2791.409039] ? perf_trace_lock+0xac/0x490 [ 2791.409719] ? __lockdep_reset_lock+0x180/0x180 [ 2791.410498] ? __lockdep_reset_lock+0x180/0x180 [ 2791.411272] ? blk_rq_unmap_user+0x750/0x750 [ 2791.412012] ? find_held_lock+0x2c/0x110 [ 2791.412681] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2791.413548] ? lock_downgrade+0x6d0/0x6d0 [ 2791.414234] ? import_single_range+0x24d/0x2e0 [ 2791.415041] blk_rq_map_user+0x103/0x170 [ 2791.415716] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2791.416497] ? alloc_pages_current+0x18f/0x280 [ 2791.417277] ? sg_build_indirect.isra.0+0x448/0x710 [ 2791.418116] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2791.418972] ? sg_build_indirect.isra.0+0x710/0x710 [ 2791.419800] ? vprintk_func+0x93/0x140 [ 2791.420433] ? record_print_text.cold+0x16/0x16 [ 2791.421234] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2791.422068] ? trace_hardirqs_on+0x5b/0x180 [ 2791.422796] sg_write.part.0+0x69e/0xaa0 [ 2791.423453] ? sg_new_write.isra.0+0x770/0x770 [ 2791.424216] ? find_held_lock+0x2c/0x110 [ 2791.424904] ? __might_fault+0xd3/0x180 [ 2791.425561] ? lock_downgrade+0x6d0/0x6d0 [ 2791.426244] ? _cond_resched+0x12/0x80 [ 2791.426890] ? inode_security+0x107/0x140 [ 2791.427572] ? avc_policy_seqno+0x9/0x70 [ 2791.428225] ? selinux_file_permission+0x92/0x520 [ 2791.429040] ? security_file_permission+0x24e/0x570 [ 2791.429864] sg_write+0x87/0x120 [ 2791.430430] do_iter_write+0x482/0x670 [ 2791.431081] ? import_iovec+0x83/0xb0 [ 2791.431711] vfs_writev+0x1ae/0x620 [ 2791.432317] ? vfs_iter_write+0xa0/0xa0 [ 2791.432989] ? __fget_files+0x26d/0x4c0 [ 2791.433659] ? trace_hardirqs_on+0x5b/0x180 [ 2791.434382] ? __fget_files+0x296/0x4c0 [ 2791.435077] ? __fget_light+0xea/0x290 [ 2791.435730] do_writev+0x139/0x300 [ 2791.436320] ? vfs_writev+0x620/0x620 [ 2791.436963] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2791.437824] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2791.438682] do_syscall_64+0x33/0x40 [ 2791.439297] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2791.440140] RIP: 0033:0x7f26a81efb19 [ 2791.440758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2791.443782] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2791.445124] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2791.445924] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2791.446732] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2791.447523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2791.448354] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:25:10 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 50) 12:25:10 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x22, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:25:10 executing program 3: prctl$PR_GET_NO_NEW_PRIVS(0x27) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, &(0x7f0000000100)=""/184) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r1, 0x4, 0x70bd26, 0x25dfdbfc, {}, [@SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20}, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000300)=0x1f) prctl$PR_GET_NO_NEW_PRIVS(0x27) clone3(&(0x7f0000000680)={0x8004000, &(0x7f00000003c0)=0xffffffffffffffff, &(0x7f0000000400), &(0x7f0000000440), {0x23}, &(0x7f0000000480)=""/151, 0x97, &(0x7f0000000540)=""/220, &(0x7f0000000640)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x4}, 0x58) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = dup(r3) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f0000000000)=0x1) pidfd_send_signal(r2, 0x10, &(0x7f00000007c0)={0x3b, 0x9, 0x3}, 0x0) 12:25:10 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2791.572359] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2791.580373] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2791.586774] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2791.586774] program syz-executor.4 not setting count and/or reply_len properly [ 2791.595825] FAULT_INJECTION: forcing a failure. [ 2791.595825] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2791.597073] CPU: 1 PID: 26437 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2791.597778] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2791.598624] Call Trace: [ 2791.598898] dump_stack+0x107/0x167 [ 2791.599273] should_fail.cold+0x5/0xa [ 2791.599671] copy_page_from_iter+0x40a/0x900 [ 2791.600121] blk_rq_map_user_iov+0x138b/0x1a60 [ 2791.600604] ? perf_trace_lock+0xac/0x490 [ 2791.601044] ? __lockdep_reset_lock+0x180/0x180 [ 2791.601527] ? __lockdep_reset_lock+0x180/0x180 [ 2791.602019] ? blk_rq_unmap_user+0x750/0x750 [ 2791.602488] ? find_held_lock+0x2c/0x110 [ 2791.602926] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2791.603458] ? lock_downgrade+0x6d0/0x6d0 [ 2791.603877] ? import_single_range+0x24d/0x2e0 [ 2791.604352] blk_rq_map_user+0x103/0x170 [ 2791.604770] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2791.605247] ? alloc_pages_current+0x18f/0x280 [ 2791.605722] ? sg_build_indirect.isra.0+0x448/0x710 [ 2791.606237] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2791.606778] ? sg_build_indirect.isra.0+0x710/0x710 [ 2791.607302] ? vprintk_func+0x93/0x140 [ 2791.607720] ? record_print_text.cold+0x16/0x16 [ 2791.608204] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2791.608755] ? trace_hardirqs_on+0x5b/0x180 [ 2791.609217] sg_write.part.0+0x69e/0xaa0 [ 2791.609658] ? sg_new_write.isra.0+0x770/0x770 [ 2791.610119] ? find_held_lock+0x2c/0x110 [ 2791.610547] ? __might_fault+0xd3/0x180 [ 2791.610943] ? lock_downgrade+0x6d0/0x6d0 [ 2791.611380] ? _cond_resched+0x12/0x80 [ 2791.611782] ? inode_security+0x107/0x140 [ 2791.612208] ? avc_policy_seqno+0x9/0x70 [ 2791.612626] ? selinux_file_permission+0x92/0x520 [ 2791.613173] ? security_file_permission+0x24e/0x570 [ 2791.613699] sg_write+0x87/0x120 [ 2791.614055] do_iter_write+0x482/0x670 [ 2791.614451] ? import_iovec+0x83/0xb0 [ 2791.614844] vfs_writev+0x1ae/0x620 [ 2791.615219] ? vfs_iter_write+0xa0/0xa0 [ 2791.615628] ? __fget_files+0x26d/0x4c0 [ 2791.616020] ? lock_downgrade+0x6d0/0x6d0 [ 2791.616462] ? find_held_lock+0x2c/0x110 [ 2791.616903] ? __fget_files+0x296/0x4c0 [ 2791.617324] ? __fget_light+0xea/0x290 [ 2791.617726] do_writev+0x139/0x300 [ 2791.618096] ? vfs_writev+0x620/0x620 [ 2791.618484] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2791.619021] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2791.619541] do_syscall_64+0x33/0x40 [ 2791.619922] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2791.620436] RIP: 0033:0x7f26a81efb19 [ 2791.620841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2791.622755] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2791.623568] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2791.624301] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2791.625073] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2791.625836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2791.626592] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:25:10 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:25:10 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x25, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2791.681795] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2791.687938] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.7'. 12:25:10 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0xc0, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:25:26 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x400000000000000, 0x0, 0x0) 12:25:26 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x1f, 0x3, 0x0, 0xa5, 0x0, 0x8, 0xa5100, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x9, 0x0, @perf_config_ext={0xf9c, 0x2}, 0x100, 0x2, 0x9, 0x12, 0x3ff, 0xff, 0xfb5d, 0x0, 0x1d8, 0x0, 0x800}, 0xffffffffffffffff, 0x8, r0, 0x3) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x1, 0x1, 0x40, 0x4, 0x0, 0x7f, 0x400, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_config_ext={0x4, 0x1000}, 0x8003, 0xfffffffffffff3f4, 0x0, 0x2, 0x5, 0x10001, 0x200}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x0) ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f00000011c0)) 12:25:26 executing program 5: openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) creat(&(0x7f0000000040)='\x00', 0x109) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup(r1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) openat(r2, &(0x7f0000000080)='./file1\x00', 0x44001, 0xa) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = dup(r3) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) utimensat(r4, &(0x7f0000000340)='./file1\x00', &(0x7f0000000380)={{0x0, 0x2710}}, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x4840, 0x2d) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r6, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r6, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) readv(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/130, 0x82}, {&(0x7f0000000240)=""/249, 0xf9}], 0x2) sendfile(r0, r5, 0x0, 0x100000001) 12:25:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0xec0, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:25:26 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 51) 12:25:26 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:25:26 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:25:26 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x46842, 0x0) io_setup(0x5, &(0x7f0000000080)=0x0) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x1, 0x0) io_submit(r1, 0x2, &(0x7f0000000180)=[&(0x7f0000000200)={0x0, 0x0, 0xd, 0x0, 0x0, r0, 0x0}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}]) linkat(r0, &(0x7f0000000000)='./file1\x00', r2, &(0x7f0000000100)='./file0/file0\x00', 0x1000) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) utimes(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000280)={{0x0, 0xea60}, {r3, r4/1000+10000}}) [ 2806.882275] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2806.882275] program syz-executor.4 not setting count and/or reply_len properly [ 2806.891599] audit: type=1326 audit(1708431926.139:350): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26573 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2806.903906] FAULT_INJECTION: forcing a failure. [ 2806.903906] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2806.905811] CPU: 1 PID: 26570 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2806.906902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2806.908204] Call Trace: [ 2806.908634] dump_stack+0x107/0x167 [ 2806.909253] should_fail.cold+0x5/0xa [ 2806.909866] copy_page_from_iter+0x40a/0x900 [ 2806.910581] blk_rq_map_user_iov+0x138b/0x1a60 [ 2806.911317] ? perf_trace_lock+0xac/0x490 [ 2806.911976] ? __lockdep_reset_lock+0x180/0x180 [ 2806.912710] ? __lockdep_reset_lock+0x180/0x180 [ 2806.913475] ? blk_rq_unmap_user+0x750/0x750 [ 2806.914183] ? find_held_lock+0x2c/0x110 12:25:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x33fe0, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2806.914845] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2806.915833] ? lock_downgrade+0x6d0/0x6d0 [ 2806.916512] ? import_single_range+0x24d/0x2e0 [ 2806.917291] blk_rq_map_user+0x103/0x170 [ 2806.917958] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2806.918730] ? alloc_pages_current+0x18f/0x280 [ 2806.919477] ? sg_build_indirect.isra.0+0x448/0x710 [ 2806.920286] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2806.921182] ? sg_build_indirect.isra.0+0x710/0x710 [ 2806.921971] ? vprintk_func+0x93/0x140 [ 2806.922611] ? record_print_text.cold+0x16/0x16 [ 2806.923354] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2806.924173] ? trace_hardirqs_on+0x5b/0x180 [ 2806.924867] sg_write.part.0+0x69e/0xaa0 [ 2806.925561] ? sg_new_write.isra.0+0x770/0x770 [ 2806.926291] ? find_held_lock+0x2c/0x110 [ 2806.926941] ? __might_fault+0xd3/0x180 [ 2806.927571] ? lock_downgrade+0x6d0/0x6d0 [ 2806.928264] ? _cond_resched+0x12/0x80 [ 2806.928875] ? inode_security+0x107/0x140 [ 2806.929578] ? avc_policy_seqno+0x9/0x70 [ 2806.930216] ? selinux_file_permission+0x92/0x520 [ 2806.931010] ? security_file_permission+0x24e/0x570 [ 2806.931798] sg_write+0x87/0x120 [ 2806.932358] do_iter_write+0x482/0x670 [ 2806.932986] ? import_iovec+0x83/0xb0 [ 2806.933633] vfs_writev+0x1ae/0x620 12:25:26 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000040)) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r1, 0x8008f511, &(0x7f0000000080)) [ 2806.934209] ? vfs_iter_write+0xa0/0xa0 [ 2806.934978] ? __fget_files+0x26d/0x4c0 [ 2806.935610] ? lock_downgrade+0x6d0/0x6d0 [ 2806.936257] ? find_held_lock+0x2c/0x110 [ 2806.936914] ? __fget_files+0x296/0x4c0 [ 2806.937585] ? __fget_light+0xea/0x290 [ 2806.938205] do_writev+0x139/0x300 [ 2806.938766] ? vfs_writev+0x620/0x620 [ 2806.939364] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2806.940176] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2806.941006] do_syscall_64+0x33/0x40 [ 2806.941603] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2806.942403] RIP: 0033:0x7f26a81efb19 [ 2806.942990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2806.945863] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2806.947055] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2806.948166] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2806.949308] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2806.950423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2806.951539] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:25:26 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:25:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2000166c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:25:26 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xb, 0x30, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)=0x80, &(0x7f0000000600)=@ieee802154={0x24, @short}, 0x0, 0x800, 0x0, {0x0, r1}}, 0x3) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) dup2(r0, 0xffffffffffffffff) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) sendmsg$SEG6_CMD_SETHMAC(r3, 0x0, 0x0) execveat(r3, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000004c0)=[&(0x7f00000003c0)='\n]#!:+/(.^\x00', &(0x7f0000000400)='%&)\x00', &(0x7f0000000440)='-!*-\'\x00', &(0x7f0000000480)=',+-\x00'], &(0x7f00000005c0)=[&(0x7f0000000500)='/dev/snd/timer\x00', &(0x7f0000000540)='-:\x00', &(0x7f0000000580)='/dev/snd/timer\x00'], 0x0) r4 = epoll_create(0x8000) epoll_wait(r4, &(0x7f00000007c0)=[{}, {}, {}], 0x3, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x1, 0x0, @fd=r4, 0x9, &(0x7f0000000140)=""/26, 0x1a, 0x4, 0x1}, 0x1) mount$9p_unix(&(0x7f00000002c0)='./file0/../file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x1001000, &(0x7f0000000840)=ANY=[@ANYBLOB="9c45cb289520a000000000000003ff4477258c59b47e45f5af7c6cc58be2912302a30a941821400c62f07f0d7da90830e4106ca54d64133ef17d282b6c60cfc0d7e9809d843becbf9f45447d1d03292cc66d4f403e6dfffff164c340d9f2e3cb1be7a1e79c63edf5295e9b9f5cf71c355603d1d0e0bde6f33ed0e759b269705d1d60e77474c68805ca9675f46ecb4ac49f4f25ff2200d73044dda2c3b1e4174ae124b65c9404918e15065591b541ae477b3d69b3e204f9dd7905fae3e0782f3769b9573fe73664a410fa65dbb46ea35fb4b9a6858e8a7b2336f776a1ce62ffc6590637ab26cecc3c8072a83cdef5466f121840325e2ae9bd838f1d80952316d0b92b90c293e4d0fd597b724356add8889c7105c0874ce6aba94cc4a5206935b53235c476ce7a9a2da88c06e3c70ebbb8d0fb02214487a891ce51c2d36671474a3ede4c1e245228107b7061b131b962282ae2cccf815c88771a94ffd17ea3549c4683fbc6374e4d653518c77cc00b1e4693cc6850b099beb195f0434a418bd57c26980ce33682bffb2484c097ac8d9c2b3a8e50311cc50fada2884d47f8f654578a8a27936e9a6e1eb8746921bdd8"]) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'rose0\x00'}) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x20, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000200)={0x11}) 12:25:26 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:25:26 executing program 1: socket$nl_sock_diag(0x10, 0x3, 0x4) clone3(&(0x7f00000015c0)={0x0, 0x0, 0x0, &(0x7f0000000100), {}, 0x0, 0x0, 0x0, &(0x7f0000001580)=[0x0, 0x0], 0x2}, 0x58) clone3(&(0x7f0000000580)={0x80040300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0x0], 0x1}, 0x58) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x7ff, 0x45b, 0x400, 0x9}) [ 2807.234896] EXT4-fs (sda): re-mounted. Opts: (null) [ 2807.264863] EXT4-fs (sda): re-mounted. Opts: (null) 12:25:41 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{0x0, 0x0, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:25:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x7ffff000, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:25:41 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x500000000000000, 0x0, 0x0) 12:25:41 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xb, 0x30, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)=0x80, &(0x7f0000000600)=@ieee802154={0x24, @short}, 0x0, 0x800, 0x0, {0x0, r1}}, 0x3) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) dup2(r0, 0xffffffffffffffff) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) sendmsg$SEG6_CMD_SETHMAC(r3, 0x0, 0x0) execveat(r3, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000004c0)=[&(0x7f00000003c0)='\n]#!:+/(.^\x00', &(0x7f0000000400)='%&)\x00', &(0x7f0000000440)='-!*-\'\x00', &(0x7f0000000480)=',+-\x00'], &(0x7f00000005c0)=[&(0x7f0000000500)='/dev/snd/timer\x00', &(0x7f0000000540)='-:\x00', &(0x7f0000000580)='/dev/snd/timer\x00'], 0x0) r4 = epoll_create(0x8000) epoll_wait(r4, &(0x7f00000007c0)=[{}, {}, {}], 0x3, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x1, 0x0, @fd=r4, 0x9, &(0x7f0000000140)=""/26, 0x1a, 0x4, 0x1}, 0x1) mount$9p_unix(&(0x7f00000002c0)='./file0/../file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x1001000, &(0x7f0000000840)=ANY=[@ANYBLOB="9c45cb289520a000000000000003ff4477258c59b47e45f5af7c6cc58be2912302a30a941821400c62f07f0d7da90830e4106ca54d64133ef17d282b6c60cfc0d7e9809d843becbf9f45447d1d03292cc66d4f403e6dfffff164c340d9f2e3cb1be7a1e79c63edf5295e9b9f5cf71c355603d1d0e0bde6f33ed0e759b269705d1d60e77474c68805ca9675f46ecb4ac49f4f25ff2200d73044dda2c3b1e4174ae124b65c9404918e15065591b541ae477b3d69b3e204f9dd7905fae3e0782f3769b9573fe73664a410fa65dbb46ea35fb4b9a6858e8a7b2336f776a1ce62ffc6590637ab26cecc3c8072a83cdef5466f121840325e2ae9bd838f1d80952316d0b92b90c293e4d0fd597b724356add8889c7105c0874ce6aba94cc4a5206935b53235c476ce7a9a2da88c06e3c70ebbb8d0fb02214487a891ce51c2d36671474a3ede4c1e245228107b7061b131b962282ae2cccf815c88771a94ffd17ea3549c4683fbc6374e4d653518c77cc00b1e4693cc6850b099beb195f0434a418bd57c26980ce33682bffb2484c097ac8d9c2b3a8e50311cc50fada2884d47f8f654578a8a27936e9a6e1eb8746921bdd8"]) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'rose0\x00'}) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x20, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000200)={0x11}) 12:25:41 executing program 5: syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x800}, 0x1c280}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x2, &(0x7f0000000240)={0x0, 0xb, 0x4}, &(0x7f0000000040)) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x280400, 0x0) kcmp(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) capset(&(0x7f0000000000)={0xc92bfb053a14a5a}, 0x0) timer_create(0x3, &(0x7f0000000000)={0x0, 0x1c, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000040)=0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) ioctl$EXT4_IOC_GETSTATE(r1, 0x40046629, &(0x7f0000000140)) timer_settime(r0, 0x0, &(0x7f0000000480)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="14be41d1fea647a90000001600010d0000000000a70b3164e3350e278819ee155e139eb3351f00d9beb7d9f1912bd4010e508107183e63a86f82ff86"], 0x14}}, 0x0) read(r2, &(0x7f0000000080)=""/65, 0x41) timer_gettime(r0, &(0x7f0000000080)) clone3(&(0x7f00000001c0)={0x40182300, 0x0, 0x0, 0x0, {0x34}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:25:41 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(0x0, &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:25:41 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3875, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18, 0x0, 0x0, {0x0, r3}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/hid_logitech', 0x10000, 0x102) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r5, 0x4008240b, &(0x7f0000000240)={0x0, 0x80, 0x3f, 0x20, 0x3, 0x8, 0x0, 0x7, 0x2846, 0xc, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xa3, 0x0, @perf_config_ext={0x1, 0x2}, 0x4180, 0x1, 0x1, 0x6, 0x2, 0x3ea05cda, 0x401, 0x0, 0x20, 0x0, 0x8}) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 12:25:41 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 52) [ 2821.976428] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2821.976428] program syz-executor.4 not setting count and/or reply_len properly [ 2821.983157] audit: type=1326 audit(1708431941.231:351): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=26807 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2821.991316] FAULT_INJECTION: forcing a failure. [ 2821.991316] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2821.992514] CPU: 1 PID: 26813 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2821.993235] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2821.994076] Call Trace: [ 2821.994348] dump_stack+0x107/0x167 [ 2821.994725] should_fail.cold+0x5/0xa [ 2821.995117] copy_page_from_iter+0x40a/0x900 [ 2821.995577] blk_rq_map_user_iov+0x138b/0x1a60 [ 2821.996052] ? perf_trace_lock+0xac/0x490 [ 2821.996475] ? __lockdep_reset_lock+0x180/0x180 [ 2821.996946] ? __lockdep_reset_lock+0x180/0x180 [ 2821.997476] ? blk_rq_unmap_user+0x750/0x750 [ 2821.997925] ? find_held_lock+0x2c/0x110 [ 2821.998350] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2821.998879] ? lock_downgrade+0x6d0/0x6d0 [ 2821.999296] ? import_single_range+0x24d/0x2e0 [ 2821.999755] blk_rq_map_user+0x103/0x170 [ 2822.000170] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2822.000648] ? alloc_pages_current+0x18f/0x280 [ 2822.001112] ? sg_build_indirect.isra.0+0x448/0x710 [ 2822.001649] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2822.002190] ? sg_build_indirect.isra.0+0x710/0x710 [ 2822.002695] ? vprintk_func+0x93/0x140 [ 2822.003091] ? record_print_text.cold+0x16/0x16 [ 2822.003565] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2822.004077] ? trace_hardirqs_on+0x5b/0x180 [ 2822.004518] sg_write.part.0+0x69e/0xaa0 [ 2822.004931] ? sg_new_write.isra.0+0x770/0x770 [ 2822.005415] ? find_held_lock+0x2c/0x110 [ 2822.005835] ? __might_fault+0xd3/0x180 [ 2822.006234] ? lock_downgrade+0x6d0/0x6d0 [ 2822.006657] ? _cond_resched+0x12/0x80 [ 2822.007050] ? inode_security+0x107/0x140 [ 2822.007470] ? avc_policy_seqno+0x9/0x70 [ 2822.007876] ? selinux_file_permission+0x92/0x520 [ 2822.008370] ? security_file_permission+0x24e/0x570 [ 2822.008868] sg_write+0x87/0x120 [ 2822.009236] do_iter_write+0x482/0x670 [ 2822.009627] ? import_iovec+0x83/0xb0 [ 2822.010015] vfs_writev+0x1ae/0x620 [ 2822.010386] ? vfs_iter_write+0xa0/0xa0 [ 2822.010788] ? __fget_files+0x26d/0x4c0 [ 2822.011195] ? lock_downgrade+0x6d0/0x6d0 [ 2822.011618] ? find_held_lock+0x2c/0x110 [ 2822.012041] ? __fget_files+0x296/0x4c0 [ 2822.012456] ? __fget_light+0xea/0x290 [ 2822.012856] do_writev+0x139/0x300 [ 2822.013238] ? vfs_writev+0x620/0x620 [ 2822.013624] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2822.014152] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2822.014681] do_syscall_64+0x33/0x40 [ 2822.015056] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2822.015568] RIP: 0033:0x7f26a81efb19 [ 2822.015944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2822.017788] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2822.018544] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2822.019249] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2822.019955] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2822.020659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2822.021388] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2822.059132] EXT4-fs (sda): re-mounted. Opts: (null) 12:25:41 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:25:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0xfffffdef, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:25:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000940)={0x4c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_TAIL={0x2d, 0xe, [@rann={0x7e, 0x15, {{}, 0x0, 0x0, @device_b}}, @mic={0x8c, 0x10, {0x16c, "fc5d5b952557", @short="7fc07b72199fbd73"}}]}]]}, 0x4c}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)={0x50, 0x0, 0x4, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1000}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xffff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x101}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4c80}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x404c051}, 0x40800) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, &(0x7f0000000240)={0x0, 0x1000, 0x2}) r3 = open(&(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x2c, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x19}]}, 0x2c}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r8) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0xa90991855d9c4e63}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x34, r9, 0x400, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x17}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x43}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x5f}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x54, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0x2c, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AUTH={0x4}, @NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5}, @NL80211_MESH_SETUP_USERSPACE_MPM={0x4}, @NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC={0x5, 0x2, 0x1}, @NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL={0x5, 0x1, 0x1}, @NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC={0x5, 0x2, 0x1}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8004}, 0x0) 12:25:41 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x1}, 0x10c, 0x7d6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) readv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/4089, 0xff9}], 0x1) r1 = accept4(r0, 0x0, &(0x7f0000000100), 0x80000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup(r2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) setsockopt$inet_group_source_req(r3, 0x0, 0x2f, &(0x7f00000002c0)={0x917, {{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e21, @empty}}}, 0x108) writev(r1, &(0x7f0000000200)=[{&(0x7f0000000140)="6d037aa660bf33652151a66a10fd1020df5c6d9a46ad1705b8fce37ada7e6191b83aa7b145baa870442d705e2bcb4e4bc637a7798d58464f1c37274623fb227d38a3ca104c11442e580d738ff338ab16b74b9e841546309af2752cec6b83a9eddf3a484eb1eb01626fb2fba4980d41d8669dff3d68382c62419f43fbf298b0210867a0a844d6737be28cedd89047a33e445ff58dc686d4677f3973", 0x9b}], 0x1) ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r4, 0x5000943f, &(0x7f0000001e00)={{r0}, 0x0, 0x1c, @unused=[0x2, 0x7f, 0x7fff, 0x3], @devid}) dup2(r0, r0) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)={0x3f}) 12:25:41 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 53) 12:25:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x3, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2822.202971] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 12:25:41 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(0x0, &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:25:41 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2822.236175] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2822.236716] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2822.236716] program syz-executor.4 not setting count and/or reply_len properly [ 2822.251803] FAULT_INJECTION: forcing a failure. [ 2822.251803] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2822.254145] CPU: 1 PID: 26937 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2822.255261] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2822.256580] Call Trace: [ 2822.257013] dump_stack+0x107/0x167 [ 2822.257622] should_fail.cold+0x5/0xa [ 2822.258240] copy_page_from_iter+0x40a/0x900 [ 2822.258972] blk_rq_map_user_iov+0x138b/0x1a60 [ 2822.259726] ? perf_trace_lock+0xac/0x490 [ 2822.260406] ? __lockdep_reset_lock+0x180/0x180 [ 2822.261177] ? __lockdep_reset_lock+0x180/0x180 [ 2822.261932] ? blk_rq_unmap_user+0x750/0x750 [ 2822.262658] ? find_held_lock+0x2c/0x110 [ 2822.263325] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2822.264176] ? lock_downgrade+0x6d0/0x6d0 [ 2822.264847] ? import_single_range+0x24d/0x2e0 [ 2822.265608] blk_rq_map_user+0x103/0x170 [ 2822.266269] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2822.267034] ? alloc_pages_current+0x18f/0x280 [ 2822.267772] ? sg_build_indirect.isra.0+0x448/0x710 [ 2822.268596] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2822.269465] ? sg_build_indirect.isra.0+0x710/0x710 [ 2822.270269] ? vprintk_func+0x93/0x140 [ 2822.270911] ? record_print_text.cold+0x16/0x16 [ 2822.271670] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2822.272486] ? trace_hardirqs_on+0x5b/0x180 [ 2822.273205] sg_write.part.0+0x69e/0xaa0 [ 2822.273874] ? sg_new_write.isra.0+0x770/0x770 [ 2822.274627] ? find_held_lock+0x2c/0x110 [ 2822.275295] ? __might_fault+0xd3/0x180 [ 2822.275946] ? lock_downgrade+0x6d0/0x6d0 [ 2822.276638] ? _cond_resched+0x12/0x80 [ 2822.277284] ? inode_security+0x107/0x140 [ 2822.277953] ? avc_policy_seqno+0x9/0x70 [ 2822.278612] ? selinux_file_permission+0x92/0x520 [ 2822.279401] ? security_file_permission+0x24e/0x570 [ 2822.280218] sg_write+0x87/0x120 [ 2822.280777] do_iter_write+0x482/0x670 [ 2822.281423] ? import_iovec+0x83/0xb0 [ 2822.282053] vfs_writev+0x1ae/0x620 [ 2822.282644] ? vfs_iter_write+0xa0/0xa0 [ 2822.283283] ? __fget_files+0x26d/0x4c0 [ 2822.283934] ? lock_downgrade+0x6d0/0x6d0 [ 2822.284596] ? find_held_lock+0x2c/0x110 [ 2822.285288] ? __fget_files+0x296/0x4c0 [ 2822.285954] ? __fget_light+0xea/0x290 [ 2822.286595] do_writev+0x139/0x300 [ 2822.287182] ? vfs_writev+0x620/0x620 [ 2822.287809] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2822.288654] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2822.289569] do_syscall_64+0x33/0x40 [ 2822.290205] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2822.291062] RIP: 0033:0x7f26a81efb19 [ 2822.291691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2822.294650] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2822.295779] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2822.296835] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2822.297901] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2822.298958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2822.300017] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:25:41 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) kexec_load(0x0, 0x1, &(0x7f00000000c0)=[{&(0x7f0000000000)='C', 0x1, 0x0, 0x8000}], 0x0) 12:25:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x8, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2822.379838] EXT4-fs warning (device sda): verify_group_input:146: Cannot add at group 63 (only 16 groups) [ 2822.454253] EXT4-fs warning (device sda): verify_group_input:146: Cannot add at group 63 (only 16 groups) 12:25:56 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 54) 12:25:56 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x600000000000000, 0x0, 0x0) 12:25:56 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x1}, 0x10c, 0x7d6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) readv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/4089, 0xff9}], 0x1) r1 = accept4(r0, 0x0, &(0x7f0000000100), 0x80000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup(r2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) setsockopt$inet_group_source_req(r3, 0x0, 0x2f, &(0x7f00000002c0)={0x917, {{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e21, @empty}}}, 0x108) writev(r1, &(0x7f0000000200)=[{&(0x7f0000000140)="6d037aa660bf33652151a66a10fd1020df5c6d9a46ad1705b8fce37ada7e6191b83aa7b145baa870442d705e2bcb4e4bc637a7798d58464f1c37274623fb227d38a3ca104c11442e580d738ff338ab16b74b9e841546309af2752cec6b83a9eddf3a484eb1eb01626fb2fba4980d41d8669dff3d68382c62419f43fbf298b0210867a0a844d6737be28cedd89047a33e445ff58dc686d4677f3973", 0x9b}], 0x1) ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r4, 0x5000943f, &(0x7f0000001e00)={{r0}, 0x0, 0x1c, @unused=[0x2, 0x7f, 0x7fff, 0x3], @devid}) dup2(r0, r0) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)={0x3f}) 12:25:56 executing program 1: request_key(&(0x7f0000000000)='rxrpc_s\x00', &(0x7f0000000340)={'syz', 0x1}, &(0x7f00000003c0)='{-(\x00', 0xfffffffffffffffe) add_key$user(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x1}, &(0x7f0000000300)="a3", 0x1, 0xfffffffffffffffe) 12:25:56 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x9, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:25:56 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() setpriority(0x0, r1, 0x0) pidfd_open(0x0, 0x0) rt_sigqueueinfo(0x0, 0x28, &(0x7f00000000c0)={0x11, 0x1b0, 0x83e}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x34, 0x10, 0x1, 0x6, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @nested={0x15, 0x0, 0x0, 0x1, [@generic="487fec864b245e0f3f9be149f83265549b"]}]}, 0x34}}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000000), 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) fcntl$setstatus(0xffffffffffffffff, 0x4, 0xc00) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000600)={0xa, 0x4e20, 0xba3c, @loopback, 0x8}, 0x1c) r3 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000001340)=ANY=[@ANYBLOB, @ANYRES32]) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000005c0), 0xc, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYRESOCT, @ANYRES16=r3, @ANYBLOB="010029bd7000fcdbdf25040000004404004e24000014000300000000000000000000000000000000000c0007003000000004000000080005000400000008000b0e73697000060002005a00000038000280060002004e2100000800090000000000080006f54f00000014000100e000000200000000000000000000000008000900090000001c00038008000300000000000800010001000000080001000200000008000400200000004c000280080006000300000005000d00010000000800050005001c283171ff89dec201000800070086000000080009007c000000080004000900000006000f0002000078e00006000b000a00"], 0x100}, 0x1, 0x0, 0x0, 0x4804}, 0x44) sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x5c, r3, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xcd}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000840)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) unshare(0x48020200) [ 2837.730061] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2837.730061] program syz-executor.4 not setting count and/or reply_len properly [ 2837.741018] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2837.753140] audit: type=1326 audit(1708431957.000:352): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27076 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2837.764324] FAULT_INJECTION: forcing a failure. [ 2837.764324] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2837.766529] CPU: 1 PID: 27065 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2837.767785] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2837.769277] Call Trace: [ 2837.769769] dump_stack+0x107/0x167 [ 2837.770438] should_fail.cold+0x5/0xa [ 2837.771139] copy_page_from_iter+0x40a/0x900 [ 2837.771954] blk_rq_map_user_iov+0x138b/0x1a60 [ 2837.772796] ? perf_trace_lock+0xac/0x490 [ 2837.773558] ? __lockdep_reset_lock+0x180/0x180 [ 2837.774576] ? __lockdep_reset_lock+0x180/0x180 [ 2837.775411] ? blk_rq_unmap_user+0x750/0x750 [ 2837.776211] ? find_held_lock+0x2c/0x110 [ 2837.776951] ? sg_common_write.constprop.0+0x9b6/0x1a30 12:25:56 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:25:56 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(0x0, &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) [ 2837.777913] ? lock_downgrade+0x6d0/0x6d0 [ 2837.778734] ? import_single_range+0x24d/0x2e0 12:25:57 executing program 1: ioctl$CDROM_DISC_STATUS(0xffffffffffffffff, 0x5327) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) ioctl$BTRFS_IOC_START_SYNC(r2, 0x80089418, &(0x7f0000000200)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) getpeername(r0, 0x0, &(0x7f00000001c0)) connect$inet6(r0, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8000000005e, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x4}, 0x0, 0x9, 0xffffffffffffffff, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x400000000000095, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = dup(r4) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) sendmmsg$inet6(r5, &(0x7f0000000480)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8001}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000100)="3a0cc0ef900b89eb33c7ca25855a5eac0eaf5ef2b98db8f12a311fde996005536241ded736bfdb339504b295e133d025330b5f197660358541f1cd1e52db27be57b6117288edacc1c7e18a3885712abd4bf94b333ea2a093923a6d3f301743cbb310dfa8146aa6dc02c4c240ffdd27558cb2740d27c9697b67f479298fb905494120cd9a138d9d8488b8f1baad2581636a81653fef94f283f1b7523876f4e117cc7ab0a8e8af48ec7b0f193dcae9a77bdf8141a6123952", 0xb7}, {&(0x7f00000002c0)="0e77a8d091f0f7e805a4da7c7e2d3a05cb8314c8bad378a8ba00a0ebbd50b8d6fdacbbee7a17aa2183aa68025ced543568ec3e3eea75e1cfd323c4ae904d37d85cd087a3ee4662a368e29ce6273e28c1b3838337d3df1358845dba826d77e873a65df14e80c079d929d9d8fb26ca941cda8c76cfda0bba3858d96589877fec33d6ef781ff363a09e957cb10aa171b65919233d41fec82c5886e56d4b5a2dcb5abf3652b1c16c372441ebc3515d3af8c92d88b4728b0d7ae541af7701d6dd2b78292d74aa62a151a7e638", 0xca}], 0x2, &(0x7f00000003c0)=[@hopopts={{0x28, 0x29, 0x36, {0x2c, 0x2, '\x00', [@pad1, @jumbo={0xc2, 0x4, 0x7}, @ra={0x5, 0x2, 0x7}, @pad1]}}}, @pktinfo={{0x24, 0x29, 0x32, {@loopback, r3}}}, @hopopts={{0x60, 0x29, 0x36, {0x8, 0x8, '\x00', [@calipso={0x7, 0x10, {0x3, 0x2, 0x60, 0xba45, [0x3]}}, @hao={0xc9, 0x10, @private0}, @ra={0x5, 0x2, 0x4}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @pad1, @pad1, @enc_lim={0x4, 0x1, 0x68}, @ra]}}}], 0xb0}}], 0x1, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) [ 2837.779567] blk_rq_map_user+0x103/0x170 [ 2837.780356] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2837.781127] ? alloc_pages_current+0x18f/0x280 [ 2837.781882] ? sg_build_indirect.isra.0+0x448/0x710 [ 2837.782707] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2837.783572] ? sg_build_indirect.isra.0+0x710/0x710 [ 2837.784386] ? vprintk_func+0x93/0x140 [ 2837.785027] ? record_print_text.cold+0x16/0x16 [ 2837.785798] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2837.786615] ? trace_hardirqs_on+0x5b/0x180 [ 2837.787330] sg_write.part.0+0x69e/0xaa0 [ 2837.787997] ? sg_new_write.isra.0+0x770/0x770 [ 2837.788745] ? find_held_lock+0x2c/0x110 [ 2837.789508] ? __might_fault+0xd3/0x180 [ 2837.790158] ? lock_downgrade+0x6d0/0x6d0 [ 2837.790848] ? _cond_resched+0x12/0x80 [ 2837.791480] ? inode_security+0x107/0x140 [ 2837.792151] ? avc_policy_seqno+0x9/0x70 [ 2837.792810] ? selinux_file_permission+0x92/0x520 [ 2837.793607] ? security_file_permission+0x24e/0x570 [ 2837.794415] sg_write+0x87/0x120 [ 2837.794974] do_iter_write+0x482/0x670 [ 2837.795613] ? import_iovec+0x83/0xb0 [ 2837.796239] vfs_writev+0x1ae/0x620 [ 2837.796833] ? vfs_iter_write+0xa0/0xa0 [ 2837.797483] ? __fget_files+0x26d/0x4c0 [ 2837.798130] ? lock_downgrade+0x6d0/0x6d0 [ 2837.798798] ? find_held_lock+0x2c/0x110 [ 2837.799474] ? __fget_files+0x296/0x4c0 [ 2837.800132] ? __fget_light+0xea/0x290 [ 2837.800772] do_writev+0x139/0x300 [ 2837.801359] ? vfs_writev+0x620/0x620 [ 2837.801983] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2837.802830] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2837.803675] do_syscall_64+0x33/0x40 [ 2837.804279] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2837.805111] RIP: 0033:0x7f26a81efb19 [ 2837.805724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2837.808686] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2837.809924] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2837.811074] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2837.812221] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2837.813377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2837.814528] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2837.824817] EXT4-fs warning (device sda): verify_group_input:146: Cannot add at group 63 (only 16 groups) 12:25:57 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0xa, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2837.890608] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 12:25:57 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1c, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:25:57 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 55) 12:25:57 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), 0x0, 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:25:57 executing program 5: r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "f038779de021f8c8c974dd89170cf2579d1fa459ba726003d07140eeb342b87ae631f7a548867a29f29fd1637ddac658a709b49b093393d0e1c7391515c7ab7c"}, 0x48, 0xfffffffffffffffe) r2 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "f038779de021f8c8c974dd89170cf2579d1fa459ba726003d07140eeb342b87ae631f7a548867a29f29fd1637ddac658a709b49b093393d0e1c7391515c7ab7c"}, 0x48, 0xfffffffffffffffe) keyctl$chown(0x4, r2, 0xee01, 0x0) keyctl$setperm(0x5, r2, 0x16020228) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000000)='.request_key_auth\x00', &(0x7f0000000040)=@keyring={'key_or_keyring:', r2}) keyctl$chown(0x4, r1, 0xee01, 0x0) keyctl$setperm(0x5, r1, 0x16020228) add_key(&(0x7f00000000c0)='dns_resolver\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000340)="a407c3efc1edfab7037255db440500824001767ee5522ccc6b4a4c358e2f414cae835269010f99ea715085731fa8ad0600", 0x31, r1) [ 2838.030745] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2838.030745] program syz-executor.4 not setting count and/or reply_len properly [ 2838.039389] FAULT_INJECTION: forcing a failure. [ 2838.039389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2838.040514] CPU: 0 PID: 27200 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2838.041130] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2838.041878] Call Trace: [ 2838.042117] dump_stack+0x107/0x167 [ 2838.042444] should_fail.cold+0x5/0xa [ 2838.042790] copy_page_from_iter+0x40a/0x900 [ 2838.043191] blk_rq_map_user_iov+0x138b/0x1a60 [ 2838.043611] ? perf_trace_lock+0xac/0x490 [ 2838.043982] ? __lockdep_reset_lock+0x180/0x180 [ 2838.044403] ? __lockdep_reset_lock+0x180/0x180 [ 2838.044816] ? blk_rq_unmap_user+0x750/0x750 [ 2838.045215] ? find_held_lock+0x2c/0x110 [ 2838.045591] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2838.046063] ? lock_downgrade+0x6d0/0x6d0 [ 2838.046430] ? import_single_range+0x24d/0x2e0 [ 2838.046843] blk_rq_map_user+0x103/0x170 [ 2838.047210] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2838.047637] ? alloc_pages_current+0x18f/0x280 [ 2838.048054] ? sg_build_indirect.isra.0+0x448/0x710 [ 2838.048504] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2838.048989] ? sg_build_indirect.isra.0+0x710/0x710 [ 2838.049451] ? vprintk_func+0x93/0x140 [ 2838.049814] ? record_print_text.cold+0x16/0x16 [ 2838.050243] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2838.050704] ? trace_hardirqs_on+0x5b/0x180 [ 2838.051106] sg_write.part.0+0x69e/0xaa0 [ 2838.051484] ? sg_new_write.isra.0+0x770/0x770 [ 2838.051897] ? find_held_lock+0x2c/0x110 [ 2838.052269] ? __might_fault+0xd3/0x180 [ 2838.052629] ? lock_downgrade+0x6d0/0x6d0 [ 2838.053015] ? _cond_resched+0x12/0x80 [ 2838.053378] ? inode_security+0x107/0x140 [ 2838.053756] ? avc_policy_seqno+0x9/0x70 [ 2838.054126] ? selinux_file_permission+0x92/0x520 [ 2838.054573] ? security_file_permission+0x24e/0x570 [ 2838.055024] sg_write+0x87/0x120 [ 2838.055339] do_iter_write+0x482/0x670 [ 2838.055695] ? import_iovec+0x83/0xb0 [ 2838.056042] vfs_writev+0x1ae/0x620 [ 2838.056378] ? vfs_iter_write+0xa0/0xa0 [ 2838.056740] ? __fget_files+0x26d/0x4c0 [ 2838.057100] ? lock_downgrade+0x6d0/0x6d0 [ 2838.057488] ? find_held_lock+0x2c/0x110 [ 2838.057863] ? __fget_files+0x296/0x4c0 [ 2838.058227] ? __fget_light+0xea/0x290 [ 2838.058586] do_writev+0x139/0x300 [ 2838.058908] ? vfs_writev+0x620/0x620 [ 2838.059252] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2838.059727] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2838.060204] do_syscall_64+0x33/0x40 [ 2838.060542] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2838.061008] RIP: 0033:0x7f26a81efb19 [ 2838.061356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2838.063010] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2838.063701] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2838.064345] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2838.064982] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2838.065636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2838.066418] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:25:57 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() setpriority(0x0, r1, 0x0) pidfd_open(0x0, 0x0) rt_sigqueueinfo(0x0, 0x28, &(0x7f00000000c0)={0x11, 0x1b0, 0x83e}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x34, 0x10, 0x1, 0x6, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @nested={0x15, 0x0, 0x0, 0x1, [@generic="487fec864b245e0f3f9be149f83265549b"]}]}, 0x34}}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000000), 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) fcntl$setstatus(0xffffffffffffffff, 0x4, 0xc00) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000600)={0xa, 0x4e20, 0xba3c, @loopback, 0x8}, 0x1c) r3 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000001340)=ANY=[@ANYBLOB, @ANYRES32]) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000005c0), 0xc, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYRESOCT, @ANYRES16=r3, @ANYBLOB="010029bd7000fcdbdf25040000004404004e24000014000300000000000000000000000000000000000c0007003000000004000000080005000400000008000b0e73697000060002005a00000038000280060002004e2100000800090000000000080006f54f00000014000100e000000200000000000000000000000008000900090000001c00038008000300000000000800010001000000080001000200000008000400200000004c000280080006000300000005000d00010000000800050005001c283171ff89dec201000800070086000000080009007c000000080004000900000006000f0002000078e00006000b000a00"], 0x100}, 0x1, 0x0, 0x0, 0x4804}, 0x44) sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x5c, r3, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xcd}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000840)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) unshare(0x48020200) [ 2838.130311] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2838.586039] audit: type=1326 audit(1708431957.834:353): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27076 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:26:13 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x700000000000000, 0x0, 0x0) 12:26:13 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x300, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:26:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES64, @ANYRESHEX=r2, @ANYRES32=r1, @ANYBLOB="0c002c800800000000000000"], 0x28}}, 0x48001) 12:26:13 executing program 5: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x8100}, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x0, 0x1, 0x6, 0x0, 0x0, 0x40021, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_config_ext={0x0, 0x4}, 0x27, 0xf9, 0x280e, 0x8, 0x6, 0xa0f, 0x7fff, 0x0, 0x200001ff, 0x0, 0xff}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x0) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x5, "f31a0000434ef9bab774bdcab95c000d00"}) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KIOCSOUND(r0, 0x4b2f, 0x1) ioctl$KDSETMODE(r0, 0x4b3a, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r1, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = socket$inet(0x2, 0xa, 0xff7ffffd) r4 = syz_open_dev$vcsa(0x0, 0xe11, 0x4000) ioctl$SNAPSHOT_UNFREEZE(r3, 0x3302) r5 = signalfd4(r2, &(0x7f0000000040)={[0xfa]}, 0x8, 0x0) ioctl$sock_inet_SIOCDARP(r5, 0x8953, &(0x7f0000000180)={{0x2, 0x4e24, @private=0xa010101}, {0x6, @multicast}, 0x0, {0x2, 0x4e23, @remote}, 'netdevsim0\x00'}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000240)={'wg2\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={&(0x7f00000000c0), 0xa}, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, 0x8000}, 0x0, 0x1000000e, 0xffffffffffffffff, 0x0) ioctl$PIO_UNISCRNMAP(r2, 0x4b6a, &(0x7f0000000280)="9f99506c9241f7ada3c35b733bc5fa6f8db58e030bb6688ddbe99e025f910d0f4f5fa28b77d8a2a891eccacaec808656a09268b59e09606840d8c75c8f09d0677857ec9c6fa552be631103b4b52ff8a2127b1b26c340367acec4a6be6b66c6b16736068fb5cb328702db55b14c6d24914bf60d864eb3cde96d2747f9e38fb82cbbdba982da786653b1d99bf7f73b1f9683805caac4c61fdd9a287054c01f2f046831a63a19b04a117cd85880c21f1394035e4af6fb16607154c77de27fd2") dup3(r3, r1, 0x0) 12:26:13 executing program 1: io_setup(0x5, &(0x7f0000000080)=0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r4, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r2) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = dup(r5) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r7 = openat(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x220000, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = dup(r8) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) io_submit(0x0, 0x9, &(0x7f0000000900)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd, 0x0, r1, &(0x7f0000000040)="7ab94ed875614f14ef3ee89b74cc35d30cc38764c533975dbe8baccdfa23612869f4838a408da714df02dcaa9a97fa3bccb8eeb263e664c9a92202f2828f96", 0x3f, 0x6bf, 0x0, 0x2}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3, 0x6, 0xffffffffffffffff, &(0x7f0000000200)="cdc8e006181b63910d82a6105b68359ca882b27837a3c78c4f88ebed87c92754456f9a3b1e8d78f0e223ad348ba7604dae1f9a5eae65276af83e7f5d7818b40b589807c59164594bedfd4a9befc2d466e49182e1468d573221d4d3bb61780d827378347856778195fd20b78d1e2609b5d587e13646ac0d3ed1b1ff2009c42c84178661e05133cb1c4d04a530b092e4a44c84012bdf3ab3367f3e8d22edb138327bb682e87784d310bb83c735a993ab5171774e5a75bf5971a616", 0xba, 0x8, 0x0, 0x2}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3, 0x6, r1, &(0x7f00000002c0)="5d8cf8e7b352b2c81cdebe0648189efb37186c2b3ffdd321fd48e0ae3b19911f4841ac7755f43d8e9944164addee8243f61e287f22a6453afb66a4df4470ce7d2e6d2f0fc840b38f34b263b708fa0626eb4810ad6fb5ee6d44664e905be6609e5f7f35cc3e4255210e5c5d92583f51b569d3527652f807ac0eb7ea00453029c3aaedbfad", 0x84, 0xdfa, 0x0, 0x2}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x5, 0x2, r1, &(0x7f0000000380)="e1147c8ccb0e6e611efba26724bba252e72d64f0f8384d6d51b49021ae47285a873f2c55c2b91513fbbd698fc09040344f64fd1ab0136f3e6e", 0x39, 0x800, 0x0, 0x0, r2}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x5, 0x9, r3, &(0x7f0000000400)="0c90fa0138eb23c498d1de97ebb743a174d24cf95b992649e223be6840695badffe3e83c9741907786ddaa60737165d8917593100cfe4be2f4c1bbbf0f908a674865d33d2ca90f7093f676964e5f2d315140d54b420f7bec6e27bf410eff78f233502aef0aae5f4a5a65b9d8f70dd8bd6f700acb9ecf1ad8a26c95c294e7519dfd1998219986dd11f1758b6246cbbf434b4dc1866fbe1e193832e36fd8a97fdac5d3ff758ed31e96baf142285066713348b4df3596e9ff52e14e9b822ef2abe8abc5a16d17f3b12679664570e4e96c9000aa7f8b46e31d5d35ccb2df7bfd3b86256c93216ca4f67aa90e78f7", 0xec, 0x7, 0x0, 0x1}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x5, 0x7, r4, &(0x7f0000000540)="feede239374c257658628ec2098f10993da307a242fcad99a876db33ee5dd8000833ac3f495c42bf86bb6715d4246b6cfc2dc4cb1ce4698f9a8ca3d1e358dfc1fe16868e06267343", 0x48, 0x1, 0x0, 0x3, r6}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x8, 0x6, r7, &(0x7f0000000640)="e503fe2b1f4b34f206986e50224fb2ad1841101829872ef974bae03df9ebd4c1a062c309de58a187614ee2caf076d4eaed9730b14bc14bb682c551c94fb8915a3eddb353a88de19a49a2fcf256fdf0572a5d1cf659894e1ee11d4f75f4878956355903d8c59e3368edca45a50f1666d165da45a31275eb82cf5aff1ef9bc05f10cadad480794a345b15c248ba42a151e9ac2a7c4614193974c2d862533e3cbded3c47ba0e140", 0xa6, 0x4, 0x0, 0x2, r9}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x5, 0xf029, r1, &(0x7f0000000740)="11a4d44ea3d2d3f1a8d661b4397f3887b3ef835cc5d1931545f88db6799f32adb79961bd039f7eaa0d52ac994119b78bcf851469c9bfbc800663b1a2be9c3f6f045d2d298af757366c8c", 0x4a, 0x3f, 0x0, 0x2}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x3, 0x88, r10, &(0x7f0000000800)="df0ae9644c07b4783f7b173f5124e74583a4c2fe31e2607ea2ec96b6cc18aa22de447867c985305062bc5b155457adb2f75ba0e21bef815da868343857f290240d986b2855bb10e859ab7c936ca76fc5321564984596dc83d38fc2518262936a74fad272a2b3cb4d37e260e61ccdf845b17bf82bc7c07c1642f8c3f68688bab55d9d0748939ec6d888cc5f7fe01efa51e2d259bab2904568008043b6111340db6a11821e709a", 0xa6, 0x100, 0x0, 0x3}]) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x4}]) [ 2854.486669] audit: type=1326 audit(1708431973.734:354): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27311 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:26:13 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 56) 12:26:13 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), 0x0, 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:26:13 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7", 0x31, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2854.501171] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2854.501171] program syz-executor.4 not setting count and/or reply_len properly [ 2854.512567] FAULT_INJECTION: forcing a failure. [ 2854.512567] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2854.514741] CPU: 0 PID: 27320 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2854.515985] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2854.517444] Call Trace: [ 2854.517919] dump_stack+0x107/0x167 [ 2854.518570] should_fail.cold+0x5/0xa [ 2854.519263] copy_page_from_iter+0x40a/0x900 [ 2854.520071] blk_rq_map_user_iov+0x138b/0x1a60 [ 2854.520894] ? perf_trace_lock+0xac/0x490 [ 2854.521645] ? __lockdep_reset_lock+0x180/0x180 [ 2854.522479] ? __lockdep_reset_lock+0x180/0x180 [ 2854.523304] ? blk_rq_unmap_user+0x750/0x750 [ 2854.524084] ? find_held_lock+0x2c/0x110 [ 2854.524814] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2854.525788] ? lock_downgrade+0x6d0/0x6d0 [ 2854.526508] ? import_single_range+0x24d/0x2e0 [ 2854.527312] blk_rq_map_user+0x103/0x170 [ 2854.528043] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2854.528912] ? alloc_pages_current+0x18f/0x280 [ 2854.529743] ? sg_build_indirect.isra.0+0x448/0x710 [ 2854.530634] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2854.531568] ? sg_build_indirect.isra.0+0x710/0x710 [ 2854.532468] ? vprintk_func+0x93/0x140 [ 2854.533169] ? record_print_text.cold+0x16/0x16 [ 2854.534008] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2854.534891] ? trace_hardirqs_on+0x5b/0x180 [ 2854.535665] sg_write.part.0+0x69e/0xaa0 [ 2854.536403] ? sg_new_write.isra.0+0x770/0x770 [ 2854.537217] ? find_held_lock+0x2c/0x110 [ 2854.537954] ? __might_fault+0xd3/0x180 [ 2854.538681] ? lock_downgrade+0x6d0/0x6d0 [ 2854.539430] ? _cond_resched+0x12/0x80 [ 2854.540117] ? inode_security+0x107/0x140 [ 2854.540867] ? avc_policy_seqno+0x9/0x70 [ 2854.541617] ? selinux_file_permission+0x92/0x520 [ 2854.542477] ? security_file_permission+0x24e/0x570 [ 2854.543370] sg_write+0x87/0x120 [ 2854.543991] do_iter_write+0x482/0x670 [ 2854.544715] ? import_iovec+0x83/0xb0 [ 2854.545413] vfs_writev+0x1ae/0x620 [ 2854.546090] ? vfs_iter_write+0xa0/0xa0 [ 2854.546806] ? __fget_files+0x26d/0x4c0 [ 2854.547508] ? lock_downgrade+0x6d0/0x6d0 [ 2854.548238] ? find_held_lock+0x2c/0x110 [ 2854.548969] ? __fget_files+0x296/0x4c0 [ 2854.549709] ? __fget_light+0xea/0x290 [ 2854.550399] do_writev+0x139/0x300 [ 2854.551032] ? vfs_writev+0x620/0x620 [ 2854.551711] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2854.552627] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2854.553568] do_syscall_64+0x33/0x40 [ 2854.554228] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2854.555125] RIP: 0033:0x7f26a81efb19 [ 2854.555776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2854.558978] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2854.560311] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2854.561562] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2854.562803] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2854.564050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2854.565300] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:26:13 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:26:13 executing program 3: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) openat$zero(0xffffffffffffff9c, &(0x7f0000000300), 0x90101, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat2(r0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x444002, 0x2}, 0x18) utimes(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={{}, {0x77359400}}) mount$tmpfs(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x100cc28, &(0x7f00000005c0)={[{@huge_never}, {@huge_never}, {@huge_advise}, {@nr_blocks={'nr_blocks', 0x3d, [0x78, 0x74, 0x32, 0x36]}}, {@huge_advise}, {@size={'size', 0x3d, [0x30, 0x31, 0x30]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x34, 0x35]}}], [{@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@subj_type={'subj_type', 0x3d, '\x00'}}, {@subj_role={'subj_role', 0x3d, '$'}}, {@subj_role}, {@subj_user}, {@pcr={'pcr', 0x3d, 0x2f}}]}) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000280), 0x561001, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r2, {0x4}}, './file0\x00'}) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x8) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @local}, {0x0, @link_local}, 0x28, {0x2, 0x0, @empty}}) r3 = socket$inet(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @local}, {0x0, @link_local}, 0x28, {0x2, 0x0, @empty}}) bind(0xffffffffffffffff, &(0x7f00000004c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e20, 0x800, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}}}, 0x80) fsmount(r1, 0x1, 0x4) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000001c00)) mount$cgroup(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x2832020, &(0x7f0000000400)=ANY=[@ANYBLOB="6e616d653d2f6465762f736e617c16b8aa5e777076af2db2d1ba948e9ce65873686f74002c6370757365745f76325f6d6f64652c616c6c2c6e6f6e652c6370757365745f76325f6d6f64652c78617474722c6e6f7072656669782c636c6f6e655f6368696c6472656e2c68756765746c622c666465762f7a65726f002c736d61636b6673666c6f6f72"]) 12:26:13 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7", 0x31, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:26:13 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 57) 12:26:13 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), 0x0, 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) [ 2854.750064] cgroup: Invalid name [ 2854.761331] cgroup: Unknown subsys name 'huge' 12:26:14 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001600)=ANY=[@ANYRESDEC=r0, @ANYRES32=0x0, @ANYBLOB="b4d36682858956d0bfbfc5b2a91578a2f9711f19d6b97a87e500ca83010100008ffba59aeeb1b412c80ee8717504593c1edded0f48839f932519cb95daded9b45f41a941701b51bdcf872a5a35a9a379cb5f79c654c56fd6ab58f46a36d2a03f5455905eb54893a18f8432e847ac42494865e0f0b22b98ba207f0fca0d029c57b1ccc67e969d496b6c8f3be2de5a3aac6546ec866a03b2ab8bdf160d3dc6275f5c558df5a028769895c5ae95048888e40000"], 0x24}, 0x1, 0x0, 0x0, 0x2404c080}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) tkill(0x0, 0x34) preadv(r1, &(0x7f0000001540)=[{&(0x7f00000002c0)=""/239, 0xef}, {&(0x7f0000000000)=""/177, 0xb1}, {&(0x7f00000001c0)=""/21, 0x15}, {&(0x7f0000000200)=""/43, 0x2b}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/189, 0xbd}, {&(0x7f0000001480)=""/157, 0x9d}, {&(0x7f0000000240)=""/44, 0x2c}, {&(0x7f0000001e00)=""/4096, 0x1000}], 0x9, 0x2, 0x3) r2 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x0, 0x2}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000340), 0x4000000000000032) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001600), 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x10) pwrite64(r5, &(0x7f0000000200)="1eecd93735c44fb403292adf1183b1b37359fc5d952f72f57313fc71da00043824a7a91b66e3c15e690475706eacaa2a11516f6bdae1719641e9ca9ac07109a1c771750aea11c86edd4a2fe38badde5b051700e793ededbbc3e9658668347430b90c87a15deeaa274587570734535ff56936598d90b1bb184947987611e123040b62e1b5021d19c2e5c200"/150, 0x96, 0x0) dup3(r5, 0xffffffffffffffff, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x12, r5, 0x8000000) syz_io_uring_submit(r6, 0x0, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x400e, @fd=r3, 0x2, 0x3, 0x4, 0x0, 0x1, {0x3, r4}}, 0x7) syz_io_uring_submit(0x0, 0x0, &(0x7f0000001780)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)=0x80, &(0x7f0000001700)=@pppol2tpv3, 0x0, 0x800, 0x1, {0x0, r4}}, 0x1) [ 2854.793384] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2854.793384] program syz-executor.4 not setting count and/or reply_len properly 12:26:14 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x2, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2854.802012] cgroup: Invalid name [ 2854.813460] FAULT_INJECTION: forcing a failure. [ 2854.813460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2854.815514] CPU: 1 PID: 27514 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2854.816677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2854.818071] Call Trace: [ 2854.818529] dump_stack+0x107/0x167 [ 2854.819158] should_fail.cold+0x5/0xa [ 2854.819809] copy_page_from_iter+0x40a/0x900 [ 2854.820566] blk_rq_map_user_iov+0x138b/0x1a60 [ 2854.821348] ? perf_trace_lock+0xac/0x490 [ 2854.822059] ? __lockdep_reset_lock+0x180/0x180 [ 2854.822852] ? __lockdep_reset_lock+0x180/0x180 [ 2854.823639] ? blk_rq_unmap_user+0x750/0x750 [ 2854.824389] ? find_held_lock+0x2c/0x110 [ 2854.825082] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2854.825965] ? lock_downgrade+0x6d0/0x6d0 [ 2854.826669] ? import_single_range+0x24d/0x2e0 [ 2854.827431] blk_rq_map_user+0x103/0x170 [ 2854.828120] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2854.828923] ? alloc_pages_current+0x18f/0x280 [ 2854.829711] ? sg_build_indirect.isra.0+0x448/0x710 [ 2854.830581] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2854.831482] ? sg_build_indirect.isra.0+0x710/0x710 [ 2854.832329] ? vprintk_func+0x93/0x140 [ 2854.832994] ? record_print_text.cold+0x16/0x16 [ 2854.833796] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2854.834662] ? trace_hardirqs_on+0x5b/0x180 [ 2854.835413] sg_write.part.0+0x69e/0xaa0 [ 2854.836102] ? sg_new_write.isra.0+0x770/0x770 [ 2854.836881] ? find_held_lock+0x2c/0x110 [ 2854.837577] ? __might_fault+0xd3/0x180 [ 2854.838269] ? lock_downgrade+0x6d0/0x6d0 [ 2854.838992] ? _cond_resched+0x12/0x80 [ 2854.839652] ? inode_security+0x107/0x140 [ 2854.840370] ? avc_policy_seqno+0x9/0x70 [ 2854.841066] ? selinux_file_permission+0x92/0x520 [ 2854.841833] ? security_file_permission+0x24e/0x570 [ 2854.842599] sg_write+0x87/0x120 [ 2854.843117] do_iter_write+0x482/0x670 [ 2854.843714] ? import_iovec+0x83/0xb0 [ 2854.844299] vfs_writev+0x1ae/0x620 [ 2854.844868] ? vfs_iter_write+0xa0/0xa0 [ 2854.845447] ? __fget_files+0x26d/0x4c0 [ 2854.846081] ? lock_downgrade+0x6d0/0x6d0 [ 2854.846718] ? find_held_lock+0x2c/0x110 [ 2854.847350] ? __fget_files+0x296/0x4c0 [ 2854.847968] ? __fget_light+0xea/0x290 [ 2854.848564] do_writev+0x139/0x300 [ 2854.849090] ? vfs_writev+0x620/0x620 [ 2854.849678] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2854.850468] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2854.851272] do_syscall_64+0x33/0x40 [ 2854.851848] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2854.852630] RIP: 0033:0x7f26a81efb19 [ 2854.853197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2854.855975] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2854.857136] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2854.858229] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2854.859301] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2854.860380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2854.861465] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:26:14 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7", 0x31, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:26:29 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 58) 12:26:29 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x3, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:26:29 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) fallocate(r3, 0x10, 0x0, 0x5) fsetxattr$trusted_overlay_opaque(r3, &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x2) dup2(r3, r0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x0) 12:26:29 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f0000001500)=[{&(0x7f0000000140)="1f", 0x1}], 0x1, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r1, &(0x7f0000000140)={0x1f, 0x0, @none, 0x0, 0x7}, 0xe) bind$bt_l2cap(r1, 0x0, 0x0) io_setup(0x3, &(0x7f0000000040)=0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r3, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) r4 = syz_open_dev$mouse(&(0x7f0000000300), 0x3, 0x49002) r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x20000, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = dup(r6) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) io_submit(r2, 0x4, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x5, r1, &(0x7f0000000080)="d8b79686ba72d2a1c02a0eb3c3761190090ac219c5", 0x15, 0x1ff, 0x0, 0x1}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xf, 0x5, r3, &(0x7f00000001c0)="2604ff11e6f4992556755ea4d23790ef185188b85c01880d58882d21a61f97dee45fb403a05c6b36efed8d7566f144b60b9f5bfa99066ad7cc22efc81949ec8ca5762d486b1c232aa12c01b1bd5f758789117d5efb10b833541fd5c8fcb22e28", 0x60, 0x800, 0x0, 0x1, r0}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x3, 0x3f, r1, &(0x7f0000000280)="6e13f5e5a37645db20b524143c41ff7d8cb79bc61ea28d2fb738c19093809942aed4d50cfce93a92b88823c754e90f3ccf042cbbac26ad573c500d6ba1452fb1986c164161f64d3218fc84eecd846c15dc02fead96af8eb3b2ffe48af158ddfb58d85d2ac13279cbcbfec9aee451d29e18e58860698a", 0x76, 0x1, 0x0, 0x0, r4}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x7f, r5, &(0x7f00000003c0)="8c86d77756545ca1a2020c8b", 0xc, 0x8, 0x0, 0x3, r7}]) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x8020}) close(r0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, &(0x7f00000000c0)) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000001540)=[0x0]) 12:26:29 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2fe1, 0x0) r0 = getpgrp(0x0) pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000000080)={0x5, 0x80, 0xfc, 0x4, 0xf8, 0x9, 0x0, 0x10000000000000, 0x240, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7ff, 0x4, @perf_config_ext={0x6, 0x1}, 0x10008, 0x2, 0xf8, 0x7, 0xf51d, 0x6, 0x43, 0x0, 0xfffffc0b, 0x0, 0x20}, r0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) lseek(r1, 0xfffffffffffff014, 0x1) 12:26:29 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:26:29 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x800000000000000, 0x0, 0x0) 12:26:29 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000", 0x4a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2869.912351] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2869.912351] program syz-executor.4 not setting count and/or reply_len properly [ 2869.914685] FAULT_INJECTION: forcing a failure. [ 2869.914685] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2869.915940] CPU: 1 PID: 27660 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2869.916679] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2869.917555] Call Trace: [ 2869.917853] dump_stack+0x107/0x167 [ 2869.918249] should_fail.cold+0x5/0xa [ 2869.918664] copy_page_from_iter+0x40a/0x900 [ 2869.919151] blk_rq_map_user_iov+0x138b/0x1a60 [ 2869.919659] ? perf_trace_lock+0xac/0x490 [ 2869.920098] ? __lockdep_reset_lock+0x180/0x180 [ 2869.920609] ? __lockdep_reset_lock+0x180/0x180 [ 2869.921097] ? blk_rq_unmap_user+0x750/0x750 [ 2869.921585] ? find_held_lock+0x2c/0x110 [ 2869.922062] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2869.922641] ? lock_downgrade+0x6d0/0x6d0 [ 2869.923089] ? import_single_range+0x24d/0x2e0 [ 2869.923587] blk_rq_map_user+0x103/0x170 [ 2869.924022] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2869.924530] ? alloc_pages_current+0x18f/0x280 [ 2869.925020] ? sg_build_indirect.isra.0+0x448/0x710 [ 2869.925563] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2869.926124] ? sg_build_indirect.isra.0+0x710/0x710 [ 2869.926661] ? vprintk_func+0x93/0x140 [ 2869.927089] ? record_print_text.cold+0x16/0x16 [ 2869.927108] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2869.927119] ? trace_hardirqs_on+0x5b/0x180 [ 2869.927143] sg_write.part.0+0x69e/0xaa0 [ 2869.927159] ? sg_new_write.isra.0+0x770/0x770 [ 2869.927178] ? find_held_lock+0x2c/0x110 [ 2869.927197] ? __might_fault+0xd3/0x180 [ 2869.927210] ? lock_downgrade+0x6d0/0x6d0 [ 2869.927234] ? _cond_resched+0x12/0x80 [ 2869.927247] ? inode_security+0x107/0x140 [ 2869.927260] ? avc_policy_seqno+0x9/0x70 [ 2869.927272] ? selinux_file_permission+0x92/0x520 [ 2869.927291] ? security_file_permission+0x24e/0x570 [ 2869.927308] sg_write+0x87/0x120 [ 2869.927324] do_iter_write+0x482/0x670 [ 2869.927341] ? import_iovec+0x83/0xb0 [ 2869.927358] vfs_writev+0x1ae/0x620 [ 2869.927373] ? vfs_iter_write+0xa0/0xa0 [ 2869.927385] ? __fget_files+0x26d/0x4c0 [ 2869.927400] ? lock_downgrade+0x6d0/0x6d0 [ 2869.927410] ? find_held_lock+0x2c/0x110 [ 2869.927434] ? __fget_files+0x296/0x4c0 [ 2869.927457] ? __fget_light+0xea/0x290 [ 2869.927474] do_writev+0x139/0x300 [ 2869.927488] ? vfs_writev+0x620/0x620 [ 2869.927505] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2869.927518] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2869.927536] do_syscall_64+0x33/0x40 [ 2869.927548] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2869.927557] RIP: 0033:0x7f26a81efb19 [ 2869.927570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2869.927578] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2869.927593] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2869.927601] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2869.927609] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2869.927617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2869.927625] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2869.929398] audit: type=1326 audit(1708431989.165:355): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27670 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:26:29 executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7", 0x31, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:26:29 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 59) 12:26:29 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x4, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2870.082891] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2870.082891] program syz-executor.4 not setting count and/or reply_len properly [ 2870.084963] FAULT_INJECTION: forcing a failure. [ 2870.084963] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2870.086207] CPU: 1 PID: 27699 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2870.086894] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2870.087684] Call Trace: [ 2870.087947] dump_stack+0x107/0x167 [ 2870.088314] should_fail.cold+0x5/0xa [ 2870.088698] copy_page_from_iter+0x40a/0x900 [ 2870.089140] blk_rq_map_user_iov+0x138b/0x1a60 [ 2870.089599] ? perf_trace_lock+0xac/0x490 [ 2870.090046] ? __lockdep_reset_lock+0x180/0x180 [ 2870.090514] ? __lockdep_reset_lock+0x180/0x180 [ 2870.090971] ? blk_rq_unmap_user+0x750/0x750 [ 2870.091408] ? find_held_lock+0x2c/0x110 [ 2870.091821] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2870.092343] ? lock_downgrade+0x6d0/0x6d0 [ 2870.092749] ? import_single_range+0x24d/0x2e0 [ 2870.093204] blk_rq_map_user+0x103/0x170 [ 2870.093608] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2870.094086] ? alloc_pages_current+0x18f/0x280 [ 2870.094539] ? sg_build_indirect.isra.0+0x448/0x710 [ 2870.095039] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2870.095561] ? sg_build_indirect.isra.0+0x710/0x710 [ 2870.096062] ? vprintk_func+0x93/0x140 [ 2870.096445] ? record_print_text.cold+0x16/0x16 [ 2870.096911] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2870.097402] ? trace_hardirqs_on+0x5b/0x180 [ 2870.097827] sg_write.part.0+0x69e/0xaa0 [ 2870.098242] ? sg_new_write.isra.0+0x770/0x770 [ 2870.098700] ? find_held_lock+0x2c/0x110 [ 2870.099111] ? __might_fault+0xd3/0x180 [ 2870.099503] ? lock_downgrade+0x6d0/0x6d0 [ 2870.099921] ? _cond_resched+0x12/0x80 [ 2870.100309] ? inode_security+0x107/0x140 [ 2870.100720] ? avc_policy_seqno+0x9/0x70 [ 2870.101122] ? selinux_file_permission+0x92/0x520 [ 2870.101607] ? security_file_permission+0x24e/0x570 [ 2870.102114] sg_write+0x87/0x120 [ 2870.102452] do_iter_write+0x482/0x670 [ 2870.102839] ? import_iovec+0x83/0xb0 [ 2870.103218] vfs_writev+0x1ae/0x620 [ 2870.103578] ? vfs_iter_write+0xa0/0xa0 [ 2870.103965] ? __fget_files+0x26d/0x4c0 [ 2870.104354] ? lock_downgrade+0x6d0/0x6d0 [ 2870.104762] ? find_held_lock+0x2c/0x110 [ 2870.105171] ? __fget_files+0x296/0x4c0 [ 2870.105568] ? __fget_light+0xea/0x290 [ 2870.105962] do_writev+0x139/0x300 [ 2870.106305] ? vfs_writev+0x620/0x620 [ 2870.106688] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2870.107206] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2870.107717] do_syscall_64+0x33/0x40 [ 2870.108086] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2870.108580] RIP: 0033:0x7f26a81efb19 [ 2870.108944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2870.110698] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2870.111424] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2870.112083] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2870.112746] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2870.113405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2870.114079] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:26:29 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x0, 0x9}]}) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x0) eventfd(0x4) r0 = syz_io_uring_setup(0x1168, &(0x7f00000002c0)={0x0, 0x616e, 0x8, 0x3, 0x3b8}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000340), &(0x7f0000000380)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x5d7a, 0x905, 0x2, &(0x7f00000000c0)={[0x7]}, 0x8) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r3, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) getsockname(r3, &(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, &(0x7f00000001c0)=0x80) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f0000000140)={[{@noacl}]}) 12:26:29 executing program 3: fsetxattr$security_capability(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f00000002c0)=@v3={0x3000000, [{0x4, 0x8b5}, {0x5, 0x1}]}, 0x18, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = dup2(r3, r2) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="017d3fd0f34d2a171ffeb74ec1650072"]) r6 = syz_genetlink_get_family_id$batadv(0x0, r4) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r5, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r6, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0xfec6, 0x39, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x200000c0}, 0x14050884) r7 = socket$packet(0x11, 0x3, 0x300) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000100)={r9, 0x3, 0x6}, 0x10) setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000080)={r9, 0x1, 0x6, @dev}, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r6, 0x2, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x24040010}, 0x40040) perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x5f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x7fffffff, 0x13c2}, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0x0, r0, 0x1) r10 = fcntl$dupfd(r7, 0x406, r1) perf_event_open(&(0x7f0000000500)={0x6, 0x80, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x22}, 0x0, 0x0, r10, 0x0) clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:26:29 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:26:29 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000", 0x4a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:26:29 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x5, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2870.249067] device lo entered promiscuous mode 12:26:29 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 60) [ 2870.265087] EXT4-fs (loop5): Mount option "noacl" will be removed by 3.5 [ 2870.265087] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 2870.265087] 12:26:29 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000800)=[{&(0x7f0000010600)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d002000200020002000200020002000200020002000200000000000000000bf000000000000bf25", 0x59, 0x8800}], 0x0, &(0x7f0000000080)) setxattr$incfs_id(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000140)={'0000000000000000000000000000000', 0x32}, 0x20, 0x0) 12:26:29 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000", 0x4a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2870.354273] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2870.354273] program syz-executor.4 not setting count and/or reply_len properly [ 2870.359265] FAULT_INJECTION: forcing a failure. [ 2870.359265] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2870.360290] CPU: 1 PID: 27810 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2870.360865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2870.361550] Call Trace: [ 2870.361809] dump_stack+0x107/0x167 [ 2870.362121] should_fail.cold+0x5/0xa [ 2870.362467] copy_page_from_iter+0x40a/0x900 [ 2870.362862] blk_rq_map_user_iov+0x138b/0x1a60 [ 2870.363275] ? perf_trace_lock+0xac/0x490 [ 2870.363632] ? __lockdep_reset_lock+0x180/0x180 [ 2870.363903] EXT4-fs (loop5): mounted filesystem without journal. Opts: noacl,,errors=continue [ 2870.364037] ? __lockdep_reset_lock+0x180/0x180 [ 2870.366040] ? blk_rq_unmap_user+0x750/0x750 [ 2870.366406] ? find_held_lock+0x2c/0x110 [ 2870.366752] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2870.367198] ? lock_downgrade+0x6d0/0x6d0 [ 2870.367539] ? import_single_range+0x24d/0x2e0 [ 2870.367915] blk_rq_map_user+0x103/0x170 [ 2870.368249] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2870.368663] ? alloc_pages_current+0x18f/0x280 [ 2870.369057] ? sg_build_indirect.isra.0+0x448/0x710 [ 2870.369485] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2870.369931] ? sg_build_indirect.isra.0+0x710/0x710 [ 2870.370371] ? vprintk_func+0x93/0x140 [ 2870.370700] ? record_print_text.cold+0x16/0x16 [ 2870.371090] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2870.371534] ? trace_hardirqs_on+0x5b/0x180 [ 2870.371923] sg_write.part.0+0x69e/0xaa0 [ 2870.372263] ? sg_new_write.isra.0+0x770/0x770 [ 2870.372666] ? find_held_lock+0x2c/0x110 [ 2870.373011] ? __might_fault+0xd3/0x180 [ 2870.373340] ? lock_downgrade+0x6d0/0x6d0 [ 2870.373694] ? _cond_resched+0x12/0x80 [ 2870.374031] ? inode_security+0x107/0x140 [ 2870.374372] ? avc_policy_seqno+0x9/0x70 [ 2870.374711] ? selinux_file_permission+0x92/0x520 [ 2870.375113] ? security_file_permission+0x24e/0x570 [ 2870.375523] sg_write+0x87/0x120 [ 2870.375812] do_iter_write+0x482/0x670 [ 2870.376139] ? import_iovec+0x83/0xb0 [ 2870.376454] vfs_writev+0x1ae/0x620 [ 2870.376762] ? vfs_iter_write+0xa0/0xa0 [ 2870.377093] ? __fget_files+0x26d/0x4c0 [ 2870.377424] ? lock_downgrade+0x6d0/0x6d0 [ 2870.377778] ? find_held_lock+0x2c/0x110 [ 2870.378122] ? __fget_files+0x296/0x4c0 [ 2870.378463] ? __fget_light+0xea/0x290 [ 2870.378791] do_writev+0x139/0x300 [ 2870.379087] ? vfs_writev+0x620/0x620 [ 2870.379408] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2870.379852] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2870.380278] do_syscall_64+0x33/0x40 [ 2870.380585] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2870.381004] RIP: 0033:0x7f26a81efb19 [ 2870.381317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2870.382826] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2870.383454] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2870.384032] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2870.384618] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2870.385203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2870.385794] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:26:29 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 61) 12:26:29 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCGSERIAL(r1, 0x541e, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) close(r1) perf_event_open(&(0x7f0000000140)={0x5, 0x80, 0x0, 0x80, 0x7, 0x7, 0x0, 0x7, 0x44e64, 0x4, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xf9b, 0x4, @perf_bp={&(0x7f0000000000), 0x1}, 0x1220, 0x1, 0x72, 0x6, 0x271, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xb, r0, 0x1) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/mem_sleep', 0xb8fdaf60b3804512, 0x80) ioctl$KDGKBSENT(r2, 0x4b48, &(0x7f0000000200)={0x0, "1ed0771ca9b74b59440d1da7f362cda46038d323800f708104f358a96f7d31d35c48125744c74bab55d80ef30dddf6ae6ee9ab3c36e044321472e25c71c48bbb3f2c5c82e94226440bc036c273a8bb1e5a3c79c5d46f752f3afb23babdefb36bfc03dd6e00cc70a3fd093649b7e788cad7b8419885b4ef54d849e1964e81e5ea1a1630dfd9c092aa1347848b90f673814f5c8f906fa687c5c33fd77337892b89298524cb6b6f82d13835d8c3d8f3dd84f81d773623a1ca0fc0669ede2138f3e7737c011dfa87cbb5214dfd9468a4813d8c8d0a133b3027e2f306c4c0b19384261e14b8bf37d0d0b7cca57b57ec1788f03a04943005bab6284102827a95b3e81df27857912fe4eac0ab2a5a3323156fb4407ab508afbd9d1e6b76e96189cd79635f364cadc7f53d5efd0b7e84aacd3552fffae87dd255fbd2a9fc1262744876e9491de9bf21da51e0c995c1734d5ea26e171e356990d9265df7e0351170aefa4fb5981996b3512b5c446a8b5c18efc3b06b7fe2a644d48ae3cd4f88cf13befaf772be8d962fdb0a8df5127f2e9c46fbcad9289e0522d54078cdf666b61a3758713a667365916d0be4a5a95a606ec2391ba5449da86a2c8e39e16b08c210826fef144e67a42ba69b6dd2f9f4eb9154ab968d7bb4d7dc1de245260a13a17d686910e442983798e7f8e550dce519f35212a884edec55c5fba5f1688f91713a272c06"}) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r3, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001840)={0xf4, 0x0, &(0x7f00000016c0)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001440)={@fda={0x66646185, 0x5, 0x2, 0x1d}, @fda={0x66646185, 0xa, 0x1, 0x26}, @ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/4096, 0x1000, 0x0, 0x1c}}, &(0x7f00000014c0)={0x0, 0x20, 0x40}}}, @acquire_done={0x40106309, 0x3}, @clear_death={0x400c630f, 0x2}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001540)={@fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f0000001500)=""/40, 0x28, 0x0, 0x1b}}, &(0x7f00000015c0)={0x0, 0x18, 0x30}}}, @register_looper, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000001600)={@fda={0x66646185, 0x4, 0x1, 0x2d}, @fd={0x66642a85, 0x0, r2}, @flat=@weak_handle={0x77682a85, 0x1001}}, &(0x7f0000001680)={0x0, 0x20, 0x38}}}], 0x7d, 0x0, &(0x7f00000017c0)="fcbf8b4a5f31257452c2190b6c388bed63dbad8ff8a6ce0b62a4f0fe3809a54ddcb8f00e12731201ff3ff5ec1bbf89fb8eb3bf1ade2433c046cb2ad85f71e1a2116e30a737cfb58ea9657557ba537492f7fe21326fe99e24e7f70d72b96edb80889a19bb0a018d7bf391bcd14d383e62ab1d03a08cde188d2f2eaeaca0"}) 12:26:29 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x6, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2870.570020] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2870.570020] program syz-executor.4 not setting count and/or reply_len properly [ 2870.574090] FAULT_INJECTION: forcing a failure. [ 2870.574090] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2870.575256] CPU: 1 PID: 27924 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2870.575825] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2870.576510] Call Trace: [ 2870.576734] dump_stack+0x107/0x167 [ 2870.577040] should_fail.cold+0x5/0xa [ 2870.577355] copy_page_from_iter+0x40a/0x900 [ 2870.577725] blk_rq_map_user_iov+0x138b/0x1a60 [ 2870.578113] ? perf_trace_lock+0xac/0x490 [ 2870.578449] ? __lockdep_reset_lock+0x180/0x180 [ 2870.578831] ? __lockdep_reset_lock+0x180/0x180 [ 2870.579213] ? blk_rq_unmap_user+0x750/0x750 [ 2870.579578] ? find_held_lock+0x2c/0x110 [ 2870.579922] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2870.580359] ? lock_downgrade+0x6d0/0x6d0 [ 2870.580699] ? import_single_range+0x24d/0x2e0 [ 2870.581072] blk_rq_map_user+0x103/0x170 [ 2870.581415] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2870.581817] ? alloc_pages_current+0x18f/0x280 [ 2870.582193] ? sg_build_indirect.isra.0+0x448/0x710 [ 2870.582605] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2870.583036] ? sg_build_indirect.isra.0+0x710/0x710 [ 2870.583443] ? vprintk_func+0x93/0x140 [ 2870.583764] ? record_print_text.cold+0x16/0x16 [ 2870.584151] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2870.584568] ? trace_hardirqs_on+0x5b/0x180 [ 2870.584925] sg_write.part.0+0x69e/0xaa0 [ 2870.585257] ? sg_new_write.isra.0+0x770/0x770 [ 2870.585637] ? find_held_lock+0x2c/0x110 [ 2870.585986] ? __might_fault+0xd3/0x180 [ 2870.586312] ? lock_downgrade+0x6d0/0x6d0 [ 2870.586660] ? _cond_resched+0x12/0x80 [ 2870.586987] ? inode_security+0x107/0x140 [ 2870.587325] ? avc_policy_seqno+0x9/0x70 [ 2870.587661] ? selinux_file_permission+0x92/0x520 [ 2870.588066] ? security_file_permission+0x24e/0x570 [ 2870.588475] sg_write+0x87/0x120 [ 2870.588760] do_iter_write+0x482/0x670 [ 2870.589082] ? import_iovec+0x83/0xb0 [ 2870.589397] vfs_writev+0x1ae/0x620 [ 2870.589700] ? vfs_iter_write+0xa0/0xa0 [ 2870.590038] ? __fget_files+0x26d/0x4c0 [ 2870.590372] ? lock_downgrade+0x6d0/0x6d0 [ 2870.590709] ? find_held_lock+0x2c/0x110 [ 2870.591048] ? __fget_files+0x296/0x4c0 [ 2870.591381] ? __fget_light+0xea/0x290 [ 2870.591704] do_writev+0x139/0x300 [ 2870.592004] ? vfs_writev+0x620/0x620 [ 2870.592322] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2870.592759] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2870.593185] do_syscall_64+0x33/0x40 [ 2870.593490] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2870.593923] RIP: 0033:0x7f26a81efb19 [ 2870.594230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2870.595704] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2870.596321] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2870.596897] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2870.597477] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2870.598060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2870.598637] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:26:44 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 62) 12:26:44 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:26:44 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xf}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = dup(r0) r2 = dup(r1) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="50000000010201a60b000000000600000a00000048fe01da3c73d3e2802c0001801400030000000000050000000062ed0000070000000000003cdfcff575e38f17ea0fdbb6e32c07c1b2a6f83c1c0122da059f200000002ddaf567740cd2e5697d18b0df14d18015521e6eb26d45e9bc9d00e6abd031f0a966699818a0b85181343d762babf6fca235a0687647c9c51c9f0f76f2fe1794761571735f78f0310f19893f58d06054fb40f316ed34d78c7fbf9a94e0a9dfdec13873a90a4d7f9e21c17b534fc77b"], 0x50}}, 0x0) openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = dup(r3) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) openat(r4, &(0x7f0000000000)='./file0\x00', 0x0, 0x10) [ 2885.217045] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2885.217045] program syz-executor.4 not setting count and/or reply_len properly [ 2885.224265] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2885.228579] audit: type=1326 audit(1708432004.476:356): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27935 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2885.236936] FAULT_INJECTION: forcing a failure. [ 2885.236936] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2885.239508] CPU: 0 PID: 27931 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2885.240996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2885.242685] Call Trace: [ 2885.243247] dump_stack+0x107/0x167 [ 2885.244007] should_fail.cold+0x5/0xa [ 2885.244809] copy_page_from_iter+0x40a/0x900 [ 2885.245731] blk_rq_map_user_iov+0x138b/0x1a60 [ 2885.246707] ? perf_trace_lock+0xac/0x490 [ 2885.247558] ? __lockdep_reset_lock+0x180/0x180 [ 2885.248513] ? __lockdep_reset_lock+0x180/0x180 [ 2885.249456] ? blk_rq_unmap_user+0x750/0x750 [ 2885.250371] ? find_held_lock+0x2c/0x110 [ 2885.251210] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2885.252289] ? lock_downgrade+0x6d0/0x6d0 [ 2885.253346] ? import_single_range+0x24d/0x2e0 [ 2885.254305] blk_rq_map_user+0x103/0x170 [ 2885.255138] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2885.256104] ? alloc_pages_current+0x18f/0x280 [ 2885.257274] ? sg_build_indirect.isra.0+0x448/0x710 [ 2885.258317] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2885.259400] ? sg_build_indirect.isra.0+0x710/0x710 [ 2885.260477] ? vprintk_func+0x93/0x140 [ 2885.261485] ? record_print_text.cold+0x16/0x16 [ 2885.262452] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2885.263477] ? trace_hardirqs_on+0x5b/0x180 [ 2885.264450] sg_write.part.0+0x69e/0xaa0 [ 2885.265280] ? sg_new_write.isra.0+0x770/0x770 [ 2885.266223] ? find_held_lock+0x2c/0x110 [ 2885.266888] ? __might_fault+0xd3/0x180 [ 2885.267441] ? lock_downgrade+0x6d0/0x6d0 [ 2885.268022] ? _cond_resched+0x12/0x80 [ 2885.268594] ? inode_security+0x107/0x140 [ 2885.269172] ? avc_policy_seqno+0x9/0x70 [ 2885.269725] ? selinux_file_permission+0x92/0x520 [ 2885.270435] ? security_file_permission+0x24e/0x570 [ 2885.271044] sg_write+0x87/0x120 [ 2885.271440] do_iter_write+0x482/0x670 [ 2885.272006] ? import_iovec+0x83/0xb0 [ 2885.272483] vfs_writev+0x1ae/0x620 [ 2885.273009] ? vfs_iter_write+0xa0/0xa0 [ 2885.273499] ? __fget_files+0x26d/0x4c0 [ 2885.274071] ? lock_downgrade+0x6d0/0x6d0 [ 2885.274603] ? find_held_lock+0x2c/0x110 [ 2885.275098] ? __fget_files+0x296/0x4c0 [ 2885.275569] ? __fget_light+0xea/0x290 [ 2885.276125] do_writev+0x139/0x300 [ 2885.276567] ? vfs_writev+0x620/0x620 [ 2885.277110] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2885.277746] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2885.278490] do_syscall_64+0x33/0x40 [ 2885.278948] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2885.279675] RIP: 0033:0x7f26a81efb19 [ 2885.280131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2885.282715] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2885.283637] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2885.284447] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2885.285251] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2885.286089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2885.286947] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:26:44 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xa00000000000000, 0x0, 0x0) 12:26:44 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) sendto(r1, &(0x7f0000000240)="f1d5257b1964c827e9c7fa7f24a8468aab7b475c27d0deeae44ff8d627f6f087650a9b7bab9b2b305898a7f4db5f32e98849a0414b694ae105aa54ec195eb3f9ba2bebe086342df86ae97afa406145f61550c53757f1a1479c4dc5b5dc9fcf1a47980d02ff15fd30cfe690ff424cdb9000d2599681ce0f35bdc6610fbf495eb93a88c85095e9c446677aeeb03cb3c9332f0d79f72ea5d721eddcb59d82ec5d129c799eb0", 0xa4, 0x44020, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="f0000000100001000000000000000000ff0200000000000000000000000000010000000000120000000000000000000000002fec9d63b0c3ca7ad0ca8acc3600000000000000000ca42b28648a075b524e9849f73c747acb098a168011ce52dc6a751dac49b7fd49f54d95761e8d5704cdc1732634732b3471e0e218465a0dc81584d5ac2c08368c31fa83e06806f043b900"/161, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000be03282c"], 0xf0}}, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 12:26:44 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00", 0x56, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:26:44 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:26:44 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x7, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:26:44 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000", 0x4a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:26:44 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x8, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:26:44 executing program 1: set_mempolicy(0x8000, &(0x7f00000000c0)=0x80000000, 0x6) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0)=@device_b, &(0x7f0000000000)=ANY=[@ANYRESOCT], 0x2f) fork() fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffff8}, 0x0, 0x0, 0x100, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8000, &(0x7f0000000080)=0x4, 0xfff) r0 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000380)=ANY=[], 0xa) ptrace$setopts(0x4206, r0, 0x0, 0x0) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0x4) ioctl$SNDRV_SEQ_IOCTL_PVERSION(0xffffffffffffffff, 0x80045300, &(0x7f0000000400)) [ 2885.379986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2885.463279] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2885.769610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2886.044914] audit: type=1326 audit(1708432005.292:357): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=27935 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:27:00 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xc00000000000000, 0x0, 0x0) 12:27:00 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00", 0x56, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:27:00 executing program 1: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000140), 0x8}, 0xdd48a83c10608be0, 0x0, 0x0, 0x2, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x45ae, 0x0, 0x1, 0x3b2, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000340)=0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000008, 0x10, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x5, 0x0, @fd=r3, 0x0, 0x0, 0x0, {0xa084}}, 0x20) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000001, 0x40f0050, r0, 0x10000000) r6 = syz_open_dev$tty1(0xc, 0x4, 0x3) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r7}}, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(0xffffffffffffffff, r8) syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_WRITE_FIXED={0x5, 0x2, 0x0, @fd=r6, 0xff, 0x9, 0xfe, 0x1d, 0x1, {0x3, r7}}, 0xcc9e) io_uring_enter(r0, 0x76d2, 0x0, 0x0, 0x0, 0x0) r9 = creat(&(0x7f0000000380)='./file0\x00', 0x28) write$binfmt_elf64(r9, &(0x7f0000000100)=ANY=[], 0xfdef) 12:27:00 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x200, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000080)={0x0, r0, 0x9286, 0x0, 0x0, 0xa6219d3}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0) perf_event_open(&(0x7f00000013c0)={0x5, 0x80, 0x7f, 0x7, 0x32, 0x0, 0x0, 0x100, 0x11000, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_config_ext={0xcd9, 0xfffffffffffffff9}, 0x400, 0xc9, 0x1, 0x9, 0x100000001, 0x10001, 0x0, 0x0, 0x9f, 0x0, 0x1000}, 0x0, 0xb, r1, 0x3) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000001440)=ANY=[@ANYBLOB="0100001800000000283f0000", @ANYRES32=r0, @ANYBLOB="00000000000000002e2f66696c6530004f3373c2f9c62dd629892577ceb0da43aa021b9f067f2c0d1cf013c370092fc4b673b3f47e686d7095f4f90732ad48aa233aaf89ea329108ccafe20c59607d7017224f0029f76cd94da17c5b8747b5fcea1af68c1a18d2542faf1b9d82de086d8e23dd8831"]) r2 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) fallocate(r2, 0x1, 0x5b7, 0x401) mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000001140)="7c84df2effbeaafd9181a6f30f3bb674e892311026316ab8e9d4b9377e43ac499a30fe9c2c21f799775d545e7585af2298ebbfbf9c6bd98a721d83990af306974cdfd5bb1e2b26abff682ebba05611e54731a4c319eacf13c2f71ba30736617d2e35d7b2582debcbd8831abdcfe81c9f7d757d06b42fa95bef208c8b4edd2587c28a08169500e5d1f648b5bbc75d5018c5697138e2d93de5543b9c1d1892f07d1d50b8025c0fc88961ae698f71f37dc0e0cd9c0610cc789f0ff95a66e00b9500ac59ccf0ac87d4c01e25db15f8c33111cff06b03e52708d850626974926fdc7002be13f33b6efbce516a3a7f7f7817d1108d6b3010cb88c08e01521ea2bc8e9a") r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r3, 0x29, 0x2d, 0x0, 0x0) recvfrom(r3, &(0x7f0000001240)=""/204, 0xcc, 0x2020, &(0x7f0000001340)=@tipc=@nameseq={0x1e, 0x1, 0x2, {0x41, 0x2, 0x3}}, 0x80) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r4, 0x5000943f, &(0x7f0000000140)={{}, 0x0, 0x0, @inherit={0x50, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000000105000000000000007d98f33616d9b7c23b8c1bcff66f1f9f0000000000009f0000000000000086d60000000000ee1f7e010000000000aa00"/80]}, @name="c9045f32838a7c67948f08d151c5d5f44fd50f023eb0a376c114ff8eb7c53ddd044b4da2f9315dc131d29b44c4080879d3512a8f03032ac1791d1005ef6ac52e41848d81f4bb3e7776fa5b98366dfc7dc3b6b74b257f5cd5ff6c5cba37e6c94130c995e157821c194fa98fc23c111c5f43e3e55544e530f95e527e20dcdd6429c3ca086df27ddae842b95bf33eaec5b8348f11a089aa93e3a9ac7944fc61c9b477504372a5263bbe77ba50672ca4090029d6f96a409817ab447e342d2679db1a14753f76d4ca144c033dfd765e8fb3c33c6b9bd905383639eaaf4d60d231660c2153c085d4c63eedba8ad83b8a9992ea9ab4a59d033222ca12f17b16fbd810b95bd0b102327aae7b713e93348044ad18104625e45cf2c88f7ead3f1a7c65caa5fb6d734920e1ee8686113655a735c6a0d335bc893bac496a339b2ba200c268a6d95bf6490c011bf3935b4cbedea20b7609254e411550d66418a5981dbddb1f800f55569ba15ba8abb5925171885a4912759c8e485709ea3e7908294245c12512bc4d99df019c5ab95c5f16d5e4537713f46b7acd3353f86af8f3b807c73fb64f164a9e60d2c71abf8a89d558dbf9a3f0e2d3874db8faf5a3c0db45f21740f7f05ce348ae0f6864136c77487e8c801f4fe2bcbf6650ba41eb5b2cf79e9c0e7085535a119d30e114bc962c0a7b02b1ca3b2d0a7734d98a3fad8ed7aea42875c5df6058eb7774dde4e27330ec3cc72c3924bb9aec5f432eaac398aaada49a32341399ee227f6066a889a941c5b3158a25a46319fad0e0a14c285aea1b056d328ed29474a01fd2bf130e52e79c87e2348ad0d9baaea3c6c918d9a51ca0d3017ec5d57a6958d2cb92b76bf32177e9e292cf6f561e57954b45d16ac0b4200937c5374e5ec33e887ab4cb1b11154cee4b4e3bf963e7dd9ce22b5ed3d76c640540aa81b89782ec6f8971ca6f64548cef74c4bc7906cd95c4df2e9d1a2ce6430c3fa53bd4ba78b4dfcfd514454d509e8104349f3ad441398d934061c266eb98245bf0a9e21aeb2ab1e32ba284a5b71f364d62c6a51465fb9a48c3c5bd680f7106ddcb65428c707d1c5a1448b668df3eda493176efb65ac22b0f8c892860a85e13b5a3474d99fb10c029577aad0095210b334ef5717f35c828b8969f9238f7a197e57b9647f8249ecf961f8f07b33226a69e001d29863911a351f58a2500cefe985ff3eee5a18abde01e7444891738502018ae96d61c9f4db4c494213618333bf34fac37cbdcca6878773acb577cf60ac83ffe660b841b4c7a35c41effb73cb84cb0b3f414545930e99efe1ff22f242b42a84b218bdee6c302bf60d6e314fc7149ca9445ccce5d69371f88da53ad7e58cc6788b8b07049c10be8ba148d4d7692e3422a475b876d213b29eefabd217cc07c77d3039e4e94b85d05dc959b785dbfe77503b1ddf0b3c6cd62638350463e674d0080bc471514bd35174fb80992add1561b4021d2d3ff08d29474a0f5a0a826ea93d4f32a0a5861617b6b43d6daf834be19a4d349cc90d2f909cc5236bf4273a348afb7c3516f58785ad5cd1ede62d74e1c64e07e8172b1868136d7fe56ec0ac5c59918aa808de9000ec837dc34c4ddeb524dc130c43f1fad1b6c1dcb77dee7507e74519be5d79a491ac462264298fb78fbced0fb7f253a1f3948d371e654c39a813a83cecf02fdf6b2b6d7c40ecff72cc06e219bf437b88f9477cbc9048ce553dc9a049beb26f2b47df1f39a08cd8790929fd71674afd13bbfb4d625a39a64de327d23aa42640a036787c2d12a86820027f98c9a213b0441cfd04bf9ef044c34ac327cb7ab8678a5fc007db0368a4ba6f23b5476c0c9f38d0a2b94055a302ed68aba7af6140c8c9c12f63606e039cd82db3db70d15340a458c1defe88efa2f8120e04ae8afc72b1abccf89bb463049506faef14434ce8cb28da28b36fd1d3d207f935396d8449ec0130a5f37a6b5ffc0680ce6b2a6914e13588976387255d0113947be40668d67d743bbfe55c21875cccc14bc49bf83a73069aacc1659683e9a7918f7573491c98b14c46ed33fe4ec238e6f2024588ce21b6bf740effd5ef00fda57443e3b41eb7c23b6ade4fd408035001466e065549f6aef49496f911296c68ef8aa5b31c0290700deb38d615be6149127917804724ea8018779f1f556c82a4c48846a80e43dc4a2a5b360f6604e17c8f1ff4b1414be972ed7532b2e8f57b22faaecc5bf81d4dc471eb9e27cec147101d11502633547b58a0cb45882a1b64455dedb06a2ce92102121b868464de1a485d2bd3a9c75948d7d401fd0faad7d49d12bf60658f204a30245ac1de3cf735860a1662695e0163234b30000e0cca093955b37f10b08f3c97e9c605031a613e9b50d918ad1388671a496f1bd9836bcbe7c83d80db918fb010637c8ab7830b75bfe599778c9e5184ac2ebc2c4c04aaab2bca71aa1b2428df1e4a2d475b4da4a425c9c88097d5bef07e8408125c2e491fea951af4bb7009db92f526f8b078c8b91945ef42a806bdf634fd34f99e124f6684f14f5607a0169005fd94c87c1ed8289996ee478a13974d23b6d6fb8ecdcb32ab2cc8dea7207c93b8921725cf9b51fe95207c0607491bd94901d435c7ce1cb46ee257c58666d39ae3d4cdedfde05a2dd3ee179fc41a61061e06d1ba86d93818ed7018a68c0141b918efbf0565b4554708525a2b6d04c7f0ecf974b064e12a6fd12db987a33227d28296bb9e039ad4f7bd04c684c25154d7fe66e85ee4a602834cafff54051fc5343402e5238eee2862c6c6dc70cdc46cb88a3926dc5c8b55036ef52f06fbc67a62b542123687ac00b12bea359c0320055e57a5adb46ca84eb838a1bddee96e53232c2e796443e38b15d12669b6fcf5e310763fb68c8f4462604aa8bb628bc49f7f427bea78f7ece4785d76f394ded5d1dd4f89fc849e6b2fd5de0dead20ba8db59788e9526cf86c11b33e18adf23e1172b884d290036e8f7bade1fd62f2219d99bd7243aba4b863f65c6d809d80cab5163b36b63ed435a730ef26c24cfae17f6bb20694cd1108bcab4a7fd64d9f7c7eac4968e2271ee5b2f8841a71ea6238a429c62d8879c7f36283a7cf28ddfbb07ad80835dec43c82eff2a45aac520b1ab7256fa19fd6cb3c2c05ad06873a92b5e689d18360fe4ce66c2b5758637420fee0eacdce50af51943b0db1d855798650d39adbde542103351a53a06ef69464c826c9d381daab0cedde6ea1901ba5ae271c56d7c9b4a52f7afbf62de0eb735587cb60373e2ba6e0f8aba2255d41047f0ed494b9dfe98367da2980042cf210eb907a4e0277cc147c2330f45af969e72b7ba9959ed80a0e15518a6abb05ee6365f3dccba10af35d988ffa20100cd527e35d0100e990c2dd8cc9afcb457162e1188234b57514823e00c1b730c95e0a3bee335552a61f754cb9edbce65d170cc1bfa745ba356bda3e20d4049b4a8bdbd15ff4f539b9e471e5f6a9bea971cd4b804469e929155413bda34124cc3086d4a994b12a1806dcbd48445fbebadcaf91f0fba6d07718cd73b65a913adcb17dfb19446c7eefb9651956fe633b391f8c70d0aca8cdfcc34798355bb1849524edd742ba7a16a5b04107c9f56c151338a0865bf6aa7a5f97051bec93110027639ba7f74f9b525404c9abf16e9649e291784eb0c1e7b500e9db0352fd27e53c3fa786b243ece55fc95c5213df010fb47f75d6577e10aedc57856f4e4c4d03e77d21a15d33c424e42e9d73bc52deb6feca9cc2fee32d54f527a737525c5b1134a3b4aab0ce76a008ae15dccb25b2bf1511a70b2bf67ce9edda9072e14526ff702575c5ff00d119fe3e07fcdeadaf50b27d47eecdf2fc8db2abfd8f169d599f1a16f26bcc4bf980245fcc93e7f24a7114f3f3d2ce8a131cdc1f9aaacf50000a0839b3fc306c7a5219e0faf4929b0d8abff622685d51e995451c41dfe14960e6e20847696c802780d531a10bd4b74aa329efd040e25d71a085475018d2052171c21ac0db1810dd344ce3f80468d2ff3d5880c610c7f6308520225479fc86aaa3fabae6f1d401948190df3efc0687177b86aa353ceb7b69b6b9e1a4085f00be70b0459a1a857e9a6785a60c2b9fc9474430c76895f6e5fe245b225a4354b4fd80dc5c0ca0420db8c10ed5112a9f2c85db166195c5964148c5a27f7a2a59ef55a7190e7a8e36a6a01188c6e59e8733cf91ba7614d92af2dd9cbb093265946ea7d060bf536fd12af3fc76426dda1cdf4c25e48c79d3844e7faff539e10b94a9aa7b3b72fd2fc102e065c3fc94e664bd0de767204674bcd8b2348785bb381466a0a9d44ad2f4c75246224f298e26d58a070958b053c8aed66a51962a455fae16dc17d4afc379d494888aa66205985c32c3db4e72abb0d6bfe0544c1a57ae5efa0ddceed57be05434751f3e863caa7760c1e3c3872bb69e7dce9045d8777357b70cac9f748178f665910f66fbe86dfdcb15d1a951cbf6112ff9faff8ac1f9bfb0c96fa8cc6f60e49238522825ce4bb2eafee01154aabc6229c3b9aae9d86327c612c11bbde748088326a88fffd28d095bff0a268fe5d20d47557d690d3633ebd536b60fdb17710cef17c1cb587ceeb77325a59bfc815253ff7fe9241e7abf3777f181c999372aa1faef875d0a16ad304669bf8ce27d28263decce40536f762c8abc7d0cdde545758ef1b1728f8199e5c4b652271c399fe7c3dff9cd4cb8a4c42f2922204a1b1f13a7568fb163be2d52f987f00ac8829204e8b065a9400dd4e95c3ccc15016edc1d5012fa35460ee94a6c84cdd3113ed8323dcaba3c80651df4d846a4eb0bf19737c5fea4c2e7e34b2aa25b369c70b464d668061757b714bb731f3dd8eb692ce406ee6346def78e2accbeee22ef6fdc3757141859757c9ecbd25d8ef89bf8467fbdf7ab5498e8e6dfeb3e42996c51fad2c37139e08a3307318dc8cbaf4fc1a96a51a7afda237538d5fc3319677e78700e570b1373e4259cd0a3b5f30102a79dc4600cc18ebe354819ecbd5207e25e5ecd6beac09106d7346f9d86ed82ce0771b4cfc64f749425f2f6a9fb1c77f320b61038522badbaa5f416078c9517127b8c0bcadbc0563b3b27d58411550eae9a1d9f6e92574cc8936e52d6fc74c26208f84495e54e74623e277191f744a4ec5b762bb4d0849a80f07e2350eb165917a505052b79601ae3caa73ba8fbe29e543fd39f6da11694cf0746926107b92fe55fea89f85ef3ac7a5c5070ed36fa8b4b961a03a4e743af6035a6ed24d99bdcf76a50306ccc3457dfb227162b93405180c6afe4fc8c88f02c0f5c3e96f8ebe20deec9f13855819fdb73a105fda39975011ab7bb994ba2ae65e56ff786c6a2c233eed955a08f5e3c98b2714fbaa1950556ad6400ee23c56b77969970e0ff7f6ec5c9a7675192924f91d9653ecb9c901411b3d97efc2444b882cb59decbe0b22c530b92c3ff4f13f6063693ab892d32301494cddf0a4ac4e474b6fb5f4c76921ea8e6c4be9a5d19b456de409e9940bc00a5e0311e8181b38fc8d1b454fc4e755081d2a1ebbaa681f729018a63e8063e3d765144ecc90b722e679c6e6c6ad21e02e8705ee647c330c7f78e34988be9f7c4f868f2ef71a9c39ded87313acd2a03108db9733853b6e278f66e1ff05aa8a66eee3543826e368670d744d01bee72382c5d715de6a9fa314ad70f5b87e0f2"}) munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) [ 2901.662323] audit: type=1326 audit(1708432020.910:358): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28075 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2901.672709] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2901.672709] program syz-executor.4 not setting count and/or reply_len properly [ 2901.674721] FAULT_INJECTION: forcing a failure. [ 2901.674721] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2901.675757] CPU: 0 PID: 28084 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2901.676504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2901.677251] Call Trace: [ 2901.677546] dump_stack+0x107/0x167 [ 2901.677941] should_fail.cold+0x5/0xa [ 2901.678370] copy_page_from_iter+0x40a/0x900 [ 2901.678859] blk_rq_map_user_iov+0x138b/0x1a60 [ 2901.679289] ? perf_trace_lock+0xac/0x490 [ 2901.679737] ? __lockdep_reset_lock+0x180/0x180 [ 2901.680160] ? __lockdep_reset_lock+0x180/0x180 [ 2901.680655] ? blk_rq_unmap_user+0x750/0x750 [ 2901.681058] ? find_held_lock+0x2c/0x110 [ 2901.681509] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2901.682027] ? lock_downgrade+0x6d0/0x6d0 [ 2901.682488] ? import_single_range+0x24d/0x2e0 [ 2901.683029] blk_rq_map_user+0x103/0x170 [ 2901.683421] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2901.683945] ? alloc_pages_current+0x18f/0x280 [ 2901.684391] ? sg_build_indirect.isra.0+0x448/0x710 [ 2901.684949] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2901.685461] ? sg_build_indirect.isra.0+0x710/0x710 [ 2901.686010] ? vprintk_func+0x93/0x140 [ 2901.686396] ? record_print_text.cold+0x16/0x16 [ 2901.686903] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2901.687378] ? trace_hardirqs_on+0x5b/0x180 [ 2901.687854] sg_write.part.0+0x69e/0xaa0 [ 2901.688241] ? sg_new_write.isra.0+0x770/0x770 [ 2901.688811] ? find_held_lock+0x2c/0x110 [ 2901.689211] ? __might_fault+0xd3/0x180 [ 2901.689651] ? lock_downgrade+0x6d0/0x6d0 [ 2901.690056] ? _cond_resched+0x12/0x80 [ 2901.690482] ? inode_security+0x107/0x140 [ 2901.690861] ? avc_policy_seqno+0x9/0x70 [ 2901.691304] ? selinux_file_permission+0x92/0x520 [ 2901.691837] ? security_file_permission+0x24e/0x570 [ 2901.692383] sg_write+0x87/0x120 [ 2901.692708] do_iter_write+0x482/0x670 [ 2901.693131] ? import_iovec+0x83/0xb0 [ 2901.693499] vfs_writev+0x1ae/0x620 [ 2901.693887] ? vfs_iter_write+0xa0/0xa0 [ 2901.694265] ? __fget_files+0x26d/0x4c0 [ 2901.694702] ? lock_downgrade+0x6d0/0x6d0 [ 2901.695102] ? find_held_lock+0x2c/0x110 [ 2901.695558] ? __fget_files+0x296/0x4c0 [ 2901.695939] ? __fget_light+0xea/0x290 [ 2901.696357] do_writev+0x139/0x300 [ 2901.696697] ? vfs_writev+0x620/0x620 [ 2901.697118] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2901.697627] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2901.698206] do_syscall_64+0x33/0x40 [ 2901.698556] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2901.699108] RIP: 0033:0x7f26a81efb19 [ 2901.699456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2901.701452] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2901.702163] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2901.702778] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2901.703382] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2901.704008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2901.704615] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:27:00 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x9, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:27:00 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 63) 12:27:00 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:27:00 executing program 5: ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000040)=0x7fff) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x13040}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(0x0, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x3) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x9, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000001d00210c00000100010000000000020014001180809801a7b0c7dba09475f251c743092f"], 0x28}}, 0x0) signalfd4(r0, &(0x7f0000000080)={[0x5]}, 0x8, 0x80000) 12:27:00 executing program 1: r0 = gettid() ptrace$peek(0x2, 0x0, &(0x7f0000000000)) ptrace(0x4207, 0x0) r1 = gettid() r2 = getpgrp(0x0) pidfd_open(r2, 0x0) timer_create(0x4, &(0x7f0000000100)={0x0, 0x26, 0x4, @tid=r2}, &(0x7f0000000140)=0x0) ptrace$setregs(0xf, r1, 0x97, &(0x7f0000000040)="bc83273a05af38cc7a586692f40517682aa93eaad1be6425cc4afd6b3be616233a40a17ac65c387cf7d1f66604b7c2ec02d400cc8af02f4960b8531671874798df9e1a29deaa3730f0b73d20d0707acbc568cf00af19b59bb690e466ad60d7035185a1acd942a551d14e6199904ef8d6542e97abaacdf6f7eb3e12e6d3f7ab7534493ed16944c2bed77e3e5a137b9839e58f0201c79c8a4e15f3ab4987b283ec0e3f") setpgid(r1, r0) timer_gettime(r3, &(0x7f0000000180)) prctl$PR_SET_KEEPCAPS(0x8, 0x1) timer_create(0x4, &(0x7f0000000300)={0x0, 0xc, 0x0, @thr={&(0x7f00000001c0)="cea19dcb9e41760cbac737305caa293005796689dc08142adbb556f254d5090b", &(0x7f0000000200)="09a4a4059f6d3dc80345e10aa89b626fcd635c1489f2bffadf548d60d3f7ce4207a179c065c67b2edf17a37fc069c2ad24b0e0603a97e1abe485b7097b107e57a4af35176ab6fae3badbd24e5206ae368d969bdd59d4e8d7165fa026e148819c9244f3d3e14d00e2e2b33aefe7f0da931a7e621f2784c858b3d0c129571d373ac61cce1733c34208a53be284fbc6cdb9e8b723347625c0137e501b02bdd939408920f1ee7e617b3d8ba5ca73a7cb10bca6255e4a0de6f2ce982230f3fcd9ecbe7cc2a219816ba3c170759a3ac0fe1bf5bafeb7621e5c4d153ae62f37ffab0ace1607"}}, &(0x7f0000000340)=0x0) timer_gettime(r4, &(0x7f0000000380)) get_robust_list(0x0, &(0x7f00000005c0)=&(0x7f0000000580)={&(0x7f00000004c0)={&(0x7f0000000480)}, 0x0, &(0x7f0000000540)={&(0x7f0000000500)}}, &(0x7f0000000600)=0x18) tgkill(0x0, r2, 0x33) r5 = getpgid(r1) ptrace$getenv(0x4201, r5, 0x1, &(0x7f00000003c0)) r6 = fork() sched_setaffinity(r6, 0x8, &(0x7f0000000400)=0xfffffffffffffffa) 12:27:01 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 64) 12:27:01 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xf, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:27:01 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) 12:27:01 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00", 0x56, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2901.836306] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2901.836306] program syz-executor.4 not setting count and/or reply_len properly [ 2901.843737] FAULT_INJECTION: forcing a failure. [ 2901.843737] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2901.844740] CPU: 0 PID: 28147 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2901.845350] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2901.846072] Call Trace: [ 2901.846374] dump_stack+0x107/0x167 [ 2901.846780] should_fail.cold+0x5/0xa [ 2901.847200] copy_page_from_iter+0x40a/0x900 [ 2901.847690] blk_rq_map_user_iov+0x138b/0x1a60 [ 2901.848125] ? perf_trace_lock+0xac/0x490 [ 2901.848575] ? __lockdep_reset_lock+0x180/0x180 [ 2901.849021] ? __lockdep_reset_lock+0x180/0x180 [ 2901.849556] ? blk_rq_unmap_user+0x750/0x750 [ 2901.849990] ? find_held_lock+0x2c/0x110 [ 2901.850444] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2901.850920] ? lock_downgrade+0x6d0/0x6d0 [ 2901.851356] ? import_single_range+0x24d/0x2e0 [ 2901.851784] blk_rq_map_user+0x103/0x170 [ 2901.852220] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2901.852689] ? alloc_pages_current+0x18f/0x280 [ 2901.853188] ? sg_build_indirect.isra.0+0x448/0x710 [ 2901.853675] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2901.854254] ? sg_build_indirect.isra.0+0x710/0x710 [ 2901.854739] ? vprintk_func+0x93/0x140 [ 2901.855164] ? record_print_text.cold+0x16/0x16 [ 2901.855607] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2901.856151] ? trace_hardirqs_on+0x5b/0x180 [ 2901.856560] sg_write.part.0+0x69e/0xaa0 [ 2901.857033] ? sg_new_write.isra.0+0x770/0x770 [ 2901.857494] ? find_held_lock+0x2c/0x110 [ 2901.857953] ? __might_fault+0xd3/0x180 [ 2901.858330] ? lock_downgrade+0x6d0/0x6d0 [ 2901.858782] ? _cond_resched+0x12/0x80 [ 2901.859143] ? inode_security+0x107/0x140 [ 2901.859586] ? avc_policy_seqno+0x9/0x70 [ 2901.859967] ? selinux_file_permission+0x92/0x520 [ 2901.860486] ? security_file_permission+0x24e/0x570 [ 2901.860992] sg_write+0x87/0x120 [ 2901.861359] do_iter_write+0x482/0x670 [ 2901.861732] ? import_iovec+0x83/0xb0 [ 2901.862150] vfs_writev+0x1ae/0x620 [ 2901.862518] ? vfs_iter_write+0xa0/0xa0 [ 2901.862963] ? __fget_files+0x26d/0x4c0 [ 2901.863350] ? lock_downgrade+0x6d0/0x6d0 [ 2901.863796] ? find_held_lock+0x2c/0x110 [ 2901.864194] ? __fget_files+0x296/0x4c0 [ 2901.864625] ? __fget_light+0xea/0x290 [ 2901.864995] do_writev+0x139/0x300 [ 2901.865376] ? vfs_writev+0x620/0x620 [ 2901.865729] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2901.866289] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2901.866777] do_syscall_64+0x33/0x40 [ 2901.867194] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2901.867676] RIP: 0033:0x7f26a81efb19 [ 2901.868076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2901.869759] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2901.870578] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2901.871339] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2901.872102] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2901.872909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2901.873716] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2902.487609] audit: type=1326 audit(1708432021.735:359): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28075 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2915.919275] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2915.919275] program syz-executor.4 not setting count and/or reply_len properly [ 2915.922764] FAULT_INJECTION: forcing a failure. [ 2915.922764] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2915.923928] CPU: 1 PID: 28220 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2915.924613] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2915.925292] Call Trace: [ 2915.925561] dump_stack+0x107/0x167 [ 2915.925850] should_fail.cold+0x5/0xa [ 2915.926154] copy_page_from_iter+0x40a/0x900 [ 2915.926513] blk_rq_map_user_iov+0x138b/0x1a60 [ 2915.926883] ? perf_trace_lock+0xac/0x490 [ 2915.927294] ? __lockdep_reset_lock+0x180/0x180 [ 2915.927658] ? __lockdep_reset_lock+0x180/0x180 [ 2915.928113] ? blk_rq_unmap_user+0x750/0x750 [ 2915.928485] ? find_held_lock+0x2c/0x110 [ 2915.928896] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2915.929303] ? lock_downgrade+0x6d0/0x6d0 [ 2915.929709] ? import_single_range+0x24d/0x2e0 [ 2915.930093] blk_rq_map_user+0x103/0x170 [ 2915.930509] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2915.930907] ? alloc_pages_current+0x18f/0x280 [ 2915.931366] ? sg_build_indirect.isra.0+0x448/0x710 [ 2915.931757] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2915.932286] ? sg_build_indirect.isra.0+0x710/0x710 [ 2915.932707] ? vprintk_func+0x93/0x140 [ 2915.933108] ? record_print_text.cold+0x16/0x16 [ 2915.933479] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2915.933984] ? trace_hardirqs_on+0x5b/0x180 [ 2915.934337] sg_write.part.0+0x69e/0xaa0 [ 2915.934657] ? sg_new_write.isra.0+0x770/0x770 [ 2915.935111] ? find_held_lock+0x2c/0x110 [ 2915.935461] ? __might_fault+0xd3/0x180 [ 2915.935856] ? lock_downgrade+0x6d0/0x6d0 [ 2915.936188] ? _cond_resched+0x12/0x80 [ 2915.936581] ? inode_security+0x107/0x140 [ 2915.936906] ? avc_policy_seqno+0x9/0x70 [ 2915.937313] ? selinux_file_permission+0x92/0x520 [ 2915.937724] ? security_file_permission+0x24e/0x570 [ 2915.938224] sg_write+0x87/0x120 [ 2915.938507] do_iter_write+0x482/0x670 [ 2915.938900] ? import_iovec+0x83/0xb0 [ 2915.939202] vfs_writev+0x1ae/0x620 [ 2915.939573] ? vfs_iter_write+0xa0/0xa0 [ 2915.939901] ? __fget_files+0x26d/0x4c0 [ 2915.940302] ? lock_downgrade+0x6d0/0x6d0 [ 2915.940620] ? find_held_lock+0x2c/0x110 [ 2915.941040] ? __fget_files+0x296/0x4c0 [ 2915.941356] ? __fget_light+0xea/0x290 [ 2915.941750] do_writev+0x139/0x300 [ 2915.942052] ? vfs_writev+0x620/0x620 [ 2915.942443] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2915.942845] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2915.943368] do_syscall_64+0x33/0x40 [ 2915.943684] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2915.944193] RIP: 0033:0x7f26a81efb19 [ 2915.944510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2915.946330] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2915.947114] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2915.947750] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 12:27:15 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:27:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xf0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:27:15 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x1000000000000000, 0x0, 0x0) 12:27:15 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:27:15 executing program 5: ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x5, "6d0008004eff0000000001000000008000"}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001800210c0000000000fb0000020000000800fe00000000000c00098005000000da008600e28fc8611d7431a5a46bb240af35b8dee1fde9a668209281008233af2ae997f731f1780189205a499f3aae97baf4f31b604e456a8b51981181e845ccabe31b13b26e8b5c8b111a153803a3527e04a502d812c92012849aeea933b05b07a269084807bdf57eeb747bc57390e12e6adb6af73403932a145f61508002edc262bb01004210d84cd084f044c0c220f32516983d56dbe167e0e7897a01953bfac2144235fc9a1d946055793224c23ea3d351a5ffe83c"], 0x28}}, 0x0) r3 = openat2(r2, &(0x7f0000000280)='./file1\x00', &(0x7f0000000340)={0x52ac0, 0x107, 0x14}, 0x18) ioctl$RNDZAPENTCNT(r3, 0x5204, &(0x7f0000000380)) ioctl$TIOCSSOFTCAR(r3, 0x541a, &(0x7f0000000040)=0x3) pread64(0xffffffffffffffff, &(0x7f0000000240)=""/186, 0xe, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDSKBLED(r4, 0x4b65, 0x2) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r6, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r6, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) [ 2915.948395] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2915.949037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2915.949744] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2915.955166] audit: type=1326 audit(1708432035.203:360): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28218 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000740)={&(0x7f0000001e00)={0x16bc, 0x23, 0x400, 0x70bd2b, 0x25dfdbff, {0x1c}, [@nested={0x27d, 0x35, 0x0, 0x1, [@generic="16679e08d09b85a3718f77a550323b37bb7de69569072e839baa126094de3e1ee3aa4033ff57f1580849511eee308b3bfe15783cd114b1bfe94a726e955766db704314b6b3dfd3c7e87767b8e76b6949db34d98647a07c8d13a3afb41bba551914516cf8f12f7d9d3f88a22cff709db59693ccec89ed32c5b55352b6c5de9c0f6704e85eaa4c82e6b6f414f7fca6457bef1d99431807f567d9e2f22d362d10cd9a4526708dec9b7888eff1c4e63cdccf225e11ce762b54ec9418fc446ffb2463177e4803babc0e657008be18ccf21b67cc3b25a1bccf1041862ecf272fe4151b70c34b10521a34ccdbe6d9fbb90a9e", @generic="4c6cb28cd63a8d9efa4b52638a614e7d7dfdf4d5cf528955", @generic="269be9e0ba4efb5677e52ce14e58bf138f67f924b2a0f5cc6ae22fd4e17e3109fb2415cd063570da5c401e0262d7888bf1185a2886eb1080680118c0b95fc2d12d551b9a85487a121a17b1a97740c8d55b9c0eed46e71a357d595b6e118c551c3b4cd61a96841b22dac774cf3000a3b620cbe755d14264a67ee04e260499bd411677ad914f4ab5", @generic="9699257f70820dc15bb4f2c1ebc11cadf840ebab123fbac8fe77cef582772f55a4c18fade642d2b0579495eef3fce006bfe3c91b8f6f835a85b3978135c61d781065b31996659c770bac8dfd4595e1e6a87edc0ab18f10cc9e967259860a142e7601d781f78f19", @generic="7fda8b1085dd7b3a75dad27dbce2d34dd5394a1dcc2721a04dfe86dd006cd13d57a4b9790702a290f29a63ba0b9822073fccf77bb17a77a476696dbb74edd075f8e1909c7f0b35f2839a880307043593ec7785fd0657404e80a72cf6eb1c6b82388d181598bd8940211d90fa1093578bd4dc51216401f50581712134", @typed={0x8, 0x72, 0x0, 0x0, @pid}]}, @nested={0x1018, 0xa, 0x0, 0x1, [@typed={0x1004, 0x3e, 0x0, 0x0, @binary="f4c1f8c1003677922a680bede18b5d83a200141a8b358e7522ea9046aeb2a8dff5dff7d8b55377d1351bf8181078c251032d69c4d43aa52c93df27040fd2c4d886b5c9083e6b1974dade1db77004198ef652f0eabcc46b802fca6186098e13e5c83f523128086a3973cbfdef291667288e2dee5675eb7ba13084fbcc8f0fdb204d00aae89e35ecf904fdcce0b7e60a4f7c33f241a96f02e5d3899505b64bad7e40f9e74868d956913049564a1ab751bfe0370a13a4563c6a7fa30f0cf530f6f4524d14dea7323252df5253cb4b8c5d0996ebfb533b9f58b2c85d0884436413b1ecc385ee675ab96881d6125775007375669bfbe31604595cfd31d322f31fa5287e0568bd6a4d59c984f2a33bfa93b2824d264355ea8d87a5c634675288835d5e447d7c06f999273d5d4f2f07d1f20fd435d23e0e180fb8f322b3ed3fe781b075800a49916d131b7766ac8b64a064802ff494102cb86db9e1eb915709cee8077a505e87bd512a6eee2653cf73e28dd1623320d85329811169e98c8996545da96331dc19d93e0cb43907e4f649e8b132cf6c432e4ab59e15d1fcc64e3a6531f587876a717f30b2162ed5c46702a7074f60a37c89aca775b97bbcb088c00cb8e76b40ba9b0a97010315e237439b97b33a706bca41728be60514e7d19e2e5b4f9c7a3bca453116cfbc650782c93d941bc4865f7bd1954e73523347899f2605d5be293b0c90e8fd745acc05915742303d1b09dac4c3f91f4b0bcf5794b3af44bc43b73e1ed2759cc54c342ee71f33330bb6305bae6f252ab3a8174159dbb51fb40e8455ce495f90807c365211e34581e190bd215e2179fbd7e58cfd5a2cbdd83ea774f0ec55106330ffe449f77e38952b6baa7b647913f3dfa090d9b6997d258a6dc7422af98ea7a0524684e2a59a0f17aead909ba1ee13e33947192ee9051cac8ab984364c6db5ce12f0af197dbe3e7ebfebda78542d439b3245f9364b7191bbec17a0f6adb1b512af2c46ba9fb1d773e076982e1110f612a33399de04d2ab72d4877016b3e0a778df0911b4b25514669f18ad2d0ceea019b590ef9d877f884299047f46c43a6ea504827c9ed4badd56949e61461f343f3adfd96f149e4d7326316d56efa26b2b519deb21ab5ffe3ba1c5d9a339710d15f4771492376b629747bda3f3e19cd67fe31b2aed54b150b69329751f51b26064e9dd79672533d66526090fc3891c8cc755a0697fa19626508ac0f49b3442409eead5c519b04a07bbf38aaf28f86b72ac1a1cfde008be6a6f345fa3998039119e5f9375fa71228d1cc08c2fb8da2c0e012f5aa0f4a593896a9cdb7e4d956205da6faffe8107234ca746f90f4a6136a558b2895998c9aa2dff621e1f387849d633c67b99b9d050f40e81d71253b2074f1daa4caa188f27ec83de4240ca9f60687ebd49dbd05fee17870aee26831ead3ca1b6478b55569f2e86d7a23d8008f26cb02821c132055ee072c4c1d458fd51b635424fc111b2b03500ad979d3898612e51316585bdbfdabb4ed71c00a4e86a88ddd2597f965b74007d5ccd1c1fc576eb49d11763b48d7ab62674bd6581af3ab0d5beb6e20bbf6864148130e4d387823bd7d224f8fe3250dae29442fe136daade05ea1e04ac38e37e137223e65e971d962555315e57bbbedd1f7eb9b471e3e0c9921b95e587ddb7a46eac7dad8dda5328e5e6bc58fa20626bc71211cc6aa3a5c535d954f8f6003fb87812f07474c3752984f94363103246cfb76d2a604a3207f077850dff7c5e6a5f0bbd2e68adf4a01b3257f265d8019544990d97c777170c163791adf9f54e1e2d9646f6c99ed74cf1d7d4fb41c1a0c831e973ef42332ebaa87e5f55687bd2b63554533a5a036a0d47c9d876e89f15855ca8d53408b3eb7809a6313a773a6f15ef22edf0c92eb0d70ba29262481c1edbfd4217604d62e3ffe5904d5494018848580dba121eaca1e379eab49825f7aa0cdb8b46ef86d476f2ae8c75be46a35e318c7ca86ee538847bbfd27dffb03b189b7bc5d01516c7fb6e9c7a417f1fb2090b747049f4d806244344b26f94fd0bbab41dca78bb4037a9661b7d85503bfa9046b3f68807ad00ade344b00a9f6da94007fbab03c2186ce0362144a0f6236ccf9db6041610c3e08344a5500bfb07719eec871f97ede742da02a24a8df7e60a6c8bffe0758be55cd91ce686e6902e00199ac5738f56402ad47ca5a3612d940a6ccdc893079328bb7d05ed6ef9f90e38cbc6c5b62b658e0c0ab92bf116828e78c702083aea15ffa71454f6c6f00d0bd729879cf9101373e8dced78c1e91eb79fbc4c62d5e555e155554fb00db10e87995f69bb1cce8f6b1bfd5819bc3975aad8a7df0d8922e3271e36a544dff2fa7b057e197f6498a912cea30d58912cfc960cb01818d793ec35dc3de6b76e91a433ad2dbf32e82daf758740d418036952a0bd731fc99efb5d8fc7bae53deda27d4e6e4a6a294738871a1aab8be82fce0e4ca68dbe1a6ecfe920b089765c7775fe4dde2aacbc35bdcb82a6c04cd6c0e6f182e529425a339d457bc19602e78806e6f1066dd85311f241f688029f51c0dadf862e40d213d86303ca049ffe019ee6c53ec7513b8535bd68dd5ac26e7c737cf9756da32bd183e5931382ad25ec82e37b5b900d0b9b16d2b18c17b32b8b8873e90359f5561de2efd9b24b35cdc54cbd2adf5868ed36d5c427881010fdcd0f62198a595095be0f572992d5294422f2322215bf5e0387e2be2b9613973f4b751a6a35ea1a6d3c6c5562d7c3a5aeafebf47418b4e7ae5b3038e04f18db227705c226a5bcf685cdecfb4c5b176bbabecd9b8f494aca4faa0f8d823106ba6871b2ace821aca0d7e6d2b51ebf9e956a5d652e7f4a64410984ea84e5b01c1e26f09df695b156ea9e1d062a95d2a6ea05ff4655e3fc3d99460dd2efde7c2528b1806dd942e0814d20cedb189f42a36b464f5c5f4889c7353c7e169b7c70ab3bc142a29409310d6408409b468149619e68be886e836b13592a4b6971cdd6ee844f707979ca86c81b0dec10a2b70e66339ab17218a1e91cf4bbcaac38300486c7da71277952354b2530813e68ece30615fe6cc70971525620164ce975e5359d8f55363875c09adcc1663e72f8bdd2ab688d063c8325415e71b7674d80c84bb4b11d709909ab14d500498340851a36a5688b30291449bf0525b1a29c7c6768586f8576f8424567f02ad8d8ccf2b5a067abfe4764ad27ee9fc61f3b7f7bc8ec62aceefc8962c48bfb7d5ae118d7b9c2ee03d59582422a42df161c874bb59f1d127a03086898f6a16f5c62e4082f7fa6360a669f22eb27b02bec7767076232baed2f54751e6aabee16864faa4dffbc2cf9219839b7a0e2e85bba213dfd67c8280aad7529a579f1689456b45ee9aeec8f6cf16cd776606bd1f3a06f1fde52983f1006855a8c529fd02aee07942eaf0335a484c97858ecb8198687aa663fa64647a5749271e8c17edef581f29a327d8867e2c37bd71ab4d151a8e85d7d102485d586d6f4167a25867e36b58e9a56273214808276692dc4e9037cc2371f47680e2a47a3369b92429ea3109be4c1fac50f3d929d9177a81b5805c6f4b2bb96f789c838a7f77462cee211090d038c90e1538b91115cd9f0fe7b7972a9d88a19f927d29e117adb57a8e8e73865e409839811b689cd39d0a4f8e1406bbf0671728a6185609f7c194b0b0cd45002d34a1d2522d150588cbaa39db40f301f0b3a2e33b0d84b201136304d5239d3fad7276793396e130fadbc7f89752e02da63874dc72a12b71d71d9b0b840ed1e146e4a377d953caa5656e1b9d4db6705666d1d2faa20ae7166c66b0d621dc57d8ec746adc0efa7e60e331ae06c2c923820cd5b0bff5477ec3133f451e43a996db6d46d1fc732ec082087662e1c0fa372f27f3bd3872cb8dc5bf39de380f93529ad447588344b1540450ffea50395f4c427e7ce36e0fbaccce7d3c9ed69b635c62d3324b354ca3430c5ad33f8870f4183c074500d592c073caf81f5e29c13507abc2c19103430cc3b2a41a3efa168ed0dea078085ea006a260e433213e960d26b4497d364272bc8315ee7e1c672f9ac9b703d52c5e512847d3e54161c6829af8d8b002312e8f59fdb20b594785b8f3250ef8223dd07b14ce916171654752ae58b64bf6cb7cd6d611c1dbc94c4d8696bd9967c75ad6a38836bfecc744b65c3f1ed5510ba1debd719d0099f7e0cf04a797f9fccc5ad75e9f9555b38d894d1d5c0e9ec7eb609f78ec0685809a955bcb52e3adcd5b3c0b70742f28d7a14b9ceec39927a86adead6bdd03da5d44b899b997fbcd414831cce7cf189d3b7f8bf23e28b76b6c11a4bbe48de6f47beee7ebeba5f1d24aa43483929510b24db27587e0646f6125acb773f6dad89b319afbacba09013b1db73811e5f776f71c5d4e68d457888f1ab024694279307b886ec4d6bef26c71dff2ecbeef0637028d349afa98402ba9efdcd331971a396da17451597e19c5866161a1c39ba93b055fc0d3c6042c89734f805bbeebe3a1922e7bb0e36b696a491d632f61853ce01993707a0d1acb96eace0999bcf3c88dbf8b870120074f411f98f3fedcdc3223ae23fcfcc5e291d7457c73459e7e4fc090317b7610900d79b4c73cc7e330946ded931ba6295a9d442a8270d3055f4b299486f34e99435f29fff97b5580b852e370410e1ada761170e841ac1440c7662ffbded9765ecb61aab4411cc1aa0363410a23c0fd2b8582815f292c90b7a253271938b0a4368227839764d2d53a3f849087d51fc2fb300c93d572763a8cd339fbc7f706ad77b8209a070bfe1e24140f47adb82735503a1b653fa41b382962321291d5bcbd0bfea07c32eee0a266020ae5317cffae128e85b58857f264e4c06f5bdf2f9ebafa44e4fb39fb57ef0bc59e4495d54faa56e0921da3b653b5a22e1842de87afe7a997e482aabfea67fad54bac7300fd5d83bb0027f111ca127e36d9f43ef76b82a5b907a0df67ba53b0a33cd1320196c2d8cef8b3c5ab82a99ec9526649b6ef692cb01826abe1ed47769d85fb165bdba99ac862347b0b9b4a130245537d7831cd2f821e1b6da4ac8372d05ccbe389681693bad9f072afb1ac4a8619e8d194c91cc87e69204eaa5528113bd18c0eca744d92fa1b4f2bf243804107435eedcc9db98c933bd9e52db433224bebd7274782f8eba06f9c0618b0ba02a1fb03b39c900321062bedafd3e8aecace72e460545b44ad706e11a1dfa6649940daa626cc789c581b8fc0d34f90145adc4756783c6df79f41dd7415ea1fb121750609dd049a2669494d03fda6a302a4a8651ac00312aa7fe9c38e6277932bff151ea94df75246dbad70968952c39dbe2761ef53ffcb2186d2428af06fc3793fa454df0fadc28a3e323931d138caf43edba96bf9ba30ec73f846f2f4b58baa3b3f1b3586ad5cfbb0ea1971dd7efa78264525f3877a64f7bfc1696397e0ea3af1c2a0ecfd6eff88b6a1348ec7bf67a4eceef3f78bed4ae27755c293b2bf7d6a775c556612f2190d90e2141b38a757d438a3eab3afebe7782fae04241b8141f4fa887be7b600bde1c45d5b23dd12da5abd65f305378499cb88a3877b16cc74a0412de59c1d20f881d6c4f3f58674b4d0a42dd1627b369f73dc64bf6533497a1ce794d81f5d7ee9e5bfcfebd480040833d530ccb3c1f439fa5074ae8cb808decc64d6caf6e08cc02ea92065f66d532a092dfa0a40263d9574d55162f8ee7bc7a86e1d83410ee2aac5767bdd7c76484ecf4ecdf8f"}, @typed={0x8, 0x78, 0x0, 0x0, @u32=0x7}, @typed={0x8, 0x4c, 0x0, 0x0, @fd}]}, @typed={0x8, 0x46, 0x0, 0x0, @fd=r5}, @generic="4c4c557445f612e27519cae4dcdc39ecf24d0c75ec4a9f0916249f1c3c6256be485dc12a9e456916e9b8bf2142fe7ca0505d7e77cbf3f18e02c07184e9492e78cac68c37bff56e077d5862f5be1ed30ce1ae5d044704061f75af08c524e5090a7998ae7cb2b4b3bd16d9f074207d603c7b34a08a0210c9ed9fd90651236387e9", @generic="5740b7d7cea4a0743efe3668609704444d7c5ff4e75a162c7c44d739b3793158751ee8b164411c447d6ed69460b0c9b8e10297598cad69e17579b6d57354f9000ef9d54b61483fcf342529", @nested={0x27e, 0x8a, 0x0, 0x1, [@typed={0x8, 0x31, 0x0, 0x0, @fd=r1}, @typed={0x31, 0x88, 0x0, 0x0, @binary="e191eda5c9def74f40e114c27bffc718ed290d958c853a14162b2f30687664441be50a6ddf2c12d158d3b33bc0"}, @typed={0x8, 0x55, 0x0, 0x0, @fd=r6}, @generic="ae6e294ffa3a4a96d5a727ac397546870d09e6409101d85387212e316708ed13084d4900993dc83f1336520f1659d9df944bf5dbd4ce0e71de1288edd73c38def2b049c89b1791ea6ed237e74a1a6f9699eba46309e133b893705faaf84722e2f185", @generic="b7118f57bb4a69e465b07bb4019fbf1eb1b8f20f87074db1a90795ff818802771455c38be0946825160d6f69a0f38a23694d5d3c0e33dbbe89586d77785808ca46c12b21b023705b26c85a8f997f834103be4c4d598c9215c937bb0fdf91643a47c84b01e358da15b52d9a3f90f89540eb1725f4ec40a76b4729ee0e56663ed1951055e77a6ba95357da27ec84b8241089ef5b63bcf93c2dd24d1d092b1a19f0a0b367eaf5dfb6768bc9a0481d778d382b8c6a03f0c4d0fb3aee41c256e18ad0ef99dac898e4dd0a95d21eed9afaeac61d0abd64bb418652bdea58f55110f917d6677ec37186365092230800c9b0da6f0d9ae08cbdb5", @generic="43a4566af2d10201246472cd085a389efbe807393e1773bd3ddb8426ab8f0dad0ad81f1f120ce80ed52ad2da6647525715422e94d5e4a70adb88b165526f22ad6022c1fc94ab14306bdc64cdee3726bcc712d37eea2e5d", @typed={0x14, 0x92, 0x0, 0x0, @ipv6=@loopback}, @generic="0a6724155db5efc682f031aed16e2aa8485b2a683ec6bf5bca2580aea581e2ee96bff0ca0219d377b74c33c3a7ea51e61fdc2a4cff358b5ededbff76bca4726767ec3cc713e6d9578ded123fe9daaea41bc7005081ade499cdaf3eec052880a1718256cc4e9b7c8d856c75c5f6a15b7dc3b0c9"]}, @typed={0x8, 0x62, 0x0, 0x0, @fd=r4}, @nested={0xb2, 0x12, 0x0, 0x1, [@generic="2919aa15b9a47087b46aefd461de51ad3cab84d2da54ac85a1fe706226b20436513ad8553cfc5111d636c1e9e78c9f2415fbe7dbf77fb33d5ac83d848a3608f2775c71fc38f5495ae94c9c8a9143fa0e655f9e8c47e9fe4cc377e67e499eb897ecf9e1e56ecff67844efefb77a838e92d996162ecde9", @typed={0xc, 0x69, 0x0, 0x0, @u64=0x2}, @typed={0x22, 0x587, 0x0, 0x0, @binary="fcc99bae545b864af01054fd0968157396434d8672c7901af75e5e41797b"}, @typed={0x8, 0x4d, 0x0, 0x0, @uid=0xee00}]}]}, 0x16bc}, 0x1, 0x0, 0x0, 0x4000}, 0x810) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1cf}) r7 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r7, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 12:27:15 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 65) 12:27:15 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x41140, 0x88) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0x80200, 0x100) r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0x111280, 0x0, 0xa}, 0x18) getdents(r1, &(0x7f0000000140)=""/26, 0x1a) 12:27:15 executing program 3: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r4, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x1, {0x0, r5}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r6, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) sendmsg$nl_generic(r7, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000980)={0x464, 0x1e, 0x2, 0x70bd27, 0x25dfdbfc, {0x1a}, [@generic="a3b12561a559b3edcb79044f1e79aeddc90d61276740cee89b166fd77d88a454358bcd6d91db3a9eee2edc4ef969c03efda63c73df54cfd192b4da13ec81d86bf240f86ba7e23a724644860224a6b2cba4816d3006265342d23cc52e6d28f3e80e7f776389ef0e0aaf7ed4472af1e4a1ebd5e11e00772950b8b2b4bb199a71e616743d0ebd4c81baf59a14baf7808a8d5fb0f31a16810456335538698bb6260ca1e17cf9e5eccc7d93dde59ab510f80ce16e050f77e295e9e6fcc37b6f0e24b19bc42f392235191e39c0cf0c62ed18752399b4f1f78e7690c6f3d2938a771b93", @typed={0xc, 0x94, 0x0, 0x0, @u64=0x7fff}, @typed={0x14, 0x5b, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0xa}}, @generic="8d8e7ecb84be7e72d58974a52d36f9a7e718653d50af395c7cbf5c6c6ca3dc436da2d784808357249f388d4f8565bac9e5f1d41f99530d9778cb117ff26484f8", @nested={0x1f5, 0x8f, 0x0, 0x1, [@typed={0x8, 0x7a, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x4d, 0x0, 0x0, @uid=r6}, @generic="b5d0a8b9223fbdced40028304292bd03d85103188df1310bb950347fda58abe61f85588e6cf1f68f75d952b74d4772b084ac1eeebc1aa0df611515a1df60c4efbee30392e62263aa2e6df965596f56356f6e94ece90b81cd8b6011f853aefdaa2d0a80018716b71b3f2c8cc4a491da75fc646ebc4a50ef76575ebd635af839d9c69166d026c95a0988c33279611176fc85c23774136ee2ea19528f69fa2b54bddfe6d4e2c8eb738ec9ba45ba11f62c4645d8fb27761e79df022de9d98b17713c9d64bfd95911cc551b734981031745b3508e5362eeeb5a417d23860b8d2525b0a98282fb84197d978acc1052e4105fad20", @typed={0x8, 0x58, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x31}}, @generic="648ea2c33d1bb05beb73d7b376bf12eb85715c7cecd74471e3c6c432e3b40dbc6aad00e920c2c6fc76a0cfb647d176d514f34acf63f40ad1e5e6b9c3f27905c33b73642b6bdc72fbca51b57812b96f98b42dd66f32473e8408ccd9f52d31299f01fb2ce97393ddfc2d8027be746410fe19b968012c335439ed067d58cb19e4233ff668d3a1ebb1eb955a5df8d78a117f33987bbc01e6dc4d12df22570073c769de52c9898762725974acf13920b5fdc19bd7ca050a6c4c52", @typed={0x2d, 0x26, 0x0, 0x0, @binary="95773f3aa1f80209b2a9f3bccab3b20e9b5115c8475d1382759fa067cc00ee3069844c08cb819f9b04"}]}, @generic="17187884cd13cfac5931e8b439534848f289405bf38cfe265f1edefe70b16d144a3547401a0728c6bd72ecccc99030fa0f1ae7fc54b85ae8901ddc9061107d33a8c98164a88571a61f3c1d4b96e77a77aff9500da4c4b5a29bfb883cd6411202c952f15536aeb0a72de26229baf3eba54433706fc69a89ddce7e34412df22d37a2c4c85cd6862c0dddf9bc9e6a0bb0f77606860c8634782edc7737d3e05a964834b70152cbf51e4cb6bb8ea46555fb25ea6fe041a6813658c66f08b352ead39714e8736aad23a99b672b36ff49b28fe64537f910f6e443a4675d7aff3141180bce9ef80553fb428c6f84229bda7b68a4dad9fac1bf25f97125", @typed={0x14, 0x7b, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @typed={0x8, 0x31, 0x0, 0x0, @fd=r0}]}, 0x464}, 0x1, 0x0, 0x0, 0x20044044}, 0x2004) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r8, r3, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x5, 0x0, @fd, 0x0, 0x0, 0x0, 0x10}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 12:27:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x300, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:27:15 executing program 1: prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x57, &(0x7f0000000200), 0x800000, &(0x7f00000000c0)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1ff, 0x7, &(0x7f0000001500)=[{&(0x7f0000000140)="1e6acb8490004cb6affa8e11e33cabaee089670021ae4e99b6e2c3b2eb428bdd04fa9c07119c35085d103a4be1a64e4d887de9bb34833293bf94dca8130f423fc9920ae65dac7e76121e7b8dceecd4d1f498e53b2602ef9eb4e24b6ace2af636825fd35c270acf2b700b464c1e332014f38a", 0x72, 0x81}, {&(0x7f00000001c0)="3573102b8ca174c10eb42efdaf5f2114813ecc27133148df35a8ce2e0b4cfbb40f20c8a69a2652ff63acedf2c15b25f32179ad0562c22f8f6508211fc17a05157f4aad5546cd5a1cc81d8e498170144407001b5b91b0a374ecd4e963999841ff3a092475379f8a03ec104fe13d3339487d63", 0x72, 0x20}, {&(0x7f0000000240)="366052614ceb5acb68b2ad24bf7e61a50dd144972bc6a894d876f4bbfc107763e19ab691dd414cd2249c8873a3e56340d6d2620f9593731599a8153ec0b8d629cff84a66b6752e65a2141a4165a0de68f95853d3132dc415cd1b78091c2bd74c2adff150a921584194a0e1b03f0a997010d590827b6e9ac127d02241db96ff418b3ace327cbce759f41f30e9440346eda22ef407e25965aa0fd696708bc8479ce89bd6723b87268fc778639a396e0b9189d158cd67839bb76392628537afdc2cb6", 0xc1, 0x9}, {&(0x7f0000000340)="88392b2afc4ba512a2dae846f1bbaf073e9d652f659cedb9c6d2c166eb010e45ab07a5480acd0e256e271c4cb79eaf9fd162ad262fddb3f6f5b03d00deeb7762641d15e0ad74c0adfe74728dcbf0980536520012e4383ef0562736f70ae64e427739e23f16260e4a81f4badaf782f71aaf017bc4a3928d099264355abc13e8f2b68b5da6626a8480824d8b5aee338ad963904602082e53", 0x97}, {&(0x7f0000000400)="24f188ec86448dac2b2402d9da7f628d5d03ef742949b160b9e709c7b8533466b0259f2bcabf48ed333449e94b097d5d6235a67c9c19a47887798061c3d1b0f569a8ead968a157e974c512faba51000973fa60bb1049d65f70fa2f3db4a33735ae92ede5f236e25fb9ab5727fbd30a49abd5ab7cc430ba87cf77b994825b7c65cbda94e012263d19cbeb6826f4d5e72acd3659dd4f857db29b3c31ba22d15cd8675539f8b5ac8adccaa5b851d6302157987cc5274da546b696e06e7979880d159ded4c04ad1ddb01c68771c63b7aff0b01aad427dd572ceb1071e31a36b91400a66d514f8c7fb0b3e26f46c59d7dd71f9ab981d7d5b6e7bd2bbae0d4aed84648fff28b10b5058069d461ac085198818415fd677ca7835405100dbeb96ab7c1ae5f829f77e8cd2f15a18fb96bd74de7a87b4aceb4698b771e17022c934f017eabc2054ac0be02b983e180d2d434d6fe740b36c362e384cd2e359fa5044b6373584a079a426c50546fd081d0c0bf2f12d2f7d5621026cecde1a045e62659778ff2a2a0f5db650834017471a6ae9c64b4e110dbb12b519def84b6b3863e992f5d0eb995aebd7889f38844250e89878a55f88fcae89c7ded5b66088195440e00a8d6ef21b6f05149f0ebc838bb57c06b43bd1ddc8bb13312b9c9ba8d5a322d277c0d50acb27a6fe7243a107e98ff66ed58c39f78cfff75bb5d64aad82083c57b694e82ffd797b8822ba86a2a2e526279c8df4e35458c23993dbe592a88e2005c7ed0c78c364abcbea9624f910278936239b8c80f831b3c8b60bd1e33f3efc69360d09b32d62c5bccf5fb9e9950b7ee3e350984269591c3c6300d5ea53a3f8f1057226593234aa67031f85238798084adf0d15c3a7cc48b1eb10e56da488814f495c2f897012dcf6fbb0015e92f312fd6d5f227481c91f50a81bc7af5d369804c591d89fab419cca887644ac9ad40909939d0081950bf064ee864837362c22dbfc0038a7db0dad25f4c15125fa89018194954ac9a9d7a210bd0bf6382cd3db23cd10f98b1bd9ed8712c84b423b34e0814514a43aa8902ffed9ac0774238bbd0c2c6bf19d97085abff97270a6329f6b4e7d301cb4726243cfe39c188d9a3a8da6f8f66cd9b3af2a9fe9b0446cbf1c45dff67807b9bb414a1e8a9b9d432ac3832a863e0251a5e0f9bed3f422c64f8916d9db3fb891d09abe2428921b67f6efe8f348634fc10364a964430046f0bae8bd711946d1fcd10cbcdfb76410511f2e437465b5053fcb26491bb33529d0f451fd5fc9d110dc74c6bb8478dd303427d7e33ad8197f77209db94af8d623c4cc908407ec064544d5d989e99d6bc03f0cdf9a403f284d8a25cbc0f5bbdb8e5533421f13f92b8d9ed8dd7a89f41ec5bf8850108a70bebf4a1760383560c4531093169a1661de2ea49dd0e3bc7f6e2373b614c7e65230bdff267018bf376dee585cbc04525ba56890175ee7207669fa99fa838f75dbdc3238238776e2cea01f9443163141e2cad42584c6e0563c85691a0fd1eebd90db82d2d1624fcc622ba376d3213268b6c0358f519d4caf851ea1b4ce8be0dd6ec35fa61b4c12e0deaf44be5d1d0785713d56a429d5ae4d402892ff7eeaee756e15cf95617cc89765ec5d3088a864671fe2460d617eeeff178518691ff0cb236cc3844e3f3a737ae432c6c53f96cbc68b706bd8d03cca1c4bdec08768b581898a126f877970408cf9229f57d7052a695d44ebe5467e8dbc06913922edc491687028a4fda1b5d4664a057d68a2ab5d8dd9a333411336b0e0412873a0473b1b5fb84a7dd9f62a9b6c22b40abe57cf1e6b7362b252fb16e507458f9524847f880062945d33adc484dbe1d78ff5130c05140b26a5dc0fd59833fec4d84c781e3a0e62dc45f00f624df31e77d7945ee06333d245162b62f1611978799fc702803d6ec4a85dcc97ac5d462205b4d44439ca5e1d8b87d2185f1c067ce73ceee8dac4008bee070a435465980d9485420bc4cae4fd75df8ae6ab9b4332f33f87f40bd2ea952243ebfe6b3db2f34a5b67f236ca9653256554d8fd5e9c1cff9abdb5289a0439db317f4d89a10d2c92cf7b7016369ad05c0f4084364007f11983be761a89802e6284a71b8f8a30e130723d84db245b39910519b45d3a4d437a39954095d62597592a63decc71b9c674ed3040cb4307660d8f43b3701438d7f2f3179de21f5d83b0ece81ecc1c90d2d3d4d876a393812be0233611185e88fab7870855339685d2ca60bd4c480af8f841d57b530234abec8180d3c0f32ecd5141fb8da916c6c56490343cab8bb0987756d1fc8316e299143d48652b7eccc3a01c9fbf57c3bfa63a4fb3bb598f41eaa69c8b7ff52a1cb6cb50139bd133aaa21d66ae9523fa825bb07048b0ed26780d7ee67a02a9266489aacab1a5893b1ac2d194ff29e3d3142969b2cb70a0fbee3d4b51ade7dabcbe1b41907f5b44ebd6f135bf823e665e9ba4b09ff170bd4ccdb5e45e4a0c56ea71a972646ff625fa8ea1c60999822e500e811ecddf445437d82e701a4f793c0c6c61960321faa098e8bd88870c55f5c254cd19d58508b3f40d1d6b775aca2cc85b7ca26fa633569c7823321c06b29d080c13b9d0ddd4ebf57e988e682039a3a2b17029160b83e40d285c116bf22cb67e51fce65a6b870e6c5f51716c00435cc7724a2826e33f539092f6181c8b667c1b27452d6160e629b05abeab3001b2bb5ce7bacce02bc380e1b330af8ee8f39e3f388f93114012fe2f36c919e50afd75973e5490c6abbba25e4fe0870ebd8c92e695393208974941d6813cc886694363be3121b4f184e3dfbcf25b24784096c2aebd39f9589ac2afba73d485cb019e032143891a902ad82c589000b913d64e0829d516cbb6506e5153bd71ec21618bc8f8e651b67422b831b2d3e51e1ac7f4a1c610a64cd7827f8441a6055048027c7c3c6d35192916193f03fbfe26ef25d0d4a64879df2716b1b2e0dd6953a4499b9db15345a4befa92222632b212c7fd60cf89d858c94379da5055b6eec10eac32f7f975c7fa659e1ef722a537546473ae356c1505fb150ef20b703165c9fce4f20a0f9c432550a781fe88394576223856e641e2ca853d9d780b8beabb7284fa4c05c2db150113f501062cec881b0572b4144c5c92f4d503474752f6c747690b3093857fa9667a6dc2c81eaa21596835b11713647b7178acde631197a8f7bff835c0ef55888a0ce47bf65a5c914b34503598858cf3f9534117fe94660ee723168f647ca38fe17d6be9a97c269f06eb4b556edd12500481f4c3a41fe01f46cc02a2b15fd15236bc32c75b5b32dbc4e28668db07d12dd51a99d3660cb9e05c60fb8cbb564fbaee4f1d3cac41829362fd3677eb9c42720383f34eda0a44b2cc6241297d2bfb6e5bfb4e2a7349133f65dd64a1f54cb68f9d8f7e5213043000aeaf2e906690d8c7659148659e73936381c0bf820a06235624033583777d10c7bd966bec09a7b20be080b1817533d80c2764a1a0ba57cfb16f7c9b037d657e5df41b58cf7b968684c9d80456e7da591ed3c2cf774bbacaad1ad760977312cd55515b1af10dfede215b9d3c2db026424727d0b38664f96ee8a9da1fe29b2d1376864631d5ccc6ea2dbaa51ef3663e84ed1da4afb96609b5e58878b6adb02aa8ef15602eaf13900ed7418965c480a67b14978762c5517e89daaad17ee281df3fc8a6d680898a1e80fbcdffe2b62bf60d62f422af03a6806d1b714ead7e9069b37ec4d488ff60c1fdf8f6263c34f1adef62dd9456e2ff8dc23845de6ad26c295e63777859d0de6271dfa8a398ad560f0256ffd4700346bf0ab7ee7c430b466becf707db5c5d336d5bd8052ea567a9ba3f339fab072b75d1f08b5f5a6b01d73c12a90ad39799aa202fba270d8b9226129cd2c277c99e2b909c81a9c8da0fc71940130bc8c4c986e80df00db2696f1fbc68338799b20142e0c9535ee91547a99ae1c4cc221cb959400e700caeeb260f77b52e8bf8fa56122969def2bdfc56465d05cc4618d5433ee5a32c5fe63b8ecc6a4bf2475b2135c2780b704fee67d8e6185f72c48fcd23a4a70713d78f4d653cde708afcf70c190f07128a5f0f07e15a9204f4961aa213705a004e88ed2846fab6f8ca6a0039e7dc8322027afaf9e044e1cd362ed0471832d0d008f478a5c63daf0513560dd134d8bf9046ea42870eba1fff5ec7eb513b699679f9070bb8ff4cc90f5ff43e4337f975df5f5c087d7f61fe7d0b95d0d4745761405c76ad84ee5afa6b88767f759ce650bfbd49955f9ea666134b71f118202f04580222e23e68836a7cc1d3cb4acedfaa4e32033335d0ec307415d9e385cba904fca9e4107a8a8b819719397dc2d71118f17deca7a2588b8dd5a949e4b875eca8be23a70714d4209f6bd98f0590210e0982be03c08dbea199bfad5d625c3f3490a9571d8c0c180f386f77438806322d139fa0edf761d8925054f6c13eccd8efe924dd3f6df27e2fdf7f129945c4181d363f88c74f9ae87193a61e3a88bf5d77db5a639bd0bf7a86c00654bd91a59886ccab7ada635b37a56d77abf9d6875b5369bb5e46dcf8a2f4b782e37166ef07cbd6a1fb47b48a49690047c4247d3db409e77ed585883d6f1d41515aafecc3d3f219a9863ad17fe107a96de2f0d040540f68306860e242b5ada8bd031ff2045eef39cc468e75ed74c46061849d30188e2c2b724350a89aef9b1b6413c0d10efb9d99805c044f2241c69e2aa1ecd1077cf730c3287b6839d86b2850a8211372e416792a57fc8116ebed60b277a243df17190bf980606d2fad6b09dd37471f639f2ffde4084022d3b5b2e10d2b9960315f722b83ac4fc91d7150478ed0ffcb84ef0249c8278b2bb448cb259bc52b7e8902fdb0629f7f02ce5752bd95ed795bce71d5735baa41f3a9a592d632cad48ac55a4f8dd0830a17d8981615e87492f5ef866265f40a5d4ece433509bc190e238a6f51dc252ad8600b750061daa1c46e551a472be9e9c07f688250ea87802ae6f506a4c2229e0ed0a7bd900cccb3e0c2052913afbf2aaae7e0fcc59d0774fe712d6df55932c35237753a4dc3b055c2d06802040b8ade5bce17fcde0826f9e49545566cdde606f9892d7d4c3226a111627dfdcdb6fe1ccdcb06d03e7e63d299393391f87e7b5d4a2ae99a565a329642ed12aec1573dfcb3a64e1bddef2fa72accdb0ca41ca7c828babd5f3759fa36a96c47426873996043e22198ff35f0d8b5b8416187b07d7f2eafffe4e8370f2adacb9f870c707e66500cb16fe1126af35fc58b03127eda79365e0ba8ddf25d8652eacce26def2ece7a7bf06ae86b1cb9a36fdecf7f973323685fbcee22b41c555ec23b97a59164ec7a63587d18a680053a83bbdcf5918f75ca8fe9ff42573f3511d08f8bc3504cfd015a084d1b17a8b68a782d5892cefdf607939ae5b4588088ebdd78f93497447a87ec80de3a8597e4d2f09461f972d11056893d354e3f52c6e6b8793770066410d8797a3516aa25278161c68d560e1f6eff1080a488fb8183c49d9812dbc4c4f9c3279fbe0ab7decfc65b7b3eda43aa9ea55e95d92741f2f07829b878a63478ac174b0c73fd620bd717a0d94e833bac14c87dca8cc14fde11ec389c67eab21869f0358bdd559abea17ea9d2b892f600ded38faa2c79be59b202b364aaf0f6771aac0a03ce99db2de6f6843a3f0de18b7e9787ed50b2674c0c85284ed11937bece4f2c988813ce8947d3d7d529580820d3ef38baab3aae93f950f9058140514bd179742", 0x1000, 0x2}, {&(0x7f0000001400)="72acf09a3d35714d9f21e63038c4bac79fe9fce96c95b44c5e6dfef70618eac663cdac559c21cda8351814005376c53281adb9de36c918fcf0b9e1fc5bf8dbdebbf1e0992a462f180271a31d36e05f9868ada2d0528ba56d00d563180607ff4f20b8d7c0e9827313851ed81cb1da1a02e6d7f3a6511f66ccd4b73d14e3be795cd8015469c3b622544c848b614132d4995aea6f5814869efcf5df90b2522675b1fda94d6660f5284d9cfd2378820f18e8158940fd0f2b485119b881ba965747eedc018c7a8ceafd569594b189411c7533dd6a2b2a741cf60b920ec86b33ff1b4c699c69186a6dd6e4f1170cf12e95403636ed1a9c67e80d0a0a8abbda5a", 0xfd, 0xffff}, {&(0x7f00000000c0), 0x0, 0x6}], 0x1000400, &(0x7f00000015c0)={[{@noload}, {@journal_path={'journal_path', 0x3d, './file1'}}], [{@obj_user={'obj_user', 0x3d, 'ext4\x00'}}]}) 12:27:15 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:27:15 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 66) 12:27:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x41e, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2916.133222] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2916.133222] program syz-executor.4 not setting count and/or reply_len properly [ 2916.138630] FAULT_INJECTION: forcing a failure. [ 2916.138630] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2916.139773] CPU: 1 PID: 28348 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2916.140462] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2916.141279] Call Trace: [ 2916.141549] dump_stack+0x107/0x167 [ 2916.141926] should_fail.cold+0x5/0xa [ 2916.142323] copy_page_from_iter+0x40a/0x900 [ 2916.142783] blk_rq_map_user_iov+0x138b/0x1a60 [ 2916.143244] ? perf_trace_lock+0xac/0x490 [ 2916.143663] ? __lockdep_reset_lock+0x180/0x180 [ 2916.144132] ? __lockdep_reset_lock+0x180/0x180 [ 2916.144599] ? blk_rq_unmap_user+0x750/0x750 [ 2916.145048] ? find_held_lock+0x2c/0x110 12:27:15 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) [ 2916.145465] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2916.146076] ? lock_downgrade+0x6d0/0x6d0 [ 2916.146524] ? import_single_range+0x24d/0x2e0 [ 2916.146978] blk_rq_map_user+0x103/0x170 [ 2916.147392] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2916.147871] ? alloc_pages_current+0x18f/0x280 [ 2916.148329] ? sg_build_indirect.isra.0+0x448/0x710 [ 2916.148836] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2916.149369] ? sg_build_indirect.isra.0+0x710/0x710 [ 2916.149879] ? vprintk_func+0x93/0x140 [ 2916.150281] ? record_print_text.cold+0x16/0x16 [ 2916.150763] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2916.151271] ? trace_hardirqs_on+0x5b/0x180 [ 2916.151709] sg_write.part.0+0x69e/0xaa0 [ 2916.152123] ? sg_new_write.isra.0+0x770/0x770 [ 2916.152584] ? find_held_lock+0x2c/0x110 [ 2916.152996] ? __might_fault+0xd3/0x180 [ 2916.153395] ? lock_downgrade+0x6d0/0x6d0 [ 2916.153823] ? _cond_resched+0x12/0x80 [ 2916.154222] ? inode_security+0x107/0x140 [ 2916.154656] ? avc_policy_seqno+0x9/0x70 [ 2916.155069] ? selinux_file_permission+0x92/0x520 [ 2916.155557] ? security_file_permission+0x24e/0x570 [ 2916.156059] sg_write+0x87/0x120 [ 2916.156410] do_iter_write+0x482/0x670 [ 2916.156747] ? import_iovec+0x83/0xb0 [ 2916.157142] vfs_writev+0x1ae/0x620 [ 2916.157474] ? vfs_iter_write+0xa0/0xa0 [ 2916.157874] ? __fget_files+0x26d/0x4c0 [ 2916.158290] ? lock_downgrade+0x6d0/0x6d0 [ 2916.158714] ? find_held_lock+0x2c/0x110 [ 2916.159128] ? __fget_files+0x296/0x4c0 [ 2916.159505] ? __fget_light+0xea/0x290 [ 2916.159911] do_writev+0x139/0x300 [ 2916.160276] ? vfs_writev+0x620/0x620 [ 2916.160665] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2916.161193] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2916.161669] do_syscall_64+0x33/0x40 [ 2916.162049] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2916.162485] RIP: 0033:0x7f26a81efb19 [ 2916.162859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2916.164347] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2916.165105] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2916.165746] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2916.166363] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2916.166961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2916.167546] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:27:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x500, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2916.203360] device veth0_vlan entered promiscuous mode 12:27:15 executing program 1: syz_emit_ethernet(0x48, &(0x7f0000000000)={@multicast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3a, 0xffff, 0x6000, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {0x0, 0x0, 0x26, 0x0, @opaque="26c2a363c7033007a37c01a61e00ef5007d1d59371179be4de55f0ac16e3"}}}}}, 0x0) 12:27:15 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:27:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x600, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:27:28 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x4000000000000000, 0x0, 0x0) 12:27:28 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:27:28 executing program 1: ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f0000000000)) syz_emit_ethernet(0x10e6, &(0x7f0000000d80)={@multicast, @remote, @void, {@ipv6={0x86dd, @udp={0x2, 0x6, "69c631", 0x10b0, 0x11, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, @ipv4={'\x00', '\xff\xff', @empty}, {[@hopopts={0x32, 0x202, '\x00', [@enc_lim={0x4, 0x1, 0x1}, @generic={0x5, 0x1000, "78a6073d6e49cb8e704e332a659ab6fc28a2487da9a1657e75cf9c032e7ba6f98031aeac2ca0e99ddae3756764d3044d5ead1ed56ad247b39783c7c69ee6ebc1a3d2b35e23c54d51c2a513e8478a9e09702fa2c770b7db4680dd62bf1d7aaa542108acd225a1757a4973396fd1e8745768c2343c6eead09e20938cbc77a29a6f9d5b055f741c58c4257ea5c52a5d5c0195e3389c7c81d43a998261155ea9d0e25753ade3b18cbb97b5ae5904551b8eec2bb46f683c31772caa8890c711631bda47fbf282055ae2636627cb6bdb472664ff634c195420040b5c29a48b089e6cd53a3554356a19a760308bd103e4a5eacf5379b28125f52c1c31e5f1d0ea2c02dbe9412b9bbc250e1352b19ea3009ddcf371787b6b567551cbde90070aea4e1c290faec0219a5a7b7f815ca78fa97f9b0cc555e8ecc1105f62f9b2e5cad0278a27a2ab32a937ac041b4cf16d361eb26c89be99b1441175ecc203c04e614ea880c7570d2dc63ff2c6f42f9667a3bc2ca6f2a53bc02e8dbbf8bc692674c5e95dd271adfd56e5c5af0746d1fefeb8e7ecbe907a3069cecba71c74118f1a0ede95ca33e587fb448dab161471d06f7bb2c592deed62dd69bd0caaf8857570da0702c3b1e47d84a75a6be8c61575211aab9888f80b9c499a1a022ddd1c1abfaddbf7ea41141aa4e559117c091adc07cb4dac0134d86a3cf7b16bc0c56120dbd8d4ba385ce7ee5e91d715a242ff085c18b653275fab85154db965c496f5c1a37834b150e1d28cd59657760b16a2bd430956f1e01c6530178752355885a3cb6216b060d72406657e821f02628962e903e7857bf8c8e2994921d6eb664c0b4d21b8876db6e430c6d6208ddd045c1137eab4fb05a4a869a08bd667a5713cc4cb99961e6326272454e7eccf7659d29fde8dd899eeab311fcbd3c1b70c639ec998c49c9ed2ad62622e8f8d9318f9df1a257762997c9e3b63874e6cfc69f296f2d3908df55c1ab4e69a34030a3287f46bbfe541c27b592b7318b9f2922b09095aa23298bd4508255411fcbdb673c6525bc1e0e90a37f880254db620662d4b168c7bf265751e8f5988854dee846c037674bb2431f463a7641057569ac24e424cca8fcf6e7cd12e6e5b9e081ba79cc92abdc02d7fbf5b154f441fa629b75b82673f47484ca7c3c71a52b96682a1f996881174ce46bb9a302a9db9e7a3784c1e946e54baee148757e1090d340547e4feb9fea9f022556361275dab312c95dea8e2ed1942d403172eb4562ac12530e324f3986b5b4316ba70ec7c0d40a8fd2ed9538584a85d0023164ddc51740a6ebc27af9037cfe34e0b5c6cfb1472a0027fdafd9f6986c60a1944f648904d8e5fc25d212c5a764cba9c4fc0efa7c8c1bf03eff01bdf84ce9f94ec0729cafe7fa29971db07585a19847cd68256bddfc765d2e8d8e276d0be7ed56bdd07209244cc7d41bce7fcf6a42b07fc7dbb65ef0bfb2e6489ebe5952b34b8148be195ffb106ab1557c2ecaa7b0704ca390ba438231dd579e5447c6d0876aa9d2a69e904ff3a33659c44471396f9a9f89f848fb117ee61bff7a9ec4ca300f4f71818fc4bbfb91a8e1e9ccb6d70413be602671f5bee6a0b7af37ba12225d3a54534b4334188a3a0f44b9f302298c6e33494e56eb1135a8969c8befa810ca4edde7752fa9060aa60b83c3c886c2ed9f9ecf8e725734bf6d50933fdb2ef575005f08c32d234007e06dcec35891d81cbafc1ad96d367b533d0ff22edc6f095b0e0c37314d793973818d58fcfa8b81dbd4ac50cd3fd8cb68b05383b74cbf4f8ec32df39b1e54b72df5fb202fe5ad86a3b1d10ce65558c8eadbe14348f7789ec0046bbe317f069fa3e8223d048d02657a78ee388a49b8791dc0fb470faf48468c10f2a1e4a0762ef97e428d4a7256678406e2ac2771f0a6b2c854af11736ad88b489028025d27e3583f1d734b3cd1e4106a758076f6f960d0dfb6659ad6c3ae94270aa42a1703a038b333538b4a820e281e8f48a535a5cf9e426073493e87dca5c8efd864e4bf0520df1117a3c8c403da6d5177c30399e08acc9f42690f67680b630dbf6061c2aba2ff48e07ddedd445bbb22d4e3864ffcade26e8c905785e2099fa6418d757f8989958c3978d4909064f20cd3f81557f91c6116b5a147806b941d497a15d4807fb72b3b5c97243ae4304499edb4e23864df2ba5c516b8420e3847f13595eb3e3ec510be0418e06c443895006ab8ae0b228fd2d723eb0cc9fc5ec94950d52a31a2a2b4eebbbc9540e09e4979280dc29cfc7c27fbd0a4b78e3e54eab4c31e30963d6e96e4132ee0edad890b106bde615dd7964e87ac31948f952f91b333a9c6f219cb92353294558e741ed0ca9b5e6da9358d804197ab522b0978c1e135e73585a972d4ac24b7ba67e7773542d8215ff62deb3cce9ba67893040329ded30787bf857223be790f2fd66b8bb9d334216610a95c5aae809a9ff13a8eb00e6e1817aeda26ad37288fa28112503ce8e4986886b5321022082910f55aef32e981f3a11b62af17e4da8e380a6e0b22dcc7fc7d093fdd07be6b27b619bff49f4d6d1ad82230453cea792da8806ec93462caa2cc66817bc502dce077f9b74244cc31b821e77ea41d2bd41e768ea5d10b1a0680adf5aa63064895f87be4dfa3cc4d14366279cae267481bb6424e21e025e79b28770971195fda2d1a977fbdb1f4b941dae4f0f1cfb87b8c2943f9fa0e1dda3d8d62400fdac6d934d1dcac0a850182af4bd48ca2b3c00d9c0a01b9af006b6e18a7d7dc3871d773cda82282f330075d453549335e6d08b009c8885ca36e88aa55da00f890653899495fd2ce7a92866dfd5b2516496c9fbe29cb1c9e19591df8a393cde73d1c87208057077f26db30154dc9576db7944337c5c0fd14dfc830baac859d81962f4e5a5de9e59015c118d24d29bf28bc3f25e83c3a050a756b176420e35ac4c022b3c97ad0a38a99fe6f75e0401255e016f80e7bb171186eb95f18c447002af3dfcad2dd1b9ed222c31a853feb012dacd59e52dfba335015143db9f1f67ec748e6983c6ed3f8507669d16b7d8656b5ce91c763e31d76dba842c25f71efe60780c496dc6698f34058c3576ebf67bf14f2c4b97295ca22cd3a540e299061d8c108caaf90a24388301e89b53e8c593e153acf55fa92ae95d01bfe40733ba68320c99cf4a4e1ae482d8c4511bc542ccc1ab422aa6b2d9ede46dd5b5d21bc5af46a93c9ae27698bf62616db4a43efd919776a01c8bbe83aceeef66c1e1836adcf8558f452deee4e63f127f9a713b224452303b9ddb7697dc0512bcf945d03a34a587516ddb682cc3b3f892569758c489224fb7d59dc491d51b5ead6e7541e48d6d797f048f0278cb6dbf79192d11c655262ca0bc4a55115160ced45afe271acf4410aa494097a95d3e354b4619ac4da28bf0c85d1016a07545719aaccac0e49ece8219394a4446b073e1dfd0ef40793d754bb9df06afadd27a91153dd5dff5d5d5977f90d4f7b01af0260f691125ff2dba3b37012cb46f481aa20447150570352bf2e9aa983053a1e439200b7825e109774e0821880de3598423b9a2f4f39b66cdbe58b0bdf4cfa4ae8dbeeddfc6d80e7971e53d74a216b459526724952ebb7b551e9318596540acdb21efdb9634d8fe11de251a46ca7669b175fa0a3fcedc31cd5983c5327073c3c3ae3b22d91a838b983b504c507819f6a5488a72e0d195a3fdf4182adda33509c88811aec251d65b69e6beb281ec114a18694385c4f66b9f6f8920866129f46b52bcdf627ed1c20c5a070209cc0438fa0494e6c28928e2f9ef8d1b05f4be20d91fe558920acfc209fdd0f29920055c58365e77d05d34b17becb347670dd8699bf4a6c3bd91d39007b0a3f165bed09ae61c426aeb09318deba248a4bbc719f4f55081401affee6bdb92140f5fe9ca07c05c6965460297234282849875e7f19c175f1058308deb6f8db6fa0aefd91a96fc7753cda087e6e4651f061cdf4799da9ab542eeba0d5ac29dcf0214f2c2834e9eae9a06f60f509c0b0baaae706960aef94275c716cf819b9ddd10832a770b5e583198630d3e9ec9c934d5d632c3e8377b5712fd2eb0de632c199e11a3e8614f24f92e4af2322d2dceb1f82ceca165d2515d9703b4c1e73abed0ab27fcfcf905fa7d0fb62432b9056894ab74dd71f8c7ebf397ea7e1a4db20549a663b9ca86933c37cc53cdd3ef5d2f837dd5819c99d0c918b078a4e2238ad8a88d6f92bc1e29c969c901c1e5aca2d4175bec31fd682ed81b6888849756d318dc6ba6b5d1688e3a66eb2e0adae38d3a5eab4e59a42f7a7aa23b3a55877bd5988d3b649f2595c317a9754e2d0f82c04525358adfe68a34872287bddfc686149ea056074894b7e2f53cb98a04c07d90ee90b8adac22152533d7cfa57f1cf15a145913cb377d4dba331cfc17bc096be8685c35c0401e47af0ce5ef8643d417ad423b1a124bd5da9c91cebf37925d6c5ab94aacb76a09290e2b45e80ae0270a2c3eadd71273b618cf83c658a143829d1908175370596d70bdc9a8b8328f3eb5449ea4e4f8c4568bee6c347d09cb4faff0b0f961d0415cff905cc5487b161ea94bc616412f566daee4e8335b363c9a4dc3fa61c913d1bbb1897c86492b7f93a7b8fcdb1a64b8353562326c022a11ac7a50c2a5f7709a74f241ae1fbe7e39da9ded8a0a50456f5f0188b1d9190c978938f7c24bd5a272778e31b8be6c32e0019f8a71e8169a49af817051c98d72c7105372b6e74511cf6188ac33777cd489f22b5923039f1896762ad6819c3c15a8173f34dc99f289b3281a641a43752da5a778f99e6266259a5bb5432760b3900d29b87ccc4858fa5ae4b07452d4bd7a44ed200929bc5e9e7aed58c7bcc64cdf1931c31638e95c477cd4651112f98e6e71c51d3af6189a7de765cbc8ee620cc6712e077f79747b17bcad8d07467f31acb9aab3db0a4f0b05b9a3ac23898a0f3bad444c78fcbe422dd1bb40ff4180370ff723d40c93a588c510cac1ab078c3d6d5e38990f4da84ff8d5b1fd2155c95780445f5f7f996909b13a21072e797a738c512837cd7007dfd2e20830cba06251bdeebb14109f4fbb675f91a1589b81bf2e178ca374a2ccd44898b1dd598cb951110a1de36b4e218dfbe238f0c2131ea587ae6d7f66b7cf51f9bcc6f1a578bdd7919d24ecd7c118fe92af49ec320e8f92a33d2868bd1ed4ed450c24903c65af1e9256943e561d2350a08e11c6a6b10b5ec13ac17e0e99e2690bc190138b9e8c6bcbfc0b8bd86f4cb593c5c98e982e0e104a77ddad86962cd8db9c2e15d7aedee9509a88dc4abb9486c6ec96491fd605b6c40925046c26b606750ee3b1d7697294f062b8718b26d3d1b6e4e98ac3c699217a92943cdc23e715e23280878b54c0becdab147d37b431a0144e60a06956d3d323d0f4500f79fa394a0d3ab164f3c2f589abfb73fde3b237364090ec19fefb988e583c7f0e7269638c23111a1ddfe4ad3ec2bf45a04fbd308d7ecd1310c68ee363be846ea5114592286fd4799ee2d29cde624c5a09700814c059be4ea37e91c96e1bd51bae2397bb70093e7ba4f07ac272a4ddb2d9a5356f36f58d94e105f222e5a3a906f43d6234200117bef91d2edfe8b4661ba11239faff82eb669528dba114e23b3f687262d669bbe02ea9dca33bb6f1f0d64ce9fd52723651723d38616ef77a5205a892138ee0aa9d0b9bf39380fbb2292f2e288455806366aa6e9eb552ae2126cea974821b4e8a49fa9cbc5408933fb0ce33"}, @calipso={0x7, 0x10, {0x0, 0x2, 0x3, 0xffff, [0x3]}}]}, @srh={0x89, 0x4, 0x4, 0x2, 0x7f, 0x28, 0x760b, [@remote, @private2]}, @routing={0xff, 0x2, 0x1, 0x6, 0x0, [@dev={0xfe, 0x80, '\x00', 0x37}]}, @fragment={0x32, 0x0, 0x80, 0x1, 0x0, 0x7, 0x66}], {0x4e24, 0x4e24, 0x48, 0x0, @wg=@cookie={0x3, 0x3, "25afa9d9ff475155a57a7e07e8d3e7219b57042d03861554", "1758f1dad118c3b58e5533ccd2706432b7c67391de52006d3f38ce12018070f4"}}}}}}}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) dup3(r0, 0xffffffffffffffff, 0x80000) 12:27:28 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 67) 12:27:28 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200", 0x5f, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:27:28 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x2c, 0x26, 0x101, 0x0, 0x0, {}, [@nested={0x18, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0xa0}, 0x0) syz_io_uring_setup(0x21, &(0x7f0000000340)={0x0, 0x4000000, 0x2, 0x3}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180), &(0x7f0000000080)) io_uring_enter(0xffffffffffffffff, 0x76d3, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup(r1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x810, r2, 0x10000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socket$inet6_udplite(0xa, 0x2, 0x88) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) dup2(r3, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan0\x00'}) read(0xffffffffffffffff, &(0x7f0000000140)=""/205, 0xcd) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) [ 2929.656000] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 12:27:28 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000080)=0x90, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000002ec0), 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x4e, 0x0, "15bb6949bc674ed64133723aa6453b9d292123bebbcd37c5097fd53da62c01e266166394afb8d0aca105da30931d140a11973acb99cc0d8da3a4f6f42444a1948f422c8d8d2d8bdd069588783e32b713"}, 0xd8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup(r1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x0, 0x2, 0xff, 0x18, 0x80, 0x8001}, &(0x7f0000000240)=0x20) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x4205c0, 0x0) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000040)={0x0, 'veth1_to_batadv\x00', {0x3}, 0x40}) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="cf", 0xfffffdef}], 0x1}, 0x10044001) bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x3f, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, &(0x7f0000000140)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffdffffffffffff, 0xffffffffffffffff, 0x0) recvfrom$inet6(r0, &(0x7f0000001e00)=""/4096, 0x1000, 0xcd08, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) [ 2929.658617] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2929.658617] program syz-executor.4 not setting count and/or reply_len properly 12:27:28 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x700, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2929.681103] audit: type=1326 audit(1708432048.929:361): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28485 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2929.691745] FAULT_INJECTION: forcing a failure. [ 2929.691745] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2929.693785] CPU: 1 PID: 28473 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2929.694912] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2929.696193] Call Trace: [ 2929.696635] dump_stack+0x107/0x167 [ 2929.697241] should_fail.cold+0x5/0xa [ 2929.697868] copy_page_from_iter+0x40a/0x900 [ 2929.698571] blk_rq_map_user_iov+0x138b/0x1a60 [ 2929.699327] ? perf_trace_lock+0xac/0x490 [ 2929.700011] ? __lockdep_reset_lock+0x180/0x180 [ 2929.700758] ? __lockdep_reset_lock+0x180/0x180 [ 2929.701507] ? blk_rq_unmap_user+0x750/0x750 [ 2929.702224] ? find_held_lock+0x2c/0x110 [ 2929.702902] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2929.703748] ? lock_downgrade+0x6d0/0x6d0 [ 2929.704415] ? import_single_range+0x24d/0x2e0 [ 2929.705153] blk_rq_map_user+0x103/0x170 [ 2929.705810] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2929.706588] ? alloc_pages_current+0x18f/0x280 [ 2929.707329] ? sg_build_indirect.isra.0+0x448/0x710 [ 2929.708141] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2929.708996] ? sg_build_indirect.isra.0+0x710/0x710 [ 2929.709799] ? vprintk_func+0x93/0x140 [ 2929.710433] ? record_print_text.cold+0x16/0x16 [ 2929.711206] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2929.712021] ? trace_hardirqs_on+0x5b/0x180 [ 2929.712736] sg_write.part.0+0x69e/0xaa0 [ 2929.713399] ? sg_new_write.isra.0+0x770/0x770 [ 2929.714148] ? find_held_lock+0x2c/0x110 [ 2929.714828] ? __might_fault+0xd3/0x180 [ 2929.715477] ? lock_downgrade+0x6d0/0x6d0 [ 2929.716167] ? _cond_resched+0x12/0x80 [ 2929.716797] ? inode_security+0x107/0x140 [ 2929.717448] ? avc_policy_seqno+0x9/0x70 [ 2929.718066] ? selinux_file_permission+0x92/0x520 [ 2929.718841] ? security_file_permission+0x24e/0x570 [ 2929.719652] sg_write+0x87/0x120 [ 2929.720214] do_iter_write+0x482/0x670 [ 2929.720855] ? import_iovec+0x83/0xb0 [ 2929.721474] vfs_writev+0x1ae/0x620 [ 2929.722071] ? vfs_iter_write+0xa0/0xa0 [ 2929.722725] ? __fget_files+0x26d/0x4c0 [ 2929.723377] ? lock_downgrade+0x6d0/0x6d0 [ 2929.724042] ? find_held_lock+0x2c/0x110 [ 2929.724721] ? __fget_files+0x296/0x4c0 [ 2929.725381] ? __fget_light+0xea/0x290 [ 2929.726017] do_writev+0x139/0x300 [ 2929.726627] ? vfs_writev+0x620/0x620 [ 2929.727233] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2929.728062] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2929.728901] do_syscall_64+0x33/0x40 [ 2929.729501] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2929.730289] RIP: 0033:0x7f26a81efb19 [ 2929.730885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2929.733678] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2929.734862] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2929.735949] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2929.737035] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2929.738131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2929.739216] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:27:29 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x900, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:27:29 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200", 0x5f, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:27:29 executing program 1: clone(0x24980400, &(0x7f0000000200)="513548be203607ba6526cc5e6e1ec76057035d8d1e1405fbfed88303fb76cc3efe39d8dc05291fa4da26047327d32b8527ef11fd3da7b8c43527b297662bae87557db18b9f63538eddefb84d5aa051be02de07203f5309f93fcad1744971a935e775950f77e2adcbbe838caaefca7af843ba4bd55ae2435f4451d32db42e4d49ad7353f4aad299f6369c731808e8722f25aa34e0245b106ef13e0f8ae907e3eedde9d20b641aac152fc0c3c85ae11d3733be9f2f5c0dd804a670eaa5b15e28652a6ec13d5ca86fe3012937db3b39b4c86b70b587ba3670be1be510ca99b2d9aa8941d4188811a3774bc3", &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000001480)="a7aaa94dce8815aec912c24a1c3aaa039e708ab7083bfdb537c8e1658b0ad7d582a92ef3de8f141f22aec16ce8f9262b92aa2d8f33eb9cb034bb05496b2bda582d4eb0e749df808b0209e76bc2c8ba759e469d576f5b90f55a33dd0906c1fc9f0cca905fde6b47a3595030b0ed532c503299ed7808a7525a01bc856c25987a70d35569d3") r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffc}, 0x0, 0x80000000, 0x0, 0x5, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'}) r2 = openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = fcntl$dupfd(r1, 0x0, r1) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000340)={0xa9c2, 0x0, 0x10001, {0x2, 0x6f5}, 0xcca7, 0x8}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x4, @time={0x6, 0x3f}, 0x3, {0x1, 0x1f}, 0x83, 0x2, 0x8}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000240)) ioctl$TCSETSF(r2, 0x5404, 0x0) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000200)) ioctl$NS_GET_PARENT(r2, 0xb702, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x0, 0xe4, 0x0, 0x18, 0x0, 0x0, 0x16000, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_bp={&(0x7f00000001c0), 0x2}, 0x8, 0x8, 0x0, 0x1, 0x5, 0x15d, 0xffff, 0x0, 0x101, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)={0x1}) openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) unshare(0x48020200) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x1000000, 0x4) 12:27:29 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xf00, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2929.827618] ALSA: seq fatal error: cannot create timer (-22) 12:27:29 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 68) [ 2929.905850] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2929.905850] program syz-executor.4 not setting count and/or reply_len properly [ 2929.912206] FAULT_INJECTION: forcing a failure. [ 2929.912206] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2929.913315] CPU: 0 PID: 28660 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2929.913976] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2929.914727] Call Trace: [ 2929.914971] dump_stack+0x107/0x167 [ 2929.915325] should_fail.cold+0x5/0xa [ 2929.915693] copy_page_from_iter+0x40a/0x900 [ 2929.916107] blk_rq_map_user_iov+0x138b/0x1a60 [ 2929.916533] ? perf_trace_lock+0xac/0x490 [ 2929.916912] ? __lockdep_reset_lock+0x180/0x180 [ 2929.917324] ? __lockdep_reset_lock+0x180/0x180 [ 2929.917749] ? blk_rq_unmap_user+0x750/0x750 [ 2929.918135] ? find_held_lock+0x2c/0x110 [ 2929.918533] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2929.919059] ? lock_downgrade+0x6d0/0x6d0 [ 2929.919421] ? import_single_range+0x24d/0x2e0 [ 2929.919840] blk_rq_map_user+0x103/0x170 [ 2929.920207] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2929.920646] ? alloc_pages_current+0x18f/0x280 [ 2929.921052] ? sg_build_indirect.isra.0+0x448/0x710 [ 2929.921508] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2929.921985] ? sg_build_indirect.isra.0+0x710/0x710 [ 2929.922426] ? vprintk_func+0x93/0x140 [ 2929.922787] ? record_print_text.cold+0x16/0x16 [ 2929.923222] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2929.923700] ? trace_hardirqs_on+0x5b/0x180 [ 2929.924113] sg_write.part.0+0x69e/0xaa0 [ 2929.924475] ? sg_new_write.isra.0+0x770/0x770 [ 2929.924883] ? find_held_lock+0x2c/0x110 [ 2929.925245] ? __might_fault+0xd3/0x180 [ 2929.925624] ? lock_downgrade+0x6d0/0x6d0 [ 2929.926025] ? _cond_resched+0x12/0x80 [ 2929.926368] ? inode_security+0x107/0x140 [ 2929.926749] ? avc_policy_seqno+0x9/0x70 [ 2929.927121] ? selinux_file_permission+0x92/0x520 [ 2929.927555] ? security_file_permission+0x24e/0x570 [ 2929.928029] sg_write+0x87/0x120 [ 2929.928336] do_iter_write+0x482/0x670 [ 2929.928704] ? import_iovec+0x83/0xb0 [ 2929.929059] vfs_writev+0x1ae/0x620 [ 2929.929382] ? vfs_iter_write+0xa0/0xa0 [ 2929.929741] ? __fget_files+0x26d/0x4c0 [ 2929.930110] ? lock_downgrade+0x6d0/0x6d0 [ 2929.930488] ? find_held_lock+0x2c/0x110 [ 2929.930857] ? __fget_files+0x296/0x4c0 [ 2929.931223] ? __fget_light+0xea/0x290 [ 2929.931569] do_writev+0x139/0x300 [ 2929.931890] ? vfs_writev+0x620/0x620 [ 2929.932239] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2929.932728] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2929.933197] do_syscall_64+0x33/0x40 [ 2929.933533] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2929.933998] RIP: 0033:0x7f26a81efb19 [ 2929.934334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2929.935941] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2929.936627] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2929.937265] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2929.937933] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2929.938582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2929.939237] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2930.009952] ALSA: seq fatal error: cannot create timer (-22) [ 2930.515945] audit: type=1326 audit(1708432049.764:362): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28485 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:27:44 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 69) 12:27:44 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x1e04, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:27:44 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x4800000000000000, 0x0, 0x0) 12:27:44 executing program 3: ioctl$F2FS_IOC_START_ATOMIC_WRITE(0xffffffffffffffff, 0xf501, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) writev(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup(r2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) openat(r3, &(0x7f0000000100)='./file1\x00', 0x10140, 0x80) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x0, 0x2}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000180), &(0x7f0000000240)=0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000001d00210c000000000000000004000200080017000000000034ce6800a07df3e221ec90000000000000006ac07d62b2d05a92eb03fb951ce230d450db115c4f51bbadc39325da702e072a5e76dce6f043cc725bdbde8b8f87b888f1b0b63e5b2577144b2498ab27f0569fb5ddf15bd3a8ad5d9083e1fda0d88041b86c9549b471c55907f00f3643d748f44014f59dd2edd8f76d4c6a1e0de79f08b5f3b39ad9f052893bd9cd3cac2610da71d42439a134938286f2cc9a78f1d5e265031e27a2f7af7b1c00c88b61c709ef"], 0x1c}}, 0x40000) r5 = creat(&(0x7f0000000000)='./file2\x00', 0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) close(r5) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00'}) 12:27:44 executing program 5: pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000700)='clear_refs\x00') writev(r0, &(0x7f0000000200)=[{&(0x7f0000000040)='3', 0x1}, {&(0x7f0000000100)}], 0x2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x94910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) sendmsg$NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYBLOB, @ANYRES32=0x0], 0xa8}}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) dup(r1) openat$nvram(0xffffffffffffff9c, &(0x7f0000000500), 0xea401, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x103000, 0x0) io_uring_enter(r2, 0x60ff, 0x7e20, 0x2, &(0x7f0000000100)={[0x7]}, 0x8) ftruncate(r1, 0x1000004) socketpair$unix(0x1, 0x2, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r3, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) dup3(0xffffffffffffffff, r3, 0x80000) 12:27:44 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:27:44 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000a40), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open_tree(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE(r1, 0x5000940c, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000000)) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x2}, 0x10088, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB="147966367357773e76968172dc9593d57a22f4063cff2db7ba2f37d2b1eb1d95886b3b186ad2508f62d48b298b4a3f99b4757ba3b68daf61e8f2854a2bd0d51c46050435ca3ac388acf4ef92e4ff8be2be0fbb203582c9ccbdfb6a2354502458edf09c5838112beb86c81289b8dc4f6a765b428768533cd663f4a92b63a44205d95b7d12b6a8cf4ba73627d4308fa64191eb6b0c42ebf50357d9ded373e17289747877c07529679270d7d76d9b8fd018ffd9fc78d84d0d0c185fd80c9c16a168dc1ed831577e3469458ba66c03ab34735fcbe29f96e6f900a01bd20dac5bb4b035e9e06f319684381a7f40d9c94261bc42a3be4cdc0b0300aa729781c96782fe2e56b011ebd060894afb48622178d8330c8e9c3484f11544db64ba7539dda106f172f0f0a998d446f95e2cf6ee7513196d8414274ed4dbdf4ca3c7f5cf0bcfd0fc93348877580de1cf970af32ed63d9acee6f0afd60e3ac960072911855a00000000"], 0x1a) munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0xa01d, 0x0, 0x1, 0x3df}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x5000a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1, 0xa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr$security_ima(r0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="e6023600410008004b33fec0cefcedcc64456dc3026fc7270300a28ce2d10d69c19cc92a89e0e8006ce9"], 0x54, 0x1) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x180, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) dup2(0xffffffffffffffff, r3) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) dup2(0xffffffffffffffff, r3) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, &(0x7f0000000140)=0x1, 0x3d, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) 12:27:44 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200", 0x5f, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2944.855149] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2944.855149] program syz-executor.4 not setting count and/or reply_len properly [ 2944.889007] FAULT_INJECTION: forcing a failure. [ 2944.889007] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2944.890145] CPU: 1 PID: 28718 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2944.890737] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2944.891415] Call Trace: [ 2944.891644] dump_stack+0x107/0x167 [ 2944.891951] should_fail.cold+0x5/0xa [ 2944.892274] copy_page_from_iter+0x40a/0x900 [ 2944.892662] blk_rq_map_user_iov+0x138b/0x1a60 [ 2944.893055] ? perf_trace_lock+0xac/0x490 [ 2944.893407] ? __lockdep_reset_lock+0x180/0x180 [ 2944.893802] ? __lockdep_reset_lock+0x180/0x180 [ 2944.894214] ? blk_rq_unmap_user+0x750/0x750 [ 2944.894598] ? find_held_lock+0x2c/0x110 [ 2944.894953] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2944.895398] ? lock_downgrade+0x6d0/0x6d0 [ 2944.895743] ? import_single_range+0x24d/0x2e0 [ 2944.896157] blk_rq_map_user+0x103/0x170 [ 2944.896506] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2944.896907] ? alloc_pages_current+0x18f/0x280 [ 2944.897298] ? sg_build_indirect.isra.0+0x448/0x710 [ 2944.897729] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2944.898174] ? sg_build_indirect.isra.0+0x710/0x710 [ 2944.898602] ? vprintk_func+0x93/0x140 [ 2944.898942] ? record_print_text.cold+0x16/0x16 [ 2944.899336] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2944.899755] ? trace_hardirqs_on+0x5b/0x180 [ 2944.900125] sg_write.part.0+0x69e/0xaa0 [ 2944.900474] ? sg_new_write.isra.0+0x770/0x770 [ 2944.900871] ? find_held_lock+0x2c/0x110 [ 2944.901212] ? __might_fault+0xd3/0x180 [ 2944.901558] ? lock_downgrade+0x6d0/0x6d0 [ 2944.901916] ? _cond_resched+0x12/0x80 [ 2944.902245] ? inode_security+0x107/0x140 [ 2944.902600] ? avc_policy_seqno+0x9/0x70 [ 2944.902954] ? selinux_file_permission+0x92/0x520 [ 2944.903365] ? security_file_permission+0x24e/0x570 [ 2944.903806] sg_write+0x87/0x120 [ 2944.904099] do_iter_write+0x482/0x670 [ 2944.904429] ? import_iovec+0x83/0xb0 [ 2944.904765] vfs_writev+0x1ae/0x620 [ 2944.905073] ? vfs_iter_write+0xa0/0xa0 [ 2944.905412] ? __fget_files+0x26d/0x4c0 [ 2944.905770] ? lock_downgrade+0x6d0/0x6d0 [ 2944.906135] ? find_held_lock+0x2c/0x110 [ 2944.906497] ? __fget_files+0x296/0x4c0 [ 2944.906842] ? __fget_light+0xea/0x290 [ 2944.907174] do_writev+0x139/0x300 [ 2944.907487] ? vfs_writev+0x620/0x620 [ 2944.907813] do_syscall_64+0x33/0x40 [ 2944.908126] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2944.908563] RIP: 0033:0x7f26a81efb19 [ 2944.908881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2944.910387] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2944.911033] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2944.911642] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2944.912230] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2944.912827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2944.913433] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2944.915819] audit: type=1326 audit(1708432064.163:363): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28722 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:27:44 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xf000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:27:44 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 70) [ 2944.981035] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2944.981035] program syz-executor.4 not setting count and/or reply_len properly [ 2944.982925] FAULT_INJECTION: forcing a failure. [ 2944.982925] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2944.984021] CPU: 1 PID: 28736 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2944.984610] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2944.985321] Call Trace: [ 2944.985551] dump_stack+0x107/0x167 [ 2944.985872] should_fail.cold+0x5/0xa [ 2944.986201] copy_page_from_iter+0x40a/0x900 [ 2944.986594] blk_rq_map_user_iov+0x138b/0x1a60 [ 2944.986996] ? perf_trace_lock+0xac/0x490 [ 2944.987358] ? __lockdep_reset_lock+0x180/0x180 [ 2944.987760] ? __lockdep_reset_lock+0x180/0x180 [ 2944.988154] ? blk_rq_unmap_user+0x750/0x750 [ 2944.988539] ? find_held_lock+0x2c/0x110 [ 2944.988895] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2944.989340] ? lock_downgrade+0x6d0/0x6d0 [ 2944.989692] ? import_single_range+0x24d/0x2e0 [ 2944.990078] blk_rq_map_user+0x103/0x170 [ 2944.990432] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2944.990852] ? alloc_pages_current+0x18f/0x280 [ 2944.991266] ? sg_build_indirect.isra.0+0x448/0x710 [ 2944.991689] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2944.992144] ? sg_build_indirect.isra.0+0x710/0x710 [ 2944.992571] ? vprintk_func+0x93/0x140 [ 2944.992910] ? record_print_text.cold+0x16/0x16 [ 2944.993306] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2944.993739] ? trace_hardirqs_on+0x5b/0x180 [ 2944.994129] sg_write.part.0+0x69e/0xaa0 [ 2944.994483] ? sg_new_write.isra.0+0x770/0x770 [ 2944.994885] ? find_held_lock+0x2c/0x110 [ 2944.995236] ? __might_fault+0xd3/0x180 [ 2944.995577] ? lock_downgrade+0x6d0/0x6d0 [ 2944.995937] ? _cond_resched+0x12/0x80 [ 2944.996273] ? inode_security+0x107/0x140 [ 2944.996620] ? avc_policy_seqno+0x9/0x70 [ 2944.996965] ? selinux_file_permission+0x92/0x520 [ 2944.997394] ? security_file_permission+0x24e/0x570 [ 2944.997813] sg_write+0x87/0x120 [ 2944.998110] do_iter_write+0x482/0x670 [ 2944.998442] ? import_iovec+0x83/0xb0 [ 2944.998781] vfs_writev+0x1ae/0x620 [ 2944.999088] ? vfs_iter_write+0xa0/0xa0 [ 2944.999430] ? __fget_files+0x26d/0x4c0 [ 2944.999768] ? lock_downgrade+0x6d0/0x6d0 [ 2945.000118] ? find_held_lock+0x2c/0x110 [ 2945.000482] ? __fget_files+0x296/0x4c0 [ 2945.000826] ? __fget_light+0xea/0x290 [ 2945.001170] do_writev+0x139/0x300 [ 2945.001480] ? vfs_writev+0x620/0x620 [ 2945.001813] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2945.002257] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2945.002707] do_syscall_64+0x33/0x40 [ 2945.003033] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2945.003477] RIP: 0033:0x7f26a81efb19 [ 2945.003792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2945.005352] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2945.006002] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2945.006597] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2945.007225] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2945.007846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2945.008455] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:27:44 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 71) 12:27:44 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000003) r1 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x1ff, 0x3, &(0x7f0000000200)=[{&(0x7f00000000c0)="4668611d366566160f28bfa74e022f846678ececeb9623c03dc7347cc60a0f06a11f78af4fba3ab5d7e126dd2243557fc1a5dc510377d3f8e35abbf175480083cab04153e00b233b07092c6d32c2d4e5ac670a775c6d4cdd1f23f23d3f36d2ccb6165b676bad7e432bd64208c7787b44f117981199b8fcaf2016facff727c4377164dd8fbf52083795944cac4128adb6c19f5586226c5eb2b05e128bee8734fed004fc", 0xa3, 0xffffffff}, {&(0x7f0000000180)="cec5aa0c88e3c1da4764196f7f849840aed7ae8f1d927966f3049858db6daff8d909f708573d", 0x26, 0xf22}, {&(0x7f00000001c0)="f5e2e8e0c6dfcd35b821919f3d904afac8b78a0ad68ed231e9", 0x19, 0x200000000000000}], 0x4, &(0x7f0000000280)={[{@fat=@tz_utc}, {@dots}, {@fat=@codepage={'codepage', 0x3d, '865'}}], [{@func={'func', 0x3d, 'PATH_CHECK'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@dont_measure}, {@hash}, {@fsname={'fsname', 0x3d, '\x00'}}, {@subj_type={'subj_type', 0x3d, '-&%'}}, {@smackfstransmute}, {@appraise}, {@euid_gt={'euid>', 0xee00}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\x00'}}]}) readv(r1, &(0x7f0000000580)=[{&(0x7f0000000340)=""/48, 0x30}, {&(0x7f0000001440)=""/4096, 0x1000}, {&(0x7f0000000380)=""/213, 0xd5}, {&(0x7f0000000480)=""/202, 0xca}], 0x4) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000001400)) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lseek(r0, 0x0, 0x3) [ 2945.106859] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2945.106859] program syz-executor.4 not setting count and/or reply_len properly [ 2945.111048] FAULT_INJECTION: forcing a failure. [ 2945.111048] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2945.112140] CPU: 1 PID: 28772 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2945.112734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2945.113455] Call Trace: [ 2945.113692] dump_stack+0x107/0x167 [ 2945.114020] should_fail.cold+0x5/0xa [ 2945.114365] copy_page_from_iter+0x40a/0x900 [ 2945.114793] blk_rq_map_user_iov+0x138b/0x1a60 [ 2945.115198] ? perf_trace_lock+0xac/0x490 [ 2945.115560] ? __lockdep_reset_lock+0x180/0x180 [ 2945.115967] ? __lockdep_reset_lock+0x180/0x180 [ 2945.116366] ? blk_rq_unmap_user+0x750/0x750 [ 2945.116753] ? find_held_lock+0x2c/0x110 [ 2945.117112] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2945.117562] ? lock_downgrade+0x6d0/0x6d0 [ 2945.117911] ? import_single_range+0x24d/0x2e0 [ 2945.118335] blk_rq_map_user+0x103/0x170 [ 2945.118713] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2945.119136] ? alloc_pages_current+0x18f/0x280 [ 2945.119527] ? sg_build_indirect.isra.0+0x448/0x710 [ 2945.119955] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2945.120411] ? sg_build_indirect.isra.0+0x710/0x710 [ 2945.120835] ? vprintk_func+0x93/0x140 [ 2945.121171] ? record_print_text.cold+0x16/0x16 [ 2945.121565] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2945.122002] ? trace_hardirqs_on+0x5b/0x180 [ 2945.122390] sg_write.part.0+0x69e/0xaa0 [ 2945.122759] ? sg_new_write.isra.0+0x770/0x770 [ 2945.123164] ? find_held_lock+0x2c/0x110 [ 2945.123500] ? __might_fault+0xd3/0x180 [ 2945.123848] ? lock_downgrade+0x6d0/0x6d0 [ 2945.124215] ? _cond_resched+0x12/0x80 [ 2945.124563] ? inode_security+0x107/0x140 [ 2945.124922] ? avc_policy_seqno+0x9/0x70 [ 2945.125277] ? selinux_file_permission+0x92/0x520 [ 2945.125701] ? security_file_permission+0x24e/0x570 [ 2945.126123] sg_write+0x87/0x120 [ 2945.126421] do_iter_write+0x482/0x670 [ 2945.126795] ? import_iovec+0x83/0xb0 [ 2945.127129] vfs_writev+0x1ae/0x620 [ 2945.127450] ? vfs_iter_write+0xa0/0xa0 [ 2945.127797] ? __fget_files+0x26d/0x4c0 [ 2945.128146] ? lock_downgrade+0x6d0/0x6d0 [ 2945.128505] ? find_held_lock+0x2c/0x110 [ 2945.128868] ? __fget_files+0x296/0x4c0 [ 2945.129208] ? __fget_light+0xea/0x290 [ 2945.129543] do_writev+0x139/0x300 [ 2945.129848] ? vfs_writev+0x620/0x620 [ 2945.130177] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2945.130619] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2945.131070] do_syscall_64+0x33/0x40 [ 2945.131392] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2945.131837] RIP: 0033:0x7f26a81efb19 [ 2945.132160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2945.133701] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2945.134341] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2945.134947] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2945.135546] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2945.136138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2945.136727] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:27:44 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200002802000002", 0x61, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:27:44 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200002802000002", 0x61, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:27:44 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x30000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:27:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = dup2(r1, r0) inotify_init() clone3(0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000001640), 0x10018c6, &(0x7f0000000200)=ANY=[]) lseek(r2, 0x7, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10009ff}], 0x0, 0x0) sendfile(r3, r2, 0x0, 0x7ffffff9) 12:27:44 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 72) 12:27:44 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200002802000002", 0x61, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2945.312347] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2945.312347] program syz-executor.4 not setting count and/or reply_len properly [ 2945.314069] FAULT_INJECTION: forcing a failure. [ 2945.314069] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2945.315149] CPU: 1 PID: 28958 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2945.315732] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2945.316433] Call Trace: [ 2945.316660] dump_stack+0x107/0x167 [ 2945.316972] should_fail.cold+0x5/0xa [ 2945.317297] copy_page_from_iter+0x40a/0x900 [ 2945.317677] blk_rq_map_user_iov+0x138b/0x1a60 [ 2945.318062] ? perf_trace_lock+0xac/0x490 [ 2945.318431] ? __lockdep_reset_lock+0x180/0x180 [ 2945.318842] ? __lockdep_reset_lock+0x180/0x180 [ 2945.319244] ? blk_rq_unmap_user+0x750/0x750 [ 2945.319619] ? find_held_lock+0x2c/0x110 [ 2945.319962] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2945.320398] ? lock_downgrade+0x6d0/0x6d0 [ 2945.320749] ? import_single_range+0x24d/0x2e0 [ 2945.321144] blk_rq_map_user+0x103/0x170 [ 2945.321486] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2945.321871] ? alloc_pages_current+0x18f/0x280 [ 2945.322268] ? sg_build_indirect.isra.0+0x448/0x710 [ 2945.322716] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2945.323173] ? sg_build_indirect.isra.0+0x710/0x710 [ 2945.323602] ? vprintk_func+0x93/0x140 [ 2945.323940] ? record_print_text.cold+0x16/0x16 [ 2945.324363] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2945.324800] ? trace_hardirqs_on+0x5b/0x180 [ 2945.325171] sg_write.part.0+0x69e/0xaa0 [ 2945.325519] ? sg_new_write.isra.0+0x770/0x770 [ 2945.325925] ? find_held_lock+0x2c/0x110 [ 2945.326292] ? __might_fault+0xd3/0x180 [ 2945.326618] ? lock_downgrade+0x6d0/0x6d0 [ 2945.326988] ? _cond_resched+0x12/0x80 [ 2945.327316] ? inode_security+0x107/0x140 [ 2945.327670] ? avc_policy_seqno+0x9/0x70 [ 2945.328024] ? selinux_file_permission+0x92/0x520 [ 2945.328455] ? security_file_permission+0x24e/0x570 [ 2945.328891] sg_write+0x87/0x120 [ 2945.329184] do_iter_write+0x482/0x670 [ 2945.329527] ? import_iovec+0x83/0xb0 [ 2945.329857] vfs_writev+0x1ae/0x620 [ 2945.330171] ? vfs_iter_write+0xa0/0xa0 [ 2945.330517] ? __fget_files+0x26d/0x4c0 [ 2945.330859] ? lock_downgrade+0x6d0/0x6d0 [ 2945.331200] ? find_held_lock+0x2c/0x110 [ 2945.331560] ? __fget_files+0x296/0x4c0 [ 2945.331894] ? __fget_light+0xea/0x290 [ 2945.332233] do_writev+0x139/0x300 [ 2945.332534] ? vfs_writev+0x620/0x620 [ 2945.332874] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2945.333313] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2945.333730] do_syscall_64+0x33/0x40 [ 2945.334051] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2945.334482] RIP: 0033:0x7f26a81efb19 [ 2945.334793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2945.336345] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2945.336983] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2945.337599] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2945.338198] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2945.338802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2945.339405] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:28:00 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x34000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:28:00 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x4c00000000000000, 0x0, 0x0) 12:28:00 executing program 3: read(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x2, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1451c2, 0x10) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0xca0cc, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x1c8) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r5) sendmsg$IEEE802154_LLSEC_DEL_DEV(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x2c, r6, 0x101, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}]}, 0x2c}}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r7) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r8, 0x0, 0x48011) pwrite64(r3, &(0x7f0000000480)="af", 0x1, 0x1000000) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r2, 0x8, 0x0, 0x8000) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f00000004c0)) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020662a, &(0x7f0000000140)=ANY=[@ANYBLOB="00000080000000000000008000000000010000007a6d0000080000000000000081000000000000000180000000000000450b0000000000000000000000000000000000000000000000200000000000000000000000000000000000040000000007000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000005803000000000000fffffffffeffffff0000000000000000000000000000000000000000000000000000000000000000ff0700000000000094980000000000008100000000000000000000000000000000000000000000000000000000000000000000fffe000000060000000000000008000000000000007f00000000000000000000000000000000000000000000008808000000000000000000000000000001000000000000005ba6000000000000010000000000000000000000000000000000000000000000040e0000000016aca5f1813e08b20bba4900000000000000000000ffff000000000000400000000000000004000000000000000000000000000000000000000000000006010000000000000000000000000000040000000000000003000000000000000600000000000000000000000000000000000000000000008000000000"]) write$P9_RAUTH(r0, &(0x7f0000000000)={0x14, 0x67, 0x2, {0x1, 0x3, 0x6}}, 0x14) [ 2961.040273] audit: type=1326 audit(1708432080.288:364): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=28967 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:28:00 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:28:00 executing program 5: openat(0xffffffffffffffff, 0x0, 0x0, 0x0) open$dir(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, 0x42, 0xe21}, 0x14}}, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) read(0xffffffffffffffff, &(0x7f0000000440)=""/194, 0xc2) timerfd_create(0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = dup(r1) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r2, 0x8936, &(0x7f0000000080)={@local, 0x78, r4}) ioctl$sock_inet6_SIOCDIFADDR(r2, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r4}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=@polexpire={0xc8, 0x1b, 0x20, 0x70bd27, 0x25dfdbfb, {{{@in6=@remote, @in=@multicast1, 0x4e24, 0x8001, 0x4e23, 0x9, 0xa, 0xa0, 0x0, 0x84, r4, 0xffffffffffffffff}, {0xffffffff, 0x3fca, 0x7, 0x3, 0x1c45, 0x7fffffff, 0x9, 0x83}, {0x7, 0x2, 0x100000001, 0x400}, 0xfffff5c1, 0x6e6bbb, 0x2, 0x1}, 0xac}, [@XFRMA_IF_ID={0x8}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000240)={{0x77359400}, {0x0, 0x3938700}}, 0x0) timerfd_create(0x0, 0x0) unshare(0x48020200) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/199, 0xc7, 0x8) 12:28:00 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 73) 12:28:00 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:28:00 executing program 1: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x0, 0x9}]}) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x0) eventfd(0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup(r1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) signalfd4(r3, &(0x7f0000000100)={[0x8000]}, 0x8, 0x800) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000500)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000900)={{r3}, 0x0, 0x4, @inherit={0x60, &(0x7f0000000140)={0x1, 0x3, 0x5, 0x0, {0x21, 0x6, 0x4d393660, 0x4, 0x8001}, [0xffffffff, 0x0, 0xffffffffffff54ea]}}, @devid=r4}) ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f00000004c0)={0x2, 0x1, {0x10000, @struct={0x1, 0xfffff801}, 0x0, 0x12, 0x0, 0x8, 0x4, 0xa6, 0x406, @usage=0x3f, 0x7, 0x3ff, [0x1949, 0x5995, 0x8001, 0x3, 0xfffffffffffffffb, 0x6]}, {0x5, @usage=0x8, 0x0, 0x7, 0x1, 0x8001, 0x58, 0x1, 0x58, @struct={0x3ca1, 0x5}, 0x800, 0x4c, [0x1000, 0xfffffffffffffffc, 0x80, 0x20, 0x100]}, {0x30000, @usage=0x69, r4, 0x8000, 0x7fff, 0x7, 0x80000000, 0x7, 0x2, @struct={0x4, 0x1}, 0x400, 0xb757, [0x7, 0x2, 0x9, 0x9c, 0x7, 0x2]}, {0xa19, 0x3, 0x9}}) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f0000000240)={0x2, 0x0, &(0x7f00000001c0)=[r0]}, 0x1) syz_io_uring_setup(0x1168, &(0x7f00000002c0)={0x0, 0x616e, 0x8, 0x3, 0x3b8}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000340), &(0x7f0000000380)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="09b9554000000000000000810000cb4213de2e735d54a71a31e64f9a94c2058d9f17481cdd97"]) [ 2961.071902] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2961.071902] program syz-executor.4 not setting count and/or reply_len properly [ 2961.073796] FAULT_INJECTION: forcing a failure. [ 2961.073796] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2961.074894] CPU: 1 PID: 28978 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2961.075438] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2961.076115] Call Trace: [ 2961.076327] dump_stack+0x107/0x167 [ 2961.076628] should_fail.cold+0x5/0xa [ 2961.076942] copy_page_from_iter+0x40a/0x900 [ 2961.077311] blk_rq_map_user_iov+0x138b/0x1a60 [ 2961.077700] ? perf_trace_lock+0xac/0x490 [ 2961.078101] ? __lockdep_reset_lock+0x180/0x180 [ 2961.078467] ? __lockdep_reset_lock+0x180/0x180 [ 2961.078939] ? blk_rq_unmap_user+0x750/0x750 [ 2961.079310] ? find_held_lock+0x2c/0x110 [ 2961.079725] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2961.080170] ? lock_downgrade+0x6d0/0x6d0 [ 2961.080594] ? import_single_range+0x24d/0x2e0 [ 2961.080994] blk_rq_map_user+0x103/0x170 [ 2961.081405] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2961.081809] ? alloc_pages_current+0x18f/0x280 [ 2961.082266] ? sg_build_indirect.isra.0+0x448/0x710 [ 2961.082705] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2961.083252] ? sg_build_indirect.isra.0+0x710/0x710 [ 2961.083717] ? vprintk_func+0x93/0x140 [ 2961.084121] ? record_print_text.cold+0x16/0x16 [ 2961.084524] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2961.085030] ? trace_hardirqs_on+0x5b/0x180 [ 2961.085404] sg_write.part.0+0x69e/0xaa0 [ 2961.085818] ? sg_new_write.isra.0+0x770/0x770 [ 2961.086211] ? find_held_lock+0x2c/0x110 [ 2961.086623] ? __might_fault+0xd3/0x180 [ 2961.086966] ? lock_downgrade+0x6d0/0x6d0 [ 2961.087389] ? _cond_resched+0x12/0x80 [ 2961.087777] ? inode_security+0x107/0x140 [ 2961.088096] ? avc_policy_seqno+0x9/0x70 [ 2961.088499] ? selinux_file_permission+0x92/0x520 [ 2961.088898] ? security_file_permission+0x24e/0x570 [ 2961.089409] sg_write+0x87/0x120 [ 2961.089719] do_iter_write+0x482/0x670 [ 2961.090130] ? import_iovec+0x83/0xb0 [ 2961.090483] vfs_writev+0x1ae/0x620 [ 2961.090868] ? vfs_iter_write+0xa0/0xa0 [ 2961.091205] ? __fget_files+0x26d/0x4c0 [ 2961.091604] ? lock_downgrade+0x6d0/0x6d0 [ 2961.091962] ? find_held_lock+0x2c/0x110 [ 2961.092377] ? __fget_files+0x296/0x4c0 [ 2961.092717] ? __fget_light+0xea/0x290 [ 2961.093128] do_writev+0x139/0x300 [ 2961.093450] ? vfs_writev+0x620/0x620 [ 2961.093845] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2961.094301] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2961.094835] do_syscall_64+0x33/0x40 [ 2961.095166] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2961.095696] RIP: 0033:0x7f26a81efb19 [ 2961.096005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2961.097843] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2961.098491] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2961.099202] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2961.099942] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2961.100667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2961.101371] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:28:00 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x80000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:28:00 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:28:00 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 74) 12:28:00 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2961.274396] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2961.274396] program syz-executor.4 not setting count and/or reply_len properly [ 2961.281343] FAULT_INJECTION: forcing a failure. [ 2961.281343] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2961.282506] CPU: 0 PID: 29191 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2961.283146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2961.283902] Call Trace: [ 2961.284149] dump_stack+0x107/0x167 [ 2961.284501] should_fail.cold+0x5/0xa [ 2961.284849] copy_page_from_iter+0x40a/0x900 [ 2961.285260] blk_rq_map_user_iov+0x138b/0x1a60 [ 2961.285681] ? perf_trace_lock+0xac/0x490 [ 2961.286063] ? __lockdep_reset_lock+0x180/0x180 [ 2961.286480] ? __lockdep_reset_lock+0x180/0x180 [ 2961.286908] ? blk_rq_unmap_user+0x750/0x750 [ 2961.287315] ? find_held_lock+0x2c/0x110 [ 2961.287684] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2961.288168] ? lock_downgrade+0x6d0/0x6d0 [ 2961.288542] ? import_single_range+0x24d/0x2e0 [ 2961.288966] blk_rq_map_user+0x103/0x170 [ 2961.289331] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2961.289768] ? alloc_pages_current+0x18f/0x280 [ 2961.290179] ? sg_build_indirect.isra.0+0x448/0x710 [ 2961.290637] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2961.291118] ? sg_build_indirect.isra.0+0x710/0x710 [ 2961.291571] ? vprintk_func+0x93/0x140 [ 2961.291927] ? record_print_text.cold+0x16/0x16 [ 2961.292353] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2961.292808] ? trace_hardirqs_on+0x5b/0x180 [ 2961.293207] sg_write.part.0+0x69e/0xaa0 [ 2961.293578] ? sg_new_write.isra.0+0x770/0x770 [ 2961.293987] ? find_held_lock+0x2c/0x110 [ 2961.294360] ? __might_fault+0xd3/0x180 [ 2961.294719] ? lock_downgrade+0x6d0/0x6d0 [ 2961.295117] ? _cond_resched+0x12/0x80 [ 2961.295462] ? inode_security+0x107/0x140 [ 2961.295837] ? avc_policy_seqno+0x9/0x70 [ 2961.296203] ? selinux_file_permission+0x92/0x520 [ 2961.296650] ? security_file_permission+0x24e/0x570 [ 2961.297095] sg_write+0x87/0x120 [ 2961.297401] do_iter_write+0x482/0x670 [ 2961.297756] ? import_iovec+0x83/0xb0 [ 2961.298097] vfs_writev+0x1ae/0x620 [ 2961.298428] ? vfs_iter_write+0xa0/0xa0 [ 2961.298780] ? __fget_files+0x26d/0x4c0 [ 2961.299147] ? lock_downgrade+0x6d0/0x6d0 [ 2961.299526] ? find_held_lock+0x2c/0x110 [ 2961.299898] ? __fget_files+0x296/0x4c0 [ 2961.300266] ? __fget_light+0xea/0x290 [ 2961.300622] do_writev+0x139/0x300 [ 2961.300943] ? vfs_writev+0x620/0x620 [ 2961.301293] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2961.301759] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2961.302234] do_syscall_64+0x33/0x40 [ 2961.302569] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2961.303041] RIP: 0033:0x7f26a81efb19 [ 2961.303379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2961.305017] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2961.305706] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2961.306342] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2961.306998] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2961.307643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2961.308297] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:28:00 executing program 3: r0 = inotify_init() pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={0x14, 0x1d, 0xc21, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}}, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x1090, 0x0, 0x400, 0x70bd2d, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x17a7, 0x36}}}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0xfffffffb}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x1058, 0x3, 0x0, 0x1, [{0x1008, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x1004, 0x2, "435163fe0f825869083d4f577298af9a389c1f3972f69c9b4e1d6ca0789f9d36765b18dfeff235da6e5c5cc27db9631720966b95c3ddb54543eeda988a86ea83cc2e91b89b4191a1bc370fdc6182d73e641aade2e2c5421cc92a10a38baf89de081083c23244c73c5e775d3f713b003b8b7cfa33137c1b2da9a51830bb1babafa1987219ab933d7cdc2612c81360de1f82a1fcd2ac0f5c990ccbbdd5c4223957157cd3d27856c25023f47ebb3ca2509a4698288bdf2d2b2762b3de3beeb88a9487461b3e2a3cf7df99e4c22046a531035287745547952fec8876f32543cc3a23fa97f09d1632f5c37ba2029a37327eff507e74875ebdc9ccfbe90683783b76a9080843775ddc0f0453a0b1bbf81c4a1e2bf3f72e540004a5aa095ef20d6d7551f0f3e8a935f744330167686212d0384939791f36d22545a4fbb22af8e164c61a89c49aef417c18727d69f659f0f4912106c9c873553e131dfbca9a3f23fb030343dfe5d395ac22608e53c45f81cec6ceadf67a16c9bd2b694bf4acc35579e23a6c3c456faa22797bef6fca513387e12422a06e9f434b6a5516ee130e924f4fbc9e398863b078e86acc7892e08819a0170523e724d5e277e4a27e1085ee4ecc25c32d555dc5283de38b22816659fae60d4745eb71cb1ce514314232dd90a61e8a7f77631ea711a0733e4c3c919c2b20ceec3109cb85f79e617ed5540185eb41d6fb008978f47b510028ab5d284997ee4ad2fdf69d6126c7157ac3de46a14cda8f8fde718b2f4371df4de1ba1645c15deed7419814f68580265ee56526d547bbadf412a3b318748b72e1197729dcaa23f6806e2d99655fb39768c18ac85e3f6ed5726ac8d8f5ada71b5b4a210dd7d2963c9f631857c93247707dfbf43dff1f043d2ac6d56909fe9899c5a8b6297cb99103d1d7d2084d5f68bc69ca0854d71e0bae53b3590ae0d4ed278c26ca7590698db3d74b1b6b29f295b295dc1c1e8f11f8a82788e51a689d1ed55c00be81c1ef8a57a2be6069d9e156e788a3523d8104aa88a6ba5f96050998c23a440a453d6fc6a02b7c490f2e04abac3efb2200b3d682364abf0381224847c155fd9091a3d686876f248c69a51fa2b4b407e64be1d32b7590ee3b21d9580560fa3ce325ebd2502d170334b9215f2ffa554107fde280e45785c7dfae47eb48fcc8617f9c5853460c2c689a0171e241865ce89df06452542cffc3e68a75746306381a7d83e5a95e9ac969991dd8f9535124b93d2f7a4d238630880c4e4f0d6648d7e65d060d37683db649fda88f4fa3944cf0a0988e43d41ac86bc7148565d1e5255f24f848693f12781c26ae48f3f2e9f12765ed70946dd193bc1fb1174b5323065a3c9dec56dfa59fa19eafd794076aca08c313fba42af694e72d0b8b525c465652f586c56229cc291559a2e26f5eafb04d529d948c2b64d9b3dffa87166e7825d0dbaa1a53ed885932e4d963992dea3f65837fe06ffc4ab4c5815292e3032dd6366d4046c7e173ba7b5f073dbf6c37a22c1a73cb0a5ccfa47a22dccbc1d26e4691d2a428034fd0898f9364a5e54cc7d11d6205879a2a420cb5e18e7cc3e26a32b911e687539c262af56147b13d8addc917601ed0bf38ed793bf5c9614ad8a133dfd083f0d73bfbc8c99d03d3d034c42e3d0c324ec8e55c4f59fd161d1ac185aec3197d42b2395489f5052d7338fc3aa6b0278337b73fb27c40f41c5cef0e4d3313353dc006d00c34ac14e8e35fbbd01efa973cbcf093096c740ba8ad702dcc1381323fcd8ca7fcce66ef7a6af30fc6105fa7cca4d0117d80831f3976cf96ebd67bc2e207224003b0f51f08ed1cc9045442ef6bbc12fc15103e4d4d76826f89eafde6456e6ac79e08152e5b34e8ca8bd12973ef44f050872d19116410d681a67bad7157e291aa874cee8950e0766e116a6992857aab399a8f8c10b6adeda7a2c462af06dc0e219a67991f87ad1f7797711804f2bab3c82d1466163ba0b69d841aac3c4cf121ed4ff1aef4162991442ee23adcb303d42fc1c3a778e4ef1bccfd26add9658594d411c5ea5b6ef85ea11e6e4bb47ecf96df39186f7f7aa2d73e345423340d2c9651081b165ecd16af4133077142af8be48d019541fa63f649a793b67b01a474252e4a536a1d9bf7510479bdb319c183a1a76f68967b75df3cd834253458f035e4e28999a731672c68b888133c68337774f3d4c0cfa736544040cf5e91dfdbc19cb89bb7afed25e17dec3992ae11e1e998615b863520b9ae912e21dec6af38526dbd7a9c86bbf3d46f8631f4cd4a06e40ef6843b2be810674fee94e24614acd9683392cd7466744fdad8e60748e18f76d858d65fe8ebb16ab04c4dcddf584bba9b2683a8746d54fa0cee40b1341f08564ef192c9138abfd8fbff8bc0b4de05b653a5b950570c1eca3ce29e1b88b361ffb0d7e1c7a678d732dbc8d3d77f323cd26cbd092f79b730b82cb4074bb54204cd6483cb4311e0bf18ef507412d7f43387c6df55ca3245cd332a0ed6d0c3ae506d59817ea350803ab5b9d6b23dd7305c73bdf530646dc4eeaddc767fe54db790a774965fc98dc38d573bb6ec9c487a293a48812881d4b88a950f115fcaf5ce9ccc55a52510c3579b950f4affbac5eedf6e919430c276b08badbd573e808693540963ea3dfdbbc032c36b5a5dacb7b052282512a77a5a34d62d305343d6d1b1d0bfd57d44d11ac1ddf6be63c3e4ed8d4ffa3d7760eb8e441f99343c1e7641ce9d3b0a22549db9d97d2b7bb369ed228c029a01d63d8053646a35470d6af4523958b1f0ed3546610db90b71dea700ca8f8f6f214a3e7ae62d26f6aa723aecdc71ecef9a99d26f45b457e755b1cfb488023426bab47479382809515c1d32aeef8bf807b788a3fc421634e900283483aa2934e5416a4668ffbf789957d744fef25600f352f60da0e4e866c5eb11cba3195ae426f97db276285bda3d986fbd5ddff7050ec749166a7b37aed43da3c8dbcc9a42c1fa9ff98f2e5e4eec9a8908b3d48671811600fcc73eeb90c785f27d73d876c938ecec84e42e23ec9b7cf46d9915eb28c61cfad277219189166e00b2d5b6ac736c777134f3bf3fa35be3f7f671f6cf77e85b99fe960c47f2b0c7551be4267a200bf884bfda59adadecb2ada83738297111918612696964cbba24dbefb008ff13c1e483baa9acd65c93e457e5efe2590568c8f7a927669798d643f7401945272b88161e4246dd9aae63d6966204d4905982174d7d8803f7000551e8dde68df4424cad70d9fa0860e071cb9e43bd370b28e4bc2332ede0d6f154622aaec4312e286db05c25875715a0937af35c80e51e2748a9c4c1c356e873c98d0d829552127fcced1c1348b0496bd9e313738b891c079b4378434910681307c34dc7dfe430f92e764765698b2c986c3d05d7ca2b681d3ecf4cb611a8bc7a28516890b5133f267047447ba62fac269927cdcaa7a35278c8129c81f74b5ad4b3a6e3b2bb5fd63e087d8c5c744797f5b00806d6a1777a8384f635827a9a8b7119470f5a60e88a51962338016c9e4091fc0d68b1c062d9bee83e2954d46b89cd1af7a83cd37d315443df29e3376b8631cc13616e81e7e26236aa6abbfc1f5bc52a1740838590d62b5a5955cdd1ec6e2d4712bbdc3020e6a53239e2b63b07c16c514f739f0e4dc67b4a2efa9d181b06cd9bc79c168a351e1ec20782cb6b3baefdf5454aa7e5831944e2fc1e3df9ec5f39d0e7bfbb71204b1a36549119565fe5326b0118971db5bd01490689e1420888026ade084bba35e5244b2484e74951f1f2847e09a8f0250f8e16bb81c2de6d82f913970ec66fad184dedba5daff6dede81643cf0a99742e51473680b2caf5699476e3cae968741d15754097a539a60d75e7ba2857aaf1740b370707a1ab19e8727ed0db4a9704b10506d91f6b023fe2756fffcbf3d676cd6453659731c13140ee4b012ed1933a3f51ab0dcdebff07f5e36f9222f4695fc08ed5bbb6a4515a9cd4877d7bf77bcae01e8bce16bbe3735b8285223016ce52f33a78ab5f48b6211645550a935638167522f4341d82204b0b3dd109307b55bb161a635e149c9a905e912d38ca74e7b76dc9c5c2f7aa641f0ec648ab8c5a649656297c7a72d8b21b64056fe0a45d6ce29dda2be6c3977c119fadd64958dcc7de85d52d4a84a0b3e5ef1846c77da898d0e4d5738da7c4519c6e14c872019a419822de43b0acea65f4049b76577b07b32b4498157ecab543c186aa10abb048e7bb83bffce9b6ee3dec6f9449c807a50a517357f82bd278cc36d18b078569e6abcaf728098b20c9ce0d024c07ecdc767e0bae59e58d3da6b686ee8c18a94c5a97909e1fd973c39530787750f3f00f8d0be0f808ce3913de5e0a01be78f8731205f46ff980cf5e2d85c77c7b436bad4c1cfbfee1ce6b40ac9f7ecde7f4cf9e608e1b3bc960f6c25108e8ae280f17202899d3e1497519f9c45e804cb132914102ddf52a136f5b1fd4b92af1e34764595f5c72f0b95d1aa5d6892e32292a671a9532395a428d0b80a5292c8e696a400ac17019b0720595773b546ed5ce7c9b61fc00da7533054561875317800b13347dc8bc5659c6439cc2324054472b5b97d0fce31f0b59288e1cdee5dc51ad5801307bec360dc87245283b735d0b97dc2a6286a75b4a64b3a048005f945672b47871d0e18d5fd603bf661037abf5188fd6e765fa9c6ce590763ff8ac102b557fe392b4ceb4a6136061190d3b3dfe6f0b2c47aa7e8ffc3f0fd5eabee8368c709f44430a16c70976d2902a605d684cec6b0f5f73c2ea504257559d11edd05d18f913a121aacd6cd6c72ed2c158fedc1dba220b99785a62c6f53bbe5b2efb64c43ebe98bccdbe03b5d18606f35804ad8705777b17b25fad6964bc535c07af738733bdbd52abb76c4e769a9db0e0246a6f72aacb608c963423c01a3201dbb30ff307371059a36e943af5fcffc59661edd8a6af9ed25f127fc640b675845da469a71bfff54def70e9374ffc1588f0758a27f6a0ddf85a721b2b02f6e5ec216275425f59d30b579c30cdf26b74a99ccda92ee4b612b379045ba386a099dc143c477b700adeaa913f3482645b2b83ca22ca3c01302c7a604274a2fd174f56e9aad2483702c141fbf1d7e46ad24ea6e5c9b18406093afed51def1301f369f86d5fa454d94785dd8f714445cf850c5398cc6c75c2357e48c248dd365a8ac40339d04fc00dc9bf077a70532100090a0c6520a9ddbca1c09eb12db794753fb38ccad48ff0e2a2c39803a1417bc4a568f2dad5976856c22e4b6dd770cd3548fb96998e5c6976a2d355346defb93dc9ee8092186442944849fe4edd72039605d1a8f09855354d000eeb554fcbdcd0e69d0eb28fdd840e3685277739c37632d0913eb58eeef477f1625e120ae420c07a324a5af720f1edc145d3d5dccf361353e2d7b12cc8cc53627edf09c2daaf4058e2da305b6793034107c1b9ac986d10713a11601bd0124d31bc18b06e0ae6e82552c2b3e532ae72998968ad46669b84b2d2ae3b4c4c660c87da1c7c34e3e2c26813a1a45278342bb0ad7079fc66d4bc0f8db873b421ec5954ea3cfd785c3da77387ff41284f4aec45643d9766bf6306eac7f242e1a139220fbbe765caa49a34af9000e507b0eb004216967263f398c161b746d327ee807bf7f3d908cabe37fc180a5485659c169b723c4bbfa724d4e4fc150d8c06eca2f12cf507ac52835389acf939bdae1f5aacb827b14b02b930993442a4ae26070141cb8930dee3883a10d081816"}}, {0x4c, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x48, 0x2, "62eb44b028c0dfd5afa28390e1af9426a17b533031989499ef57f6be234dde189991b55b5dd307e9a027392f89ee732a2d3d85925fa2a86ea43c6b32b3a068acb991dedd"}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x1f}]}, 0x1090}, 0x1, 0x0, 0x0, 0x40000c5}, 0x20004841) dup2(r0, r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = dup(r3) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r4, 0x29, 0x41, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48) io_submit(0x0, 0x1, &(0x7f00000015c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) [ 2961.344294] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 12:28:00 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:28:00 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/timer_list\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000001400)=""/53, 0x35) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000940)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_loose}]}}) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x108}], 0x1, 0x0, 0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r3, 0x0) io_uring_enter(r3, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x205b, &(0x7f0000000100)={0x0, 0xd3f6, 0x1, 0x0, 0x2cd, 0x0, r3}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000800000/0x800000)=nil, &(0x7f0000000080), &(0x7f0000000180)) syz_io_uring_setup(0x6628, &(0x7f0000000340)={0x0, 0x63a2, 0x8, 0x3, 0x3de, 0x0, r3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000be9000/0x2000)=nil, &(0x7f0000000280), &(0x7f00000003c0)) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000001c0)={'wlan1\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="3a124c7d83b60f84f600"/36]}) pidfd_getfd(r0, r2, 0x0) 12:28:00 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x400300, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:28:00 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 2961.390926] 9pnet: Insufficient options for proto=fd 12:28:15 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x6800000000000000, 0x0, 0x0) [ 2976.502204] audit: type=1326 audit(1708432095.750:365): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29315 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:28:15 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:28:15 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$CDROMGETSPINDOWN(r1, 0x531d, &(0x7f00000001c0)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={0x14, 0x1d, 0xc21, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r3) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x80}, {0x6}]}, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0xe8, r4, 0x400, 0x70bd28, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x80}, {0x6, 0x11, 0x4}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xa52}, {0x6, 0x11, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x4}}, {0x8, 0xb, 0x1000}, {0x6}}]}, 0xe8}}, 0x8044) sendmsg$DEVLINK_CMD_RATE_SET(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r4, 0x10, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x810) 12:28:15 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bind$packet(r2, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[], 0xfdef) fsetxattr$security_selinux(0xffffffffffffffff, 0x0, &(0x7f0000000140)='system_u:object_r:devtty_t:s0\x00', 0x1e, 0x0) syz_io_uring_complete(0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000000), 0x7}, 0x0, 0xfffffffffffffffe, 0x0, 0x7, 0x0, 0x0, 0x4}, 0x0, 0xffdfffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x400e, @fd, 0x2, 0x3, 0x4, 0x0, 0x1, {0x3}}, 0x7) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_ACCEPT={0xd, 0x5, 0x0, 0xffffffffffffffff, &(0x7f0000000300)=0x80, &(0x7f0000000340)=@l2tp, 0x0, 0x800, 0x1}, 0x3f) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) r3 = socket$packet(0x11, 0x2, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$packet(r3, &(0x7f0000000100)={0x11, 0x4, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) fsetxattr$security_selinux(r3, &(0x7f00000000c0), &(0x7f0000000100)='system_u:object_r:unconfined_execmem_exec_t:s0\x00', 0x2f, 0x2) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000280)={'team0\x00'}) r4 = fsmount(r0, 0x1, 0x8) fcntl$dupfd(r3, 0x0, r4) 12:28:15 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:28:15 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 75) 12:28:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xf0ffff, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:28:15 executing program 5: r0 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000500)={@multicast1, @broadcast}, &(0x7f0000000540)=0x8) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x1}, &(0x7f0000000300)="a3", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000000)=@keyring={'key_or_keyring:', r2, 0xa}) request_key(&(0x7f0000000240)='.request_key_auth\x00', &(0x7f0000000280)={'syz', 0x3}, &(0x7f0000000380)='dns_resolver\x00', r1) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="020000000000000001020304d9933703c19b61d269a30506d493b5c014a5a1ae0f101112131415161718191a1bc4451e1f20212223242526272829382b32333435363723c8081953e7c538017c233c3d3e3f400000000000001e1fce681ba1e07def518a8c0291eaa70020185f44278103b417e840ab1dba00f3e963a334fbc1a0c56c1a76fba6b534285305dc4b0f70a73e8cedd71f181395519d37d40815d3834f22b44896e3c03c54"], 0x48, r0) add_key$keyring(&(0x7f0000000340), &(0x7f00000003c0)={'syz', 0x3}, 0x0, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0x800) r3 = socket$nl_generic(0x10, 0x3, 0x10) dup(r3) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f00000004c0)={'HL\x00'}, &(0x7f0000000400)=0x1e) add_key(&(0x7f0000000080)='rxrpc\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000180)="c3b0e7df73c0657d173c9d433f00588b5f", 0x11, 0xfffffffffffffff9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000ac0)={0x17412c500, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r4 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "f038779de021f8c8c974dd89170cf2579d1fa459ba726003d07140eeb342b87ae631f7a548867a29f29fd1637ddac658a709b49b093393d0e1c7391515c7ab7c"}, 0x48, 0xfffffffffffffffe) keyctl$chown(0x4, r4, 0xee01, 0x0) keyctl$setperm(0x5, r4, 0x16020228) keyctl$negate(0xd, r4, 0x0, r1) [ 2976.534855] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2976.534855] program syz-executor.4 not setting count and/or reply_len properly [ 2976.537092] FAULT_INJECTION: forcing a failure. [ 2976.537092] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2976.538149] CPU: 0 PID: 29327 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2976.538735] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2976.539429] Call Trace: [ 2976.539656] dump_stack+0x107/0x167 [ 2976.539968] should_fail.cold+0x5/0xa [ 2976.540298] copy_page_from_iter+0x40a/0x900 [ 2976.540678] blk_rq_map_user_iov+0x138b/0x1a60 [ 2976.541071] ? perf_trace_lock+0xac/0x490 [ 2976.541421] ? __lockdep_reset_lock+0x180/0x180 [ 2976.541816] ? __lockdep_reset_lock+0x180/0x180 [ 2976.542211] ? blk_rq_unmap_user+0x750/0x750 [ 2976.542590] ? find_held_lock+0x2c/0x110 [ 2976.542937] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2976.543392] ? lock_downgrade+0x6d0/0x6d0 [ 2976.543739] ? import_single_range+0x24d/0x2e0 [ 2976.544128] blk_rq_map_user+0x103/0x170 [ 2976.544472] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2976.544870] ? alloc_pages_current+0x18f/0x280 [ 2976.545258] ? sg_build_indirect.isra.0+0x448/0x710 [ 2976.545681] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2976.546130] ? sg_build_indirect.isra.0+0x710/0x710 [ 2976.546556] ? vprintk_func+0x93/0x140 [ 2976.546916] ? record_print_text.cold+0x16/0x16 [ 2976.547359] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2976.547778] ? trace_hardirqs_on+0x5b/0x180 [ 2976.548179] sg_write.part.0+0x69e/0xaa0 [ 2976.548521] ? sg_new_write.isra.0+0x770/0x770 [ 2976.548909] ? find_held_lock+0x2c/0x110 [ 2976.549259] ? __might_fault+0xd3/0x180 [ 2976.549595] ? lock_downgrade+0x6d0/0x6d0 [ 2976.549952] ? _cond_resched+0x12/0x80 [ 2976.550283] ? inode_security+0x107/0x140 [ 2976.550634] ? avc_policy_seqno+0x9/0x70 [ 2976.550975] ? selinux_file_permission+0x92/0x520 [ 2976.551398] ? security_file_permission+0x24e/0x570 [ 2976.551819] sg_write+0x87/0x120 [ 2976.552112] do_iter_write+0x482/0x670 [ 2976.552441] ? import_iovec+0x83/0xb0 [ 2976.552770] vfs_writev+0x1ae/0x620 [ 2976.553078] ? vfs_iter_write+0xa0/0xa0 [ 2976.553413] ? __fget_files+0x26d/0x4c0 [ 2976.553748] ? lock_downgrade+0x6d0/0x6d0 [ 2976.554095] ? find_held_lock+0x2c/0x110 [ 2976.554443] ? __fget_files+0x296/0x4c0 [ 2976.554785] ? __fget_light+0xea/0x290 [ 2976.555123] do_writev+0x139/0x300 [ 2976.555423] ? vfs_writev+0x620/0x620 [ 2976.555743] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2976.556183] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2976.556628] do_syscall_64+0x33/0x40 [ 2976.556944] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2976.557384] RIP: 0033:0x7f26a81efb19 [ 2976.557696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2976.559234] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2976.559867] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2976.560457] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2976.561058] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2976.561652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2976.562246] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:28:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x1000000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2976.567062] audit: type=1400 audit(1708432095.813:366): avc: denied { relabelto } for pid=29320 comm="syz-executor.3" name="PACKET" dev="sockfs" ino=57687 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unconfined_execmem_exec_t:s0 tclass=packet_socket permissive=1 12:28:15 executing program 3: r0 = syz_io_uring_setup(0x1d, &(0x7f0000000000), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_FSYNC, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, {0x400}}, 0x0) io_uring_enter(r0, 0x186e, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5dc3, &(0x7f0000000080)={0x0, 0x4515, 0x2, 0x3, 0x2dc, 0x0, r0}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x10000000) r3 = socket$packet(0x11, 0x3, 0x300) dup2(r3, r0) 12:28:15 executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000340)=[{&(0x7f00000002c0)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x402}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000700)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff35e3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff17cc54d400ab838cffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3a351b1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff221a1f044a3b952fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff12244efad176d38b326cffe143e7aa7b3dcad2153268c6df3f321e99043e17fb58a05ea2ba29ecbc", 0x434, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0xe5003, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_int(r3, 0x29, 0x38, &(0x7f00000063c0), &(0x7f0000006400)=0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r2, &(0x7f0000000240)="01", 0x1) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x10) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r4, 0xffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000140)=0x240000000, 0x3) write$bt_hci(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="011780608f0c4df5d6e28fc8870a0407aaaaaaaaaa117f"], 0xb) sendfile(r0, r1, 0x0, 0x20d315) r5 = socket$netlink(0x10, 0x3, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRES16, @ANYRES64=r1, @ANYRESDEC=r5], 0xfdef) getpgid(0x0) socket$packet(0x11, 0x3, 0x300) 12:28:15 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:28:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x2000000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:28:16 executing program 1: syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x3, 0x0, &(0x7f0000000200), 0x800, &(0x7f0000000080)={[], [{@seclabel}, {@dont_measure}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@dont_hash}, {@pcr={'pcr', 0x3d, 0x13}}, {@pcr={'pcr', 0x3d, 0xb}}]}) 12:28:16 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000001640), 0x0, 0x0) r2 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r5, &(0x7f0000000340), 0x10) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r5}, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0) syz_io_uring_submit(r6, r4, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) r7 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r10, &(0x7f0000000340), 0x10) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r10}, 0x0) r11 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r7, 0x0) syz_io_uring_submit(r11, r9, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) syz_io_uring_submit(r6, r9, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r0, 0x2000000000000000, 0x0, 0x2, 0x1, 0x1}, 0x7) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x40403, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f00000000c0)) 12:28:16 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 76) [ 2976.818073] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2976.818073] program syz-executor.4 not setting count and/or reply_len properly [ 2976.820278] FAULT_INJECTION: forcing a failure. [ 2976.820278] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2976.821289] CPU: 1 PID: 29542 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2976.821859] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2976.822529] Call Trace: [ 2976.822754] dump_stack+0x107/0x167 [ 2976.823068] should_fail.cold+0x5/0xa [ 2976.823386] copy_page_from_iter+0x40a/0x900 [ 2976.823757] blk_rq_map_user_iov+0x138b/0x1a60 [ 2976.824141] ? perf_trace_lock+0xac/0x490 [ 2976.824480] ? __lockdep_reset_lock+0x180/0x180 [ 2976.824863] ? __lockdep_reset_lock+0x180/0x180 [ 2976.825256] ? blk_rq_unmap_user+0x750/0x750 [ 2976.825628] ? find_held_lock+0x2c/0x110 [ 2976.825971] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2976.826406] ? lock_downgrade+0x6d0/0x6d0 [ 2976.826747] ? import_single_range+0x24d/0x2e0 [ 2976.827132] blk_rq_map_user+0x103/0x170 [ 2976.827473] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2976.827865] ? alloc_pages_current+0x18f/0x280 [ 2976.828244] ? sg_build_indirect.isra.0+0x448/0x710 [ 2976.828662] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2976.829102] ? sg_build_indirect.isra.0+0x710/0x710 [ 2976.829514] ? vprintk_func+0x93/0x140 [ 2976.829838] ? record_print_text.cold+0x16/0x16 [ 2976.830226] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2976.830645] ? trace_hardirqs_on+0x5b/0x180 [ 2976.831003] sg_write.part.0+0x69e/0xaa0 [ 2976.831350] ? sg_new_write.isra.0+0x770/0x770 [ 2976.831727] ? find_held_lock+0x2c/0x110 [ 2976.832063] ? __might_fault+0xd3/0x180 [ 2976.832401] ? lock_downgrade+0x6d0/0x6d0 [ 2976.832750] ? _cond_resched+0x12/0x80 [ 2976.833075] ? inode_security+0x107/0x140 [ 2976.833419] ? avc_policy_seqno+0x9/0x70 [ 2976.833755] ? selinux_file_permission+0x92/0x520 [ 2976.834158] ? security_file_permission+0x24e/0x570 [ 2976.834564] sg_write+0x87/0x120 [ 2976.834847] do_iter_write+0x482/0x670 [ 2976.835183] ? import_iovec+0x83/0xb0 [ 2976.835507] vfs_writev+0x1ae/0x620 [ 2976.835813] ? vfs_iter_write+0xa0/0xa0 [ 2976.836141] ? __fget_files+0x26d/0x4c0 [ 2976.836474] ? lock_downgrade+0x6d0/0x6d0 [ 2976.836818] ? find_held_lock+0x2c/0x110 [ 2976.837161] ? __fget_files+0x296/0x4c0 [ 2976.837496] ? __fget_light+0xea/0x290 [ 2976.837828] do_writev+0x139/0x300 [ 2976.838124] ? vfs_writev+0x620/0x620 [ 2976.838443] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2976.838876] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2976.839317] do_syscall_64+0x33/0x40 [ 2976.839622] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2976.840054] RIP: 0033:0x7f26a81efb19 [ 2976.840361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2976.841872] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2976.842491] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2976.843082] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2976.843665] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2976.844250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2976.844830] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2977.337185] audit: type=1326 audit(1708432096.585:367): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29315 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 2992.220534] audit: type=1326 audit(1708432111.468:368): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29572 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:28:31 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x2000040, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x118802, 0x0) lseek(r0, 0xfffffffffffffff8, 0x0) 12:28:31 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:28:31 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x3000000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:28:31 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x6c00000000000000, 0x0, 0x0) 12:28:31 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d40}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x1810c1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) openat(r1, &(0x7f0000000140)='./file0\x00', 0x604040, 0x5) r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x2701, 0x0) unlinkat(r2, &(0x7f0000000100)='./file0\x00', 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = dup(r3) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r4, 0xc0505405, &(0x7f0000000240)={{0xffffffffffffffff, 0x0, 0x92c, 0x3, 0x40}, 0x1f, 0x8, 0x5}) r5 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder-control\x00', 0x800, 0x0) read(r5, &(0x7f0000000180)=""/146, 0x92) 12:28:31 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:28:31 executing program 5: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_KEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, r0, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48040) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x182) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wpan0\x00', 0x0}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000940)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0c00060000"], 0x28}}, 0x0) sendmsg$NL802154_CMD_SET_PAN_ID(r2, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, r0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 12:28:31 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 77) [ 2992.261544] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2992.261544] program syz-executor.4 not setting count and/or reply_len properly [ 2992.269788] FAULT_INJECTION: forcing a failure. [ 2992.269788] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2992.271342] CPU: 0 PID: 29587 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2992.272223] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2992.273279] Call Trace: [ 2992.273625] dump_stack+0x107/0x167 [ 2992.274098] should_fail.cold+0x5/0xa [ 2992.274602] copy_page_from_iter+0x40a/0x900 [ 2992.275176] blk_rq_map_user_iov+0x138b/0x1a60 [ 2992.275776] ? perf_trace_lock+0xac/0x490 [ 2992.276306] ? __lockdep_reset_lock+0x180/0x180 [ 2992.276902] ? __lockdep_reset_lock+0x180/0x180 [ 2992.277495] ? blk_rq_unmap_user+0x750/0x750 [ 2992.278062] ? find_held_lock+0x2c/0x110 [ 2992.278583] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2992.279264] ? lock_downgrade+0x6d0/0x6d0 [ 2992.279812] ? import_single_range+0x24d/0x2e0 [ 2992.280405] blk_rq_map_user+0x103/0x170 [ 2992.280931] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2992.281543] ? alloc_pages_current+0x18f/0x280 [ 2992.282132] ? sg_build_indirect.isra.0+0x448/0x710 [ 2992.282778] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2992.283462] ? sg_build_indirect.isra.0+0x710/0x710 [ 2992.284096] ? vprintk_func+0x93/0x140 [ 2992.284602] ? record_print_text.cold+0x16/0x16 [ 2992.285201] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2992.285840] ? trace_hardirqs_on+0x5b/0x180 [ 2992.286403] sg_write.part.0+0x69e/0xaa0 [ 2992.286928] ? sg_new_write.isra.0+0x770/0x770 [ 2992.287528] ? find_held_lock+0x2c/0x110 [ 2992.288054] ? __might_fault+0xd3/0x180 [ 2992.288566] ? lock_downgrade+0x6d0/0x6d0 [ 2992.289109] ? _cond_resched+0x12/0x80 [ 2992.289610] ? inode_security+0x107/0x140 [ 2992.290137] ? avc_policy_seqno+0x9/0x70 [ 2992.290657] ? selinux_file_permission+0x92/0x520 [ 2992.291305] ? security_file_permission+0x24e/0x570 [ 2992.291945] sg_write+0x87/0x120 [ 2992.292382] do_iter_write+0x482/0x670 [ 2992.292885] ? import_iovec+0x83/0xb0 [ 2992.293383] vfs_writev+0x1ae/0x620 [ 2992.293852] ? vfs_iter_write+0xa0/0xa0 [ 2992.294360] ? __fget_files+0x26d/0x4c0 [ 2992.294872] ? lock_downgrade+0x6d0/0x6d0 [ 2992.295419] ? find_held_lock+0x2c/0x110 [ 2992.295951] ? __fget_files+0x296/0x4c0 [ 2992.296473] ? __fget_light+0xea/0x290 [ 2992.296976] do_writev+0x139/0x300 [ 2992.297430] ? vfs_writev+0x620/0x620 [ 2992.297921] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.298586] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2992.299259] do_syscall_64+0x33/0x40 [ 2992.299737] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2992.300386] RIP: 0033:0x7f26a81efb19 [ 2992.300860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2992.303166] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2992.304123] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2992.305030] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2992.305933] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2992.306833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2992.307739] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:28:31 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000240008000f801", 0x17}, {0x0, 0x0, 0x5fe}], 0x0, &(0x7f0000000080)={[{@fat=@errors_continue}]}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) futimesat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{}, {0x77359400}}) 12:28:31 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x4000000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:28:31 executing program 5: shmget$private(0x0, 0x1000, 0x20, &(0x7f0000ffc000/0x1000)=nil) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) r1 = fsopen(&(0x7f00000000c0)='ramfs\x00', 0x0) r2 = fsopen(&(0x7f0000000040)='sockfs\x00', 0x0) r3 = shmget(0x1, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmctl$IPC_STAT(r3, 0x2, &(0x7f0000000380)=""/220) shmat(r3, &(0x7f0000ffd000/0x3000)=nil, 0x1000) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsmount(r2, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000140)='}\xfc\\\x05\x00*{\x0f\xa8>d\x85+\xe2D5u\xbb\n4\xb9l39\xf4\xf2$\x8fl\xd26\xe6Z\x1f*\xf7\xf1T\x86\xfeM\xc9\x8e\t\x12`\xd0\x92\t\xebv\xda?\xe5\xcb\xe9\xde\xbf\xf4\xc7\xab7QQ\x97;\x9d\xd8\xc4\xce:\x98L\r\xed\xec\a\x04\xbeI\x9e\x8a\xb7\xba7\xae\xaferm\f\xfc\x9f\xe6}\x8f\xfa\x1b\x81\xed\xb7fa{\xcc\xe4L\xcc\xdb', &(0x7f0000000040)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) 12:28:31 executing program 1: syz_emit_ethernet(0x3a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabbcf685d3300180000000000069078ac1414000a0101008303000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5e00000090780000"], 0x0) syz_emit_ethernet(0x31, &(0x7f0000000140)={@remote, @local, @void, {@llc_tr={0x11, {@snap={0xaa, 0x0, "c91a", "df6378", 0x17, "babad7386646e66d74f0efd0d0914dfc81b9203cdd0b64b396f6"}}}}}, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="0807f3983e7a0000190009e3ffffffffffffff0000000000000000d05dc8e8ac1e3703ff8d03bf37579aa1cdf1169ae504f5fd028158aa4eae6a1eb47ef9db5b50768256b582bd279620c60c9c12807f7d4a568fa2162f76013b467103c0f6cf2acf7c001000cea02977bc1783d3310024cfc66b3740a28a05ecd68b638062dad4432c6e8e9a9852872ef4ea076c70f7cd42556d28bd5f95fd73cdd84e638984689c24f71d48c1d9ad85fc4a5914b69568e1565eda152fe9ed47423bcf1433fb2240de6bab9613c717fa2970dcf903217b10e1f11b811a47f89166"], 0x2b) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000180)={'macvlan1\x00'}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup(r2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) write$tun(r3, &(0x7f00000001c0)={@val={0x0, 0x886c}, @val={0x0, 0x4, 0xfd4e, 0x1, 0x8, 0x6}, @mpls={[{0x4, 0x0, 0x1}, {0x13, 0x0, 0x1}, {0xf6df, 0x0, 0x1}, {0x7fff}, {0xf8cd1, 0x0, 0x1}, {0x4}, {0x3}], @llc={@llc={0x0, 0xeb, "90be", "20bd180039edb6307b5047466e75984c40d9adfd73802f6b7d5b29c146f65f901777410a2ada78dee09cd5f4639a157bf294e15ba9ca77247505207644ced0cbadd5e0c02f34b5e874e22179430be73be2ef360644c47398047dcb60047107bf50614ef91aaafe50753da81034563e79d7048d"}}}}, 0xa1) r4 = socket$unix(0x1, 0x0, 0x0) ioctl$FIBMAP(r4, 0x1, &(0x7f0000000100)=0x81) openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x103002, 0x0) syz_emit_ethernet(0x69, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @broadcast, @void, {@mpls_uc={0x8847, {[{0x2}, {0x6}, {0x1}, {0x30}, {0x400, 0x0, 0x1}, {0x9}], @generic="3b4dcb4b865f251e22c3da4278692cade24354101269be3ae74d255029c1ad9c18fbf6ff8caa8e5487335c84f9151a8b6bf5b20a555e8aa853fdbddc83bb0c101f7c31"}}}}, 0x0) 12:28:31 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 78) 12:28:31 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:28:31 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x28, 0x18, 0x1, 0x0, 0x0, {0xa}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r2, 0x660c) mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x10000000) readv(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f0000000140)=""/44, 0x2c}], 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f00000004c0)=ANY=[@ANYBLOB="5b91565cdbfa48931fc20a1542ff80910e5dbcf5001000003db9825124b9a2b5bc", @ANYRES32=r0, @ANYBLOB="0852000004d3735500c761460f666900"]) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) r4 = epoll_create(0x7ffd) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000100)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000002c0)) writev(r3, &(0x7f00000000c0), 0x0) 12:28:31 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:28:31 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x5000000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 2992.523051] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 2992.523051] program syz-executor.4 not setting count and/or reply_len properly [ 2992.536173] FAULT_INJECTION: forcing a failure. [ 2992.536173] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2992.538123] CPU: 1 PID: 29707 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 2992.539233] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2992.540564] Call Trace: [ 2992.541002] dump_stack+0x107/0x167 [ 2992.541598] should_fail.cold+0x5/0xa [ 2992.542221] copy_page_from_iter+0x40a/0x900 [ 2992.542946] blk_rq_map_user_iov+0x138b/0x1a60 [ 2992.543708] ? perf_trace_lock+0xac/0x490 [ 2992.544389] ? __lockdep_reset_lock+0x180/0x180 [ 2992.545150] ? __lockdep_reset_lock+0x180/0x180 [ 2992.545902] ? blk_rq_unmap_user+0x750/0x750 [ 2992.546618] ? find_held_lock+0x2c/0x110 [ 2992.547308] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 2992.548172] ? lock_downgrade+0x6d0/0x6d0 [ 2992.548828] ? import_single_range+0x24d/0x2e0 [ 2992.549573] blk_rq_map_user+0x103/0x170 [ 2992.550234] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 2992.551005] ? alloc_pages_current+0x18f/0x280 [ 2992.551772] ? sg_build_indirect.isra.0+0x448/0x710 [ 2992.552590] sg_common_write.constprop.0+0x10ed/0x1a30 [ 2992.553451] ? sg_build_indirect.isra.0+0x710/0x710 [ 2992.554256] ? vprintk_func+0x93/0x140 [ 2992.554888] ? record_print_text.cold+0x16/0x16 [ 2992.555652] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2992.556466] ? trace_hardirqs_on+0x5b/0x180 [ 2992.557178] sg_write.part.0+0x69e/0xaa0 [ 2992.557841] ? sg_new_write.isra.0+0x770/0x770 [ 2992.558608] ? find_held_lock+0x2c/0x110 [ 2992.559305] ? __might_fault+0xd3/0x180 [ 2992.559964] ? lock_downgrade+0x6d0/0x6d0 [ 2992.560652] ? _cond_resched+0x12/0x80 [ 2992.561285] ? inode_security+0x107/0x140 [ 2992.561955] ? avc_policy_seqno+0x9/0x70 [ 2992.562610] ? selinux_file_permission+0x92/0x520 [ 2992.563415] ? security_file_permission+0x24e/0x570 [ 2992.564232] sg_write+0x87/0x120 [ 2992.564787] do_iter_write+0x482/0x670 [ 2992.565423] ? import_iovec+0x83/0xb0 [ 2992.566040] vfs_writev+0x1ae/0x620 [ 2992.566634] ? vfs_iter_write+0xa0/0xa0 [ 2992.567288] ? __fget_files+0x26d/0x4c0 [ 2992.567943] ? lock_downgrade+0x6d0/0x6d0 [ 2992.568605] ? find_held_lock+0x2c/0x110 [ 2992.569281] ? __fget_files+0x296/0x4c0 [ 2992.569940] ? __fget_light+0xea/0x290 [ 2992.570576] do_writev+0x139/0x300 [ 2992.571160] ? vfs_writev+0x620/0x620 [ 2992.571803] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.572644] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2992.573482] do_syscall_64+0x33/0x40 [ 2992.574085] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 2992.574908] RIP: 0033:0x7f26a81efb19 [ 2992.575517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2992.578394] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2992.579616] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 2992.580751] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2992.581882] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 2992.583007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2992.584134] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 2993.058048] audit: type=1326 audit(1708432112.303:369): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29572 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:28:47 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) fsync(0xffffffffffffffff) ioctl$VT_WAITACTIVE(r0, 0x5607) r1 = gettid() pidfd_open(r1, 0x0) prlimit64(0x0, 0x1, &(0x7f00000015c0)={0x101, 0x3}, &(0x7f0000001600)) timer_create(0x1, &(0x7f0000000200)={0x0, 0x8, 0x2, @thr={&(0x7f0000000140)="eb66d68fe78c5b26865f19c98b0de5852cc5488bc9d4c442c0eb09bca3145e945f593ec8ec85f4633997f41a636d751e5071c8beaf04bfb35cf3450d968ed66b8df5e534cd0257463b3e7cc5c59d0f1b17ee7b4ab04018f2935c72ac9415342ae23d332ad6903dfa2b43cbb97bdc93c9e97562e77084c4600ec5eb43a602f9d7c4c4d522f196527aee1e299d4cf54ebe154319d71608196854564dd3344c2800e16defff34757f789a73ebb79d448839a1bcb50b", &(0x7f0000000400)="75556ad33cd36d1cedeb41db771ac41e23da333ac33afb9772df2f88c3deb71793a59cec2dc4d68be9606ff869bdf20ee72b29dc2949727686f246447d8eef5f247c1bad2f874629e38651ae39a715afc90f5f23a188a67f8393e2ad51686cc5ecf06eab4737ecf719772739ee2f740a898b7833115fa1baf0cbe77c4b2271c1454b47dad7b8238550577dfe2a6536b35ce768826dcd69898bfea32b56b15af72c78d12df49e1d3a90319c32"}}, &(0x7f0000000280)) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/tcp\x00') readv(r2, 0x0, 0x0) ioctl$EVIOCGKEY(r2, 0x80404518, &(0x7f0000000300)=""/231) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0) readv(0xffffffffffffffff, 0x0, 0x30) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x2, 0x81, 0x5, 0x7f8, 0x9089}}) write(0xffffffffffffffff, 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/auth_rpcgss', 0x200, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x501100, 0x0) ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x3e7f, 0x7, 0x1000, 0x0, 0x4}}) unshare(0x48020200) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x5, 0x8b73, 0x2, 0x100000001}) 12:28:47 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x7400000000000000, 0x0, 0x0) [ 3007.841869] audit: type=1326 audit(1708432127.090:370): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29820 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 3007.857193] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3007.857193] program syz-executor.4 not setting count and/or reply_len properly [ 3007.860816] FAULT_INJECTION: forcing a failure. [ 3007.860816] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3007.862251] CPU: 1 PID: 29826 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 3007.863088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3007.864090] Call Trace: [ 3007.864417] dump_stack+0x107/0x167 [ 3007.864869] should_fail.cold+0x5/0xa [ 3007.865338] copy_page_from_iter+0x40a/0x900 [ 3007.865880] blk_rq_map_user_iov+0x138b/0x1a60 [ 3007.866438] ? perf_trace_lock+0xac/0x490 [ 3007.866943] ? __lockdep_reset_lock+0x180/0x180 [ 3007.867517] ? __lockdep_reset_lock+0x180/0x180 [ 3007.868076] ? blk_rq_unmap_user+0x750/0x750 [ 3007.868605] ? find_held_lock+0x2c/0x110 [ 3007.869107] ? sg_common_write.constprop.0+0x9b6/0x1a30 [ 3007.869754] ? lock_downgrade+0x6d0/0x6d0 [ 3007.870249] ? import_single_range+0x24d/0x2e0 [ 3007.870800] blk_rq_map_user+0x103/0x170 [ 3007.871299] ? blk_rq_map_user_iov+0x1a60/0x1a60 [ 3007.871889] ? alloc_pages_current+0x18f/0x280 [ 3007.872442] ? sg_build_indirect.isra.0+0x448/0x710 [ 3007.873019] sg_common_write.constprop.0+0x10ed/0x1a30 [ 3007.873665] ? sg_build_indirect.isra.0+0x710/0x710 [ 3007.874280] ? vprintk_func+0x93/0x140 [ 3007.874773] ? record_print_text.cold+0x16/0x16 [ 3007.875349] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3007.875999] ? trace_hardirqs_on+0x5b/0x180 [ 3007.876523] sg_write.part.0+0x69e/0xaa0 [ 3007.876987] ? sg_new_write.isra.0+0x770/0x770 [ 3007.877526] ? find_held_lock+0x2c/0x110 [ 3007.878017] ? __might_fault+0xd3/0x180 [ 3007.878486] ? lock_downgrade+0x6d0/0x6d0 [ 3007.878989] ? _cond_resched+0x12/0x80 [ 3007.879469] ? inode_security+0x107/0x140 [ 3007.879963] ? avc_policy_seqno+0x9/0x70 [ 3007.880457] ? selinux_file_permission+0x92/0x520 [ 3007.881355] ? security_file_permission+0x24e/0x570 [ 3007.881965] sg_write+0x87/0x120 [ 3007.882384] do_iter_write+0x482/0x670 [ 3007.882860] ? import_iovec+0x83/0xb0 [ 3007.883322] vfs_writev+0x1ae/0x620 [ 3007.883776] ? vfs_iter_write+0xa0/0xa0 [ 3007.884255] ? __fget_files+0x26d/0x4c0 [ 3007.884746] ? lock_downgrade+0x6d0/0x6d0 [ 3007.885239] ? find_held_lock+0x2c/0x110 [ 3007.885738] ? __fget_files+0x296/0x4c0 [ 3007.886223] ? __fget_light+0xea/0x290 [ 3007.886715] do_writev+0x139/0x300 [ 3007.887150] ? vfs_writev+0x620/0x620 [ 3007.887624] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3007.888246] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3007.888873] do_syscall_64+0x33/0x40 [ 3007.889316] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3007.889935] RIP: 0033:0x7f26a81efb19 [ 3007.890377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3007.892745] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 3007.893661] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 3007.894545] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 3007.895387] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 3007.896234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3007.897077] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:28:47 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:28:47 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:28:47 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0) tee(0xffffffffffffffff, r0, 0x3, 0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'team0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000580)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x18, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MEDIA_GET(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000}, 0x45, &(0x7f0000000380)={&(0x7f0000000940)=ANY=[], 0x2e8}, 0x1, 0x0, 0x0, 0x8000}, 0x4d004) fsetxattr$security_selinux(r0, &(0x7f0000000100), &(0x7f0000000140)='system_u:object_r:devtty_t:s0\x00', 0x1e, 0x0) r5 = syz_io_uring_complete(r1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000000), 0x7}}, 0x0, 0xffdfffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(r5, &(0x7f0000000080)={0x11, 0xc, r3, 0x1, 0x20, 0x6, @broadcast}, 0x14) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, 0x0, 0xc045) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) fcntl$dupfd(r2, 0x406, 0xffffffffffffffff) 12:28:47 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x6000000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:28:47 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 79) 12:28:47 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x2}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000140)=0x7f, 0x4) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10, 0x0}, 0x404c008) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$inet6(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000014c0)="6520a22dd259c813c270667d8bea5f8f7d68da0b05a00600e9b9a88a7be9dcb11ff1c423e621e27f17b31d45edfe03ccdf00dd23aa8953e2836b08c0ec9c6e39d535038d0e020e301157e3d9e5500a62770f1ea521142e4d5a6d77f11d2ce3ae4a1d074dbdcaf269699e05026d79c8dc7a69228b3da16e4a1eba3b9e2284458ab4b5ed2f0d7eede41dfcb504f219ea105346669f724e43aa2dd9b83909138e971f8be6936ff1fde8df6e3e9db2b59d842cd8c96ae1a5c52c0d065bcd71b16ea28e5f27472d8f7bc997fc17b3ec39bed82e3b1d1009d646605fdaf0030a17bf4118ac55cb22ca17805c76ad", 0xeb}, {&(0x7f0000000180)="1d8db4bb888a1f6bf89a037064925d7cb4c56a2506cc7a86b9d2931fecc02eccff3ce573c2c7", 0x26}, {&(0x7f0000001640)="95244c4d953490f59be2ab103e3d34291e44f24d96912183ca136936379939fdb2719a76a4b615625e465d559a811e3edc108179c06ac5810f70ea3f7ca84da0632b6bdc91b57181dff76c47d08dfa7e5f70ccc98438c6497effd3fc3d18a565219cc9fdc72c276f3f25a1023ef114ad692cae7f0980d617db91c63f4c283d810d10cb531c6c3272e5c047acedcf34b52602bc1de1797e880b78af45af379dc1e003bf81496506e7571929c24a3b98788aaca8eaaf0e4573fe52f7eaaa07820e7f542589449ab0195eed", 0xca}], 0x3}, 0x0) write(r2, &(0x7f0000000400)="071e9f7358ec922343d9786f7c2147c81e6890a8016fb53a5ffc4951d0a6a9f38dda8a9bae8f6f3750405ca0111cc8069cb8ebd8c8564cc6aff4e3631e4eb8ebf43b0e3a61bb5878257df934ab1c2df75a49f4d39cf7effe02c00c95f02860e708", 0x61) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') readv(r3, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1) syz_open_procfs(0x0, &(0x7f0000000280)='fd/4\x00') syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x173000, 0x0) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x100000, &(0x7f0000000440)=ANY=[]) mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x0) mount$bind(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x17810, 0x0) umount2(&(0x7f0000000200)='./file0/../file0\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='io\x00') unshare(0x48020200) 12:28:47 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x7000000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:28:47 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:28:47 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 80) [ 3008.016329] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3008.016329] program syz-executor.4 not setting count and/or reply_len properly [ 3008.023224] FAULT_INJECTION: forcing a failure. [ 3008.023224] name failslab, interval 1, probability 0, space 0, times 0 [ 3008.024544] CPU: 1 PID: 29863 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 3008.025303] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3008.026239] Call Trace: [ 3008.026551] dump_stack+0x107/0x167 [ 3008.026960] should_fail.cold+0x5/0xa [ 3008.027376] ? mempool_alloc+0x148/0x360 [ 3008.027845] ? mempool_free_pages+0x20/0x20 [ 3008.028346] should_failslab+0x5/0x20 [ 3008.028780] kmem_cache_alloc+0x5b/0x310 [ 3008.029243] ? mempool_free_pages+0x20/0x20 [ 3008.029719] mempool_alloc+0x148/0x360 [ 3008.030157] ? mempool_resize+0x7d0/0x7d0 [ 3008.030640] ? __lockdep_reset_lock+0x180/0x180 [ 3008.031157] ? mark_lock+0xf5/0x2df0 [ 3008.031597] __sg_alloc_table+0x24e/0x390 [ 3008.032072] sg_alloc_table_chained+0x9b/0x1f0 [ 3008.032586] ? sg_alloc_table_chained+0x1f0/0x1f0 [ 3008.033129] scsi_alloc_sgtables+0x236/0xaf0 [ 3008.033632] ? scsi_cmd_runtime_exceeced+0x1d0/0x1d0 [ 3008.034209] ? scsi_init_command+0x4ee/0x750 [ 3008.034715] scsi_queue_rq+0x1dc9/0x27f0 [ 3008.035182] blk_mq_dispatch_rq_list+0x372/0x1c30 [ 3008.035733] ? target_unblock+0x1/0x60 [ 3008.036181] ? __blk_mq_sched_dispatch_requests+0x236/0x450 [ 3008.036815] ? blk_mq_dequeue_from_ctx+0x7f0/0x7f0 [ 3008.037354] ? do_raw_spin_lock+0x121/0x260 [ 3008.037834] ? rwlock_bug.part.0+0x90/0x90 [ 3008.038308] ? hctx_lock+0x7f/0x200 [ 3008.038732] __blk_mq_sched_dispatch_requests+0x263/0x450 [ 3008.039344] ? blk_mq_do_dispatch_sched+0xa00/0xa00 [ 3008.039932] blk_mq_sched_dispatch_requests+0xfb/0x180 [ 3008.040514] __blk_mq_run_hw_queue+0x12c/0x290 [ 3008.041047] ? blk_mq_start_request+0x3f0/0x3f0 [ 3008.041573] __blk_mq_delay_run_hw_queue+0x4f1/0x550 [ 3008.042150] blk_mq_run_hw_queue+0x170/0x2f0 [ 3008.042684] ? blk_mq_delay_run_hw_queues+0x1a0/0x1a0 [ 3008.043281] ? do_raw_spin_unlock+0x4f/0x220 [ 3008.043800] ? _raw_spin_unlock+0x1a/0x30 [ 3008.044298] blk_mq_sched_insert_request+0x384/0x440 [ 3008.044879] ? __blk_mq_sched_bio_merge+0x3d0/0x3d0 [ 3008.045470] ? sg_remove_sfp_usercontext+0x420/0x420 [ 3008.046051] ? blk_account_io_start+0x11b/0x170 [ 3008.046578] sg_common_write.constprop.0+0xee9/0x1a30 [ 3008.047174] ? sg_build_indirect.isra.0+0x710/0x710 [ 3008.047756] ? vprintk_func+0x93/0x140 [ 3008.048199] ? record_print_text.cold+0x16/0x16 [ 3008.048737] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3008.049273] ? trace_hardirqs_on+0x5b/0x180 [ 3008.049742] sg_write.part.0+0x69e/0xaa0 [ 3008.050202] ? sg_new_write.isra.0+0x770/0x770 [ 3008.050734] ? find_held_lock+0x2c/0x110 [ 3008.051203] ? __might_fault+0xd3/0x180 [ 3008.051674] ? lock_downgrade+0x6d0/0x6d0 [ 3008.052176] ? _cond_resched+0x12/0x80 [ 3008.052625] ? inode_security+0x107/0x140 [ 3008.053096] ? avc_policy_seqno+0x9/0x70 [ 3008.053559] ? selinux_file_permission+0x92/0x520 [ 3008.054116] ? security_file_permission+0x24e/0x570 [ 3008.054676] sg_write+0x87/0x120 [ 3008.055072] do_iter_write+0x482/0x670 [ 3008.055502] ? import_iovec+0x83/0xb0 [ 3008.055923] vfs_writev+0x1ae/0x620 [ 3008.056328] ? vfs_iter_write+0xa0/0xa0 [ 3008.056778] ? __fget_files+0x26d/0x4c0 [ 3008.057221] ? lock_downgrade+0x6d0/0x6d0 [ 3008.057678] ? find_held_lock+0x2c/0x110 [ 3008.058137] ? __fget_files+0x296/0x4c0 [ 3008.058584] ? __fget_light+0xea/0x290 [ 3008.059037] do_writev+0x139/0x300 [ 3008.059445] ? vfs_writev+0x620/0x620 [ 3008.059863] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3008.060452] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3008.061000] do_syscall_64+0x33/0x40 [ 3008.061410] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3008.061936] RIP: 0033:0x7f26a81efb19 [ 3008.062344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3008.064235] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 3008.065063] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 3008.065852] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 3008.066630] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 3008.067396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3008.068194] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 [ 3008.078102] audit: type=1400 audit(1708432127.326:371): avc: denied { map } for pid=29830 comm="syz-executor.3" path="/syzkaller-testdir173370050/syzkaller.qknqqN/257/file0" dev="sda" ino=16068 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:devtty_t:s0 tclass=file permissive=1 [ 3008.082304] audit: type=1400 audit(1708432127.326:372): avc: denied { read } for pid=29830 comm="syz-executor.3" path="/syzkaller-testdir173370050/syzkaller.qknqqN/257/file0" dev="sda" ino=16068 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:devtty_t:s0 tclass=file permissive=1 12:28:47 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:28:47 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x9000000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:28:47 executing program 3: ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000000)={&(0x7f0000000080)=""/99, 0x63}) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/diskstats\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000140)={0x7, 0x8, 0x9}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r1, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000001400)) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[], 0xfdef) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup(r2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5e, 0x40110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0xfffffffffffffffd}}, 0x0, 0xffffffffffffffff, r3, 0x3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = dup(r4) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$VT_ACTIVATE(r5, 0x5606, 0x5) lseek(r1, 0x0, 0x3) 12:28:47 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:29:03 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 81) 12:29:03 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:29:03 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x7a00000000000000, 0x0, 0x0) 12:29:03 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xf000000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:29:03 executing program 3: ftruncate(0xffffffffffffffff, 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, 0x0, 0x20044000) r0 = add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000200)={0x0, "f038779de021f8c8c974dd89170cf2579d1fa459ba726003d07140eeb342b87ae631f7a548867a29f29fd1637ddac658a709b49b093393d0e1c7391515c7ab7c", 0x31}, 0x48, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000680), &(0x7f00000006c0)={'syz', 0x1}, 0x0, 0x0, r0) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x24, &(0x7f00000004c0)={@multicast1, @broadcast}, &(0x7f0000000500)=0x8) add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000340), &(0x7f00000003c0)={'syz', 0x3}, 0x0, 0x0, r0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(0xffffffffffffffff, 0x80286722, &(0x7f0000000480)={&(0x7f0000000800)=""/222, 0xde, 0x0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000540)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000200)=@secondary) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000280)=@chain) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000000)={r2, 0x52, 0x64}, &(0x7f0000000700)=ANY=[@ANYBLOB="656e633d6f616570206861736b6532732d3132382d7838360000000000000000000000080000000000007c0ec3000000a7ff7600000000000000000000000000000000000000000000000000000000000000070000001bcc753ae462ede3fe90ffdf30344bba11950666211d7c2c13098e2fb26975785d6994a30ad80a6084dd2358e3f45af7d7b62fae41d0a6d1a4ec17b600e9ecd8c9a12b08d055a78a90c2cd99d3efb67da18c6bffe2d69e1d5dbefe614ebb10d4651a324425406ceaa32052e8b6fb551f0262a3da7d83200febf8923447e3d44e8565eaf117eca1add2da053737"], &(0x7f0000000280)="5d73449c19fe117891c00e6e17777f21b1fb2057ad2f2c82d2af8583ffdf549d1af9d1b0f60bd44bdd68596eaa5e7bbfe5371e88b50503c5d7950fe172aa94b9fafb9a2549e98f4378dc651ea93b64a13741", &(0x7f0000000580)=""/100) clone3(&(0x7f0000000ac0)={0x17412c500, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r3 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000280)=@chain) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000300)={r1, 0x2d, 0x4c}, &(0x7f0000000400)={'enc=', 'raw', ' hash=', {'sha384-neon\x00'}}, &(0x7f0000000380)="017cd4f536121a2c2f597089ab079b1d77fc5a6dcc6a9cfdf9f386f5d37af2caef0145f7eb2f33ff40669824db", &(0x7f0000000600)=""/76) sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x2c, 0x0, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_ACKREQ_DEFAULT={0x5}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008080}, 0x4040811) [ 3023.984779] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3023.984779] program syz-executor.4 not setting count and/or reply_len properly [ 3023.987862] audit: type=1326 audit(1708432143.235:373): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30071 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:29:03 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:29:03 executing program 1: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000000440)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4655fe0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x1, &(0x7f0000000080)=ANY=[]) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) io_submit(0x0, 0x5, &(0x7f0000000680)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x5, r1, &(0x7f0000000280)="5d634c559d14522288a225c7a43c58bf5e4520e050e8f46551c03e02783c1b14d9d046d8d435ea010b70e769106a77a2a8a650ae5c18bfe04eaeefb01122daaeb8acbe8e52ad3cf9b312f6de3063c7fe2a264017558e02545fb11180b27749e58e90f6c152f255297ae53ddbf0c1064a969caaf97d9f730056be12754309df4d02352c6018ff55f1d84d6b22aaf8bd5bd318cb4edc90a74c1fd7f8e42020467c45b5cda575c61109b575740539a594ee75255d5f877c60bd7cc778bd7530e6029ad199801e9a835a0d73206466ea84666f314ca7d89cab629ff136ca77df1b6c98d819847a31", 0xe6}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x5, 0x80, r0, &(0x7f0000000140)="7cee99831730f24c0ac6bcf6488f48b2299b8e46a20c2f0a5a41c9328bd9a9273daa671b11fc160dd769d9d73b4d5e909182b2fef00d3fd2bd49d41db42153904f4f27c7dafe4a12f97f7b7e71b19ecd56e6a859558ddc09f48ea73a771a5b1b12a58c0439cac648b2c697b35ceffabb0ee0d493708dfa04cf103eac5766d16de0a2a1a7ad3b130b66", 0x89, 0x34db, 0x0, 0x3}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x6, 0x9, r0, &(0x7f00000004c0)="759984bbb5051ab0a0d2f7cdd5f8aa73546c5429fa58b77108f1532aee96e8c7009ba121153d3d5d226347f980876e44e7e7c0ab4a5213439fc12f1962bceb29284fe9b3446b60774dd85d69db01bf38c2513256dade186ed907f2bd92812d5f3aa70f439437e7bd3c57c1fee49175b8e51c7f45757b144ab5eeaa7cd4affdb513b88e34bb359223e949b3c2066cd76100c272cb6200d952bdf095e6", 0x9c, 0x2, 0x0, 0x3}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x6, 0x0, r0, &(0x7f0000000400)="cf0979143051fec06d1c62b956fd30c6adfd9f39be0b", 0x16, 0x9, 0x0, 0x1}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x8001, r2, &(0x7f00000005c0)="1892b74322059aebd73b0a13f65ba48d387fe0a4ddee651251705d4cf49d2edcd25ad53ec7bada047f2cbc6eae7eb24df932653c22a23fbe7fd780d5175ff3eb9e031a4e76e44e11943db7805ae30ea4116511c723cff232b12ea316ed7ed9da296239e8a1326d82", 0x68, 0xa6, 0x0, 0x1}]) umount2(&(0x7f00000000c0)='./file0\x00', 0x0) 12:29:03 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x100, 0x11) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup(r1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000900)=ANY=[@ANYBLOB="0132ad3b99eba7a69a4aef241a4dbb2133c3cfdb077d7041fdbfffbf85fcdbe095aa3c7eff5b3c0f7142b92392a1a887dc06d163a15ea133e17993a84365ab6baee62f131811d6706162d391e967771501fe48d2774d7093fb68181856456e1478696fc3f6e25ffb247dd5ba0fe1c62ff34e3f03c4acc74e4e376e9364f3a4386d7795e90e5d2cd32980fc037a2a072a7e09c2eec32ee262c03bb500eba9e39745e8470d3354d02b7b0a297b5d84c06da4539fe18ed4197bfcb2a9bf2394aa975ed535509d6cacbb00"/226, @ANYRESDEC=r0, @ANYRESHEX]) r3 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x800, 0x2) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x0) r4 = syz_io_uring_setup(0x3ac4, &(0x7f00000002c0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) r7 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd=r7}, 0x0) close(r7) fcntl$setsig(0xffffffffffffffff, 0xa, 0x2) epoll_create(0x3) r8 = accept4(r3, &(0x7f0000000240)=@caif=@dbg, &(0x7f0000000440)=0x80, 0x1000) sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, 0x1, 0x1, 0x5, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x1) r9 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SG_IO(r9, 0x2285, &(0x7f0000000340)={0x53, 0x0, 0x36, 0x0, @buffer={0x300, 0xa3, &(0x7f00000005c0)=""/163}, &(0x7f0000000400)="4feb7dc9166b6447a088582072c238800a92451d113f8c0580441e896595a1225a3281da76798b7719fc27f0eb034bc3c3e044325e23", 0x0, 0x2, 0x0, 0x0, 0x0}) r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r4, 0x0) syz_io_uring_submit(r10, r6, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r4, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 3024.015079] FAULT_INJECTION: forcing a failure. [ 3024.015079] name failslab, interval 1, probability 0, space 0, times 0 [ 3024.016995] CPU: 1 PID: 30078 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 3024.018129] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3024.019481] Call Trace: [ 3024.019927] dump_stack+0x107/0x167 [ 3024.020538] should_fail.cold+0x5/0xa [ 3024.021168] ? __lock_acquire+0x1657/0x5b00 [ 3024.021875] ? create_object.isra.0+0x3a/0xa20 [ 3024.022650] should_failslab+0x5/0x20 [ 3024.023287] kmem_cache_alloc+0x5b/0x310 [ 3024.023978] create_object.isra.0+0x3a/0xa20 [ 3024.024701] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3024.025553] kmem_cache_alloc+0x159/0x310 [ 3024.026256] ? mempool_free_pages+0x20/0x20 [ 3024.026967] mempool_alloc+0x148/0x360 [ 3024.027629] ? mempool_resize+0x7d0/0x7d0 [ 3024.028325] ? __lockdep_reset_lock+0x180/0x180 [ 3024.029092] ? mark_lock+0xf5/0x2df0 [ 3024.029729] __sg_alloc_table+0x24e/0x390 [ 3024.030428] sg_alloc_table_chained+0x9b/0x1f0 [ 3024.031186] ? sg_alloc_table_chained+0x1f0/0x1f0 [ 3024.032015] scsi_alloc_sgtables+0x236/0xaf0 [ 3024.032745] ? scsi_cmd_runtime_exceeced+0x1d0/0x1d0 [ 3024.033553] ? scsi_init_command+0x4ee/0x750 [ 3024.034302] scsi_queue_rq+0x1dc9/0x27f0 [ 3024.034990] blk_mq_dispatch_rq_list+0x372/0x1c30 [ 3024.035808] ? target_unblock+0x1/0x60 [ 3024.036452] ? __blk_mq_sched_dispatch_requests+0x236/0x450 [ 3024.037394] ? blk_mq_dequeue_from_ctx+0x7f0/0x7f0 [ 3024.038193] ? do_raw_spin_lock+0x121/0x260 [ 3024.038905] ? rwlock_bug.part.0+0x90/0x90 [ 3024.039599] ? hctx_lock+0x7f/0x200 [ 3024.040272] __blk_mq_sched_dispatch_requests+0x263/0x450 [ 3024.041185] ? blk_mq_do_dispatch_sched+0xa00/0xa00 [ 3024.042024] blk_mq_sched_dispatch_requests+0xfb/0x180 [ 3024.042900] __blk_mq_run_hw_queue+0x12c/0x290 [ 3024.043661] ? blk_mq_start_request+0x3f0/0x3f0 [ 3024.044443] __blk_mq_delay_run_hw_queue+0x4f1/0x550 [ 3024.045284] blk_mq_run_hw_queue+0x170/0x2f0 [ 3024.046016] ? blk_mq_delay_run_hw_queues+0x1a0/0x1a0 [ 3024.046865] ? do_raw_spin_unlock+0x4f/0x220 [ 3024.047588] ? _raw_spin_unlock+0x1a/0x30 [ 3024.048290] blk_mq_sched_insert_request+0x384/0x440 [ 3024.049125] ? __blk_mq_sched_bio_merge+0x3d0/0x3d0 [ 3024.050001] ? sg_remove_sfp_usercontext+0x420/0x420 [ 3024.050965] ? blk_account_io_start+0x11b/0x170 [ 3024.051751] sg_common_write.constprop.0+0xee9/0x1a30 [ 3024.052614] ? sg_build_indirect.isra.0+0x710/0x710 [ 3024.053435] ? vprintk_func+0x93/0x140 [ 3024.054073] ? record_print_text.cold+0x16/0x16 [ 3024.054839] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3024.055683] ? trace_hardirqs_on+0x5b/0x180 [ 3024.056403] sg_write.part.0+0x69e/0xaa0 [ 3024.057068] ? sg_new_write.isra.0+0x770/0x770 [ 3024.057840] ? find_held_lock+0x2c/0x110 [ 3024.058507] ? __might_fault+0xd3/0x180 [ 3024.059160] ? lock_downgrade+0x6d0/0x6d0 [ 3024.059861] ? _cond_resched+0x12/0x80 [ 3024.060509] ? inode_security+0x107/0x140 [ 3024.061188] ? avc_policy_seqno+0x9/0x70 [ 3024.061863] ? selinux_file_permission+0x92/0x520 [ 3024.062658] ? security_file_permission+0x24e/0x570 [ 3024.063482] sg_write+0x87/0x120 [ 3024.064057] do_iter_write+0x482/0x670 [ 3024.064708] ? import_iovec+0x83/0xb0 [ 3024.065337] vfs_writev+0x1ae/0x620 [ 3024.065941] ? vfs_iter_write+0xa0/0xa0 [ 3024.066587] ? __fget_files+0x26d/0x4c0 [ 3024.067253] ? lock_downgrade+0x6d0/0x6d0 [ 3024.067942] ? find_held_lock+0x2c/0x110 [ 3024.068628] ? __fget_files+0x296/0x4c0 [ 3024.069296] ? __fget_light+0xea/0x290 [ 3024.069942] do_writev+0x139/0x300 [ 3024.070542] ? vfs_writev+0x620/0x620 [ 3024.071180] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3024.072041] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3024.072901] do_syscall_64+0x33/0x40 [ 3024.073513] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3024.074353] RIP: 0033:0x7f26a81efb19 [ 3024.074959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3024.077975] RSP: 002b:00007f26a5765188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 3024.079225] RAX: ffffffffffffffda RBX: 00007f26a8302f60 RCX: 00007f26a81efb19 [ 3024.080390] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000005 [ 3024.081552] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 3024.082729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3024.083904] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:29:03 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x1e040000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:29:03 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x9effffff, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:29:03 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) (fail_nth: 82) [ 3024.317781] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3024.317781] program syz-executor.4 not setting count and/or reply_len properly 12:29:03 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:29:03 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:29:03 executing program 3: syz_mount_image$vfat(0x0, &(0x7f0000001800)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$nfs(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x81, 0x8, &(0x7f0000001600)=[{&(0x7f0000000100)="17990971d7c942974d8b07842e0309bcceb3e20604b823bcb66f4881f9336b8e50fd7ae796037e6224a01a92cfb2c0d550d76dfefedcce30255f9a19746dbb64cf9bd39063cd1691d18c5f9ed44a095bb07cf98825937b7e2ab46ce93767152e875e419bb8b9ac2902aa5ba944da22d9c74313caf41ce10d9fa28fa545c7d2bebb092a57f28b93e2bed8c19072ba9c368935d75d282a1c210ff49ebfc5ef612709a801e53d2f5bfbdddb82282ce7908b436d5ca1cf55fde92f5af5206fa118b4aeaeac980624d1934d5338", 0xcb, 0x9}, {&(0x7f0000000200)="6a17964427a86092d0a079a8cdfc0216989ee7a86d7e0b4d27973a0637429c230e23989f28891bc151508111f90b7c0af39fee07bb20aacbd7a08ad8f9c249f83d7077940661728aa187f3f3fe81e7c1f476618988073925ee8480c16c9e0d607f8be5c6ca61de2ea07818e7d4763095718f076a43f04da28cae22039d6dce441330faf770216adcece47bf7a3ec500b74d03e5441bc4ed18611d54f1d161873360a3de3c17c7ea934ec6c1273f6c97ec1b456601bc3e33ec0", 0xb9, 0x1000}, {&(0x7f00000002c0)="7225d0b9222bc264b1c4a35231de54dabfcb0599a530048ab85724a80addf6874a272073e77f895402311ec739a43deff5bac04e8054fd48eeb5bc1eb1bc899403b2669bc04fd00d90c29897dcba13daa0424cc3c5d88f2a0e46136afafc0a1e93bb226048fa4e6c8e26366b41dd89a64874a5d2d5674fba8934f188ee0e3b9f1040f188438962cf2ade33cb98c622c83479141256ab393002a5b7fc0126bf256a8f75481d72a4e58933fb2a5d11baf883f9f03758cc8a5e2d9f184bc639a597011774cd326348f81d2bceb407d8b6ebfa3c8fbead72611be785b3719f321178886210f82c9752804440de6e13925bcc0ebc46e61d993c049f2ce8c4cd367cbf91259041237e57345a20a8f8bd4d5c415d88b7a14581c996aeba2054cf2a67796d3b4a2f4d11193cf1cd86ab064c79ae40f651231d4328cd2f250ae60b4d6f320bd6c860f10ffa420fc1747728db137b1f9695257381df43c72cf821ccb4173b05bc645cb76497541a6f6d1c12fbe1474eeeb6003bcb237a541fb17ad89e7e59fc455dd42dca87be5ca2e99f369ba641c3e1d43edc7b24ef55a68ebd8402ddb80d5c2274a4264bb3d9d0a1ba1299c4a7cdd80d80954509dfebc075974d6c355398ab820bf8a91c0b7027aa9555bad8939ebd381f990903d3d116ed17ad45482e80009e01494ffa540ee5069b3394a87301116a4a1e1a1cd241b1dfecce931e4093d91d2414bd1255eb73a218593fc6842ad415dde4b02c7937f88e763dd07d5739cda9217e3166458e52a7705f43fba5cdaff89900d422ef8b0fe49f1f3d56b7920272d0cc523095dfa31bd365cc02c692279aac9eb1fc5f8538e3ee43066c86a0ef4fb75036e690076a7f29ff218fd7060a55098dbbee50ac3e1878fa08832b6e6e619e7fc42026ac73e6eb1f168d7313bc94dd292b13767419c09a5cbf30a9f42a7c958eac88b5b1ed3e6b7797dd7efb5a1fe84d33515af9ec3b9bb61cb85762f038557be4b29805222bb775d7127dc73d7e58724864a64061af99a3915ae8d490457ba8fbd92eb104e285ddcf0d7da79412f4ac827ffdf9c6e107c1f3b91302775988bcc3ffa5053ddb3dfd898ba23a831075f19e1b3ff404bf6952ffd6c89b9fa248412ca849a506ad954ff3bc7894c98c5794df4d4dca41c447a271bb8408dea72430535466306a7df7327b096573d8e890690956cfc1c867e90ae18c93ec2369be2af6e657802e31a03ca048c90e5791943919cd944b28be4e54669afc12513aa31ba6f7e01e32ea1fc573b6c422bf927fe2a8924f4bb759f2388e49994adc1c85ed246d2338e991e8766f3a503f894fef176def50e1aa0e0b208fd3e23a5fb7d74ce5886bca67084d979764064619f074209e5f06b7b79c0455f3300ec32512ac23fa07c0492a00e53549d31dc9a9cf21f6cdea2ed53fc26788bb881bd9c909b71bf83558ce9a80f4a0859a87eb0ff8efcdc6a2eb667bd528a933dc234dbd8e091f0daa8b669f9914242a937585d3be3b5144ff7960931d5adb97223c7833cad5a68f345b33d0dcf7db4be4bc957328c53f4c25961710564c8a50bb9c3e90fdfd4d7b5e424364e1c128d165b76802014d6e57701e4f0ea46e71b9f78197b87910c6a05f5be7f2991e924f0c68ab0bea3b783d9683ef02d1095c1c2b48c795905ed1123d72f3678bbebf3b55dcc1e588bb37ea84f35b1cd8d4efe2f5da408f419f26fdfef7bb61d30d2caf66daed906844923b3534a9e2e002561ac3d275a7b76f3840c40b7a9da3bc1be26644cb58033cd736717cd909c45ca565f2c748453f5dce7f829c1b13ab3aff65398475f8b156eb6c532e450936371159ddfc78246573d37f5ea80d92324affbcb1a461cc15015283b4ebed16383da67e136805cb4f66372a73b07e4319fb2ae814cad08b277758268c2d2215d79dea955ee634eefbe5883ef22bd3f24d54d616f2f6204e06ee9c68bb524603ce33c0ff9901570a4a427a16a11524fca3f3622d328c4a230f0df013ed299dab393c8f4dd3154653301b8ecca4c6ee6dfa038465819e21af25f96827e2fe3a5a5195a04cce42ff2aa3b2b11e4104218dbd147537ab0432d2247bb9f4924a1f7ab02774c6ab782b283484ea8a1c53679301a5760cdee69207279917ca9010c2d390dc4a647cb120e7ddf0604459a9666af23bccdfb53251973556cbbed06346291ecbc9d24774e32ccffe3b73d71d954d56cdcf756023156898851232861560aa97873d30cb74c9747838fb5a44fd15eefb6d86799cdd11d4ed4533225848f040aaa1b7b304ee93da4343708e7f5bc8a3097823851d4af62cdec8ab2b2a58a7a91bf787b33a40b3af5826fc47f421f1e018f25e53741fd515469c877a9001a942577e8b846aaabf15f9b59d246f20fa79a31587740a68886f196f68b463bcd644b984544002bf2f1ead7275c66a26621b1b79670603374401781209213d9112c6fb2ece6db842bdabe2ea1b184f793db8984277812f57831663acc2800e0b55399d5dc1a155a57c2266f8ac543d83784d924f17a0403d96a8a315dae438b5c63e3fe11dc2baf5c293375c54cab58bc51a374b7a2fac35054c70623a70a881ff7550ade79247d6cbcdd8d1c6d73e00b30366b36aa47496ccccb04f6e6cd61d07da4aa1d37940e4235132bcc5b6be735b9c7ba906f13779e645302eafc3bcc464ffda1ad20081956f5b9fb1480ad438ebd9f31bb338579b0cc9b0aaaab133e1372a1dbe7171bb7aeb247c7dc7fa2b0e45c23e8167a04e3a36e78d52dc2a529135d1178eabe65b3e578354a1ae5ae036af2498909b4737220e350d4adb3018b12a314edc7901075b428e43f329aa37618eb6ba5d5c00f90366ccb9d2fe0942ec2477f428904a9675abb331f2796747fc794f3d22c342407755a11cce208f5377ddc9e3339be5e240683a5b54341ce85a428353b418c9c7edc7e60ff050e614d5057542ab1126a8d85d3ad05bed56c41014001bc7bac679daddf267ef9c56e800d443dfb117e755957eaabd1194c8163c88f915178188ab927b59a7fd7a9519059d7a68447c4e661aa6b6446ca286e05211bbcca98f322397fd08e1b2e3ce2034e28261304c7ead200f8501ac04eeae49cf3397a4370d4fcd4fd96ab09f20431c4fef63f5356b8ee2147a2afde05b851a353f4a3b13c831516a354c00cdd8b387e0cb1b2043d587ead2675c0a91d0520a924223ac2fed21dd70882acb6db9ace0a4e53546e2c6abb819608256f66d2a3c66c78c7c9c9ab31ee5c4239aa6dc231d4133d49162c5026f96031491958bb6b692f9434b399f1d2641e14c657671adfb213db12122d10c8498aad12a099f5f518e9db8b92c417e2ceec1e793dcfc621949b25edc680f6cf5fd44ea1444d9d9604e6693f6525825eb3e21c098f6cd7ddc7bc7db33da3c7e6e26b3b5fcc83020df1fd4c5e37429836c6716197edc4b08e0c86268b43cd708ef64d5d9a78a21ced4384935ccd5c11479edc0d57019db0bb5231ad46a1d78f2721f81952f665e949eb8ca996ae76ce5742845a9d9c19d1fe91910591c3b955da0ad0ae7940aa1109e61d3e6cf589a7194b3821206bbc5b18935af00951eeb680d01ed05f2c598c8f1a3e2679de63001e2a0a6b25e8049ff600e7d563763f7d90ba23a66d1f58613d342dac36fd999e811a4a44df0c2ae3ce0e7e1d5bc4c41fa5fb585d47510aed23cb1db9b0d221bd57251527ccf334c8c84c983c54804c3b629e020b360fa23f9db6986d4211fa887c29719130ba39750b729329a2edc34998e259976f4b4df27bf5fce7cf4fca229465435a306e2dc062555617fd7091c01e1a6387206d5a05b1de1e329227bb6b1e6e1ccc575fe7222a31717fb4db32a569324aad16938301894af393256f3c90b6eccc67f10c580633119200e15b84d878b2b6cb14c60a2ef31a4e6b9e94f5f2c5ba98ebcca622bd6f321c204334e06bb801ab52f17f46a0e81bdcc5438a36eb9b7e66c9ea51208b417e106d89c087413165ccaa492ba0564349f59b9690094494341ee3a33a9a80df39f5efa06456184ba7801aedfc014b8ce230b8e05aa6e1e6be7e050422fbc8e7721e6227dd4cdd4eed2d4a8733d5e89f24c56ff62e2b7e29cee03ba5a3d1d413a0f3d1837e621171dc5ababa8965a4ee3b16c7dd3cef95bdb6f72ffec6562da48fd11ef9ec60826c2f0265fada6422e94c30d1bac188848f0a28ecb4e0338baa5cf3fc09232e7abae2bcce0094fd7d27109ab0e4da6d81694b4e443c736b60c935b8b6c0d927237312182c34740e65f8305df03823e3cb9eea244eb8e976982b8930c9af6c0574e9130823647ec31ff0e3c578ed9f4637fa841ef2648f20020319b923771b095e1d8387c9b0403a6a76de17a71bf09eee83b5b05a4652fd9ef7e44f976f5fe5d35f74e288245d5ba476ec6852d53a1b6f5383d8a076aa4729eed7e24a0acf1127b2058edd216daf7ae325a898308aed5b07495853329bc3cbe9870a28d625abcc284d654d5afe050f18315d2adf2d1cf32bcc1139b6d56d23b35c48628ca15c859116044e70f9b389e8b24991f12ba9c7a78146df593fa32c7f71789551f70cfb2291056efc572fc13232ca460df3ab9aa42c83ed884a19f8ffca3a4d9ea8240663c2e2bd8f8a65e766c61d87f68afbbb88c66c588a524460cb4e585b60d9f401d6027154bc12ff386639cbd2f16ac723e305ef6f834b90fd4172538a442034af6a45312585e780a94d06acee82b3abb03ad9fb88c618567d7c18df090290d907a14a80d5105071f0b9464fee2c5542bb8de850bf3e570abad6831cbb97b595c370fed6ca1fbd5b3f35bbad25c431babc9618cf692e41f8f0f903933268c7cc1eb0d3f3917ed2f20715df1290b8df7a3ff047310887f58ee4390e10fd9f3535689abbd70f35c810fa15f40528cd238343341f1b18617cb2aafc0724617f3e08e8a4d4cbde132f28325134e17eb38d6526ba02ccbb02ce3b337236144db460152d770ee73e66edeef8340682077a7e4de1bd6ae2d183e5a81a7737e51764670d67da9b2c6732ee853dbcfc20032cf95e830c0eef2634ef9e99855a25c4f61fe582169fc3eff470c8b80dec233864b1a1adfab8896da8f15859df05bd6db7b9e72ed242f63ffcd47e5ebdda09173cf66c77f1c58939be96e8ad89fa0fff5a31da3bde961bc52e01670baeabfc0a4added90578ff13b494fbf5e48feef2430dd8fc8302de28fb968bc7fcf10aaaf22f7b65fd4712e49f47c61f9fb656681e0aeb2c9a4d2cf6565d399f5d0a160f637aa9488ec636c4db98ce1ffd1f83e1ff7de4b3558c2ec4c7610e7a5c0949f64fc5c8900320d37fe69d6fb01c96b6db7a45f499d741f4017b907cd4374cf60f36ad16340f99838ae13d411a2547c791eb8d703def7c1b963db376f90dcc0d9d6331e2eb4e9116a85a6d61af4bf259171fa29e48114116ddb7d64a0d0dc4fa023b8a1ba89beaa7d4c2a1e79b8824829c1e088b81560ed6618f81ee8bf2ffc8db3f8b3656ff53eab8082414539ad063579e130f8327a631a454caddf5ee745cd015a2165bd41bdf59f00befeb87df236402a8f7d57d598b57722d9f90c54f5ed71e7ec9dcaa23ba6a8a81fe638889e19bd400bff579a55464e9a667d1b303b4392d7336a30b20581fdbc709e7088fd5cf8bbcd7e1587c33d7c0b04bc27bb8f1df241a28ae15e183c1a9e7f01d0a953d6f83cb87b49d4359eb6d16bee00e0ebfc16971e9f49d4a527d80d47fc065195ccf0289039fdfcc", 0x1000, 0x7}, {&(0x7f00000012c0)="6599536423c1a47ee02da1ad08dd25ba7f13249043c06d399b4ff7db4cf186c3990a4450f6f40ae83d0dc6099b8982306f09d6493ddcf318895e8e43a1906adcf045fa4402e6a658053cee9fe90295ff70503f22af61b400b11a5de6f177f0235cd0952634fb4043169895f24db3754a90d1ac3213fb38c5d0", 0x79, 0x6}, {&(0x7f0000001340)="4913a9af1dc2d78006f065e788b33c8121263952bcf1b601d986b938d166e940291b556a3ac73f12d239ef4e583140715403aadd4b17f48d6cddaafff237c3d1c84f797c6996dc595790e76cbca52f516aab35ecfd17acb0f30a7f5834aeec0f153f2f9ffe3185fcb027f83234355d966576decc559e8441ca40a9daba74ddca7c28bf4aacd291661591e40fb5814a02fc4699d048d61630ada4f503bc83392f047662ea59d4c38d0c1b36954afd0d1c7974848a448fcc4bdd3f88578670c1ce267e40835f71eb8c9c", 0xc9, 0x100000000}, {&(0x7f0000001440)="3087b440d622739b79a115e30f620c0eb371049bb046175a75ca48a1c2e37c74f037c47c0c8159f4506b3d5bc13a45930d364dbc96226da51c8089991f944ce632b13a9e18e556687fe7d513a63c4afd65c58913f00aeb918fde4d2500b9a380b9687abeefe544768dba2b4d1fb5cd24194df3a7eb0f6cc6ceb6efdebfa3f42c51", 0x81, 0xb3a1}, {&(0x7f0000001500)="6b7faf41c9b3b5dac1d06a5e950056973776f1b014305ef3aa2a5015119f9a05e8614b9ea45202f9aaa59ae91c71e4a17c6c9f4bb47c218d2b0e99ed52955a77fd02f3dc6bb3f9f6ecf8b46e", 0x4c, 0x3}, {&(0x7f0000001580)="74f92e720e7206e7f7884c542b0b1cdc3bdef573392d169e5ac05dd646d5db2bf581ca86ff51b89614faa11968351b4cf6e6534858bfb7501549827f3b9e8f75309ff73172d44c950e36c1bccf645bedc1c4e62cce654a8e20feebf5bf8b30441bdd4a1340d51f80fbe9be11", 0x6c, 0xea}], 0x2, &(0x7f00000016c0)={[{'\\,[:(@@^$~&%y.{%'}, {'/'}, {}], [{@fsuuid={'fsuuid', 0x3d, {[0x62, 0x64, 0x36, 0x61, 0x37, 0x31, 0x65, 0x64], 0x2d, [0x31, 0x35, 0x39, 0x32], 0x2d, [0x37, 0x39, 0x6b, 0x33], 0x2d, [0x66, 0x63, 0x37, 0x30], 0x2d, [0x3f, 0x62, 0x31, 0x64, 0x37, 0x66, 0x32, 0x65]}}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}) openat(r0, &(0x7f0000000080)='./file1\x00', 0x1a0c0, 0x102) llistxattr(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) [ 3024.370462] FAULT_INJECTION: forcing a failure. [ 3024.370462] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3024.372427] CPU: 1 PID: 30196 Comm: syz-executor.4 Not tainted 5.10.209 #1 [ 3024.373578] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3024.374921] Call Trace: [ 3024.375362] dump_stack+0x107/0x167 [ 3024.375978] should_fail.cold+0x5/0xa [ 3024.376627] _copy_to_user+0x2e/0x180 [ 3024.377265] simple_read_from_buffer+0xcc/0x160 12:29:03 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xf0ffffff, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 3024.378034] proc_fail_nth_read+0x198/0x230 [ 3024.378869] ? proc_sessionid_read+0x230/0x230 [ 3024.379639] ? security_file_permission+0x24e/0x570 [ 3024.380447] ? perf_trace_initcall_start+0x101/0x380 [ 3024.381280] ? proc_sessionid_read+0x230/0x230 [ 3024.382028] vfs_read+0x228/0x580 [ 3024.382608] ksys_read+0x12d/0x260 [ 3024.383200] ? vfs_write+0xa70/0xa70 [ 3024.383837] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3024.384706] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3024.385557] do_syscall_64+0x33/0x40 [ 3024.386172] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3024.387023] RIP: 0033:0x7f26a81a269c [ 3024.387645] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 3024.390618] RSP: 002b:00007f26a5765170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 3024.391858] RAX: ffffffffffffffda RBX: 000000000000002d RCX: 00007f26a81a269c [ 3024.393013] RDX: 000000000000000f RSI: 00007f26a57651e0 RDI: 0000000000000006 [ 3024.394170] RBP: 00007f26a57651d0 R08: 0000000000000000 R09: 0000000000000000 [ 3024.395323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3024.396501] R13: 00007ffc298dd15f R14: 00007f26a5765300 R15: 0000000000022000 12:29:03 executing program 1: pivot_root(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='./file0\x00') r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup(r2) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = dup(r4) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r6, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r6, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) dup3(r6, r2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000240)={@empty, 0x7c}) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6}]}, 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000680)={0xcd0, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x1, 0x40}}}}, [@NL80211_ATTR_TX_RATES={0xac, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x68, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x39, 0x2, [{0x3, 0x6}, {0x2, 0x3}, {0x4, 0x9}, {0x2, 0x7}, {0x4, 0xa}, {0x6, 0x2}, {0x3, 0x5}, {0x3, 0x5}, {0x1, 0x2}, {0x1, 0x2}, {0x3, 0x3}, {0x2, 0x9}, {0x4, 0x9}, {0x0, 0x7}, {0x0, 0x3}, {0x7, 0xa}, {0x1, 0x6}, {0x6, 0x1}, {0x5, 0x8}, {0x1, 0x1}, {0x3, 0x5}, {0x7, 0x4}, {0x2, 0xa}, {0x1, 0x3}, {0x5, 0xa}, {0x0, 0x6}, {0x1, 0xa}, {0x0, 0x2}, {0x6, 0x2}, {0x6, 0x7}, {0x6, 0x3}, {0x0, 0x4}, {0x6, 0xa}, {0x1, 0x1}, {0x2, 0xa}, {0x5}, {0x4}, {0x1, 0x3}, {0x3, 0x4}, {0x2}, {0x3, 0x9}, {0x6, 0x2}, {0x7, 0x6}, {0x0, 0x8}, {0x3, 0x1}, {0x3, 0x1}, {0x6, 0x8}, {0x2, 0x3}, {0x7, 0x4}, {0x0, 0x8}, {0x4, 0x4}, {0x0, 0x5}, {0x5, 0x3}]}, @NL80211_TXRATE_HT={0x17, 0x2, [{0x4, 0x2}, {0x7, 0x4}, {0x1, 0x8}, {0x3, 0x5}, {0x7, 0x5}, {0x4, 0x5}, {0x7, 0x1}, {0x3, 0x9}, {0x5, 0xa}, {0x7, 0x1}, {0x7, 0x2}, {0x4, 0xa}, {0x0, 0x6}, {0x7, 0x6}, {0x4, 0xa}, {0x3}, {0x6, 0x7}, {0x1, 0x3}, {0x0, 0x4}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_6GHZ={0x40, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x31, 0x2, [{}, {0x7}, {0x4, 0x1}, {0x4}, {0x1, 0xa}, {0x2, 0x1}, {0x0, 0x8}, {0x4, 0xa}, {0x6, 0x9}, {0x2, 0x6}, {0x0, 0x4}, {0x6, 0x2}, {0x0, 0x5}, {0x1, 0x3}, {0x2, 0x9}, {0x4, 0x3}, {0x2, 0x9}, {0x4, 0xa}, {0x7, 0x3}, {0x2, 0x9}, {0x3, 0x6}, {0x6}, {0x3, 0xa}, {0x7, 0x2}, {0x0, 0xa}, {0x5, 0xa}, {0x3, 0x3}, {0x2, 0x6}, {0x2, 0x7}, {0x0, 0x1}, {0x7, 0xa}, {0x0, 0x2}, {0x7, 0x3}, {0x2, 0xa}, {0x6, 0x8}, {0x4, 0x7}, {0x6, 0x3}, {0x4}, {0x4, 0x7}, {0x0, 0x4}, {0x4, 0x9}, {0x2, 0x6}, {0x5, 0x3}, {}, {0x4, 0xa}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}]}, @NL80211_ATTR_TX_RATES={0x164, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x28, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8913, 0xfff, 0x20, 0x3, 0xfff8, 0xb78, 0x6, 0x3]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_60GHZ={0x100, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x7, 0xfffd, 0x1, 0x1, 0x9, 0xfff9, 0x200]}}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x36, 0x3, 0x24, 0x18, 0x30, 0x31, 0x1, 0x12, 0x60, 0x48, 0x4, 0x1b, 0x60, 0x16]}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x30, 0x16, 0x5, 0x6, 0x4, 0x2, 0x16, 0x16, 0x4, 0x28131a5d9d4256dc, 0x30, 0x2, 0x1, 0x6, 0xc, 0xb, 0x18, 0x24, 0x1b, 0x18, 0x2, 0x3, 0x60, 0x5, 0x25]}, @NL80211_TXRATE_LEGACY={0x23, 0x1, [0x24, 0x1, 0x1b, 0xb, 0x6, 0x36, 0x16, 0x36, 0xd, 0x12, 0x4, 0x5, 0x5, 0xe, 0x1b, 0x60, 0xb, 0xb, 0x48, 0x18, 0x48, 0x24, 0x24, 0x6, 0x6c, 0x18, 0x2, 0xc, 0x12, 0x3f, 0x24]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x100, 0x1000, 0x4, 0xc0e1, 0x7ff, 0x400, 0x6338]}}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x6, 0x7}, {0x1, 0x9}, {0x5, 0x3}, {0x1, 0x7}, {0x1, 0x8}, {0x2, 0xa}, {0x3, 0x9}, {0x0, 0x5}, {0x7, 0x3}, {0x5, 0x5}, {0x2, 0x2}, {0x1, 0x2}, {0x7, 0x2}, {0x1, 0x8}, {0x2, 0x8}, {0x0, 0x2}, {0x5, 0x6}, {0x6, 0x9}, {0x7, 0xa}, {0x7, 0x1}, {0x7, 0x2}, {0x1}, {0x3, 0x5}, {0x1, 0x7}, {0x1, 0xa}, {0x7, 0x8}, {0x0, 0x4}, {0x0, 0x6}, {0x4, 0x1}, {0x7, 0x6}, {0x6, 0xa}, {0x1, 0x3}, {0x0, 0x4}, {0x7, 0x9}, {0x7, 0x1}, {0x0, 0x6}, {0x5, 0x6}, {}, {0x6, 0x2}, {0x6, 0x6}, {0x3, 0x2}, {0x2, 0x7}, {0x6, 0x7}, {0x0, 0x8}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x22, 0x1, [0x36, 0x12, 0x1, 0x5, 0x6c, 0x1, 0x62, 0xb, 0x4, 0x6, 0x2, 0x16, 0x60, 0x12, 0x36, 0x3, 0x48, 0x18, 0x0, 0x1, 0x9, 0x2, 0x3, 0x2, 0x5, 0x18, 0x48, 0xc, 0x5f, 0x18]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x16, 0x1, [0x6, 0x60, 0xb, 0x5a, 0x24, 0x60, 0x18, 0xc, 0xc, 0x6, 0x24, 0x36, 0xb, 0x6, 0x16, 0xc, 0x60, 0x1b]}]}, @NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3ff, 0x5, 0x3, 0x8, 0x0, 0x8, 0xb7, 0x99]}}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3ff, 0x7, 0x4, 0x0, 0x298, 0x0, 0x5, 0x8]}}]}]}, @NL80211_ATTR_TX_RATES={0x15c, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x48, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xb5, 0x6, 0x1ff, 0xc301, 0xe0f1, 0x1, 0x3ff, 0x7]}}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x1, 0x1}, {0x7, 0x1}, {0x7, 0x4}, {0x1, 0x8}, {0x0, 0x6}, {0x0, 0x8}, {0x2, 0xa}, {0x5, 0x6}, {0x1, 0x1}, {0x3, 0x9}, {0x0, 0x2}, {0x3, 0xa}, {0x1, 0x5}, {0x3, 0x4}, {0x5, 0x1}, {0x0, 0x7}, {0x1, 0x7}, {0x1, 0x4}, {0x1, 0x9}, {0x6, 0x1}, {0x7, 0x5}, {0x0, 0xa}, {0x1}, {0x2, 0x9}, {0x0, 0x6}, {0x3, 0x2}, {0x6, 0x3}, {0x7, 0x8}, {0x1, 0x6}, {0x6, 0x7}, {0x4, 0x5}, {0x0, 0x8}, {0x0, 0x9}, {0x5}, {0x4, 0x4}, {0x5, 0x9}, {0x1, 0x2}, {0x7, 0x2}, {0x6, 0x3}, {0x2}, {0x0, 0x3}, {0x7, 0x7}, {0x1, 0x5}, {0x1, 0x2}]}]}, @NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0xffff, 0x7, 0x1, 0x0, 0x8001, 0x800, 0x81]}}]}, @NL80211_BAND_5GHZ={0x38, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x33, 0x2, [{0x1, 0xa}, {0x0, 0x6}, {0x4, 0x2}, {0x6, 0x2}, {0x5, 0x7}, {0x6, 0x1}, {0x4, 0x5}, {0x1, 0xa}, {0x2, 0x2}, {0x4, 0x1}, {}, {0x4}, {0x3, 0x9}, {0x7, 0x6}, {0x3, 0x9}, {0x3, 0x2}, {0x2, 0x8}, {0x7, 0x4}, {0x0, 0x1}, {0x4, 0xa}, {0x3, 0x5}, {0x5, 0x4}, {0x4, 0x4}, {0x1, 0x3}, {0x5, 0x9}, {0x1, 0x1}, {0x1, 0xa}, {0x4, 0xa}, {0x6, 0x6}, {0x1}, {0x5, 0x7}, {0x0, 0x2}, {0x6, 0x7}, {0x2, 0x8}, {0x5, 0x4}, {0x0, 0xa}, {0x4, 0x9}, {0x4, 0x7}, {0x1, 0x3}, {0x1, 0x9}, {0x4, 0x4}, {0x0, 0xa}, {0x4, 0xa}, {0x7, 0x8}, {0x0, 0x2}, {0x4, 0x4}, {0x4}]}]}, @NL80211_BAND_5GHZ={0x74, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x7495, 0x1, 0x744, 0x8000, 0x7, 0x1, 0x1ff, 0x8001]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffc, 0x0, 0x101, 0x4, 0x800, 0x7, 0xfffc, 0x9]}}, @NL80211_TXRATE_HT={0x45, 0x2, [{0x1, 0x7}, {0x5, 0x3}, {0x7, 0xa}, {0x1, 0x2}, {0x6, 0x7}, {0x4, 0x4}, {0x2, 0x5}, {0x7, 0x8}, {0x4, 0x2}, {0x1, 0x5}, {0x4, 0xa}, {0x5, 0x1}, {0x3, 0x2}, {0x5, 0x9}, {0x5, 0x2}, {0x1, 0x8}, {0x7, 0x7}, {0x5, 0x2}, {0x1, 0x4}, {0x0, 0x8}, {0x1}, {0x0, 0x5}, {0x3}, {0x2}, {0x3, 0x4}, {0x1, 0x9}, {0x5}, {0x0, 0x1}, {0x6, 0xe}, {0x0, 0x2}, {0x2}, {0x3}, {0x5, 0x4}, {0x3, 0x4}, {0x1, 0x3}, {0x2, 0x2}, {0x0, 0x6}, {0x1, 0x6}, {0x7, 0x8}, {0x4, 0x2}, {0x6, 0x6}, {0x1, 0x9}, {0x6, 0x7}, {0x1, 0x1}, {0x4, 0x5}, {0x5, 0x6}, {0x3, 0x9}, {0x3, 0xa}, {0x2, 0x8}, {0x7, 0x8}, {0x0, 0x8}, {0x0, 0x9}, {0x2}, {0x4}, {0x7, 0x1}, {0x0, 0x8}, {0x2, 0x4}, {0x4, 0xa}, {0x0, 0x1}, {0x1, 0x7}, {0x0, 0x1}, {0x7, 0x2}, {0x4, 0x2}, {0x3, 0x7}, {0x0, 0x3}]}]}, @NL80211_BAND_2GHZ={0x4c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x4, 0x1b, 0x1b, 0x9, 0x24, 0x1, 0x16, 0x5, 0x7b, 0x53, 0x16, 0x60, 0x3, 0x4, 0x6c, 0x24, 0x9, 0xb, 0x48, 0x311341bde62259a8, 0x48, 0xc]}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x2, 0xb, 0x9, 0x48, 0x6, 0x9, 0x5, 0x4, 0x1, 0x3, 0x3, 0x3, 0x36, 0x1b]}, @NL80211_TXRATE_LEGACY={0x16, 0x1, [0x1, 0xc, 0x2, 0x48, 0x5, 0x36, 0x2, 0x16, 0xa, 0x6c, 0x3, 0x24, 0x36, 0x4, 0x12, 0x0, 0x30, 0x5]}]}]}, @NL80211_ATTR_TX_RATES={0x414, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x98, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x36, 0x24, 0x16, 0x5, 0x360074e202c181ea, 0xb, 0x6, 0x36, 0x24, 0x18, 0x41, 0x3, 0x9, 0x52, 0x60, 0x6, 0x30, 0x6c, 0x16, 0x60, 0x60, 0x1b, 0x60]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x9, 0x2, [{0x1, 0x1}, {0x2, 0x3}, {0x2, 0x4}, {0x1, 0x3}, {0x4, 0x7}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x27, 0x2, [{0x7, 0x6}, {0x1, 0x4}, {0x5, 0x8}, {0x7, 0x4}, {0x6, 0x9}, {0x7, 0x6}, {0x6, 0x9}, {0x0, 0x8}, {0x3, 0x9}, {0x6, 0x3}, {0x5, 0x3}, {0x3, 0x5}, {0x2, 0x3}, {0x0, 0x1}, {0x7, 0x8}, {0x4, 0x3}, {0x0, 0x7}, {0x0, 0x5}, {0x1, 0x8}, {0x4, 0x1}, {0x3}, {0x1, 0x9}, {}, {0x4}, {0x3, 0x8}, {0x6, 0x2}, {0x0, 0x9}, {0x1, 0xa}, {0x4, 0x3}, {0x4, 0xa}, {0x7, 0x3}, {0x1, 0x3}, {0x0, 0x4}, {0x1}, {0x5, 0x4}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0xfffa, 0x0, 0xff, 0x80, 0x800, 0x1, 0x81]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_6GHZ={0x74, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x20, 0x1, [0x36, 0x18, 0x30, 0x3, 0x4, 0x36, 0x30, 0x6, 0x12, 0x9, 0x1b, 0x48, 0x30, 0x2, 0x1, 0x36, 0x6, 0x5, 0x16, 0x1, 0x6c, 0x1, 0x9, 0x0, 0x36, 0x6c, 0x1, 0x3a]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x100, 0x5, 0x4, 0x3, 0x101, 0x6, 0x2, 0x400]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x36, 0x16, 0x4, 0x48, 0x78, 0x24, 0x1, 0x24]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x91d0, 0x7, 0x800, 0x4, 0x6, 0x8, 0x1, 0xd01]}}, @NL80211_TXRATE_HT={0x13, 0x2, [{0x2, 0x2}, {0x3, 0x7}, {0x2, 0xa}, {0x7, 0x8}, {0x1, 0x8}, {0x3, 0x7}, {0x1, 0x1}, {0x5}, {0x6, 0x2}, {0x7, 0x3}, {0x1, 0xa}, {0x7, 0xa}, {0x1, 0x8}, {0x4, 0x3}, {0x2, 0x4}]}]}, @NL80211_BAND_5GHZ={0x7c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xd, 0x1, [0x1b, 0x36, 0x1, 0x2, 0x4, 0x3, 0x5, 0x0, 0x2]}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x24, 0x18, 0x3, 0x1, 0x6c, 0x36, 0x3, 0x48, 0x16, 0x4, 0x1b, 0x36, 0x6, 0x12, 0x24, 0x36, 0x16, 0x6c, 0x13, 0x5, 0x36, 0x4, 0x12, 0x6c, 0x5, 0x2, 0x1b, 0x1, 0x3]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x18, 0x5, 0x1, 0x8, 0x1, 0x1000, 0x2, 0x7]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xe63, 0x63, 0xadb, 0x100, 0xb24, 0x0, 0x8, 0x9208]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x6, 0x6, 0x4, 0x9, 0x4, 0x0, 0x9cd3]}}]}, @NL80211_BAND_60GHZ={0xb8, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x17, 0x2, [{0x1}, {0x4, 0x2}, {0x7, 0x9}, {0x5, 0x1}, {0x6, 0x7}, {0x1, 0x9}, {0x2, 0x4}, {0x0, 0x7}, {0x7, 0x7}, {0x0, 0x4}, {0x0, 0x4}, {0x4, 0x2}, {0x6, 0x6}, {0x0, 0x7}, {0x3, 0x3}, {0x1, 0x6}, {0x2, 0x8}, {0x4, 0xa}, {0x3, 0x5}]}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x9, 0x6, 0x16, 0x1, 0x16, 0x60, 0x24, 0x48, 0xb, 0x12, 0x3, 0x2, 0x36, 0x16, 0x3, 0x60, 0xb, 0x18, 0x60, 0xe0c0891c7c69b1a, 0x1, 0x9, 0xfb5db98b7404837a, 0x5, 0x6c, 0x48]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x800, 0x401, 0x6, 0x3ff, 0x7, 0x2, 0x1, 0x4a78]}}, @NL80211_TXRATE_HT={0x36, 0x2, [{0x7}, {0x3, 0x5}, {0x1, 0x4}, {0x4}, {0x7, 0x3}, {0x1, 0x8}, {0x2}, {0x3, 0x6}, {0x2, 0x9}, {0x2, 0xa}, {0x1, 0x9}, {0x5, 0xa}, {0x2, 0x7}, {0x3, 0x8}, {0x0, 0x8}, {0x0, 0x1}, {0x6}, {0x5, 0x8}, {0x5, 0x5}, {0x7, 0x2}, {0x6, 0x4}, {0x5, 0x6}, {0x1, 0x5}, {0x7, 0x5}, {0x4, 0x9}, {0x7, 0x6}, {0x3, 0x7}, {0x6, 0x1}, {0x5, 0x2}, {0x3, 0x4}, {0x4, 0x3}, {0x2}, {0x1, 0x2}, {0x2}, {0x0, 0x2}, {0x5, 0x3}, {0x0, 0x3}, {0x2, 0x1}, {0x6, 0x3}, {0x2, 0x7}, {0x4}, {0x0, 0x7}, {0x1, 0x7}, {0x1, 0x7}, {0x4}, {0x3, 0xa}, {0x7, 0x8}, {0x3}, {0x1, 0x7}, {0x3, 0x7}]}, @NL80211_TXRATE_HT={0x23, 0x2, [{0x3, 0x1}, {0x5, 0x5}, {0x5, 0x5}, {0x4, 0xa}, {0x5, 0x2}, {0x0, 0x3}, {0x2}, {0x7, 0xa}, {0x6, 0x8}, {0x2, 0xa}, {0x1, 0x7}, {0x6, 0x8}, {0x7, 0x7}, {0x4, 0x8}, {0x4, 0x5}, {0x0, 0x6}, {0x3, 0x1}, {0x5, 0x9}, {0x0, 0x7}, {0x3, 0x7}, {0x2, 0x2}, {0x0, 0xa}, {0x0, 0xa}, {0x7, 0x4}, {0x0, 0x9}, {0x0, 0x8}, {0x6, 0x8}, {0x5, 0x4}, {0x7, 0x2}, {0x6, 0x8}, {0x3}]}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x9, 0x6c, 0x48, 0x48, 0x6c]}]}, @NL80211_BAND_5GHZ={0x110, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x6, 0x6, 0x3ff, 0x7ff, 0xb1a, 0x1b, 0xbba]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x10, 0x8, 0x9, 0x68c, 0x1000, 0x3740, 0xffff, 0x33]}}, @NL80211_TXRATE_HT={0x4b, 0x2, [{0x7, 0x8}, {0x5, 0x4}, {0x2, 0x4}, {0x2, 0x8}, {0x6, 0x1}, {}, {0x7, 0x6}, {0x6, 0x7}, {0x2, 0x6}, {0x6}, {0x0, 0x2}, {0x1, 0x5}, {0x6, 0x3}, {0x0, 0x7}, {0x2, 0xa}, {0x3, 0x8}, {0x6}, {0x6, 0x6}, {0x0, 0x6}, {0x5, 0x3}, {0x0, 0x5}, {0x1, 0x9}, {0x5, 0x6}, {0x5, 0x9}, {0x7, 0xa}, {0x0, 0x4}, {0x0, 0x1}, {0x0, 0x3}, {0x7, 0x1}, {0x0, 0x7}, {0x3, 0xa}, {0x3, 0x8}, {0x2, 0xa}, {0x1, 0x3}, {0x0, 0x5}, {0x6, 0x5}, {0x3, 0x9}, {0x1}, {0x1, 0x4}, {0x3, 0x9}, {0x0, 0x1}, {0x3}, {0x2, 0x2}, {0x6, 0x9}, {0x5, 0x2}, {0x5}, {0x1, 0x8}, {0x4, 0x8}, {0x0, 0xa}, {0x4, 0x8}, {0x3, 0x7}, {0x4, 0x5}, {0x7, 0x8}, {0x7, 0x7}, {0x5, 0x2}, {0x0, 0x4}, {0x7, 0x5}, {0x5, 0x7}, {0x7, 0x3}, {0x7, 0x7}, {0x1, 0x8}, {0x7, 0x5}, {0x1, 0x5}, {0x0, 0x4}, {0x3, 0x8}, {0x1, 0x3}, {0x4, 0x1}, {0x0, 0x5}, {0x6, 0x8}, {0x3, 0x1}, {0x0, 0x8}]}, @NL80211_TXRATE_HT={0x38, 0x2, [{0x3, 0x1}, {0x3, 0x1}, {0x6, 0x5}, {0x1, 0x8}, {0x2, 0x8}, {0x3, 0x6}, {0x5, 0x7}, {0x2, 0x1}, {0x0, 0x4}, {0x6, 0x7}, {0x3, 0x3}, {0x7, 0x9}, {0x2, 0x8}, {0x1, 0x9}, {0x6, 0x5}, {0x3}, {0x1, 0x6}, {0x3, 0x5}, {0x4, 0x4}, {0x3, 0x3}, {0x6}, {0x0, 0x6}, {0x6, 0x2}, {0x5, 0x6}, {0x1, 0x9}, {0x3, 0x1}, {0x3, 0x5}, {0x0, 0xa}, {0x3, 0xa}, {0x0, 0xa}, {0x6, 0x1}, {0x1, 0x1}, {0x5, 0x2}, {0x2, 0x3}, {0x1, 0x3}, {0x7, 0x9}, {0x6, 0x1}, {0x1, 0x9}, {0x0, 0x9}, {0x6, 0x2}, {0x1, 0x3}, {0x0, 0xa}, {0x3}, {0x7, 0x7}, {0x0, 0x1}, {0x0, 0xa}, {0x3, 0x9}, {0x1, 0x5}, {0x1, 0x2}, {0x1, 0x8}, {0x5, 0x7}, {0x0, 0x3}]}, @NL80211_TXRATE_HT={0x44, 0x2, [{0x4, 0x6}, {0x0, 0x1}, {0x6, 0x3}, {0x7, 0x4}, {0x4, 0x5}, {0x1, 0x5}, {0x1, 0x8}, {0x4, 0x2}, {0x2, 0x2}, {0x2}, {0x2, 0x6}, {0x3, 0x5}, {0x6}, {0x7, 0x3}, {0x5, 0x6}, {0x1, 0x7}, {0x0, 0x9}, {}, {0x6, 0x4}, {0x1, 0x7}, {0x5, 0x2}, {}, {0x4, 0x5}, {0x4}, {0x3, 0x3}, {0x5}, {0x5, 0x5}, {0x5, 0x7}, {0x4, 0x3}, {0x4, 0x2}, {0x5, 0x7}, {0x1, 0x7}, {0x7}, {0x0, 0x5}, {0x2, 0x1}, {0x2, 0x3}, {0x1, 0x4}, {0x4, 0x1}, {0x5, 0x9}, {0x6, 0xa}, {0x7, 0x7}, {0x1, 0x8}, {0x7, 0x5}, {0x0, 0x1}, {0x0, 0x5}, {0x7}, {0x3, 0x4}, {0x4, 0x6}, {0x0, 0x5}, {0x2, 0x8}, {0x4, 0x8}, {0x1, 0x4}, {0x1, 0x8}, {0x7, 0x6}, {0x1, 0x6}, {0x4, 0xa}, {0x7, 0x6}, {0x5, 0xa}, {0x1}, {0x4, 0x8}, {0x0, 0x8}, {0x4, 0x6}, {0x5}, {0x1, 0x1}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7f, 0x3, 0x9, 0x101, 0x21, 0x1, 0x8001, 0xfffb]}}]}, @NL80211_BAND_2GHZ={0x60, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x44, 0x2, [{0x3, 0x4}, {0x4, 0x8}, {0x5, 0x2}, {0x7, 0x3}, {0x3, 0x5}, {0x2, 0x6}, {0x2, 0x8}, {}, {0x0, 0x5}, {0x1, 0x6}, {0x6}, {0x0, 0x2}, {0x6, 0x9}, {0x4, 0x2}, {0x4, 0x1}, {0x4}, {0x2, 0x1}, {0x1, 0xa}, {0x1, 0x7}, {0x5, 0x9}, {}, {0x4, 0x6}, {0x4}, {0x1, 0x8}, {0x3, 0xa}, {0x1, 0x1}, {0x5, 0x1}, {0x1}, {0x5, 0xa}, {0x7, 0x9}, {0x2, 0x8}, {0x7, 0x5}, {0x3}, {0x2, 0xa}, {0x0, 0x3}, {0x5}, {0x3, 0x6}, {0x0, 0x3}, {0x0, 0x7}, {0x7, 0x1}, {0x3, 0x7}, {0x7, 0x7}, {0x2, 0xa}, {0x1, 0x8}, {0x0, 0x9}, {0x6}, {0x7, 0x5}, {0x5}, {0x0, 0x3}, {0x1, 0x5}, {0x6, 0x5}, {0x0, 0x2}, {0x6, 0xa}, {0x0, 0x5}, {0x0, 0x7}, {0x1}, {0x1, 0x4}, {0x5, 0x7}, {0x7, 0x8}, {0x0, 0x6}, {0x7, 0x5}, {0x1, 0x2}, {0x1, 0x1}, {0x4, 0x3}]}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x6, 0x8}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x60, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x2, 0x8}, {0x6, 0x6}, {0x0, 0x7}, {0x4, 0x1}, {0x6, 0x3}, {}, {0x6, 0x2}, {0x1, 0xa}, {0x7, 0x7}, {0x4, 0x6}, {0x4, 0x6}, {0x5, 0x7}]}, @NL80211_TXRATE_HT={0x31, 0x2, [{0x3, 0x9}, {0x2}, {0x4, 0x9}, {0x0, 0x1}, {0x5, 0x7}, {0x0, 0x4}, {0x1, 0x6}, {0x5, 0x6}, {0x4, 0x6}, {0x1, 0x5}, {0x3, 0x9}, {0x4, 0x1}, {0x7, 0x2}, {0x6, 0x2}, {0x0, 0x3}, {}, {0x2, 0x5}, {}, {0x1, 0x7}, {}, {}, {0x0, 0x4}, {0x6, 0x6}, {0x7}, {0x7, 0x6}, {0x0, 0x2}, {0x5, 0x7}, {0x1, 0x4}, {0x0, 0x3}, {0x5, 0x6}, {0x1, 0x9}, {0x4, 0x2}, {0x4, 0x9}, {0x5}, {0x4, 0x8}, {0x6, 0x1}, {0x2, 0x5}, {0x6, 0x6}, {0x5, 0x5}, {0x3, 0xa}, {0x5}, {0x5, 0x6}, {0x1, 0x9}, {0x4, 0x1}, {0x7, 0x3}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}]}, @NL80211_ATTR_TX_RATES={0x214, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x78, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x5, 0x1b, 0xc, 0xa46ab611684152dc, 0x48, 0x2a]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x2, 0x1b, 0x5, 0x4, 0x5, 0x18, 0xf, 0x12, 0x1, 0x1, 0x3, 0x1b, 0x7e]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x8, 0x1, 0x200, 0x8000, 0x80, 0xc101, 0x7]}}, @NL80211_TXRATE_LEGACY={0x22, 0x1, [0x24, 0x16, 0xc, 0x48, 0x60, 0x24, 0x3, 0x36, 0x12, 0x48, 0x1, 0xb, 0x6c, 0x6, 0x0, 0xb, 0x18, 0x60, 0x60, 0x16, 0x12, 0x48, 0x5, 0x6, 0x30, 0x4, 0x18, 0xc, 0x60, 0x5]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x1, 0xf9, 0x2, 0x9a9, 0x1f, 0x7, 0x5e]}}]}, @NL80211_BAND_60GHZ={0xe4, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x36, 0x2, [{0x2, 0x8}, {0x6, 0x6}, {0x2, 0x8}, {0x6, 0x4}, {0x0, 0x7}, {0x0, 0x2}, {0x5}, {0x4, 0x4}, {0x6, 0x1}, {0x6, 0x7}, {0x1, 0x7}, {0x5, 0x7}, {0x4, 0x9}, {0x2, 0x9}, {0x3, 0x5}, {0x0, 0x8}, {0x4, 0xa}, {0x4}, {0x3, 0x9}, {0x4, 0x6}, {0x4, 0x1}, {0x5, 0x2}, {0x3, 0x4}, {0x3, 0x4}, {0x5, 0x3}, {0x5, 0x7}, {0x6}, {0x1}, {0x4, 0x9}, {0x7, 0x8}, {0x4, 0x8}, {0x1}, {0x5, 0x9}, {0x2, 0x6}, {0x3, 0x9}, {0x2, 0x8}, {0x4, 0x8}, {0x0, 0x1}, {0x2, 0x1}, {0x6, 0x3}, {0x7, 0x8}, {0x3, 0x5}, {0x0, 0x7}, {0x6, 0x7}, {0x6, 0x6}, {0x4, 0x7}, {0x0, 0x2}, {0x3, 0x3}, {0x4, 0x8}, {0x6, 0x1}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x6, 0x6, 0x5, 0x16, 0x63, 0x5, 0x12, 0x9, 0x48, 0x36, 0x16, 0x48, 0x16, 0x3, 0x6c, 0xb, 0xb, 0x2, 0x12, 0x60, 0x60, 0xc, 0x0]}, @NL80211_TXRATE_HT={0x20, 0x2, [{0x0, 0x9}, {0x1, 0x3}, {0x3, 0x7}, {0x1, 0x7}, {0x2, 0x4}, {0x0, 0x6}, {0x0, 0x2}, {0x1}, {0x5, 0x6}, {0x4, 0x5}, {0x0, 0x3}, {0x7, 0x4}, {0x0, 0x4}, {0x4, 0x5}, {0x6, 0xa}, {0x4, 0x7}, {0x6, 0x3}, {0x0, 0x3}, {0x0, 0x4}, {0x2, 0x9}, {0x2, 0x2}, {0x2, 0x8}, {0x0, 0x1}, {0x0, 0x5}, {0x1, 0x4}, {0x4, 0x4}, {0x1, 0x3}, {0x7, 0x1}]}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x30, 0x4, 0x68, 0x18, 0xc, 0x48]}, @NL80211_TXRATE_HT={0x15, 0x2, [{0x7, 0xa}, {0x3}, {0x0, 0x2}, {0x6, 0x1}, {0x6, 0x3}, {0x7, 0x8}, {0x5, 0x8}, {0x5, 0x3}, {0x1, 0x6}, {0x2, 0x4}, {0x6, 0x1}, {0x2, 0x6}, {0x4}, {0x1}, {0x6, 0x4}, {0x0, 0x3}, {0x7, 0x6}]}, @NL80211_TXRATE_HT={0x3d, 0x2, [{0x7, 0x4}, {0x0, 0x5}, {0x5, 0x4}, {0x1, 0x2}, {0x6, 0x3}, {0x0, 0x7}, {0x3, 0x4}, {0x2, 0x9}, {0x3, 0x7}, {0x4, 0x1}, {0x4, 0x1}, {0x0, 0x9}, {0x7, 0x4}, {0x0, 0x4}, {0x0, 0x1}, {0x4, 0xa}, {0x1, 0x9}, {0x0, 0x6}, {0x6, 0x5}, {0x6, 0x8}, {0x6, 0x7}, {0x2, 0xa}, {0x4, 0x6}, {0x4, 0x7}, {0x5, 0x4}, {0x2, 0x3}, {0x5, 0x6}, {0x1}, {0x7, 0xa}, {0x0, 0x7}, {0x6, 0x5}, {0x3, 0x3}, {0x0, 0x6}, {0x4, 0x7}, {0x5, 0x1}, {0x7, 0x2}, {0x1}, {0x2, 0x8}, {0x7, 0x9}, {0x0, 0x7}, {0x4, 0x5}, {0x6, 0x8}, {0x0, 0x6}, {0x6, 0x8}, {0x4, 0x8}, {0x4, 0x2}, {0x4, 0xa}, {0x3, 0xa}, {0x5, 0x5}, {0x2, 0x8}, {0x1, 0xa}, {0x7, 0x7}, {0x0, 0x3}, {0x2, 0xa}, {0x1, 0x8}, {0x2, 0x1}, {0x0, 0x8}]}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_2GHZ={0x20, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x3]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x80, 0x400, 0xffff, 0x3, 0x100, 0xfffd, 0x6]}}]}, @NL80211_BAND_60GHZ={0x48, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x0, 0xfffd, 0x2, 0x101, 0x0, 0x7]}}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x9, 0x3, 0xb, 0x12, 0x18, 0x27, 0x48, 0x9, 0x6c, 0xb, 0x2, 0x2, 0x3, 0x3c, 0x36, 0xc, 0x0, 0x2, 0xd, 0x1b]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_5GHZ={0x40, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x8, 0x1, [0x6c, 0x24, 0x36, 0x24]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x4, 0x7fff, 0x0, 0xc000, 0x7, 0x9, 0xffff]}}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x6c, 0x1, 0x60, 0x12, 0x30, 0x6c, 0x60, 0x24, 0x12, 0x16, 0x9]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}, @NL80211_ATTR_TX_RATES={0x224, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x3c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x36, 0x2, [{0x4}, {0x3, 0x8}, {0x5, 0x2}, {0x0, 0x6}, {0x4, 0x6}, {0x4, 0x9}, {0x1, 0x9}, {0x1}, {0x5, 0x3}, {0x4, 0x9}, {0x5}, {0x6, 0x8}, {0x0, 0x8}, {0x1, 0xa}, {0x0, 0x4}, {0x1, 0x7}, {0x1, 0x2}, {0x7, 0xa}, {0x3, 0x5}, {0x4, 0x2}, {0x4, 0x6}, {0x0, 0x1}, {0x2, 0x5}, {0x1, 0x2}, {0x1, 0x7}, {0x0, 0x8}, {0x0, 0x2}, {0x0, 0x6}, {0x0, 0x6}, {0x3, 0x1}, {0x5, 0x4}, {0x3, 0x3}, {0x7, 0x8}, {0x0, 0xa}, {0x5, 0x2}, {0x3, 0x14}, {0x0, 0x8}, {0x3, 0x7}, {0x3, 0x9}, {0x0, 0x9}, {0x3, 0x3}, {0x0, 0x3}, {0x5, 0x9}, {0x5, 0x5}, {0x2, 0x5}, {0x7, 0x5}, {0x2, 0x8}, {0x3, 0x7}, {0x5}, {0x0, 0x2}]}]}, @NL80211_BAND_2GHZ={0x6c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x7fff, 0x6, 0x800, 0x4, 0x9, 0x7fff, 0xffff, 0x3]}}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x4, 0x5, 0x60, 0x48, 0x3, 0x18, 0x16, 0x36, 0x30, 0x24]}, @NL80211_TXRATE_HT={0x42, 0x2, [{0x7, 0x8}, {0x2, 0x1}, {0x0, 0x7}, {0x7, 0x5}, {0x1, 0x5}, {0x4, 0x2}, {0x0, 0x9}, {0x5, 0x6}, {0x1, 0x1}, {0x0, 0x9}, {0x7, 0x3}, {0x5, 0x5}, {0x1, 0xa}, {0x0, 0x1}, {0x0, 0x6}, {0x6, 0x5}, {0x3, 0x9}, {0x3, 0x4}, {0x4, 0xa}, {0x2, 0x2}, {0x1, 0x2}, {0x7, 0x9}, {0x1, 0x9}, {0x1, 0x7}, {0x7, 0x4}, {0x7, 0x2}, {0x4, 0x7}, {0x5, 0x9}, {0x0, 0x3}, {0x1, 0x6}, {0x5, 0x4}, {0x6, 0x8}, {0x0, 0xa}, {0x1, 0x3}, {0x5, 0x6}, {0x4, 0x9}, {0x2, 0x5}, {0x7, 0x9}, {0x6, 0x6}, {0x5, 0x3}, {0x5, 0x7}, {0x0, 0x3}, {0x3, 0xa}, {0x3, 0x3}, {0x3, 0x8}, {0x7, 0x8}, {0x2, 0xa}, {0x5, 0x2}, {0x1, 0x6}, {0x2, 0xa}, {0x0, 0x2}, {0x4, 0x9}, {0x5, 0x7}, {0x2, 0x1}, {0x4, 0x6}, {0x4, 0x3}, {0x6, 0x3}, {0x1, 0x2}, {0x2, 0x3}, {0x1, 0x2}, {0x7, 0x9}, {0x4, 0x2}]}]}, @NL80211_BAND_6GHZ={0x54, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x32, 0x2, [{0x6, 0x3}, {0x1, 0x5}, {0x4, 0x6}, {0x7, 0x2}, {0x7, 0xa}, {0x1, 0xa}, {0x6, 0x3}, {0x1, 0x9}, {0x4, 0x6}, {0x1, 0xa}, {0x1, 0x1}, {0x5}, {0x4, 0x6}, {0x5, 0x8}, {0x6, 0x7}, {0x6, 0x2}, {0x5, 0x4}, {0x0, 0x9}, {0x3, 0x2}, {0x4, 0x1}, {0x2, 0x3}, {0x2}, {0x7}, {0x0, 0x2}, {0x6, 0x9}, {0x4, 0x5}, {0x1, 0x1}, {0x2, 0x4}, {0x5, 0x9}, {0x0, 0x9}, {0x4, 0x7}, {0x5, 0x1}, {0x7, 0x2}, {0x6, 0x5}, {0x0, 0xa}, {0x5, 0x4}, {0x6, 0x4}, {0x4, 0x2}, {0x4}, {0x1}, {0x6, 0xa}, {0x6, 0x6}, {0x0, 0x2}, {0x6}, {0x0, 0x4}, {0x6, 0x7}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0xf5, 0x4, 0xffff, 0x9, 0x9, 0xf9, 0x1f]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_5GHZ={0x48, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x19, 0x1, [0x18, 0x48, 0x3, 0x4, 0x16, 0x24, 0xc, 0x36, 0x36, 0x4, 0xb, 0x5, 0x5c, 0x60, 0xb, 0x16, 0xc, 0x12, 0x30, 0x24, 0x60]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x24, 0x12, 0x2, 0xc, 0x12, 0x9, 0x16, 0x1]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x3, 0x1b, 0x1b, 0x36, 0x30, 0xc, 0x30, 0x60, 0x6c, 0x5ccb726be03577bf, 0x9, 0x60, 0xb]}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x60, 0xc, 0xb, 0x48]}]}, @NL80211_BAND_60GHZ={0x54, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x31, 0x2, [{0x3}, {0x0, 0x5}, {0x1, 0x1}, {0x7}, {0x5, 0x8}, {0x7, 0x2}, {0x0, 0x2}, {0x0, 0x6}, {0x1, 0x6}, {0x1, 0x1}, {0x7, 0x7}, {0x1, 0x3}, {0x7, 0x1}, {0x2}, {0x2, 0x4}, {0x7, 0xa}, {0x7, 0x8}, {0x3, 0x1}, {0x2, 0x4}, {0x2, 0x9}, {0x7, 0x5}, {0x4}, {0x3, 0x4}, {0x7, 0xa}, {0x1, 0x2}, {0x6, 0x1}, {0x1, 0x1}, {0x6, 0x4}, {0x3}, {0x6, 0x1}, {0x1, 0x6}, {0x6, 0x4}, {0x4, 0x6}, {0x7, 0x2}, {0x5, 0x3}, {0x3, 0x2}, {0x6, 0x8}, {0x7, 0x9}, {0x7, 0x2}, {0x0, 0x5}, {0x5, 0x9}, {0x2, 0x8}, {0x4, 0x2}, {0x4, 0x8}, {0x3, 0x1}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x7, 0x69, 0x81, 0x8793, 0x101, 0x5, 0x656]}}]}, @NL80211_BAND_5GHZ={0x88, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x400, 0x7, 0x2, 0x5, 0x587, 0x5, 0x1, 0x1]}}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x7, 0x4}, {0x4, 0x8}, {0x4, 0x4}, {0x7, 0xa}, {0x5, 0x9}, {0x4, 0x4}, {}, {0x5, 0x8}, {0x7, 0x7}, {0x1, 0x6}, {0x5, 0xa}, {0x1, 0x8}, {0x3, 0x8}, {0x5, 0x7}, {0x6, 0xa}, {0x7, 0x9}, {0x5, 0x9}, {}, {0x2, 0x9}, {0x1, 0x1}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x7fff, 0x570, 0x4, 0x9, 0x1, 0x5]}}, @NL80211_TXRATE_LEGACY={0x1c, 0x1, [0x6c, 0x12, 0x6c, 0xc, 0x0, 0x48, 0x60, 0x3e, 0x5, 0x9, 0xc, 0x9, 0x2, 0x30, 0x6, 0x6, 0x1, 0x1b, 0xc, 0x18, 0xf2, 0x1b, 0x33, 0x12]}, @NL80211_TXRATE_HT={0xe, 0x2, [{0x5, 0x6}, {0x5, 0x3}, {0x0, 0x3}, {0x1, 0x8}, {0x4, 0x5}, {0x5, 0x1}, {0x6, 0x5}, {0x0, 0x11}, {0x2}, {0x7, 0x5}]}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0x12, 0x0, 0x6]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}, @NL80211_ATTR_TX_RATES={0xf0, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x9c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2f, 0x2, [{0x3}, {0x6, 0x7}, {0x3, 0x2}, {0x5, 0xa}, {0x4, 0x2}, {0x0, 0x9}, {0x1, 0x9}, {0x7, 0x6}, {0x2, 0x8}, {0x7, 0x4}, {0x7, 0x6}, {0x1}, {0x1, 0x5}, {0x4, 0x8}, {0x1, 0x3}, {0x2, 0x2}, {0x4, 0x5}, {0x7, 0x2}, {0x7}, {0x4, 0x6}, {0x2, 0x5}, {0x5, 0x2}, {0x2, 0x5}, {0x7, 0x8}, {0x6, 0x2}, {0x1, 0x3}, {0x0, 0x5}, {0x3}, {0x0, 0x7}, {0x4, 0x3}, {0x4, 0x9}, {0x4, 0x7}, {0x3, 0x2}, {0x6}, {0x5, 0x3}, {0x1, 0x8}, {0x1, 0x1}, {0x5, 0xa}, {0x4, 0x1}, {0x1, 0x7}, {0x0, 0x3}, {0x4, 0x8}, {0x1, 0x7}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x6c, 0xc, 0x4, 0x12, 0x16, 0xb, 0x36, 0x48, 0x1, 0x6c]}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x24, 0x9, 0x3, 0x6c, 0x24, 0x18, 0xb, 0xb, 0x4d, 0xc, 0x3, 0x2, 0x16, 0x24, 0x36, 0x6c, 0x2, 0xb, 0x36, 0xc, 0x0, 0x1b, 0x5, 0x5, 0x12, 0x5, 0x16, 0x3b]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0xdbd8, 0xfff, 0x3, 0x8000, 0x8000, 0x1, 0x5]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x9, 0x7, 0x2, 0x3, 0x0, 0x100, 0x200]}}]}, @NL80211_BAND_2GHZ={0x50, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x12, 0x2, [{0x0, 0x4}, {0x4, 0x6}, {0x6, 0x7}, {0x2, 0x8}, {0x5, 0x5}, {0x0, 0x2}, {0x4, 0x5}, {0x7, 0x9}, {0x5, 0x4}, {0x0, 0x3}, {0x0, 0x6}, {0x1, 0x7}, {0x2, 0x1}, {0x7, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x5, 0x8001, 0x1, 0x2, 0x6, 0x80, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3b1b, 0x1, 0x6, 0x5, 0xfff, 0x14a7, 0x1d, 0x514]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}]}]}]}, 0xcd0}, 0x1, 0x0, 0x0, 0x20000000}, 0x14040000) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x48, 0x12, 0x101, 0x0, 0x0, {0x1}, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@dev}, @nested={0x4}, @nested={0x28, 0x24, 0x0, 0x1, [@typed={0x4}, @typed={0x14, 0x44, 0x0, 0x0, @ipv6=@empty}, @typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0) 12:29:03 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:29:03 executing program 3: openat(0xffffffffffffff9c, 0x0, 0x200001, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r0 = socket$inet(0x2, 0x1, 0x0) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10) setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000100)=0x20, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000180)={0x1, 0x0, 0x0, 0xce5}) fcntl$lock(r1, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) sendto$inet(r1, &(0x7f0000000380)="975c105e268962fe5d946a6a906b9d10705baf3cfa76f84640ad7f2f0147e08b1f3881ba88895a8dbd30d5883333eec2e71cffe33bcf1284df2d8282355e389aaf69b3f30baa8633fed36d886239114e7ae3ffd3813b3a95f95a8f069b1c50b482c8967d7ab22f5f59e08b19a91a8406b4099362b3d64ddbb1cd72e58f1add89592872306af4cd8f3ef4b52f50f623e268a56855b3994d721e917cbeb42e5b87747b0f3c0a5ccc1a2b0b36454e8b0f55fa336ec06560560ef487b01ac75a05e41bf09578530f2f4bd84d948cd1ed03d605b684291586f6614f46aaec8273934a8bfc3059780b09edb2e767aab65cad942a19dd91e8fca2dc644c57242029ee0350cf4a74b7c092e12864864821d9308ad6ba49d63b3777f6e3985de4b2b03dd63e7489f0f3818aa56081bd493fef1c7c0655779201595b54c4685f90ced2cf6405b70344150043b1db92321783e66a2ba4321912eb9ac65e23ca30a238cb41cb0b380bb8bea1869f0f5587c95c64e1c97dc12d58e9eb11d02d5e5f041c7ea5d812867e5c719676727806691e595b1cd81949207e571055c12ec1d07cafa4939fa632990195681767263a4be15802542e99e12b275c5f49d705cee01b5748b2682c89e7aa3d2a48b82998eaa03e2f77e2dcea3895a01349c9e98e89e4b4bfb54449c27ad28f96baed52ada492a77678a8287712982b9389b8e9e7db50d4dc90f46b25628bcff0704112234bcae7aa1498adb23c4ca1bbcee2d2c26fe62acf3c3f0b6ae36ee58f5dead2c0241fd6af89e1b79bd9fa7543d33b95fe681d5ccd92ce10faea9161354e303ba2b5b65a4d9956852a49370791c5807f8df04e7adfd60287b491409c4e9923f28d35c10ed5dcb226ba74052fb7e8c64d8e8488113cef0001fe7bb5e24478cf0002e692370b408cf5116ab92c831a55a0fa899f7d91f6cc42cd3d2c28dd4354959b4932b6c1f20d82a5061b3cd0fd11c1b640e7fda9b6d6f6305ea6da8cbfa2b790e78936db4e6771c0eb9b818a05f9859b7e79ba1cb8d10b4e1ba28a6ea388bd9fbed9dbd8a21de9b2172e6bdc08d97ecf6b59c002feec2338b41df5f7aeb4c4202d29dbe4318b27d9e6c7eb25fe65c9c33e1225ed8f3088432a8f5bd007a730664f40d32ea642f69094f9f5dcf1ad317caca79269f914dee7f551057f318622fda91f7a0962bce7ee8bd38d0311b27d92c6d5e04851ea26d09f01f89a73eee406d61127ab6aacbdd18acc7713447dbc5072e7714cac1a26b0aa6787b95c49470ad8c3782db9f55579917c0f3d983d375f92b56507704643f8567fba6f35f6e7d3120c86e8bd9aff5cdf28c6ee3c661fc63e81fef78dfd458d5ec4bdc3700c66497f9c4bdf73349823894891eb5cec0117940407dbb361edf01c5d31f7fd7e00eebad8d5d7f4d21b2bcc72b2df2fd1498d1b6e7e6e77485083b3ad9683432e14c9b1c45b143198ce4f60107d3eceb383a43b84718e4c5e140e8424f233dd28feb3637d429dcf6b1ac0d9cba3a59af136ba4b03008972ef047062248fafc9445bd50f541d0a12228cf18020e58f371b6efd4e7efc0afdcde249795bc4fe4524d6c85dad80f5e0ff9c621c41bdc67d46b054ec01e164ea7517a0406f5cd5fe173de16f4896fb2e63b6ffaa20ab5bf4f247b02834900afbc9ef400bf2b15d6ed4e0ec16ec03fe5ef5718d305e1180efb584d7218dec5cea444e919c7c775f122ff454874c57daa9b3b8b9938d7ba589bd9bebd290d93adf743313d96b8c0aba5ceee8a9cc104867a97357aa48e04c4d9e78898e386acba4379f5857f550f534c56d92c0d130707cf9ee569fef7d939405e455b0ae6e12eb27c82df53a9c3ce186436b2e725fc0f5be1e00aa05aff82d63c37c2d1d99fa6edbba35626339462d5790f49426dba2a65ca11b9ecd0098894814c72fcf561bf7365a400f75189444fc3b9b2729622e9625a7c8116481c3640fe714db829a0f256943c7f17811c56eadacff94c02f87a6e005ab99354c4e833094ea8802b2900f0c4bab51b09fdde117eff1d0a23ef2c6e3b77b1498f6c30feb66a6c2f63454e984c6108e28f8846ed4bb5be949385609a816d95d148fbbdcce7f673cf99803f4cf6363211a47d8eed1c874ae4abe933035eec490e8a82548f2bc819d0fd4808faba1c9d764b8164335718b9614202766a4937f811ee48c5c538bab14bec8bd6ec2864c1a5cb2eea0fb4e64f2fc8ee147834a52758626f928e39dd870364d1321e3ae3a5ddbfdac762d517e5403f58ecd8a0686a71542691776e5ab62129453ebf7df54c8345144c79e12c58b8ae488b3c585ba518cb4e647c7a1771f99b8af8caa342bed03985eeb62c34a921d1f6a7b3f291c92951dabb6a467f703944aa276aa5167d028e41593de06a33ea60cc5b29cfdcbcc363fd7f84f143d6fccad3cc0a82d30d6d9973ce7e5b3c45442eb155485e6e2514bee75ca1e28a85ccaae23cb20485649bae98ed31aafefb0d3f4c667aace0e83cd753bca3682f0a93f54b95c2076f9b7424517f928ded26da00e32760038d128e8e4a7cbc80d931882710b6cb43530fbf87ef7bb50a712f86b997270277c1ad996013cac3ce620f5cc366e567a9723bd0191e05617cb47a5817eb5bc943b58833e284a4aefb7e0b6bfcf99c56ce25e7cf80b762e8509a67d9283114cd94d7e4446c8e64aacf3c374f99dcfaf7cf27af4eec8966d8b33cfe97f59ad6daaabde319cfbc5c1afdef1682b188e4535758c7fccdb4b034698fb1ede37f1fe18c5ef35d0c16e5ea7a5357395c104fb0cdd0c40e4ca83d434eb3c67d2fa446267713e95589cfb4ccffa8f46ef52107e974dd85b63105d23771ebd698c515403d1cce28b95096cbe670438f1626304d3b2561fbe23aa5753ba285293e7321a9d149c8a92ad06540260cfa0c8a2f5f7b63d11c7fa206d537c8623f6dd51d87ab3828e93448bb45bc53ab8e40c916f8e41d48a9d34206ef00e74b0956ab35f67a3443f270b6627dad3129869577a020d615e5e12bd3b546b7fbc7a4ef5d7e6353e58eb647c618467cab9301d65464ff1d3d32568dbf73468e19810e6bf02dbe553f9cf68011be8f1790b64a30537927b911ce508ba2e4871f2132d33f55db9e5184cbc1da1c235f3c1e9f2fb0db23123e8de6d8d248715880c706c30bf571d75ca80c72f98f5cb124b75ab0ad5208187ef96935e422db6875d0f198cac665acd50a8b4e06d790fc7018b6f2152b32ec8fe54399c0b70ab9c4bc40b42defe2716a0d07d2256fefba3a767f8971f4124f2c3cb45736329e9ee3ab62424e3b4b8497d9d206212e8963871a42f7fc08b74a49bfcd8d74d2e198775752a68b70057d73810e20d6baa5c3927906559d4be6dbc88193df669517d2002b1e5060a65ac790d993087fba2e31f338c4f93d066e253ea7388e65cfa5840b872cc2989feb8c0184fedffffdd34e0a4c8b906b2f670315fea1d8c6a93fb3e0845520a2584ec4f10cc756947e2799360aaf4e3f2c4f77f52faaa3915ac396478ca8f6f8e90c37efd365db1d3ec6d5f340033e02a5d27ccf2bcfbbc1d618b389e7e4495892fceef319a75c5fa3df278373c0182b8c5f49f02c53433ac48c4120d99868dff89a42de0c3446f6dccde0943f0f97ed7a00223237eddbe072182cfd892a360691a85875a340adbcb002435bd34456a1335c437e1ca757bc62346bab08f62980b11df787667de646c569bd8ef79ad1bcb1b042b898f30a1311601aff34fe3f94106d90bd024a4cfa370a58080d252aea9ff5c63b61f602aa868f55fa657822ce4a9e096d57806cd7111551e7b7056d8baf88cfa95a3ed22206dcd4255555d24b9115d13769e1229f3916dce51a1afa98427914dad6fde32a49b4ef94fdbf8e9bad9fa35d73d5e279a9a14031da9e8f4b5de829751229e38a908554ef844e6f2e206427bc6c125fdd70552054402224acc1caa5f0c16a32ff443afe58c6470f6df71ab0cecbee3d6f6e23c86fcff95944031ad8c0c4d5168f68354eb7aaf21b9d5f516cca4eaad76b4d333cd44849d7980eba1751dee924c0882888245d7c0f2d06d0215df95abe3f5d5ea47451fb1b44b3ad9ddccaf04e9d418f3e69dfabc8b19f331a5fb07b287a02cbaa817ebe7023b66f99cd6169708f98d5ee037a4f635626149da00d68173133fa16704d5d742b7584e7c92ae5054fb8b98ca94a5d80dd912d0c50b78b058cc7da6f5d3bbae32e326cde52db4957c7a70b1708036a7b90f31a09fe7def6dad588bb82859f6fc94f9d2ce4a96024bb21f3dacc75ead271f36e9f9be63f229e15dde9f917b14a98e95337a266e34e8f90d3445b4a960d47cfb96cbb2b8180ea126dd71090804862bbd7f1fd0797f7f8833046b4518b6f242504afaac369ff245463e288ecad904c17fdc108899fa6cbd73f0cd14c891a26a84edbd20f92b38d89fbfabfbf475979b7c50d05db14c9572cb9e8f8e1ccadb13def67baa1111f72b6b32236d79779942b1b165423d9c6b9a822fb923abb4b511cc1ed54d0e0f162081ec31b147c0f0a6b27992ba57652479759f951f7666de25497d0c4e37012bcab9764884441c0a429de3d59553b1ae16fcd2d9a44b6b4ef38bc319e09d28338ec20f13242d3e551b86c9456be48089e43cbe861da08cc53733033025db02d96cc7712553dccc38d6a8068343ed361430ce3203e4f74d604aa4667ae40780c4120fea195fcf940916e60071a2a0ab42485616627ec896a033cb50dc93a66be92939733645d39802502a89b01cd61a2a82da9b2dacdd2a072525a7887caae9c7ed12a4450d46ed4e64352aee7e9b2c2a7d039e187232f3e38eb62d1fac4beeac03a683fe4f87661eee2eb7c7408f27915f50a9f9ce5f8514e8942e8ba3fd04f7a8cdbef4017d735cb3cbd360a42632cfae491a009f2d56fe0776e3d78c1505a471d81a03f71a81ab81d2e759d74e85ae7d59e7d018300cdda975a83396107c2ba0e297644852bb8f055325908b5a1db7dc64a0028d7390948b30246952c40bb1bdee432ed37b14b84acc1adc6b0ad0429216542a6fb16da9c9f3a4674acef2c2ec0b2d8f3fafda6b92b772c9562d5f586b2d26e22cca4b24fc20e00eef821e489ad40e4ecc65b52baa0689ab6295e22e0856d63a94e30ab7393a2448141ef00b78616a3c98c186b8ac68afcde6b193d2d5115868fe7e1b5a3a0af0dd968699dd415a74972086c92f910dc5fd991bbb76df0801d9170679a86f292953fdd0817ce79d7938b4a7545684c4a4a725ae69b27ba98ad3bc931fedd1a1790459df5f0b6f6df505f504b4e27a58574188c8aa78600067a810b1e5958a885e916af935a119af7d55598fc94f9f6adafa71228c06adc09bcb100d07cd5b142862ae8a703e49b896615a5e64374704c2deb0c7e885275d7352a54a5949f1b7d869037c36ab0c086ee86e7bbba037adc949bafc6d19bfced4c1ca9afecdf765d163667e60ee2a6a404b1f5b1f56bbc5765bf3600c0285496a2bef492afc5ebd46bf86657f5ef5798c3a17511bd15f4fcd68355a2330c9ba655f33e631c15d02d383d57775b5e2bf3aa828927732404a7c938e41d8e23357cce36fb726fceaf1da59a40504e4a0524e57bcaf08c9d2f8e9462a17fb045782cb2605eebe898c2c4d21520f7646c52ffe881aa9d184230c8ff7af85f9dc1f0d866748f8e843989777f38d7774be2ef40ea72f86c0c3c4324f9f10928a94f1b3a93ba4ee94b1d3bde68ee7861a34d46cb4ad388359cb992e74dc98d15", 0x1000, 0x40010, &(0x7f0000000080)={0x2, 0x4e23, @private=0xa010102}, 0x10) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x80800, 0x0) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f0000001380)=ANY=[@ANYBLOB="30000000010402d6afd3a8b200e5a0458ef703697354573a0200000000000000000cb01f3100000608e904010008100340000000000a0002000000000100cdade9000000bcfecd7233bfc76e7ac7a6189209cddf766f046ab99be61d4dface1e2540fa24b0d7832afc9913c0221720c6d17a716b6b703c5bface45a6362fdcdd4393b0a4e9de4ed96287ccf1646df4f4efe94f160efd321682a5316d9e6f"], 0x30}}, 0x4044880) fallocate(r2, 0x78, 0x9, 0xc000) unshare(0x48020200) [ 3024.818542] audit: type=1326 audit(1708432144.065:374): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30071 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 3025.090310] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 3029.682450] Bluetooth: hci2: command 0x0409 tx timeout [ 3031.729489] Bluetooth: hci2: command 0x041b tx timeout [ 3033.778452] Bluetooth: hci2: command 0x040f tx timeout [ 3034.511107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3034.512857] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3034.515650] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 3034.554941] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3034.557151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3034.559677] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3035.826466] Bluetooth: hci2: command 0x0419 tx timeout 12:29:27 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xfffff000, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:29:27 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:29:27 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0040abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 12:29:27 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:29:27 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xa1ffffff00000000, 0x0, 0x0) 12:29:27 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x0, &(0x7f0000000040)}) umount2(0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x900000, 0x6f22}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x0, 0x0) 12:29:27 executing program 3: openat(0xffffffffffffff9c, 0x0, 0x200001, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r0 = socket$inet(0x2, 0x1, 0x0) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10) setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000100)=0x20, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000180)={0x1, 0x0, 0x0, 0xce5}) fcntl$lock(r1, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) sendto$inet(r1, &(0x7f0000000380)="975c105e268962fe5d946a6a906b9d10705baf3cfa76f84640ad7f2f0147e08b1f3881ba88895a8dbd30d5883333eec2e71cffe33bcf1284df2d8282355e389aaf69b3f30baa8633fed36d886239114e7ae3ffd3813b3a95f95a8f069b1c50b482c8967d7ab22f5f59e08b19a91a8406b4099362b3d64ddbb1cd72e58f1add89592872306af4cd8f3ef4b52f50f623e268a56855b3994d721e917cbeb42e5b87747b0f3c0a5ccc1a2b0b36454e8b0f55fa336ec06560560ef487b01ac75a05e41bf09578530f2f4bd84d948cd1ed03d605b684291586f6614f46aaec8273934a8bfc3059780b09edb2e767aab65cad942a19dd91e8fca2dc644c57242029ee0350cf4a74b7c092e12864864821d9308ad6ba49d63b3777f6e3985de4b2b03dd63e7489f0f3818aa56081bd493fef1c7c0655779201595b54c4685f90ced2cf6405b70344150043b1db92321783e66a2ba4321912eb9ac65e23ca30a238cb41cb0b380bb8bea1869f0f5587c95c64e1c97dc12d58e9eb11d02d5e5f041c7ea5d812867e5c719676727806691e595b1cd81949207e571055c12ec1d07cafa4939fa632990195681767263a4be15802542e99e12b275c5f49d705cee01b5748b2682c89e7aa3d2a48b82998eaa03e2f77e2dcea3895a01349c9e98e89e4b4bfb54449c27ad28f96baed52ada492a77678a8287712982b9389b8e9e7db50d4dc90f46b25628bcff0704112234bcae7aa1498adb23c4ca1bbcee2d2c26fe62acf3c3f0b6ae36ee58f5dead2c0241fd6af89e1b79bd9fa7543d33b95fe681d5ccd92ce10faea9161354e303ba2b5b65a4d9956852a49370791c5807f8df04e7adfd60287b491409c4e9923f28d35c10ed5dcb226ba74052fb7e8c64d8e8488113cef0001fe7bb5e24478cf0002e692370b408cf5116ab92c831a55a0fa899f7d91f6cc42cd3d2c28dd4354959b4932b6c1f20d82a5061b3cd0fd11c1b640e7fda9b6d6f6305ea6da8cbfa2b790e78936db4e6771c0eb9b818a05f9859b7e79ba1cb8d10b4e1ba28a6ea388bd9fbed9dbd8a21de9b2172e6bdc08d97ecf6b59c002feec2338b41df5f7aeb4c4202d29dbe4318b27d9e6c7eb25fe65c9c33e1225ed8f3088432a8f5bd007a730664f40d32ea642f69094f9f5dcf1ad317caca79269f914dee7f551057f318622fda91f7a0962bce7ee8bd38d0311b27d92c6d5e04851ea26d09f01f89a73eee406d61127ab6aacbdd18acc7713447dbc5072e7714cac1a26b0aa6787b95c49470ad8c3782db9f55579917c0f3d983d375f92b56507704643f8567fba6f35f6e7d3120c86e8bd9aff5cdf28c6ee3c661fc63e81fef78dfd458d5ec4bdc3700c66497f9c4bdf73349823894891eb5cec0117940407dbb361edf01c5d31f7fd7e00eebad8d5d7f4d21b2bcc72b2df2fd1498d1b6e7e6e77485083b3ad9683432e14c9b1c45b143198ce4f60107d3eceb383a43b84718e4c5e140e8424f233dd28feb3637d429dcf6b1ac0d9cba3a59af136ba4b03008972ef047062248fafc9445bd50f541d0a12228cf18020e58f371b6efd4e7efc0afdcde249795bc4fe4524d6c85dad80f5e0ff9c621c41bdc67d46b054ec01e164ea7517a0406f5cd5fe173de16f4896fb2e63b6ffaa20ab5bf4f247b02834900afbc9ef400bf2b15d6ed4e0ec16ec03fe5ef5718d305e1180efb584d7218dec5cea444e919c7c775f122ff454874c57daa9b3b8b9938d7ba589bd9bebd290d93adf743313d96b8c0aba5ceee8a9cc104867a97357aa48e04c4d9e78898e386acba4379f5857f550f534c56d92c0d130707cf9ee569fef7d939405e455b0ae6e12eb27c82df53a9c3ce186436b2e725fc0f5be1e00aa05aff82d63c37c2d1d99fa6edbba35626339462d5790f49426dba2a65ca11b9ecd0098894814c72fcf561bf7365a400f75189444fc3b9b2729622e9625a7c8116481c3640fe714db829a0f256943c7f17811c56eadacff94c02f87a6e005ab99354c4e833094ea8802b2900f0c4bab51b09fdde117eff1d0a23ef2c6e3b77b1498f6c30feb66a6c2f63454e984c6108e28f8846ed4bb5be949385609a816d95d148fbbdcce7f673cf99803f4cf6363211a47d8eed1c874ae4abe933035eec490e8a82548f2bc819d0fd4808faba1c9d764b8164335718b9614202766a4937f811ee48c5c538bab14bec8bd6ec2864c1a5cb2eea0fb4e64f2fc8ee147834a52758626f928e39dd870364d1321e3ae3a5ddbfdac762d517e5403f58ecd8a0686a71542691776e5ab62129453ebf7df54c8345144c79e12c58b8ae488b3c585ba518cb4e647c7a1771f99b8af8caa342bed03985eeb62c34a921d1f6a7b3f291c92951dabb6a467f703944aa276aa5167d028e41593de06a33ea60cc5b29cfdcbcc363fd7f84f143d6fccad3cc0a82d30d6d9973ce7e5b3c45442eb155485e6e2514bee75ca1e28a85ccaae23cb20485649bae98ed31aafefb0d3f4c667aace0e83cd753bca3682f0a93f54b95c2076f9b7424517f928ded26da00e32760038d128e8e4a7cbc80d931882710b6cb43530fbf87ef7bb50a712f86b997270277c1ad996013cac3ce620f5cc366e567a9723bd0191e05617cb47a5817eb5bc943b58833e284a4aefb7e0b6bfcf99c56ce25e7cf80b762e8509a67d9283114cd94d7e4446c8e64aacf3c374f99dcfaf7cf27af4eec8966d8b33cfe97f59ad6daaabde319cfbc5c1afdef1682b188e4535758c7fccdb4b034698fb1ede37f1fe18c5ef35d0c16e5ea7a5357395c104fb0cdd0c40e4ca83d434eb3c67d2fa446267713e95589cfb4ccffa8f46ef52107e974dd85b63105d23771ebd698c515403d1cce28b95096cbe670438f1626304d3b2561fbe23aa5753ba285293e7321a9d149c8a92ad06540260cfa0c8a2f5f7b63d11c7fa206d537c8623f6dd51d87ab3828e93448bb45bc53ab8e40c916f8e41d48a9d34206ef00e74b0956ab35f67a3443f270b6627dad3129869577a020d615e5e12bd3b546b7fbc7a4ef5d7e6353e58eb647c618467cab9301d65464ff1d3d32568dbf73468e19810e6bf02dbe553f9cf68011be8f1790b64a30537927b911ce508ba2e4871f2132d33f55db9e5184cbc1da1c235f3c1e9f2fb0db23123e8de6d8d248715880c706c30bf571d75ca80c72f98f5cb124b75ab0ad5208187ef96935e422db6875d0f198cac665acd50a8b4e06d790fc7018b6f2152b32ec8fe54399c0b70ab9c4bc40b42defe2716a0d07d2256fefba3a767f8971f4124f2c3cb45736329e9ee3ab62424e3b4b8497d9d206212e8963871a42f7fc08b74a49bfcd8d74d2e198775752a68b70057d73810e20d6baa5c3927906559d4be6dbc88193df669517d2002b1e5060a65ac790d993087fba2e31f338c4f93d066e253ea7388e65cfa5840b872cc2989feb8c0184fedffffdd34e0a4c8b906b2f670315fea1d8c6a93fb3e0845520a2584ec4f10cc756947e2799360aaf4e3f2c4f77f52faaa3915ac396478ca8f6f8e90c37efd365db1d3ec6d5f340033e02a5d27ccf2bcfbbc1d618b389e7e4495892fceef319a75c5fa3df278373c0182b8c5f49f02c53433ac48c4120d99868dff89a42de0c3446f6dccde0943f0f97ed7a00223237eddbe072182cfd892a360691a85875a340adbcb002435bd34456a1335c437e1ca757bc62346bab08f62980b11df787667de646c569bd8ef79ad1bcb1b042b898f30a1311601aff34fe3f94106d90bd024a4cfa370a58080d252aea9ff5c63b61f602aa868f55fa657822ce4a9e096d57806cd7111551e7b7056d8baf88cfa95a3ed22206dcd4255555d24b9115d13769e1229f3916dce51a1afa98427914dad6fde32a49b4ef94fdbf8e9bad9fa35d73d5e279a9a14031da9e8f4b5de829751229e38a908554ef844e6f2e206427bc6c125fdd70552054402224acc1caa5f0c16a32ff443afe58c6470f6df71ab0cecbee3d6f6e23c86fcff95944031ad8c0c4d5168f68354eb7aaf21b9d5f516cca4eaad76b4d333cd44849d7980eba1751dee924c0882888245d7c0f2d06d0215df95abe3f5d5ea47451fb1b44b3ad9ddccaf04e9d418f3e69dfabc8b19f331a5fb07b287a02cbaa817ebe7023b66f99cd6169708f98d5ee037a4f635626149da00d68173133fa16704d5d742b7584e7c92ae5054fb8b98ca94a5d80dd912d0c50b78b058cc7da6f5d3bbae32e326cde52db4957c7a70b1708036a7b90f31a09fe7def6dad588bb82859f6fc94f9d2ce4a96024bb21f3dacc75ead271f36e9f9be63f229e15dde9f917b14a98e95337a266e34e8f90d3445b4a960d47cfb96cbb2b8180ea126dd71090804862bbd7f1fd0797f7f8833046b4518b6f242504afaac369ff245463e288ecad904c17fdc108899fa6cbd73f0cd14c891a26a84edbd20f92b38d89fbfabfbf475979b7c50d05db14c9572cb9e8f8e1ccadb13def67baa1111f72b6b32236d79779942b1b165423d9c6b9a822fb923abb4b511cc1ed54d0e0f162081ec31b147c0f0a6b27992ba57652479759f951f7666de25497d0c4e37012bcab9764884441c0a429de3d59553b1ae16fcd2d9a44b6b4ef38bc319e09d28338ec20f13242d3e551b86c9456be48089e43cbe861da08cc53733033025db02d96cc7712553dccc38d6a8068343ed361430ce3203e4f74d604aa4667ae40780c4120fea195fcf940916e60071a2a0ab42485616627ec896a033cb50dc93a66be92939733645d39802502a89b01cd61a2a82da9b2dacdd2a072525a7887caae9c7ed12a4450d46ed4e64352aee7e9b2c2a7d039e187232f3e38eb62d1fac4beeac03a683fe4f87661eee2eb7c7408f27915f50a9f9ce5f8514e8942e8ba3fd04f7a8cdbef4017d735cb3cbd360a42632cfae491a009f2d56fe0776e3d78c1505a471d81a03f71a81ab81d2e759d74e85ae7d59e7d018300cdda975a83396107c2ba0e297644852bb8f055325908b5a1db7dc64a0028d7390948b30246952c40bb1bdee432ed37b14b84acc1adc6b0ad0429216542a6fb16da9c9f3a4674acef2c2ec0b2d8f3fafda6b92b772c9562d5f586b2d26e22cca4b24fc20e00eef821e489ad40e4ecc65b52baa0689ab6295e22e0856d63a94e30ab7393a2448141ef00b78616a3c98c186b8ac68afcde6b193d2d5115868fe7e1b5a3a0af0dd968699dd415a74972086c92f910dc5fd991bbb76df0801d9170679a86f292953fdd0817ce79d7938b4a7545684c4a4a725ae69b27ba98ad3bc931fedd1a1790459df5f0b6f6df505f504b4e27a58574188c8aa78600067a810b1e5958a885e916af935a119af7d55598fc94f9f6adafa71228c06adc09bcb100d07cd5b142862ae8a703e49b896615a5e64374704c2deb0c7e885275d7352a54a5949f1b7d869037c36ab0c086ee86e7bbba037adc949bafc6d19bfced4c1ca9afecdf765d163667e60ee2a6a404b1f5b1f56bbc5765bf3600c0285496a2bef492afc5ebd46bf86657f5ef5798c3a17511bd15f4fcd68355a2330c9ba655f33e631c15d02d383d57775b5e2bf3aa828927732404a7c938e41d8e23357cce36fb726fceaf1da59a40504e4a0524e57bcaf08c9d2f8e9462a17fb045782cb2605eebe898c2c4d21520f7646c52ffe881aa9d184230c8ff7af85f9dc1f0d866748f8e843989777f38d7774be2ef40ea72f86c0c3c4324f9f10928a94f1b3a93ba4ee94b1d3bde68ee7861a34d46cb4ad388359cb992e74dc98d15", 0x1000, 0x40010, &(0x7f0000000080)={0x2, 0x4e23, @private=0xa010102}, 0x10) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x80800, 0x0) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f0000001380)=ANY=[@ANYBLOB="30000000010402d6afd3a8b200e5a0458ef703697354573a0200000000000000000cb01f3100000608e904010008100340000000000a0002000000000100cdade9000000bcfecd7233bfc76e7ac7a6189209cddf766f046ab99be61d4dface1e2540fa24b0d7832afc9913c0221720c6d17a716b6b703c5bface45a6362fdcdd4393b0a4e9de4ed96287ccf1646df4f4efe94f160efd321682a5316d9e6f"], 0x30}}, 0x4044880) fallocate(r2, 0x78, 0x9, 0xc000) unshare(0x48020200) 12:29:27 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x100, 0x11) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup(r1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000900)=ANY=[@ANYBLOB="0132ad3b99eba7a69a4aef241a4dbb2133c3cfdb077d7041fdbfffbf85fcdbe095aa3c7eff5b3c0f7142b92392a1a887dc06d163a15ea133e17993a84365ab6baee62f131811d6706162d391e967771501fe48d2774d7093fb68181856456e1478696fc3f6e25ffb247dd5ba0fe1c62ff34e3f03c4acc74e4e376e9364f3a4386d7795e90e5d2cd32980fc037a2a072a7e09c2eec32ee262c03bb500eba9e39745e8470d3354d02b7b0a297b5d84c06da4539fe18ed4197bfcb2a9bf2394aa975ed535509d6cacbb00"/226, @ANYRESDEC=r0, @ANYRESHEX]) r3 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x800, 0x2) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x0) r4 = syz_io_uring_setup(0x3ac4, &(0x7f00000002c0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) r7 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd=r7}, 0x0) close(r7) fcntl$setsig(0xffffffffffffffff, 0xa, 0x2) epoll_create(0x3) r8 = accept4(r3, &(0x7f0000000240)=@caif=@dbg, &(0x7f0000000440)=0x80, 0x1000) sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, 0x1, 0x1, 0x5, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x1) r9 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SG_IO(r9, 0x2285, &(0x7f0000000340)={0x53, 0x0, 0x36, 0x0, @buffer={0x300, 0xa3, &(0x7f00000005c0)=""/163}, &(0x7f0000000400)="4feb7dc9166b6447a088582072c238800a92451d113f8c0580441e896595a1225a3281da76798b7719fc27f0eb034bc3c3e044325e23", 0x0, 0x2, 0x0, 0x0, 0x0}) r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r4, 0x0) syz_io_uring_submit(r10, r6, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r4, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 3048.111552] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3048.111552] program syz-executor.4 not setting count and/or reply_len properly 12:29:27 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0xfffffffffffffe18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2bb, 0x4}, 0x0, 0x2, 0x0, 0x2, 0x4, 0x3b, 0x1, 0x0, 0xfff, 0x0, 0x8}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x3) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="30114100008482f7e0f70ef3000000000000000500000000000000820d5f13000080487fec864b245e0f3f9be149f8d6c77220c3fcf35d29bc50e2c329f228a4ecdcbf1f6963052f3351f9dde59442b4b0bf33aaf14a1e025d4dbe7a1275b210fdea34bd1d95404d404bd572bd3ad148d3d5f2f48693c2fc1e4889d5501041647feb9ecddc70760d94252454f66a1a6945c3c1b7bfa905245262f13e02c6db64f2c7e716a9476393d5c7e50ea91bb8340200259b2a14b3855f6043ab78cf8ae310cc000010e16b080000000000000093b21f1f3507a879bd1f4968c769ddd6c9fd8f1dad13c4275bc43c0215c9b9e9c70d9513c2654cab560d1f2beb080420a8f5833ea492d6cb8a5d3476c6c639b1fa4d8f78fb2dda4ed80015953bdcca3578021ff596b0253f7fb1e865b30ca3fafce295aef7f80d3e173fb9c160f7f7cd9d69f9b18a99a891575c45b17b616c1744ca624f107f2a51137047eb4d117ae6f647235d301900000000597115b460853f9efa0e53a835fb25f688c741ecdf2b6842908b98248c6c25663a7fbe5aa779b2f43f45cd01c3711b6df8af9c30245ed7e48ea554f81b7ba07e159f18fab651c5d0efd497c74753fa93fd284fd116e4bde60831a5675f9aa210859fa6be215ff420e81d200040fd84c3c1f0dba6406601716d5ea246ad6bf984e1b651b7d90d8580e3e69f4018377b7712711dd37d5a94b351463e71fc767e91a4e50c96386e5afb85043d683885a6e26e53a5aef165b2131053a39ba4828190b0e3c7d4153bcdad2e6e27747691cce32f361b086788f04525f9556bee1dee6a771fe9f4c0ac4ce9ee4c7ce53029dade59a6051c178a8cd33ae90144dd5dd161bdb54f51c2270e8e5698889cd95bd7f2d7bc96ea1ddfd6e4104faaab1a167f9cc5fc273a12890745ca246198745f0a8106455b76c55d0d2699ae9b526dad0f8de37be257ddea66e0922f9c33bf58b294ffb447cfc87e4629f0cf7d04ee9444421960dd08b1b8691977ffb3000913d3d80ce97af7c3a89e0e8868c6614b5786e57bd621a792a859625f4c0c35d2994e3f64cf0465dd8037262bed2574ccb0ad41f5771bf6c81554ca51c432b2f1b7e7cdd50fff15a048578e768b5b85ccf743b11c2aed3cf07c077497d925f38a20156c32653e22b479aab05bf6ef148f54f4949512b8662112ea17a2a099679c997f84cac547042407bdc8188a443ca5e36090e6007585dc085de8c259d040fcbcf3f4d87b82b8cf634926bd2c4ae9163bb172bb8fbf5d3718d9ec65de4259f1f9ca2a432bfbe0c78876bf90f072e553eb73a141dd32a6ae306e7712413c7a3e3f5665cff2a54944df41438ca1376045314fb57681034687c69bda144097cbb37c9a93dfff"], 0x30}}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000180)='wlan0\x00', 0x0, 0x0, 0x1) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0xfc, 0x0, 0x0, 0x0, 0x1, 0x40020, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x109c8, 0x0, 0x80, 0x1}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x2) clock_nanosleep(0x2, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) fork() fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r1 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000380)=ANY=[@ANYBLOB="0e2101007ab00e7ef0628d6e00a2b8000000000000000000"], 0xa) ptrace$setopts(0x4206, r1, 0x0, 0x0) getpid() ptrace(0x8, r1) wait4(0x0, 0x0, 0x8, &(0x7f0000000480)) [ 3048.125310] audit: type=1326 audit(1708432167.373:375): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30891 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 3048.164715] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 12:29:27 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xffffff7f, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:29:27 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0003abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 3048.232316] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3048.232316] program syz-executor.4 not setting count and/or reply_len properly [ 3048.243618] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3048.243618] program syz-executor.4 not setting count and/or reply_len properly 12:29:27 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 3048.295165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 3048.621289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 12:29:41 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xe700000000000000, 0x0, 0x0) 12:29:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xffffff9e, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:29:41 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0xfffffffffffffe18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2bb, 0x4}, 0x0, 0x2, 0x0, 0x2, 0x4, 0x3b, 0x1, 0x0, 0xfff, 0x0, 0x8}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x3) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="30114100008482f7e0f70ef3000000000000000500000000000000820d5f13000080487fec864b245e0f3f9be149f8d6c77220c3fcf35d29bc50e2c329f228a4ecdcbf1f6963052f3351f9dde59442b4b0bf33aaf14a1e025d4dbe7a1275b210fdea34bd1d95404d404bd572bd3ad148d3d5f2f48693c2fc1e4889d5501041647feb9ecddc70760d94252454f66a1a6945c3c1b7bfa905245262f13e02c6db64f2c7e716a9476393d5c7e50ea91bb8340200259b2a14b3855f6043ab78cf8ae310cc000010e16b080000000000000093b21f1f3507a879bd1f4968c769ddd6c9fd8f1dad13c4275bc43c0215c9b9e9c70d9513c2654cab560d1f2beb080420a8f5833ea492d6cb8a5d3476c6c639b1fa4d8f78fb2dda4ed80015953bdcca3578021ff596b0253f7fb1e865b30ca3fafce295aef7f80d3e173fb9c160f7f7cd9d69f9b18a99a891575c45b17b616c1744ca624f107f2a51137047eb4d117ae6f647235d301900000000597115b460853f9efa0e53a835fb25f688c741ecdf2b6842908b98248c6c25663a7fbe5aa779b2f43f45cd01c3711b6df8af9c30245ed7e48ea554f81b7ba07e159f18fab651c5d0efd497c74753fa93fd284fd116e4bde60831a5675f9aa210859fa6be215ff420e81d200040fd84c3c1f0dba6406601716d5ea246ad6bf984e1b651b7d90d8580e3e69f4018377b7712711dd37d5a94b351463e71fc767e91a4e50c96386e5afb85043d683885a6e26e53a5aef165b2131053a39ba4828190b0e3c7d4153bcdad2e6e27747691cce32f361b086788f04525f9556bee1dee6a771fe9f4c0ac4ce9ee4c7ce53029dade59a6051c178a8cd33ae90144dd5dd161bdb54f51c2270e8e5698889cd95bd7f2d7bc96ea1ddfd6e4104faaab1a167f9cc5fc273a12890745ca246198745f0a8106455b76c55d0d2699ae9b526dad0f8de37be257ddea66e0922f9c33bf58b294ffb447cfc87e4629f0cf7d04ee9444421960dd08b1b8691977ffb3000913d3d80ce97af7c3a89e0e8868c6614b5786e57bd621a792a859625f4c0c35d2994e3f64cf0465dd8037262bed2574ccb0ad41f5771bf6c81554ca51c432b2f1b7e7cdd50fff15a048578e768b5b85ccf743b11c2aed3cf07c077497d925f38a20156c32653e22b479aab05bf6ef148f54f4949512b8662112ea17a2a099679c997f84cac547042407bdc8188a443ca5e36090e6007585dc085de8c259d040fcbcf3f4d87b82b8cf634926bd2c4ae9163bb172bb8fbf5d3718d9ec65de4259f1f9ca2a432bfbe0c78876bf90f072e553eb73a141dd32a6ae306e7712413c7a3e3f5665cff2a54944df41438ca1376045314fb57681034687c69bda144097cbb37c9a93dfff"], 0x30}}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000180)='wlan0\x00', 0x0, 0x0, 0x1) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0xfc, 0x0, 0x0, 0x0, 0x1, 0x40020, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x109c8, 0x0, 0x80, 0x1}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x2) clock_nanosleep(0x2, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) fork() fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r1 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000380)=ANY=[@ANYBLOB="0e2101007ab00e7ef0628d6e00a2b8000000000000000000"], 0xa) ptrace$setopts(0x4206, r1, 0x0, 0x0) getpid() ptrace(0x8, r1) wait4(0x0, 0x0, 0x8, &(0x7f0000000480)) 12:29:41 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:29:41 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0005abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 12:29:41 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:29:41 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1}, 0x2}, 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x6, 0x6, @local}, 0x14) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r5, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r5, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) ioctl$BTRFS_IOC_DEV_INFO(r5, 0xd000941e, &(0x7f0000000580)={0x0, "1a0954c18a61ace1bdbbdd9ec9ed2e2a"}) sendmmsg$inet6(r0, &(0x7f00000004c0)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, '\x00', 0x30}, 0x8}, 0x1c, &(0x7f0000000180)=[{&(0x7f00000000c0)="a197655ba60a78a977dc7e438b76113e98331c1ac355da5423cc71eb0a215b383f80c5c26b140e0e370d0a2c3e9d15e174b919", 0x33}], 0x1}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000001c0)="61bbc926ff549c107e2620665e0ece98c12516573ddba9210be19388d816fe068d073dfbe8d8f018f9acc9e6c819ae67bf42a40fb99d4a744ecb3192b9a72f4f253c0db763862d61e1d6afe2f20f785d16373526547f031d6659eb89444fc4372c968424193932", 0x67}, {&(0x7f0000000240)="87720e8796619e39d0bacb7bf8ba3a65c25f20f820dec3e5befecfd54b45dde6d97dce3a191fe8f8051b545b8a0e1bd9b08610a1aa20d55bad379b0fa5685722d6c482b5883913510eec01235ccd68304fa016beb7ab8b9c0311703e461c4939957102064c7d20891c415a16ca2c60ad2934b0623dfd81ea1f26cd35d5ff9a5cf324e6217071c40ff187859b9ca851", 0x8f}, {&(0x7f0000000400)="79048b267601b355205bcb8462c09092ddca65d67a60a24dc480aeaa4b09ef871387d6376367ccf65a70a22cadeacb37977529f66684126029c802ad9aab6f3a788421e2fcb7bd9b6701d2c54602dc8296a3e75ded3ea27401dea9dc844441e145d7d7a68775c1a28199970a231fc48d8f1c6abe032097658ce4deb31a997b654280d29fd796541344e2f37d16f2f4730ea6975d9ac1b230318e9dbabfa58cf20fd808f89557fc6f", 0xa8}], 0x3}}], 0x2, 0x4020) syz_open_dev$ttys(0xc, 0x2, 0x0) sendmmsg$inet(r2, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r4], 0x38}}], 0x1, 0x0) 12:29:41 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) writev(r0, &(0x7f0000001480)=[{&(0x7f0000000300)="4cdd4d174431cf4a874555fc841b986af43245c18d0fc7b8e854dcc2707d6eec80b476894bf5dc50af659ddbbd69eb3b8e72512d3a498a66b604b118ef84a7fcd66ac002f6aec7f2c75b7c0d013f501621c7f013e4ebff9aacaa6d9d67b0b520cfcbc4fb6a0fee95076f30572f6f0d9bc80648379b328da50853968dc2c03298ece7cf6ff34ca37a96e7f0da918154c0f00a650f92fa990efea38bea4fce8ce8a40d49b82d1af29d9a05de2e60a528882403f6421d3718a2a56b15206d1286f3491c91b3893275ed1228eba22844b1e82de63c80e024546847b93c43ed82d5473831f427410d6749e310a5678a20080378c5350e6df6acb4ffdc6bb1a84dc7cd049b37ecbcdd5062dc14bb6ad5d0aedffa9e37fa88a301719a7e45c73796928276b93b7e072b62d3e44ed498771cf75f3d0647865c583124832e654fe69ea2f7e87cd03a8b028297d4249c25362d2d824c32496ffeec3aa9f891257609bf01b5c80db2865520de69e077869759aee53c8cb20f2a9bf8ae4699aa4c86c3c9c440ce6252df4e4f4c873f43d4ff6629aab67190419e6175014bc4e7cf3719249e1cf7db628dc4eaad7c8d8e4b6579423a5239ab3480f2c3fc91e5b5d27217a2b7af4961197a13b8791e1474772910afa0e43fdda72538d13591582f07df0e9b9803c9d88d7de340586444cebefd11f0fac77be531b538ef7ca8a6d67574d6d96fe57761f5ae511ccf104caac86bb9e1744f794bd90834032b85b2db23ece213b1fa5d602d3bcbb9aa85733e18d2d213fb9f182b2d2f77ebe8a7e00aad261d1c685da52d525dd03f63f75286703002a1451c2db215cb4aa50070c8bbf9498795c27a6099498ea0ce36c1ee4e8ea991a229f5e70dce40951dd9c6bdbd3af615c89a65f0033b5b2078495dac368509efaf0453b220908c28d8b5028cf05cc4840d2581203192384c2868c9a741f4d177693bbfe4e8ef4779c4855927fa2bb3162f630a1efda69f90e0590401150c01e2253d80b59299b5aca15d8272aa023ae942488dcb0f4c9a71dc4ccb79490a9960635b890d2ee720777c4f5708d0b90ecc9dd99ed4c59d5fcf2b8d17ae8405d51aff6194e96da413e66abf747b61ca357d40d4be6c0afe623baaf03eae9e7e4c3093fcdee099e00d5f2021f23eb0810554a85a33d10c536f3cde35ccb8857137462520e023da3bc0547cf363d4bd38187dc96f4ab8659fd2a89b07dc848326ce193574bc199794d232a13fd1403315c5402425a0ae228cd56cf7f0be159255b2120d27d86b388998b3529dcc8c12866ba892a6edcf835b1c8faa708927281693f1b29072b36aa1912587d2605accb7fe91781e03cd976e4568572d66d1ad928562fb6bf0bc2e2842983f27f2ae4d9cd0cba6660be20771e704f9289cc646aa696494f8b91d0dadae0f732811b2498123bdff7f526570bcab0b24f9dce55436325006f0134a09469022ccbd72cc80f61d77d1aeabf603e8b7cc6088d3e9f38bdae51d24149b13303634703c496db67e8ce7c996c6b66e17c44db78466c0fcae92f64e6fd61802c28c5fb887dba32df94810b60b974219888ddd238c400d9d28f2faf118e995916dd4d5d421bab8a87008e2ca2fd11d47d35f8cdd26b30f5805e8d93bc43dccdc5103c1549fd0c8c2b872cf7b6bcc06be9559d71749ef53fc42880deeaed39fe54ea6c28f1a394520719d28b42df00bfdf841605c49c0aee97549a0bb6d05119cd80462411eeb230ca4a84dfd605cf3f78948bbe29dd42934578b7fd0fa182b73949abfb9fcb58d220b2f77891519ebb046fad7773ccf52a71bf88cf9bf643b54b7356f907e20d711074c61b4110f11f1a9d6717cd1be88d982d842b551633d8fb894592ae2fa7deb2e751d2dabf023e7ada113803cb592784fdfef4253a4f59d8e8f419c0e8c36790b7a30d0ed449bb66292b8ecd0355fa8021347724af505e62c6ef79c9808a2d7d2a633cfaf84f394f3a97ec512cf5937f4a19cdea8106bfd543280adcf6564915e5a90346f95491f4c8de2f72157563af9ff98ef5b8ea6417fe9d6cb7a1ead8c15bf517c3966393fb7f741ca6c9fbc6bef8ad29d714688a0d02be3a02d89f4c4afb66ec55c1c289d7144fb52ff337d79beb7b675d6cc947d8f3d9a58ae29e6af9fff1e26bdc99b878f23442f4323dda4b6fde107fbc9838c426b81a9d8979b0aa5ac70abfc8cfba9991f8d9df64fce6a966947cda4cd3d39344115986e7f0c24a94d7fa8c0346baf77bd8e81c7a8412854920915e7c8fdd196bd143b91efff139b0dde6f95b915b14899b43a79f4e06cac5b8120e3374de146845f755f9db656c57ae5f61d41f8ee9ef8cf7f7081fc2db2b8c457e34a9723cb271abb0f8085d7c3db6a33a55f7e83c2a2e904139062122454a8000a88980bacab4669d2c4844f820ab5a4879ea72fce5c0c620b88bbd67e0fb06965cff8a6138ccb628424472d74d155026f8e8e5b005c080a533de2faac88f2320328f979a133999a23c8f535eb8d322142dc8b29d76754e44802252838aceeccfa5dafea2d51b35f6988444f42dfb10ef707c67ccea2c7ca6a878011544668ddb10d29d3adfc61ab88195b7313e467a82a98c5c682ef23b26c97b363b0291d7ac1eca8004936768a3755cb4c57cb1c1f2fd37944cc6d35500ae4971a0b28069ed4d00dcde7b82a325b5005e8b80e10922ff428f6b8b7013034e876382f082f37595bd0b083f723b179ee6c2aa2cfe66f48073244c5dea85671a1f8d5b6b31ebed79afc0d12033ff891490a6d8c54249544a53efa9d6498169f326d8763ca7c00998d85d39ec5f9a46bad608e7cb1de60ed5963ec509252de32de5b3cce10b0fe12db8ce28d8009d86fb8ce40543dbc61c84c48", 0x801}, {0x0}], 0x2) syz_io_uring_complete(0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup(r1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = dup(r3) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) 12:29:41 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 3062.229289] audit: type=1326 audit(1708432181.477:376): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31036 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 3062.231529] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3062.231529] program syz-executor.4 not setting count and/or reply_len properly [ 3062.239788] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3062.239788] program syz-executor.4 not setting count and/or reply_len properly [ 3062.270683] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 12:29:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xfffffff0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:29:41 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0006abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 12:29:41 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xa1ffffff00000000, 0x0, 0x0) [ 3062.362737] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; 12:29:41 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 3062.362737] program syz-executor.4 not setting count and/or reply_len properly 12:29:41 executing program 5: openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0xa000, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x98a) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000001300)=ANY=[@ANYBLOB="00000000fffffdfd0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000feffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e18f3835023f5b3b1ab5ef114656c07d33f4486a667121fcc64e224d7be04b3b99c6a90aade7b4ac50aa8f0baa857a391d6929acc2c2413bb84c3fdef115b9385cfbfe18911dd6b5055cde977505603a5411b872f832408f9baeed6b777bee7d8fd3aa9b099"]) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f00000001c0), 0xe}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) flock(r2, 0x6) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY(r0, 0x5000940f, &(0x7f0000000300)={{}, "12852ee246b149ec4e0bc7bacf27cc444919aed26cef0ed88e61066a2602f8b898227884075400e6ab7a433f83d5130151c8dfae7fda7925d882d1bd49a816dbab08b93bc75cce1eda46d097976f4cc5f7cfe4dd50fbe285d8a564d752c42884c08f575250fcab04f62046484c523856295705a3047913d8c70f81ebe9a44583b3145d4883b5d8f4519f7bd1adba5a5fdf31732e2a606019faeb23344939796b3e16ccb29260de78997bc36cf68b66466bd25729dd0b7cde53f76be436e6bdc3bd6a575438acd24472bd98686376edad168e5c9a521d13390910b5093adc504ab0a0c63a5eda15bb29a3b805a6ddd7090f667725c83dd9bb290c2eabd26ca0a95bcd0770bbaeae50ae9dc5ec60a2db6e7d8ccf0cf11d86ab92e95c9859e57b7d6c77e4e80a4f5de84c49423d82065a91198987d5b28a2cf937a12ad1d16e21eba16e6f570b26c2fca9096f252b4ca6d594817141de6bc9ee612f89425037ee314296f7aaa6aa2eabcc3e3739ba934a7ed2f42651f9a3ad30a26b8bd96cac538d080741fafcfd3f384ed555e4b8690f92714a60526787b61756be8f7012d5fb6684b0176ec30eea403c5dde29a01465404a49f63fa29348bf2b125c5ae83e5c71eca9e1517a03c7a624702069d26e08ad61cbbe1098198eef3dbe0f4ab9b5fab5e80940054a62cfdcf624225fa414fbe9e13f5346fbdf9c289888d6e1b9d0dd2a6af4a58c9a466b8e1f3c394950ab04513e8e70bfbbecd5ca92eb58e5ca96c61817bdf3865fd87851da4bb522903939c2e667168cc4f45499db14e4400f984ebf141fbb324f0b1f79b10c352b870bb5230b5762f57562bdcc7e54e6ecbd0fa2b95ac263b7f3275717f928e958691d7c384bf169649ab482bd0dd2a85e3bb34ce3a04a782da6fa8a58abe6aa0fae7faea555e7b6c1d4762217bb1f929f8dcf45bb9b2a8627ae35a6905d275526df5e9bf336688d6769a594c3e6a13531edc89826d0a19c473c4e973fe0725ba9ac219586c8f24ce5cb8ddb8fb5a65c090e17f1bbc2bf1442c5710ee08eb88fbc041415dae75b376a66ab7ccac819596c991d7f39ffaef1e6a6d95735a35bf4cc6d201649fcc11e82981624be868a216f2f0e6fc1bc95e3a96b8e3148872b54bb5bb743dda6735846a3731282628f55effee084ea63aca27466d9af7e3c931a8b1de6a15e268c45846f28c74986e0b8089827b411f112c71da323b26c694441478f997d1f452ace55d47ad2e90156c1433ee49ae9af2fda73b3f89dce074f102a649545656c28202ab7d2f3c1fad6b77c7dd06b4f13c53ec2e79772cb212a45bdeb33a5d93d0c6c6493782407bfe669a55ece90dd8a2e133312985161011ddaf0c537476a1af6f396ebea7f39aa6b4bc75600ae9d8e09ed49e30ac62a640b8b15721eaa620622117bca7b89649e1e29a192ff7b998bffcafb7950ebb928a743fa80fe5eca83f6ee9479ef99834800b6dd0bca9103f2de13998560bd492fa6f4f4de37bcd18d7aa67bc3fa7d6f0696750e71566d2be7e779a2a9734f08a784eff904faca662ab7f39d53030247061375d35bfb110c52cb19dfcadab7e685bf2909b39c79f3a061d2820a79ed4557c2290bdd56b194dd38b02e2e4dcbad35b779517d77a78051c5bb9e68089178e2ec9020c2b3555985285b6f36d74ca5ce30013e8732f376a775bab324a463f020071703cc8eedff9ca0c45f8cea901e30a93fd3c2db06dbcef392aee894565f34aa7b15a3111ae8b59324999075432b1f557af94704a5048444cac1bf0622824af6ab18e4b8d9468d8d4abfb1700ce68bf34509002df3b101186734a00e14d15a5dd830c319242e6b1f3d2be2102e7af5a3a962ffa0505af53ec3de2761ef72f08baf030cd0f37f90a2bc6bedd1da0b2895537922863054871f51df4d253d182200f088178434c9141c9d9977ab39a5a3fadfe3f471440dcd714eb1f6ef993d71a72f5818225e3589830b3e113bc17570ab7d85c321335708357f54a140d02d3c8aa7783201610a2df33a22781786ce0cfd77ad0664117be6caaccb98fd20d285873899663c44e4896e935ed7d710cd35614fa79c4aad322a6af698d95ed49174f1ec7db75dc5b60ba86746a685625daf44d4e0abe8778711d5bedb6c84373e01d7d1f7cab254b8c9c306b25932d143ad90b4964c89911652f9f2dd38d577cbcdf599a4d8900b7ddf154c79ccf26f15ef344e9d680a843f255eb52815614ad9e5406b0062ad3ede64e287a7e8ee8b547e7ba12221b632f9a2a11e86e77635782a5136e6799d1fbb54511acb3039de65bf65fa7187754eb7bf02b01688112e81a559d8eaad867536ebe00bd411b339c9e3659b0d8fd5f3ecaf2fffce388eabc70ce6b9efdc304d1a3f81d828c7f14977b22c84ab72fc678cc120918e267a5f8de182d1d2a818706447ffaa77a650e4a692ae91eb36df2fe4465bf19ed7c41d688f5e6d2dfd4edf8b6adb9924e6a50c0a48ee4369f55edd167cc647cf4f37fe454a3f6497940042fdb06c45f4b3b929066e0315592abd29fb2e84772b56bc23f24bc493812439892db716597ec8c8f3a8750dc85b7fdf6cd97072c3350d2351a3bf6a4af1af83f339d349f8469e588c692f603ab20408b2c3222fa447ad0a70d54b299386dafafcc087ec61cff7f35dc16c6f5a37146c4f21d4bb85bad9440a38c39796be8baca4bad6fd2e9327b68b24254fbcd78bfde06a75afbf3235012529559369a7dd8354848e6c9aeca0139ad35c605fdc750d85d4399061264d05096b78a3b49b2fa6c67ca85eb908395f1f0288c165c544ed253ed696b0a0673f8d554dc206a90e9414b867519902da983a8e140de4314e31a6e8c0e92f3a64b6d34895ef66756b57690a0ab6e9c0e7d5050a43c1ec6bfca67c28c75c37ddf2d48baf8ea69d7c956fa1b36ac2e34e03678a58539a6c30cbd26bb498adaf33dd9c596899618b80b844957782d7b86abb708101e8944bf5da260b040f912564cad6968e410057046558c07c8629e1fd7a7f4e1d66ffc0e0106c104fb979c999a56fbf2bb6051332c71fe92e37213452ad485af96c1135ffc80febca188c2643f471907065904f1f85c9dc454dfd57a720c156a4a5f6b58a5e107df625acf38162d58cc4249346d97a95c9d926545c915f2c6bc8d173153c117e5d857f5975421968e1c55c60ac124cb923111fe16ac253a00971bbe9d0967e0281c4e76720d29185604774cefcc0619b4ce5699912f72bad2e8674199bd972d2e32a2a9b44103a4763e78c149495836c0ac42771d4dd2dd67a1e5d1f92d35cc553e80f5b60ba1320cf19b7c1c76a7faa5ed68f31d195d8e9a7a257ddcb81df965b113ec9a707a1b9b6cb404d2cdff61c23bb715485d81df4dc0491575a82c28e53ef01fe5438ba9e7199e2f981e5199a9ac86513f79261991734387e61931133f85aa1fa574275feec1a64b703e582bc48be1410d2c49c81dbbfd09f435327378cff74f24404b29097a1cd397c90845ad104e2867cea75c097f8347fca5a45c9b79e95ac0e35d56a642e606731a0e8b6383483adec9df9a58c0714183737102c2498c1de139fc479ca5e042490ae19d3860f318253c0e62c58bca7d4aa71cde7708676cbbf5ffc3519a72929b4ca7f384f8c89e4a37e6f5a4aeba8f2d9d982a9abe05ad8123b1dbb2bc8e064c9a068717ebb39a95e3b534eaee3269cf2169b25921ec0bf6c364cab323c92be5237d848a165c828898edda7c4f98d2db928857245eb18a93278ada9a36aab2fd3f0f16441bdb2e44c57a044f7c5344e2a4cb7854e32751546d52ebb02b196c4ff1ad8a7ab7b315a6512b3f7ffd4afb0acdd0c8ec0585039759d9a33101cc028a4a8ace8b4132955efbf8400aefda18d198cfc95aa8b7dac20215934eb4dfd47b1927a2ff8eebfc9ffbc7e2f63d1409666faafd48050c1a9f0e10e8915f2986337bc01ec727295198634611a1d6f55baaeeebf96c9acbc2404b69672f07d50eead240796c197dad25c1e8b67feea1a3f65c549ddbecee5ff26bde65120a64b54042693a6bbcbc1c49b65dc262de7b1b1fb47a3e93566225a7bf0c0b39523b1235d54b2e80afcb8d2b798e47a32a7552d97c50abc73cc000c38c4d5418f510d21c23d9590366d5ded87604e27c801893d022fb5454c5019129e60786f5eae86fbb8a9f7155bde6447aa1ebed65e598e6245deb033b8e945d96106cc6ac24021db90a2fa304a31add61293927738a2731aab673700d7b5117d8eaa5df59a90f622723326975d0f9e753e82bb716824cc5edbc3c6728999e9170c75ba6a4ac888447ce9b6f8929461946e8c63ea49e691dbb75ef48eece664da1e39c4f8bceaa8d14a3349909bab33380e79762d6a25fc1b49f3eebe345644e9073288f0965f524bdf4e7b8112417bd29c1f62735834be838c1553b73e7da9d5645fdea685320b415f151a29f966e8761a621c18703cf75c952a3c226f80c77732b4cdfd215bd00af717fd5948fdb0a48ba71f1f2c3743e7fa45e6407190466f28a41c7aefa96652de6ba0330085f9784df2ae2753854b791254ce89341c9ed07df7caf012f017e1991e2651998011cf673fae9064506dda031615401b63dbdf4ebf3d36e2e3d1470a9ccb78bd89995ed52eef55bbcedf216e2ab875cad325e44b6d3ebd22ffe8cb79b36a71eebbf34e29c06cba3ef978342288777651e3ced73109c073060a0f36846347a8a1153c549aa23a73f55d78c15e47c8f31b1958535a68ad617a686daeadc322e6adf42043a58562ecc1d7f5b9468f22fcd2d3eb6cb4aba97865f098f6408d02c52ad4963009c57afb16daedba301eace4d6b58bec2cb0d40d96c12aa4819cc1fdba49522495be1ccbe83c9a36cf40f5bc272efcd76172f83fc5788b480e8deba20c3355e1d405cb4961a05a619a8255d69923e075690ea6434a05a8a8cdc43dd986ecee55686172fd97671dafa6a3da991d998d49933d803de17271301798a64bad795062409ce705376b21d477c0e117c9d79c38bf4e9e4d0442ca98cb654014532e1acf0309439c16b1612ea929e6235b33945555f52b2ffb5fd409d71cb8c2a8feb9e16bc480f8157a24ba9dbb631e5db393cafef897d404ec7feaf585de2603b98f96d515d9168547c748717436ac7f970b2db860f0acb44a1b72a2fc88b590346759f91795f25ff7cb4f55341beeab8eafb469cebd36e5beac37ed79ae479009ee9965a2de3f3292dc73976f5bf653fe335a561daeb22a3a887a844bc207fea30198f6c4e5507484fb185d61452a20b508b941b2ac517c6ce2b977b5ac4e3d8299fad78527168041623ed30ae7ac594e642109365f9458687115c6a4fc2396ce3e19f1b35cad7525596c75fed918dcf3e879065c16d7ae9ebeff4018f4e29cc350ea2a6d75f2d34fbbdced9aef7530f1ff97c7cefa558c2e92fa4cd07b7fa46c02fc9504868f7f683ad81fec5dd42584de07a1a8fa62dbe7c22f57683421a8f71269f9ed4d52a3e30dee15adfaa9f9289eda0414d3fc156e1340fbdce5246773e535ed241b2ea52d7f3dfa1a73d9985f0b9962b98b9cfc6e2e50b39cddbd04e7e24a56a341b2935e800b7fb66dc960e85c4902130459a89f408a36ba5509eb7341d8e0b80a708a20f3ce09a64794dbe90fb5439f3c4b410c7a3ca55f266fffb6e6127fbcaec22b692712d723998204c86fc5abac93bdd8aae6e3da9507a1f5ac72f9df250247d0f39f4156bb61245193a59f8beaf2222501"}) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000240)=0x67bb, 0x4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000100)={0x101, 0x0, 0x0, 'queue0\x00'}) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfe}, 0xc) unshare(0x48020200) 12:29:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0xffffffff, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 3062.419483] audit: type=1326 audit(1708432181.667:377): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31172 comm="syz-executor.3" exe="/syz-executor.3" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ec6866b19 code=0x0 12:29:41 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0007abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 3062.522867] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3062.522867] program syz-executor.4 not setting count and/or reply_len properly [ 3062.535647] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3062.535647] program syz-executor.4 not setting count and/or reply_len properly [ 3062.569082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 12:29:58 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x0, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:29:58 executing program 5: openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0xa000, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x98a) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000001300)=ANY=[@ANYBLOB="00000000fffffdfd0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000feffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e18f3835023f5b3b1ab5ef114656c07d33f4486a667121fcc64e224d7be04b3b99c6a90aade7b4ac50aa8f0baa857a391d6929acc2c2413bb84c3fdef115b9385cfbfe18911dd6b5055cde977505603a5411b872f832408f9baeed6b777bee7d8fd3aa9b099"]) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f00000001c0), 0xe}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) flock(r2, 0x6) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY(r0, 0x5000940f, &(0x7f0000000300)={{}, "12852ee246b149ec4e0bc7bacf27cc444919aed26cef0ed88e61066a2602f8b898227884075400e6ab7a433f83d5130151c8dfae7fda7925d882d1bd49a816dbab08b93bc75cce1eda46d097976f4cc5f7cfe4dd50fbe285d8a564d752c42884c08f575250fcab04f62046484c523856295705a3047913d8c70f81ebe9a44583b3145d4883b5d8f4519f7bd1adba5a5fdf31732e2a606019faeb23344939796b3e16ccb29260de78997bc36cf68b66466bd25729dd0b7cde53f76be436e6bdc3bd6a575438acd24472bd98686376edad168e5c9a521d13390910b5093adc504ab0a0c63a5eda15bb29a3b805a6ddd7090f667725c83dd9bb290c2eabd26ca0a95bcd0770bbaeae50ae9dc5ec60a2db6e7d8ccf0cf11d86ab92e95c9859e57b7d6c77e4e80a4f5de84c49423d82065a91198987d5b28a2cf937a12ad1d16e21eba16e6f570b26c2fca9096f252b4ca6d594817141de6bc9ee612f89425037ee314296f7aaa6aa2eabcc3e3739ba934a7ed2f42651f9a3ad30a26b8bd96cac538d080741fafcfd3f384ed555e4b8690f92714a60526787b61756be8f7012d5fb6684b0176ec30eea403c5dde29a01465404a49f63fa29348bf2b125c5ae83e5c71eca9e1517a03c7a624702069d26e08ad61cbbe1098198eef3dbe0f4ab9b5fab5e80940054a62cfdcf624225fa414fbe9e13f5346fbdf9c289888d6e1b9d0dd2a6af4a58c9a466b8e1f3c394950ab04513e8e70bfbbecd5ca92eb58e5ca96c61817bdf3865fd87851da4bb522903939c2e667168cc4f45499db14e4400f984ebf141fbb324f0b1f79b10c352b870bb5230b5762f57562bdcc7e54e6ecbd0fa2b95ac263b7f3275717f928e958691d7c384bf169649ab482bd0dd2a85e3bb34ce3a04a782da6fa8a58abe6aa0fae7faea555e7b6c1d4762217bb1f929f8dcf45bb9b2a8627ae35a6905d275526df5e9bf336688d6769a594c3e6a13531edc89826d0a19c473c4e973fe0725ba9ac219586c8f24ce5cb8ddb8fb5a65c090e17f1bbc2bf1442c5710ee08eb88fbc041415dae75b376a66ab7ccac819596c991d7f39ffaef1e6a6d95735a35bf4cc6d201649fcc11e82981624be868a216f2f0e6fc1bc95e3a96b8e3148872b54bb5bb743dda6735846a3731282628f55effee084ea63aca27466d9af7e3c931a8b1de6a15e268c45846f28c74986e0b8089827b411f112c71da323b26c694441478f997d1f452ace55d47ad2e90156c1433ee49ae9af2fda73b3f89dce074f102a649545656c28202ab7d2f3c1fad6b77c7dd06b4f13c53ec2e79772cb212a45bdeb33a5d93d0c6c6493782407bfe669a55ece90dd8a2e133312985161011ddaf0c537476a1af6f396ebea7f39aa6b4bc75600ae9d8e09ed49e30ac62a640b8b15721eaa620622117bca7b89649e1e29a192ff7b998bffcafb7950ebb928a743fa80fe5eca83f6ee9479ef99834800b6dd0bca9103f2de13998560bd492fa6f4f4de37bcd18d7aa67bc3fa7d6f0696750e71566d2be7e779a2a9734f08a784eff904faca662ab7f39d53030247061375d35bfb110c52cb19dfcadab7e685bf2909b39c79f3a061d2820a79ed4557c2290bdd56b194dd38b02e2e4dcbad35b779517d77a78051c5bb9e68089178e2ec9020c2b3555985285b6f36d74ca5ce30013e8732f376a775bab324a463f020071703cc8eedff9ca0c45f8cea901e30a93fd3c2db06dbcef392aee894565f34aa7b15a3111ae8b59324999075432b1f557af94704a5048444cac1bf0622824af6ab18e4b8d9468d8d4abfb1700ce68bf34509002df3b101186734a00e14d15a5dd830c319242e6b1f3d2be2102e7af5a3a962ffa0505af53ec3de2761ef72f08baf030cd0f37f90a2bc6bedd1da0b2895537922863054871f51df4d253d182200f088178434c9141c9d9977ab39a5a3fadfe3f471440dcd714eb1f6ef993d71a72f5818225e3589830b3e113bc17570ab7d85c321335708357f54a140d02d3c8aa7783201610a2df33a22781786ce0cfd77ad0664117be6caaccb98fd20d285873899663c44e4896e935ed7d710cd35614fa79c4aad322a6af698d95ed49174f1ec7db75dc5b60ba86746a685625daf44d4e0abe8778711d5bedb6c84373e01d7d1f7cab254b8c9c306b25932d143ad90b4964c89911652f9f2dd38d577cbcdf599a4d8900b7ddf154c79ccf26f15ef344e9d680a843f255eb52815614ad9e5406b0062ad3ede64e287a7e8ee8b547e7ba12221b632f9a2a11e86e77635782a5136e6799d1fbb54511acb3039de65bf65fa7187754eb7bf02b01688112e81a559d8eaad867536ebe00bd411b339c9e3659b0d8fd5f3ecaf2fffce388eabc70ce6b9efdc304d1a3f81d828c7f14977b22c84ab72fc678cc120918e267a5f8de182d1d2a818706447ffaa77a650e4a692ae91eb36df2fe4465bf19ed7c41d688f5e6d2dfd4edf8b6adb9924e6a50c0a48ee4369f55edd167cc647cf4f37fe454a3f6497940042fdb06c45f4b3b929066e0315592abd29fb2e84772b56bc23f24bc493812439892db716597ec8c8f3a8750dc85b7fdf6cd97072c3350d2351a3bf6a4af1af83f339d349f8469e588c692f603ab20408b2c3222fa447ad0a70d54b299386dafafcc087ec61cff7f35dc16c6f5a37146c4f21d4bb85bad9440a38c39796be8baca4bad6fd2e9327b68b24254fbcd78bfde06a75afbf3235012529559369a7dd8354848e6c9aeca0139ad35c605fdc750d85d4399061264d05096b78a3b49b2fa6c67ca85eb908395f1f0288c165c544ed253ed696b0a0673f8d554dc206a90e9414b867519902da983a8e140de4314e31a6e8c0e92f3a64b6d34895ef66756b57690a0ab6e9c0e7d5050a43c1ec6bfca67c28c75c37ddf2d48baf8ea69d7c956fa1b36ac2e34e03678a58539a6c30cbd26bb498adaf33dd9c596899618b80b844957782d7b86abb708101e8944bf5da260b040f912564cad6968e410057046558c07c8629e1fd7a7f4e1d66ffc0e0106c104fb979c999a56fbf2bb6051332c71fe92e37213452ad485af96c1135ffc80febca188c2643f471907065904f1f85c9dc454dfd57a720c156a4a5f6b58a5e107df625acf38162d58cc4249346d97a95c9d926545c915f2c6bc8d173153c117e5d857f5975421968e1c55c60ac124cb923111fe16ac253a00971bbe9d0967e0281c4e76720d29185604774cefcc0619b4ce5699912f72bad2e8674199bd972d2e32a2a9b44103a4763e78c149495836c0ac42771d4dd2dd67a1e5d1f92d35cc553e80f5b60ba1320cf19b7c1c76a7faa5ed68f31d195d8e9a7a257ddcb81df965b113ec9a707a1b9b6cb404d2cdff61c23bb715485d81df4dc0491575a82c28e53ef01fe5438ba9e7199e2f981e5199a9ac86513f79261991734387e61931133f85aa1fa574275feec1a64b703e582bc48be1410d2c49c81dbbfd09f435327378cff74f24404b29097a1cd397c90845ad104e2867cea75c097f8347fca5a45c9b79e95ac0e35d56a642e606731a0e8b6383483adec9df9a58c0714183737102c2498c1de139fc479ca5e042490ae19d3860f318253c0e62c58bca7d4aa71cde7708676cbbf5ffc3519a72929b4ca7f384f8c89e4a37e6f5a4aeba8f2d9d982a9abe05ad8123b1dbb2bc8e064c9a068717ebb39a95e3b534eaee3269cf2169b25921ec0bf6c364cab323c92be5237d848a165c828898edda7c4f98d2db928857245eb18a93278ada9a36aab2fd3f0f16441bdb2e44c57a044f7c5344e2a4cb7854e32751546d52ebb02b196c4ff1ad8a7ab7b315a6512b3f7ffd4afb0acdd0c8ec0585039759d9a33101cc028a4a8ace8b4132955efbf8400aefda18d198cfc95aa8b7dac20215934eb4dfd47b1927a2ff8eebfc9ffbc7e2f63d1409666faafd48050c1a9f0e10e8915f2986337bc01ec727295198634611a1d6f55baaeeebf96c9acbc2404b69672f07d50eead240796c197dad25c1e8b67feea1a3f65c549ddbecee5ff26bde65120a64b54042693a6bbcbc1c49b65dc262de7b1b1fb47a3e93566225a7bf0c0b39523b1235d54b2e80afcb8d2b798e47a32a7552d97c50abc73cc000c38c4d5418f510d21c23d9590366d5ded87604e27c801893d022fb5454c5019129e60786f5eae86fbb8a9f7155bde6447aa1ebed65e598e6245deb033b8e945d96106cc6ac24021db90a2fa304a31add61293927738a2731aab673700d7b5117d8eaa5df59a90f622723326975d0f9e753e82bb716824cc5edbc3c6728999e9170c75ba6a4ac888447ce9b6f8929461946e8c63ea49e691dbb75ef48eece664da1e39c4f8bceaa8d14a3349909bab33380e79762d6a25fc1b49f3eebe345644e9073288f0965f524bdf4e7b8112417bd29c1f62735834be838c1553b73e7da9d5645fdea685320b415f151a29f966e8761a621c18703cf75c952a3c226f80c77732b4cdfd215bd00af717fd5948fdb0a48ba71f1f2c3743e7fa45e6407190466f28a41c7aefa96652de6ba0330085f9784df2ae2753854b791254ce89341c9ed07df7caf012f017e1991e2651998011cf673fae9064506dda031615401b63dbdf4ebf3d36e2e3d1470a9ccb78bd89995ed52eef55bbcedf216e2ab875cad325e44b6d3ebd22ffe8cb79b36a71eebbf34e29c06cba3ef978342288777651e3ced73109c073060a0f36846347a8a1153c549aa23a73f55d78c15e47c8f31b1958535a68ad617a686daeadc322e6adf42043a58562ecc1d7f5b9468f22fcd2d3eb6cb4aba97865f098f6408d02c52ad4963009c57afb16daedba301eace4d6b58bec2cb0d40d96c12aa4819cc1fdba49522495be1ccbe83c9a36cf40f5bc272efcd76172f83fc5788b480e8deba20c3355e1d405cb4961a05a619a8255d69923e075690ea6434a05a8a8cdc43dd986ecee55686172fd97671dafa6a3da991d998d49933d803de17271301798a64bad795062409ce705376b21d477c0e117c9d79c38bf4e9e4d0442ca98cb654014532e1acf0309439c16b1612ea929e6235b33945555f52b2ffb5fd409d71cb8c2a8feb9e16bc480f8157a24ba9dbb631e5db393cafef897d404ec7feaf585de2603b98f96d515d9168547c748717436ac7f970b2db860f0acb44a1b72a2fc88b590346759f91795f25ff7cb4f55341beeab8eafb469cebd36e5beac37ed79ae479009ee9965a2de3f3292dc73976f5bf653fe335a561daeb22a3a887a844bc207fea30198f6c4e5507484fb185d61452a20b508b941b2ac517c6ce2b977b5ac4e3d8299fad78527168041623ed30ae7ac594e642109365f9458687115c6a4fc2396ce3e19f1b35cad7525596c75fed918dcf3e879065c16d7ae9ebeff4018f4e29cc350ea2a6d75f2d34fbbdced9aef7530f1ff97c7cefa558c2e92fa4cd07b7fa46c02fc9504868f7f683ad81fec5dd42584de07a1a8fa62dbe7c22f57683421a8f71269f9ed4d52a3e30dee15adfaa9f9289eda0414d3fc156e1340fbdce5246773e535ed241b2ea52d7f3dfa1a73d9985f0b9962b98b9cfc6e2e50b39cddbd04e7e24a56a341b2935e800b7fb66dc960e85c4902130459a89f408a36ba5509eb7341d8e0b80a708a20f3ce09a64794dbe90fb5439f3c4b410c7a3ca55f266fffb6e6127fbcaec22b692712d723998204c86fc5abac93bdd8aae6e3da9507a1f5ac72f9df250247d0f39f4156bb61245193a59f8beaf2222501"}) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000240)=0x67bb, 0x4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000100)={0x101, 0x0, 0x0, 'queue0\x00'}) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfe}, 0xc) unshare(0x48020200) [ 3078.823597] audit: type=1326 audit(1708432198.071:378): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31288 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 12:29:58 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:29:58 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:29:58 executing program 3: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) ioprio_set$uid(0x0, r0, 0x4007) newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x1000) removexattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000380)=@random={'btrfs.', '&@\x00'}) 12:29:58 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xfeffffff00000000, 0x0, 0x0) 12:29:58 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x0) r2 = openat$hpet(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r3 = creat(&(0x7f0000000000)='./file2\x00', 0x0) fcntl$setlease(r3, 0x400, 0x1) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000580)=ANY=[@ANYBLOB="34010000170001000000000000000000fe8800000000000000000000000000010000000000000000674840e200000000000000000000000000000000000000000000000000000000fc00000000000000000000000000000000000000000000000400000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="200100000000000000000000000000027f00000100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00130d00000000000000000000000000000000000000002006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c8008000800080000000001000000d3390340d972ee34b4af3f165a0d88961e6d622df0188b570b9bb545daa3a5b8fbd31ea64436a71abab12b0a624b348eb27a94dc"], 0x134}}, 0x0) copy_file_range(r1, &(0x7f00000000c0)=0x56cb, r4, &(0x7f0000000100)=0x6aa, 0x2, 0x0) close(r3) perf_event_open(&(0x7f0000000240)={0x6, 0x80, 0x0, 0x5, 0x0, 0x4, 0x0, 0x10001, 0xa2050, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_bp={&(0x7f0000000200), 0x9}, 0x240, 0x7, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x2}, 0x0, 0xc, r3, 0x3) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="ff0700004e27ffbf1654305a6c65b22f66696c653000"]) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x104, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000040), 0x879f891a4b94c1d}, 0x11808, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x80489439, &(0x7f0000000340)) lseek(r1, 0x0, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x128) open(&(0x7f0000000180)='./file2/file0\x00', 0x30143, 0x6) copy_file_range(r5, 0x0, r1, 0x0, 0x200f5ef, 0x0) 12:29:58 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="0009abe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 3078.860124] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3078.860124] program syz-executor.4 not setting count and/or reply_len properly [ 3078.876582] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3078.885307] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3078.885307] program syz-executor.4 not setting count and/or reply_len properly 12:29:58 executing program 3: sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000780)=[{{&(0x7f0000000100)=@in6={0xa, 0x4e24, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x80, 0x0, 0x0, &(0x7f00000005c0)=[@timestamping={{0x14}}], 0x18}}], 0x1, 0x0) 12:29:58 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="000aabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 12:29:58 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x2, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 3078.954005] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3078.997962] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3078.997962] program syz-executor.4 not setting count and/or reply_len properly 12:29:58 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) [ 3079.010606] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3079.010606] program syz-executor.4 not setting count and/or reply_len properly 12:29:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x38, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY={0x1c, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8}, @NL80211_KEY_MODE={0x5}]}]}, 0x38}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={0x14, 0x1d, 0xc21, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000001700)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f0000001300)={0x3f4, r4, 0x800, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x100, 0x61}}}}, [@NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac}, @NL80211_ATTR_SCAN_SUPP_RATES={0x310, 0x7d, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x7, 0x1, "b2c637"}, @NL80211_BAND_60GHZ={0xe9, 0x2, "cf9aa8e9dbdc79289009091d7cd378da890ed186e5239647408ae65e13c4c966645f56dac50916c091eebb2b12a03ab579182765f84e3d2365b29fb2a98ec15a5d1a0f118209d29fe7338cda9b68ae8e29a6b4d0dc2b5029f7957d94a48b5dbc8c83c9a10a17f493c4595495184bca6f6d826e311f4c7e3257b1319b62bf58902ac03704257e0cfba915d406a88240526533d87d3d332392daac25345b250e6352eb2df9b11b3ea5f525cb0050b4612960e9cae80b901e84d93de16e950a226cd350bd60b8cce596b0549a0abd1e5b43f6a73347c0bd61245c6999b3ab75fa8ac401c10b33"}, @NL80211_BAND_60GHZ={0xb4, 0x2, "fbf3439b31e415609286d35c7ef4fe0cd5407873c8bba5d025c11b769b1f020d8547429d62278a689ff52dcf19cdb81b603baad1830a7ae495bcc78fab73505cf4316493804207515db9622cec84a57d1040e7324758fe1d245cb2c85e8509280b6b2bab5b1dcd18c547ba687a28090ed1d10a73d2aa8454cf35b35d7f896df89b2447011d2992605c48faed1048ef8c4895527175b73391ce6db2e357647aad78c533173529b63092fb870eec6425ad"}, @NL80211_BAND_6GHZ={0x34, 0x3, "630839c3ebcf771b1811a7e3ef4d6fc6a4cb2b88b4536c7a2ed24395f67094102b68e044e091141a00655fe1ed26bf34"}, @NL80211_BAND_60GHZ={0x63, 0x2, "b4ae40304eb7b51a793c5f49d3ee5f2dd7c1648fc5f3deb3950e920e5e04c11fd8a60a57f3a82de4b2d2bf94c774199b58e3043e4c658849adf114d0d2aa4017ac3a8668032af1b9d0dc09c40c25259356375fcd52b97aa5841f24ed4f9af1"}, @NL80211_BAND_6GHZ={0xcc, 0x3, "41049cedfff3bbd88912f83c42c1b200f5033525711d96ebb15f648e96bed9886e5e107bf5c5b6f4a2c0e2f98332278ba449e4fce07b0a39f2ccfa9e0970cb0c5fedad667d7f6c26655fbb7fff031b9ee8cf08ea8edf98891caad6490a042c5606878e745039c7b39bce26f61ff0ff48984dccb977e433e5641414c60d98acb63241acdaf28f45d6427d4717c6cec4ea8f5f65dd177e5d872dc212e9c64b9cc71e3a7e507f6c20bedc165008c98346d8d0f7077fad14dc860712f20784e799ebea024205803b8cbf"}]}, @NL80211_ATTR_SCHED_SCAN_MATCH={0xb4, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x14, 0x6, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x8, 0x0, 0x3}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x8}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x34, 0x6, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x8, 0x0, 0xff}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x9}, @NL80211_BAND_2GHZ={0x8, 0x0, 0xf5}, @NL80211_BAND_5GHZ={0x8, 0x1, 0xf95}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x5}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x401}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x5}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x3c, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x3f}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x1ff}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x1ff}, @NL80211_BAND_2GHZ={0x8}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x1c}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x3}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x9}]}]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x3f4}, 0x1, 0x0, 0x0, 0x4004}, 0x5) sendmsg$nl_generic(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)={0x1014, 0x2f, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@generic="3eb33fb08167c4b04f31fa96d3d286dffdb98d1af7edb3f95c9600437a76f1cf30eff70ea0cd73323774d8bc8d5320d1498fd0826174aabd7e1e077c39faa22e8552ba2b465ee5d2d18547eb790bd5fd160ed363e79ae82df68f487b319e9c2e666dec20c4bea3a9f76c55e41f7467c55cdacbdad93da34d3b5662bad24008f4ac7edda5c0e924892de93f082387aec410c82ad46a722149d4174918c99292d7901bd1c09f4750a6a733c16f1dfa7549e293531cac509947383c6fa72111ab06cd281712865ab526ca8c02bf9e12695ccba0f7e2fe77bb037f4688e8717cb59c9ac69f506d329a738548f625c2cedbffa1cef2c5687695c9f345e7e5f6035014f8d2943e70010b6e80741d8a1551ff52c2764f02e145270fd8bc8c5693f8fb1e2373e5836e3f450665601036190611c57046d93dfa480b743dc9b02ea7e6e90931152fa3e1cfd77ef6825fe1ef282f56ddc5691539cff5033f34b338030562e199cc53ae068d53e30014368cb2d8b956e092774f6bf84c56248c49b22a1a591d24cb256396d88ea23ed749810cb0d351899cd5b82bb970a822f115f9677b97d90c106fdbc628278b843fcdbb20bb99a60ea7a278cdc471f5f410a9155336d9bc63cd424fc01d9045e230c02095fec85a8ada5a6711de3d5302641ac8d5f0acbf3a24d7101fd9d7608bac4802a40372523be719e1ef4f916d4e44b15076a63f69077502f3c7a50a421c429dfb489bd631f3aea1a4bd57cb882ef485dea2b8ca27fa7f24ab55027cccaeeb9d88f46d50cb649857888b04c3179711baef3ae238f5ddf09d060f8729aaba79aca1fa1342c67a577ca98a81d50505ad20339b61b76d0a1c76eb7cfd7f443439ca860b8ae4609a26e64b9bb986af7a0158b002a3a8ea45d7a0171cde2b84cafc48d6054aeca3adf54d87d741950dc14654837baede58a444c81c17108c412e6add8f053d79aee7e0735775ae561d1bccbbff5abceaff13fbc76737706e696149f4c989bafc35962ea71c8c646acb9b44eb93619ef274d8677f1a5135686b3c416c3d4f83b5bc8864f841824122ab77d5c4119437db036e0da7b9283ff638a00fb4cf4aecef22fd5a91af4461ed427f8be9bf0cf4a2a35a0ac028fe727d951430b324f10c1496c7f26123221105fb1237d30f05a90aea9104e9c5ba2577495f8e377dbd15e1dac4cfb5057ca5511cf0a25ea2a54a273b990e96edaa96f0557a233835859ab47ae3591e5730a30d5801c1905e7e06a808d380a9558ae1c0ec0f8a3771b7136818301e149b602852684e7a2aefbdef541db8dc982f57aebf8c8f202844abaa05bc1d0d5a01eb0c14cb75e1a3e094671e127a3b8e79e4c892563151596dd81412ca918a4a326083c692f5aafb1fe3e3d82000bc913ef41a06a9a3e4c6f74434f07c10ae20abd4c1dd8b5c523bd3b9e75dc2ccf73fbe6aa9cda7eb4590e5cc2ddde9aa1086757e9a34ea494a24080523a853f03fa952ccd4a6cf733fab7ebdd44e2c7eb571d1073cc680f92ef988149dcb4eba9e0381fcfa7291a85b39771277fb46d1abe5d8154c92c58e11dead24fd7fe94fc6c37cab87e86d5e8d9da73e7c7c1be93ab25344751e1e4a0001daed50c2aff908047459ad6fbc439e4984cbced20da12b0835594ef858fec9797253f0094609cd25242289d30de2fa1c2403ffb6ce74358623b12cb3c539b054c3a562170fd994f8d6ff6b5049054067ae6b78c8b93861872a336b770c588a025c1180fe58a132a267108b07908f3d810169cf8686154e4469808a28c8eff86841a5228d94c1d9ca37bc60020cf539e14010329545a2404fb56dc0c6e874a644eba1b62df0e57177bde5ec0395333e13aec201593f81975b35b6369f42145ed30c1caf492694fdcfc3076fa702c2656c490cca5a54b3b2e085c21fa5ea666c6ccdaeed7b695379640e180b8433d542e1289a141f7c43e17507de99ca67f9474daa9be01fd726a962b1c5c20b324ffd24f3e602e689a25b2b27865fa882f316ad4e2dd5b963128af0c35bd19758e63547368835cace16bed3a2ca74a6c3af419cc16f2b3b4fdd0b2331b9a1822ee871e5d95e5addfb69f8eb297a0dc4510a959ee6b413819b39e2b6110bf458879790fcba6f79992e77b6ce028f62f4550bb92d3ef1bdec3f62ae7d9b183f16b7e8173c13ecabdfaba21bdbb643d02c78ed991a75a82f45108030ba337dff17f83acd131cffb481bf7b2fa3d740ab7ff8402f5df6929b2259fb12d65050bddf4327da5517410c2c5ad4b4a8a484e5fa0355fd392630698c274cf3714a2f8fc6902ff75239fb8cd7257ad9eee2a84cf5cd7df94ae64c42670fbcec3342db84693da7a5c60a7fea0d9d8c987b69ed8b43046149863991b250a028a5dc2821f9f050dd2c8ec0c6291b8b0ff863050fed96256ac5e36b34071e1a95d93b7f29b2e104514ce8db3deb46248a8f5e68a7d8c0cd2eea4cd3292009d6036e6d45d6eac907f0531a6ab5872122c64117105f044c5650110250ab79c0a2fc9cdaf18c636fd64f28de303da78c6175e9d22ec8cc0450673ddae27604bbb83f9bf1db22931932b8544785ee70e87d71075aed9ff40c6f823d29259dfd0d22f21d96b463483c0e36c130c6c6182138a7407b56da7885cf3b8f1cfb3acea1ed339feb650487f1f03d363e4a59c6ae2e689ba8de0af5783a3774e2f4f0297cbc96f297d4cfabe2290c90a80de8a581e8a71822ea787bc67d9b7ab2e3bac810a19b5b5b83d9948e056ace929303eb060352082a9e48c7e356bd4afa3dae41936f0573067c1094216b684bee7d7f538362fb0ae01918f41adb4c9ef784bb5dc26cceec41232bb20b10ca52dd33d50fa9ab312f95f4a47f6cbc1e9da2473f6fea33adb70572e1f75d338c98488a857647d661cf3fa56532271f17ece94e5c79f7696c981a8cd04bfaedc24d16383c53ff24b12ac56ce8e6e523c8573bfc996f0c2160281966e2f77ca4ff7ef7999e372b84d8c0202617579e48c864ff2284b35884e725dc9396f1306ee678a209a6197944080e562f353100df8957ace6799ed62f5f22cf25de21eeb2084b91e1a871e8f8ec3acad8804ea4235869873aa80bff7dfa7d6873a757beee58f191f3efe622e5564400df69d398e302a3f5c3fd901353f6c452592e0f58134d0f83f5c986670d49f456aec805629e65b2323ac0e663404e2f4cbc9e8131c18013a9766ec8fb4e044a562eaf6eb76d59518b6ee526afd2500d58b7ed94d04ae9ad5e69715bfbf92b11bc1560781cc7f96f037c91a490dcaf9c4f69574637786bffc72739a29e81f9cb00c164901828d70e214059452a03921e709c56b2eed577e2c1f183ba92d3637838796a2f4eccb502cfa3135fda2721b3b1ad89862dee70a7953dc91015cd6db954a55f9b4198abc15a190d61d2b8dffae978c24f64b934d0dd9a57611c4837ba106e1aea9171ef32702fdeb593da1682ee2d20bc5ddbe489304d53c944a6bd76d443eb2c26fa7d75eccbc191d3568542a905675ac4d61a41ed4f89acbe7bee9ea25d4fa64a8f872f04731e4643fd00e0c8265aab2e6e2f0ec01bdf42cf0a587119c53764ffcd3b32f6633f7f6a97aa60ce2fc33e73213bebe58e5aec2902da7baca17fd0eb8e95e3ea0dab04cb006d318dcca981e48513e7ed83cf15068ce790b5685d7121831763848385fb0f6d6d3aef2b736fa0e37ab541f74f02f15b332812141bc26e0d73192a01606eed408a68ea1a71c763da65fd8c54195b353bf7605916dfb0a645da5af5f1b7c17a8165874624f05a8803e6c1fa966c0d8683e3a466d25fa8722c106fcc760a64827d705020f266968e91f0e7cb0f660a3a6c9a37a90584bf05253fe4abb401ab4e2bcc9a0a6a341c9a0d72207e93e53bd5dc65db71df36673a4d2ec62867ee60db1e9dbdc4807f3e5852db1911ade5073e2f38cab94875ffce87d7b7486926dec0ca88c1e4c11df65358bfcd25e54a6264c0dbaa3f37035c2276c431aee21e6d3f20c62dd5dab0d7e3389e18d9b493121114f5c4e056d20b2049374521ae6a335655bc344c53e98f33a296c0d9f24c804a14b7c4699e992adcfa350523271dffd441698bdfffa8ec0d57bad2839b5d5c681951467d4b928d8f5c4968791ef9aa38e5d747c9b05d17291244a2822e945542734d6649aab509826012070153dc961018a25340bc844e7eea0fd26150319d37e5f5a9ca8b22b4634494bf8bde6e41325b204be4328cb2ad76cdd52275c51679bbe5203f6a0576b446cfcd398bf5b8f4b4d64f54342e9b206e1e0b607fc80ba912d8ae2cde6b11af48854b48f06279e154b226f7da05d2dab31008059b326b857e405c04d0ed44f1d0cdac98e7761eb8e90285afa792c7333cb7b280388edde92ebe698a2580fa676b68a28cf8fbd61012f5beea3b01017a5057f86101f0393eaec6d6fa84b8e95d6ed48d241972b618f57485f42ddd0d4c18e51a947d144602afbd162c5fd0947aa23ba5df2f9f285dd54bdf1327cd7612a24437eb493400361f758daf27227e9a4075c926072aa4c2b0ad3c91bd1956ecfc1553fe5156cdf24340b4685c7ff35bf10439d3c1be1fddc14ee0c43b53858ec8412014a43aa37d2abc7962c4e332f788d0c2c6d9363f98df432b452fc48d799a08c964a6987b3bd7593d21b3dca1c731ddeb826be44b881963f9a09275faa2a030505aaffb9de57c8b5b2c7c990bf81a98bcbd0647819752184bc639ec885164f04b3f7e234bfa1dc57464e60fcc156102e01a6f986afc87eb82ea0963d94d4284794f71ff390649dcae06603ad0885108a06188e0b103c670ab97177b0b411c3bfa726e7bd677f39fb4bdf789ff83114a94fdb3eb5466c9dc92f0dd37b3cc19bb145a7241b13d529a2b35e632eec04ae865e5557c8a56f354c2e098b6552031014ebb728875b87a7417db2be7f6502202387b1b512b0f5ccf20b411498d4b16c387d4311d26382f08cb2c57c9e2e1d830ba3f0d4e72895471852abfdb0d443c2a53f15b2f79b3e5458cd6fb3946ed8ba20a1d403da994de2b9af9a6015a8bd6033e3bb4081b307dc32e85c246d83e365fbb2fc8f02df806c8708eb92f4681c6efba31821cc03c7c7357b5cbafa1cf21312ad735361700d16d19a89381303a346d6360e27a417cd4351761561b1322d28ecc6ab2eae18eb86fd4880c33158399590d3c94f3652f4323747b855b6cdb0ec9d4e2e98c33c07a794f5b4fbfbd3b3bc4cacc8c91d482253266b771d89f1f35bb470d554952c33310856637e7ac3e18434a67d68eba391dc94e46998214c4f5be25682d29a06a2c006844b838340e363d97b68f6253dacd72fc8084a5c42f86bba2b674597afb830e1cf2f9cedc85260f1c03740e8592fee220ac4d3e764eb905505b1bfff1296121d649f052264302dfa05b730e2fedd59393f778995d4c8f10d700f9d3e6dd7e5e8769d848d5a080577360696c6d57b4802a3472eb27ce5288b69468c2b49f7fa8b8877a59293cd7ea95d070b172ef590e8ecc84344961181fefce442d025be0ced6aad651bdb35323e87c654fd05d1a149c5122172c2f1c55161383158ab8478feaae680eadd0cc5a08520535875186eedd356b1cd41e3e1bde3a65f68d5c6da81d701b4b25e1a3af0bb90c8f4f9b9fe217e5a10770fe46b8a4d247879280a9c86066c1a4c331fff03193e304a0940ae1bd60ceb7bc4558ca3a4aa1e3c91cb65f63d9b73871ddea9b1615f82597cd96af440225e78e276e8bf4727fff6478e6"]}, 0x1014}, 0x1, 0x0, 0x0, 0x4}, 0x40004) 12:29:58 executing program 3: syz_mount_image$vfat(0x0, &(0x7f0000000240)='./file1\x00', 0xffffffffffffffff, 0x0, 0x0, 0x2882, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_subtree(r0, &(0x7f0000000000), 0x2, 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r2, 0x82307202, &(0x7f0000000300)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:29:58 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="000babe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 3079.116780] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 12:29:58 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x3, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) [ 3079.131789] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 3079.148935] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3079.148935] program syz-executor.4 not setting count and/or reply_len properly [ 3079.170061] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3079.170061] program syz-executor.4 not setting count and/or reply_len properly 12:29:58 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:29:58 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1400000000000000001400000000000000290000000b00000077b23cb900"/48], 0x30}}], 0x2, 0x0) 12:29:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbff, 0x10000}, 0xc) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup(r2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, r3, 0x0) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffd000/0x1000)=nil) 12:29:58 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x1, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) 12:29:58 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="000cabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 3079.385106] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3079.385106] program syz-executor.4 not setting count and/or reply_len properly [ 3079.394231] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3079.394231] program syz-executor.4 not setting count and/or reply_len properly 12:30:13 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0xffffffff00000000, 0x0, 0x0) 12:30:13 executing program 3: ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) r0 = getpgrp(0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0x80000001, 0x4) pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x8c54a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x100}, 0x800, 0x200000000, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10003}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="0180000000e0e0e10100004e200008907800000000000000000000000000000000000000000000000000c3a215ffa8d13fe558a0ac52761e051cae675a77bbbf90a3b82c4f0a176fb2b4f464c02f192f1de6584c8c80b5f75af0d4e2836677707f3b95944c5a642accc3c7efd2dc62d868b23487f5941831215fdbd8a5cc51320d792dded13f254499409b78c3cc896d8072621b0e0361f3b5dff7ea58b7612e062ba02a75e958d1804671de4b9422b375c429aaa27cb6c73bf91cd58e75c8469ee0654c9096b8ebabc7b66dd2f7920255cf2adea7edaeb732f0d01d3b58280c53113083d4a9713db3af2339b013b6e523e4dd88ed28b1b207c89c8207bd9c4e43a49fdce71318902f8e4d26d0214fc06cdc0971c68790ff49c26988f835b3d57c0fda9b83863ecd40d30ca26c2c777218eba44061a0a728336102b6d39ce8b76f0d2d219c1ac961e51444b6d27c63cb74f2d729849c13e4bd2eb9d8c6a265b46a2737299405789bb4bf9e2a294383a8f072650c88ea017196e3384f9deb728417203fadff9fe7f3214af151313e99fb1204379c953abf0402ce67b0686793d99866a010cb35d667fe324c79e3da2f2df62895acd7292432a07652050d308f"], 0x0) ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) [ 3094.366300] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3094.366300] program syz-executor.4 not setting count and/or reply_len properly 12:30:13 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x4, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:30:13 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:30:13 executing program 5: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:30:13 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="000dabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) 12:30:13 executing program 1: r0 = open$dir(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) lseek(r0, 0x0, 0x3) fsetxattr$trusted_overlay_upper(r0, 0x0, 0x0, 0x0, 0x3) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r1, 0x2, 0x2, 0x6985) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001080)=ANY=[@ANYBLOB="280000001800210c000000ddfeffffff020000000800fe06000000000000008005000000da000000"], 0x28}}, 0x0) r4 = openat2(r3, 0x0, &(0x7f0000000340)={0x52ac0, 0x107, 0x14}, 0x18) ioctl$RNDZAPENTCNT(r4, 0x5204, &(0x7f0000000380)=0x7851669e) getdents64(r3, &(0x7f0000000140)=""/255, 0xff) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYRES16], 0x14}}, 0x4090) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000240)={{0x77359400}, {0x0, 0x3938700}}, 0x0) open_tree(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001300)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000005e380)={0x100000000, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}], 0x40, "2aee4ced9c0309"}) unshare(0x48020200) 12:30:13 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESHEX], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x6c0e, 0x7fff) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000440)=ANY=[@ANYRESOCT], 0x2f) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x2}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) fork() r2 = fork() tkill(0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000280)=0x5, 0xfffffffffffffffa) r3 = fork() syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e21016027154f7e210000d6142e8ed6865df556fd6a7300000000000000bd8b7e69ecb57d268a49d8d6accb6a35f7aa6bee3435f0ca00"], 0xa) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x8, r3) [ 3094.384302] audit: type=1326 audit(1708432213.632:379): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31454 comm="syz-executor.6" exe="/syz-executor.6" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f478bbf1b19 code=0x0 [ 3094.389850] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3094.403673] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3094.403673] program syz-executor.4 not setting count and/or reply_len properly 12:30:13 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={0x2c, r1, 0x1, 0x0, 0x5, {0xa}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}}, 0x0) 12:30:13 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc0) r1 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3f, 0x7f, 0x7, 0x1, 0x0, 0x1f, 0xa201, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x2}, 0x80, 0x21b5097d, 0xe36, 0x0, 0x8, 0x100, 0x81, 0x0, 0x1, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x8, r1, 0x8) write(r0, &(0x7f0000000240)="01", 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) poll(&(0x7f0000000040)=[{r3}], 0x1, 0x5) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) mq_timedsend(r3, &(0x7f0000000140), 0x0, 0x20, &(0x7f00000001c0)={r4, r5+60000000}) r6 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file1\x00', 0x0, 0x0) copy_file_range(r6, 0x0, r2, &(0x7f0000000280)=0x10000, 0xc3a, 0x0) 12:30:13 executing program 3: ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) r0 = getpgrp(0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0x80000001, 0x4) pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x8c54a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x100}, 0x800, 0x200000000, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10003}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="0180000000e0e0e10100004e200008907800000000000000000000000000000000000000000000000000c3a215ffa8d13fe558a0ac52761e051cae675a77bbbf90a3b82c4f0a176fb2b4f464c02f192f1de6584c8c80b5f75af0d4e2836677707f3b95944c5a642accc3c7efd2dc62d868b23487f5941831215fdbd8a5cc51320d792dded13f254499409b78c3cc896d8072621b0e0361f3b5dff7ea58b7612e062ba02a75e958d1804671de4b9422b375c429aaa27cb6c73bf91cd58e75c8469ee0654c9096b8ebabc7b66dd2f7920255cf2adea7edaeb732f0d01d3b58280c53113083d4a9713db3af2339b013b6e523e4dd88ed28b1b207c89c8207bd9c4e43a49fdce71318902f8e4d26d0214fc06cdc0971c68790ff49c26988f835b3d57c0fda9b83863ecd40d30ca26c2c777218eba44061a0a728336102b6d39ce8b76f0d2d219c1ac961e51444b6d27c63cb74f2d729849c13e4bd2eb9d8c6a265b46a2737299405789bb4bf9e2a294383a8f072650c88ea017196e3384f9deb728417203fadff9fe7f3214af151313e99fb1204379c953abf0402ce67b0686793d99866a010cb35d667fe324c79e3da2f2df62895acd7292432a07652050d308f"], 0x0) ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) 12:30:13 executing program 5: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000010c0)=ANY=[@ANYBLOB="010008000000000000000000", @ANYRES32=r0, @ANYRESOCT=r0]) ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5201) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, &(0x7f0000001080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f00000001c0), &(0x7f00000013c0)=0x2) ioctl$BTRFS_IOC_ADD_DEV(r2, 0x5000940a, &(0x7f00000000c0)={{r0}, "de0cff1dd06821b8f777dc21ace218ee3a3722c1202d3a8d71f44627ab9dc6dbc0d830ac9bbfcc8cdfa9b2405b3f5f838f2e2e3c561d60f515600a817270864cb01d20d55121418ea3b0a5c7d6bdaefad78dd158f1d0a9bafeb2ccabc469f8ab0a40043894a631453af6191b7670657a39f1595dcca58a699407c8056b46871322ae362eba15c060bf4b203a88fb1267a48bfb3b877cc3dbd7d18543a5d619b5aaf8115494fc7b5b1e276e03c04ed162b58554ed9f22faf6b096e79642f0c9e5964196a29ec048f6c42afabd79074dfd172eb117e0e61452a2fda57596428817325caa4a19174c6bdc3ef10a6d542789f940647b904a56cc0f15cb9cea3c9e60bd24dd9db3a85bee265c3b02fab42103e62546e7a54c2cb454eff7406c9c6478515105959fa9a0233431d189dd7db34ef8ec434bb153ad8edd275bfacffceabefb0b13da2d735a7a373e83248ecd38e8582400648f34501758af97ee14c28aed6291c36c2c19b6e43136b1dd38d678868f4fcf24e13e9fcfb839b8116be987ee89a8642a4ebfe13aaf9fc257323297f8677dc949acf693c48b12b6b21801f417c769b4e473284f6d40085e49478ab84d99089b5bde9bc7895e7e0137527572bd337bb5cc81d01801785ab83461086e821fa5b02d041528668782f927c67572d83bc3a47e221e4c6ac8cddfc59f6c2f9381bcb0f78a9cb87c347817280351dee5358aec74481bfb1c27ca28269dd9cb1b30fb125981c2698fe8413bc927b6dc3ec9f5337cb6628484520150be46c10f8bd694400c7f47ccb6fc13f52c8d4e54152a973f051032048ac0d90938690fd18369d0f58733dd12680e3c47df529f5517f55742d1cdb1ec478f34d043d12db0c5258553e39967a628d9785d5d7bffb1395fc0fc6be4aeca7e796b7a1351cb6d171db8e5bb47afb4f69bb92135c7b87e471587531b6aee84367431d98c6fc7fbcba598c2a5b41ce24d1f0db422b33f35c38e9d402f020fe1027f779a78a7b8efacae8dd881720c3aac08415f247be91b903156d36a43c476e7b1a7bd8123d9dd176437ff2cfbe5fa233c4d11849cb922da8c931145f305f8d6a3a27cd777d5b3946a8a788c974212abb20e616b1666be625cc79db11ac9b82eb9e2feb4d174b4f36c7a0c1363cbb52681f876e700ced841e781df5a23cbb2a8f5ed1e6281b4d84e568e13d05067ff139f8c76f37408708fa7476ea82f8fcc38c4493f419474a33b3c3b3fe81dfa66403786753de035a602162b1bf38d3a8adb59aa013bda2e4daa25a20baebe913da8a6d4654a103b8969223092132ea22aec351edeaf0200a0d76c15ece34fba06dde50b1fee4efab55e5d6804eebf6b001484d1eaedf82cc6c5125dc1226ea1df993b388905612fa7795413b727415346e94bcb98915612e1820efb9f8060d68801fa675ad68217f1a480181c72544a523b2c9a97580e5406bbe327eff0e0bb8f5655a4dacf4de992e70f2057f95daf448b056b42c37384e8de070cf5a1c6422f3fb1b20ac429434cf0b711f82f32af367ef460bd155330615afe987969f6dc48e7210c1622b4609a0ed943025bec4b8426dec8b213cc4023a08ab9a1ef6b991eb47aff1366f870b36c316fb8f64ba27eb8428844bcfeefc07d9657379b3a5af187ef4fd78f8a2f43774165a81ce1c21bfe82af0dcf5ae1bef33a18b8c5f1400a38297cfe304e5717952faee6b9943c029512b64ff01cffbfdbe3b14c9e566694d98de12e65ecaa6525860fc8a6d039205904b64cdbd0cf46c4313aceffd6f64ae2a26d00604ad559f60a6116096ee50dfd33d4f4ca9e7de3963c42bed18f37987248e1bd4b98441795592357f1ffc2bd0fceef1c81873d954174e7a2c906975c4ccc658fbead8f141a34db7638663d2ae0e76e342d9e065bb128b73df3152dd372cc05e55acf760aeded10dd6c6feeb2eb8a9ee48df767f4059851cf9a9efef737354033c87a8ba27f68276abbb923c7d89678b4e4daac6420e63e831bc200c900b0b86f458ad731a7fe75b15b67ed02e6750eb25843627d99065535f884e0d6bb8af8a382d7ca70663aa8c0e754bd79cf8268be92a5f19354d16e9704b3fa7c391c87f33025c201d506fea4d9d8e041ee848f1d099439558bc892bd87370ee2c72e6a005c175a3869f5c34dfca101e27f01811c0260ebacc60bf64465c474c2f20952c343c453db41fe40317d3d8f4c1c4333ceb6775e0a2af31b46c693df5bf94757f57eb02fb6ea542b0fe31c4d81a81765f7e6d08e112315d45bd70eee3e24484144b6458fabdcc94429923e6868000d645ef3afd632ed15dd00be28fe44088f646d3277894e0326ef4a2d4ae289fda27803a64d636aaa8b5dc931fee863788ba03dde28279d1b31df6db6cbf97fbd616ecec375ec312f3f77dfa737afd424f38b3066b8de7056dc09b021440807b4833c0c6fc2fa6bfb1fdc982b817371f3cf95ceb603585ec4c48965e2a631b3bec16044f21fe640982d3e9adf33c968303d5b1ea738d8b197f170af9e49530c64763b395a3ed64e7281ad893e3cac3a0bfcffb26b597880dc74f2afd8a1c609d4a95943df43832ebff24ade87e4d169d9fe7299bb61dd839139bcc117ffb43960af9433c54df7f4e724222ae6d9662f241517c541bc2a841c842bdec9bd1bec72f83c0ce2342925e71f8715b8cad6dab1e2caaff638c76b8c116dceff80e50d13f7ace5f46f0ccac3ebc8b951c5a62e56633236b035617d9e8502952f6e28c94be7bfcedce583d8c5d26fd382e39e6b4bc346c99d3980da1f3f1de44e95ea9a5ec3d81927ceade409a8aca34e203c3f3df4b70586fb6479d3228a97524f484b086c8479a9636778450247a427e36f31647731a6cfc9508d3e0ede9a01cd36afdd3eefb46209b672b7ec2669337f1f0f965d19bd1025ae3c881b4295defbb67cbc73bb91575deccc514a0cf663d31e00255c9c8969a2455935be9724b76825bfee681b7b2df5b6694c23f743f925e27b67cab0f14a208560e9ab721fcce7bce630a5311a262c69f09012c991a23e7f0ef5c5bb80d036106a24285005524816f21de4b181265542f15ea7573362dfdcde556aec2a962425f71feffaacd59e464e46bc5a19073f47859273e1daa41ead4d128c2b76136b905fa209fc0111ea4c9f79af213978736c6ef0fc40db0c4ddaf22ac2300a90b11cb00af8f2daed31aa3ae2b5f85e52e9650f0531ecbb963ab2c1d6a9aa62a1d00183aa2470fd6f20632d92d245f41cbbfa80cdb6ed86d1b0a15ba3696f556d407a0d4ec09d48ad3b87d492d369897f0b90aa5c64b36d16516da94b52427294b0bbb190dbafef9c9486ddc286a08fa84fe2dd877458765880d156fc4987c2b406a64d5abcd2958d4c3247f2a3030a2f206ef8e29634b15c7822c8e32f579c749fad456582c2a133694854b84f089bc35465cf5c6f06d8e924b2f0f08f7e6ce204d9d32b1a686f3316183d8eea9eb2788e180d1c4119e0863ccd6a635d819cd532c46409bd51ab97c00a1f464e990eaa3d91777e2a1fb5cbe7c5fd81435e18713fdff8805ecb405cf25bedead6a825799d7be09cd3b2449f935f009d14eca994b466049408c61b2abf04fda89677864725a9c65519f7f3e10e8caef0d89be32e9c961ac0eb9b3c1bbc4b001e7b8296231a2583b5fb64ec68ea7bc4c949d9f085e48564cce6fc05bd5f9c7515cfccebd5fb2900b3d87fd7d30cc6ea54f32d6f58f9dd21ec650e59448f30ae95ecfde9cb6b785e3981250614ad5bc9a40b60142fde5cf713242b12ac12f5de3b9ec1aff9616bff907279257451696eb155d8723d08ae9a8df493bd410fe3a0590b0bab61986d25f7225d6194169280073fdbe8d2feef01b88e60e6c84223fe0f9578a8c93e235476d24ff3e917cf00e402cf6944bba7b59fcf2f72fee2d9e3e232c4856eb4303d9fd8912d1f39d1b058d6013f499e949acf967f87e2e5e2a6bcf82ef3e8dc39f97775e26b3ad70c168ad40c8bf1d7844bd0521b08de2dae055d121214579b0b871600c6a78af6af75c34f86134840ca2f7ca8d5511d12245d79c1a72cd9ebf48a95b9a293407021731fbf326ebcd67fd32424d6eff7363959bd9ae8492b5379abd8daebe00ae5ead31805426b2a4578c61fd6c9d3419c81ee9d0e95e01fc088b95bc79241641abb41317d10565fb412fcda406115b9fa2f2cf552e481c120e6350fe66bec3e1266e0eae0cec0b108e6c8e2cab7ebaec75d84230b490a0940f6d197ed40bd5fea0a062e6731ec47768489d73874825c316c884fed9d92bea98a0424a6a71996b1d3ca72609fa78947885c580847c54438765f9bf68879cd61abb1dce97705c4af4f46033e940325ad4043b6c9207a2c45f7526523e2b7c8824f0276ef07e7f0a32b2f49bc2b845336938be5e1402399e5e3994c6c74ffb0c42167022eec74e57d13c172656b3ce040f088935cd4cc52456ec90996457993659dd4ed1c17b7fe84e42a32587e16e6c26d3a967316079c55e6094f9b9c65854fc92ec283c231bebd604a3876fe1bc5a424559f58cd4fa1018fd111fd69e65289b5c6d55a17352280e5842022c23c7b9f42d29b1d40af7b6ec1fccce8ca9a2b2a661f4907d0cc980a900190842079e966370af6c300eccf54c946a4ef162b4db37614fb515de9d3c6a01edd285fdb9b6c4418f8b864e82979512dd67e0c003ff76d7f7eb669dbdcd6b87e9e76df5a77bc6264403dcf3f48e7ad5fdb7ce75d424902b61605bc0a91fc45db54348d27727038eed1a66106c9c9860e620e41993984743363770f605c6a963b6f4dabbd9e455ff0fd82b6ce5ac723d0baa05954181a3968fe76c70fa45e5cf99e1622375117b16d270825f5e4ac89423d456dd5b1f149843b5d1aa0fd4bcbaa58d5aee4a6507e45d798d5e044e21bda0ce0a2d806b92fb90e42eb0ebfc274ae90436c25bcd15cdaeaab490f6c5cd9a21e086cee90f54a1aac87fd4a956641d9010e53f4e0a4f086f612db126819f92d0f25643f3a711f93d2880564068a95fbc4b54675df5fb050545d6717e403f39570c1aa21fc81a253ff63a4a2fb8f5a3c0ea43ebe0925bf4f4936a118a2395adc8ae881e89b6e8efa5180fa2f2a53eedbc60c682ed4c7d2daef8a87193cfd8495c9f2c74bd1fd745c9579bff8b79d93f96e02b5cbe0c1e0cc3baa3c5498d2ca3132f8c6791f4af63bd975877a7eaa0d270f4ea47f01585df0311ff0f4549bb1c21c81cdebbaa01a275d2fef159810dcd3fe68c9c00c457d2e667b80b486e1e51716ccd55fa8c7b78173c30dba5d58a48d40771c8318f742c316e30e3d542e8c7e45d6bdff8a5aa649f60162489350870cfb9c1e52b0fd2fe08dc38e9aa07b6f91759d74d943a9d2b309b94499cfc96431a30e412ae45fc6bfec9fd8a666965ca6f92d9b98fe952685ab6c938998c98713b833fe25c03e533d703f132011bc8c2724d83e69e86f45085719033922333aea60aa626b4ed27884bd526dca84f39993cbdc37b5e24adbce2b4d745be0dc1b62be28ce62b815166d14f962e97109ca69777b03f5c24e415f82a586182a515169a811533e3681ae3779a9b4d0622c09e8a3f6ace6c8030f73f6ed2982f1997706f7aaa8405bf28feccdbf35b9df1f1e3fe1400203448078e0a575dbdd1f1c1d5465c28a73a507b7b5032a92678280285e2d99cc349d525f4039def2b29cb0272a94680e0e173cc7cd521cf747f41d93c4516872d044fa816a3ea8648ce66c25c866"}) 12:30:13 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x82801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000000)=0x1) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="000eabe0d4dc03000000000000008b2428de4d72b89aeddb2a530000000000000000000c3f089694ed90fa7c43", 0x2d}], 0x1) [ 3094.592204] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3094.592204] program syz-executor.4 not setting count and/or reply_len properly [ 3094.609648] sg_write: data in/out 253104/8 bytes for SCSI command 0x3f-- guessing data in; [ 3094.609648] program syz-executor.4 not setting count and/or reply_len properly [ 3094.623995] [ 3094.624338] ====================================================== [ 3094.625347] WARNING: possible circular locking dependency detected [ 3094.626362] 5.10.209 #1 Not tainted [ 3094.626924] ------------------------------------------------------ [ 3094.627910] syz-executor.5/31560 is trying to acquire lock: [ 3094.628805] ffff88800beecb78 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xdd/0xa90 [ 3094.630442] [ 3094.630442] but task is already holding lock: [ 3094.631365] ffffffff85619668 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0xff/0x4b0 [ 3094.632782] [ 3094.632782] which lock already depends on the new lock. [ 3094.632782] [ 3094.634059] [ 3094.634059] the existing dependency chain (in reverse order) is: [ 3094.635241] [ 3094.635241] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 3094.640136] __mutex_lock+0x13d/0x10b0 [ 3094.640865] rfkill_register+0x36/0xa10 [ 3094.641584] hci_register_dev+0x42e/0xc00 [ 3094.642329] __vhci_create_device+0x2c8/0x5c0 [ 3094.643124] vhci_open_timeout+0x38/0x50 [ 3094.643861] process_one_work+0x9a9/0x14b0 [ 3094.644729] worker_thread+0x61d/0x1310 [ 3094.645431] kthread+0x38f/0x470 [ 3094.646030] ret_from_fork+0x22/0x30 [ 3094.646670] [ 3094.646670] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 3094.647665] __mutex_lock+0x13d/0x10b0 [ 3094.648335] vhci_send_frame+0x63/0xa0 [ 3094.649020] hci_send_frame+0x1b9/0x320 [ 3094.649699] hci_tx_work+0x10af/0x1660 [ 3094.650379] process_one_work+0x9a9/0x14b0 [ 3094.651096] worker_thread+0x61d/0x1310 [ 3094.651791] kthread+0x38f/0x470 [ 3094.652391] ret_from_fork+0x22/0x30 [ 3094.653035] [ 3094.653035] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 3094.654248] __flush_work+0x105/0xa90 [ 3094.654920] hci_dev_do_close+0x131/0x1240 [ 3094.655653] hci_unregister_dev+0x149/0x430 [ 3094.656410] vhci_release+0x70/0xf0 [ 3094.657046] __fput+0x285/0x980 [ 3094.657620] task_work_run+0xe2/0x1a0 [ 3094.658281] do_exit+0xb6f/0x2600 [ 3094.658885] do_group_exit+0x125/0x310 [ 3094.659550] __x64_sys_exit_group+0x3a/0x50 [ 3094.660282] do_syscall_64+0x33/0x40 [ 3094.660938] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3094.661787] [ 3094.661787] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 3094.662755] __mutex_lock+0x13d/0x10b0 [ 3094.663424] bg_scan_update+0x82/0x500 [ 3094.664091] process_one_work+0x9a9/0x14b0 [ 3094.664828] worker_thread+0x61d/0x1310 [ 3094.665515] kthread+0x38f/0x470 [ 3094.666107] ret_from_fork+0x22/0x30 [ 3094.666739] [ 3094.666739] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 3094.668022] __lock_acquire+0x29e7/0x5b00 [ 3094.668731] lock_acquire+0x197/0x470 [ 3094.669392] __flush_work+0x105/0xa90 [ 3094.670047] __cancel_work_timer+0x368/0x4c0 [ 3094.670796] hci_request_cancel_all+0x73/0x230 [ 3094.671563] hci_dev_do_close+0xd9/0x1240 [ 3094.672278] hci_rfkill_set_block+0x166/0x1a0 [ 3094.673055] rfkill_set_block+0x1fd/0x540 [ 3094.673764] rfkill_fop_write+0x253/0x4b0 [ 3094.674472] vfs_write+0x29a/0xa70 [ 3094.675087] ksys_write+0x1f6/0x260 [ 3094.675714] do_syscall_64+0x33/0x40 [ 3094.676351] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3094.677212] [ 3094.677212] other info that might help us debug this: [ 3094.677212] [ 3094.678412] Chain exists of: [ 3094.678412] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 3094.678412] [ 3094.680462] Possible unsafe locking scenario: [ 3094.680462] [ 3094.681354] CPU0 CPU1 [ 3094.682047] ---- ---- [ 3094.682739] lock(rfkill_global_mutex); [ 3094.683359] lock(&data->open_mutex); [ 3094.684317] lock(rfkill_global_mutex); [ 3094.685303] lock((work_completion)(&hdev->bg_scan_update)); [ 3094.686195] [ 3094.686195] *** DEADLOCK *** [ 3094.686195] [ 3094.687096] 1 lock held by syz-executor.5/31560: [ 3094.687800] #0: ffffffff85619668 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0xff/0x4b0 [ 3094.689234] [ 3094.689234] stack backtrace: [ 3094.689918] CPU: 1 PID: 31560 Comm: syz-executor.5 Not tainted 5.10.209 #1 [ 3094.690957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3094.692217] Call Trace: [ 3094.692632] dump_stack+0x107/0x167 [ 3094.693193] check_noncircular+0x263/0x2e0 [ 3094.693839] ? register_lock_class+0xbb/0x17b0 [ 3094.694539] ? print_circular_bug+0x470/0x470 [ 3094.695229] ? find_first_zero_bit+0x94/0xb0 [ 3094.695915] ? alloc_chain_hlocks+0x342/0x5a0 [ 3094.696617] __lock_acquire+0x29e7/0x5b00 [ 3094.697265] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3094.698070] ? SOFTIRQ_verbose+0x10/0x10 [ 3094.698699] ? __lockdep_reset_lock+0x180/0x180 [ 3094.699417] ? mark_lock+0xf5/0x2df0 [ 3094.700002] lock_acquire+0x197/0x470 [ 3094.700590] ? __flush_work+0xdd/0xa90 [ 3094.701187] ? lock_release+0x680/0x680 [ 3094.701804] ? __flush_work+0x78c/0xa90 [ 3094.702416] ? lock_downgrade+0x6d0/0x6d0 [ 3094.703063] __flush_work+0x105/0xa90 [ 3094.703642] ? __flush_work+0xdd/0xa90 [ 3094.704237] ? lock_chain_count+0x20/0x20 [ 3094.704880] ? queue_delayed_work_on+0xe0/0xe0 [ 3094.705585] ? mark_lock+0xf5/0x2df0 [ 3094.706158] ? lock_acquire+0x197/0x470 [ 3094.706776] ? find_held_lock+0x2c/0x110 [ 3094.707400] ? __wake_up_common_lock+0xde/0x140 [ 3094.708107] ? mark_held_locks+0x9e/0xe0 [ 3094.708741] __cancel_work_timer+0x368/0x4c0 [ 3094.709409] ? cancel_delayed_work+0x20/0x20 [ 3094.710083] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3094.710879] ? __cancel_work+0x1bb/0x2b0 [ 3094.711496] ? try_to_grab_pending+0xe0/0xe0 [ 3094.712182] hci_request_cancel_all+0x73/0x230 [ 3094.712881] hci_dev_do_close+0xd9/0x1240 [ 3094.713522] ? rfkill_set_block+0x18f/0x540 [ 3094.714178] ? hci_dev_open+0x350/0x350 [ 3094.714782] ? mark_held_locks+0x9e/0xe0 [ 3094.715404] hci_rfkill_set_block+0x166/0x1a0 [ 3094.716081] ? hci_power_off+0x20/0x20 [ 3094.716688] rfkill_set_block+0x1fd/0x540 [ 3094.717322] rfkill_fop_write+0x253/0x4b0 [ 3094.717951] ? rfkill_sync_work+0xa0/0xa0 [ 3094.718594] ? security_file_permission+0x24e/0x570 [ 3094.719354] ? rfkill_sync_work+0xa0/0xa0 [ 3094.719986] vfs_write+0x29a/0xa70 [ 3094.720541] ksys_write+0x1f6/0x260 [ 3094.721097] ? __ia32_sys_read+0xb0/0xb0 [ 3094.721721] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3094.722524] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3094.723312] do_syscall_64+0x33/0x40 [ 3094.723875] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3094.724658] RIP: 0033:0x7f3d50ec2b19 [ 3094.725225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3094.728021] RSP: 002b:00007f3d4e438188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3094.729188] RAX: ffffffffffffffda RBX: 00007f3d50fd5f60 RCX: 00007f3d50ec2b19 [ 3094.730272] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003 [ 3094.731363] RBP: 00007f3d50f1cf6d R08: 0000000000000000 R09: 0000000000000000 [ 3094.732451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3094.733530] R13: 00007ffe56ea8f4f R14: 00007f3d4e438300 R15: 0000000000022000 [ 3094.785114] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. VM DIAGNOSIS: 12:30:13 Registers: info registers vcpu 0 RAX=ffffffff81386e4b RBX=ffff8880088bf548 RCX=ffff8880088bf548 RDX=dffffc0000000000 RSI=ffff8880088bfcb8 RDI=ffff8880088bfcb8 RBP=ffff8880088bfcb8 RSP=ffff8880088bf3f8 R8 =ffffffff859c3b51 R9 =ffff8880088bfcc0 R10=0000000000032042 R11=1ffff11001117e8d R12=ffff8880088bf500 R13=ffff8880088b8000 R14=1ffff11001117e8d R15=ffffffff859c3b50 RIP=ffffffff81107122 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc29ea14900 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000564b97a69a50 CR3=000000000fc12000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff000000000000ff00000000000000 XMM01=00010000000000000100000000000000 XMM02=7463656a6e695f31313230385f7a7973 XMM03=06fe000800000002fffffffedd000000 XMM04=ff000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff822cbdac RDI=ffffffff879e8240 RBP=ffffffff879e8200 RSP=ffff888048baf188 R8 =0000000000000001 R9 =0000000000000003 R10=000000000000000a R11=0000000000000001 R12=0000000000000020 R13=fffffbfff0f3d094 R14=fffffbfff0f3d04a R15=dffffc0000000000 RIP=ffffffff822cbe00 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f3d4e438700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffc4c278d68 CR3=000000003c6e0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000