7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 7)

18:23:43 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c220920000000000000100000000000000090000000004"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:23:43 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 2)

18:23:43 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fcntl$getown(r0, 0x9)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r2=>r0, {0x9}}, './file0\x00'})
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xf9, 0x40, 0xf9, 0x7, 0x0, 0x965d, 0x80, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0xaf, 0x2, @perf_config_ext={0xce, 0xd7f6}, 0x0, 0x100000000, 0x401, 0x7, 0xff, 0x1, 0x1f, 0x0, 0x8, 0x0, 0x3}, r1, 0x7, r2, 0xb)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)
fcntl$setpipe(r4, 0x407, 0x2f)

18:23:43 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, 0x0, 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[  919.574886] FAULT_INJECTION: forcing a failure.
[  919.574886] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  919.577757] CPU: 1 PID: 6619 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  919.579167] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  919.580858] Call Trace:
[  919.581397]  dump_stack+0x107/0x167
[  919.582144]  should_fail.cold+0x5/0xa
[  919.582940]  _copy_from_user+0x2e/0x1b0
[  919.583752]  __copy_msghdr_from_user+0x91/0x4b0
[  919.584702]  ? __ia32_sys_shutdown+0x80/0x80
[  919.585594]  ? __lock_acquire+0x1657/0x5b00
[  919.586484]  ___sys_recvmsg+0xd5/0x200
[  919.587291]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  919.588302]  ? lock_downgrade+0x6d0/0x6d0
[  919.589147]  ? lock_acquire+0x197/0x470
[  919.589951]  ? find_held_lock+0x2c/0x110
[  919.590782]  ? __might_fault+0xd3/0x180
[  919.591598]  ? lock_downgrade+0x6d0/0x6d0
[  919.592459]  do_recvmmsg+0x24c/0x6d0
[  919.593222]  ? ___sys_recvmsg+0x200/0x200
[  919.594061]  ? lock_downgrade+0x6d0/0x6d0
[  919.594918]  ? ksys_write+0x12d/0x260
[  919.595209] FAULT_INJECTION: forcing a failure.
[  919.595209] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  919.595708]  ? wait_for_completion_io+0x270/0x270
[  919.595730]  ? rcu_read_lock_any_held+0x75/0xa0
[  919.595746]  ? vfs_write+0x354/0xa70
[  919.595769]  __x64_sys_recvmmsg+0x20f/0x260
[  919.595786]  ? ksys_write+0x1a9/0x260
[  919.595804]  ? __do_sys_socketcall+0x600/0x600
[  919.595827]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  919.595844]  ? syscall_enter_from_user_mode+0x1d/0x50
[  919.595869]  do_syscall_64+0x33/0x40
[  919.595890]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  919.595902] RIP: 0033:0x7f13d67b3b19
[  919.595920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  919.595930] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  919.595950] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  919.595960] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  919.595971] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  919.595981] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  919.595991] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[  919.624242] CPU: 0 PID: 6621 Comm: syz-executor.3 Not tainted 5.10.199 #1
18:23:43 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
ppoll(&(0x7f0000000000)=[{r1, 0x1000}, {0xffffffffffffffff, 0x9}, {r2, 0x415}, {r0}, {r3, 0x2}, {r4, 0x1}], 0x6, &(0x7f0000000040)={0x77359400}, &(0x7f00000000c0)={[0x2]}, 0x8)
pipe2(&(0x7f0000000080)={<r5=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r5, 0x408)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r5, @ANYBLOB="000ac3000000000000007e742e2f6669"])
fcntl$getflags(r0, 0x408)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0x3, 0x7f, 0x5, 0x20, 0x0, 0x7, 0x80, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3f, 0x2, @perf_bp={&(0x7f0000000140), 0xc}, 0x8, 0xffffffffffffffe1, 0x1f, 0x2, 0x2, 0x3, 0x6, 0x0, 0xfffffff9, 0x0, 0x6}, 0xffffffffffffffff, 0xa, r6, 0x0)

[  919.625625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  919.627435] Call Trace:
[  919.627970]  dump_stack+0x107/0x167
[  919.628712]  should_fail.cold+0x5/0xa
[  919.629489]  _copy_from_user+0x2e/0x1b0
[  919.630300]  __copy_msghdr_from_user+0x91/0x4b0
[  919.631261]  ? __ia32_sys_shutdown+0x80/0x80
[  919.632151]  ? __lock_acquire+0x1657/0x5b00
[  919.633040]  ___sys_recvmsg+0xd5/0x200
[  919.633830]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  919.634815]  ? lock_downgrade+0x6d0/0x6d0
[  919.635667]  ? lock_acquire+0x197/0x470
[  919.636444]  ? find_held_lock+0x2c/0x110
[  919.637275]  ? __might_fault+0xd3/0x180
[  919.638070]  ? lock_downgrade+0x6d0/0x6d0
[  919.638936]  do_recvmmsg+0x24c/0x6d0
[  919.639695]  ? ___sys_recvmsg+0x200/0x200
[  919.640549]  ? lock_downgrade+0x6d0/0x6d0
[  919.641386]  ? ksys_write+0x12d/0x260
[  919.642149]  ? wait_for_completion_io+0x270/0x270
[  919.643183]  ? rcu_read_lock_any_held+0x75/0xa0
[  919.644121]  ? vfs_write+0x354/0xa70
[  919.644863]  __x64_sys_recvmmsg+0x20f/0x260
[  919.645706]  ? ksys_write+0x1a9/0x260
[  919.646460]  ? __do_sys_socketcall+0x600/0x600
[  919.647385]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  919.648408]  ? syscall_enter_from_user_mode+0x1d/0x50
[  919.649431]  do_syscall_64+0x33/0x40
[  919.650169]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  919.651196] RIP: 0033:0x7f6a9e85fb19
[  919.651925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  919.655580] RSP: 002b:00007f6a9bdd5188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  919.657076] RAX: ffffffffffffffda RBX: 00007f6a9e972f60 RCX: 00007f6a9e85fb19
[  919.658487] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  919.659923] RBP: 00007f6a9bdd51d0 R08: 0000000000000000 R09: 0000000000000000
[  919.661328] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  919.662756] R13: 00007ffce56e72ef R14: 00007f6a9bdd5300 R15: 0000000000022000
[  919.680777] FAULT_INJECTION: forcing a failure.
[  919.680777] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  919.683351] CPU: 0 PID: 6623 Comm: syz-executor.7 Not tainted 5.10.199 #1
[  919.684690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  919.686320] Call Trace:
[  919.686862]  dump_stack+0x107/0x167
[  919.687589]  should_fail.cold+0x5/0xa
[  919.688349]  _copy_from_user+0x2e/0x1b0
[  919.689143]  __copy_msghdr_from_user+0x91/0x4b0
[  919.690058]  ? __ia32_sys_shutdown+0x80/0x80
[  919.690934]  ? __lock_acquire+0x1657/0x5b00
[  919.691820]  ___sys_recvmsg+0xd5/0x200
[  919.692587]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  919.693550]  ? lock_downgrade+0x6d0/0x6d0
[  919.694377]  ? lock_acquire+0x197/0x470
[  919.695213]  ? find_held_lock+0x2c/0x110
[  919.696029]  ? __might_fault+0xd3/0x180
[  919.696855]  ? lock_downgrade+0x6d0/0x6d0
[  919.697700]  do_recvmmsg+0x24c/0x6d0
[  919.698440]  ? ___sys_recvmsg+0x200/0x200
[  919.699273]  ? lock_downgrade+0x6d0/0x6d0
[  919.700098]  ? ksys_write+0x12d/0x260
[  919.700860]  ? wait_for_completion_io+0x270/0x270
[  919.701815]  ? rcu_read_lock_any_held+0x75/0xa0
[  919.702729]  ? vfs_write+0x354/0xa70
[  919.703790]  __x64_sys_recvmmsg+0x20f/0x260
18:23:43 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 8)

[  919.704852]  ? ksys_write+0x1a9/0x260
[  919.705894]  ? __do_sys_socketcall+0x600/0x600
[  919.707060]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  919.708323]  ? syscall_enter_from_user_mode+0x1d/0x50
[  919.709606]  do_syscall_64+0x33/0x40
[  919.710505]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  919.711781] RIP: 0033:0x7fd50191ab19
[  919.712678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  919.716836] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  919.718386] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[  919.719804] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  919.721263] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[  919.722662] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  919.724129] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:23:43 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:23:43 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[  919.796056] FAULT_INJECTION: forcing a failure.
18:23:43 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 6)

[  919.796056] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  919.799015] CPU: 0 PID: 6629 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  919.800396] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  919.802031] Call Trace:
[  919.802566]  dump_stack+0x107/0x167
[  919.803308]  should_fail.cold+0x5/0xa
[  919.804072]  _copy_from_user+0x2e/0x1b0
[  919.804870]  __copy_msghdr_from_user+0x91/0x4b0
[  919.805798]  ? __ia32_sys_shutdown+0x80/0x80
[  919.806729]  ? __lock_acquire+0x1657/0x5b00
[  919.807625]  ___sys_recvmsg+0xd5/0x200
[  919.808404]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  919.809377]  ? lock_downgrade+0x6d0/0x6d0
[  919.810199]  ? lock_acquire+0x197/0x470
[  919.810992]  ? find_held_lock+0x2c/0x110
[  919.811812]  ? __might_fault+0xd3/0x180
[  919.812599]  ? lock_downgrade+0x6d0/0x6d0
[  919.813446]  do_recvmmsg+0x24c/0x6d0
[  919.814234]  ? ___sys_recvmsg+0x200/0x200
[  919.815076]  ? lock_downgrade+0x6d0/0x6d0
[  919.815908]  ? ksys_write+0x12d/0x260
[  919.816706]  ? wait_for_completion_io+0x270/0x270
[  919.817731]  ? rcu_read_lock_any_held+0x75/0xa0
[  919.818655]  ? vfs_write+0x354/0xa70
[  919.819427]  __x64_sys_recvmmsg+0x20f/0x260
[  919.820286]  ? ksys_write+0x1a9/0x260
[  919.821082]  ? __do_sys_socketcall+0x600/0x600
[  919.821996]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  919.823107]  ? syscall_enter_from_user_mode+0x1d/0x50
[  919.824134]  do_syscall_64+0x33/0x40
[  919.824896]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  919.826094] RIP: 0033:0x7f13d67b3b19
[  919.826959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  919.830682] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  919.832300] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  919.833732] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  919.835200] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  919.836609] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  919.838109] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[  919.946160] FAULT_INJECTION: forcing a failure.
[  919.946160] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  919.949861] CPU: 0 PID: 6636 Comm: syz-executor.3 Not tainted 5.10.199 #1
[  919.951276] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  919.952968] Call Trace:
[  919.953514]  dump_stack+0x107/0x167
[  919.954272]  should_fail.cold+0x5/0xa
[  919.955085]  _copy_from_user+0x2e/0x1b0
[  919.955896]  __copy_msghdr_from_user+0x91/0x4b0
[  919.956837]  ? __ia32_sys_shutdown+0x80/0x80
[  919.957727]  ? __lock_acquire+0x1657/0x5b00
[  919.958615]  ___sys_recvmsg+0xd5/0x200
[  919.959424]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  919.960417]  ? lock_downgrade+0x6d0/0x6d0
[  919.961254]  ? lock_acquire+0x197/0x470
[  919.962051]  ? find_held_lock+0x2c/0x110
[  919.962889]  ? __might_fault+0xd3/0x180
[  919.963691]  ? lock_downgrade+0x6d0/0x6d0
[  919.964563]  do_recvmmsg+0x24c/0x6d0
[  919.965332]  ? ___sys_recvmsg+0x200/0x200
[  919.966178]  ? lock_downgrade+0x6d0/0x6d0
[  919.967052]  ? ksys_write+0x12d/0x260
[  919.967846]  ? wait_for_completion_io+0x270/0x270
[  919.968834]  ? rcu_read_lock_any_held+0x75/0xa0
[  919.969785]  ? vfs_write+0x354/0xa70
[  919.970557]  __x64_sys_recvmmsg+0x20f/0x260
[  919.971444]  ? ksys_write+0x1a9/0x260
[  919.972225]  ? __do_sys_socketcall+0x600/0x600
[  919.973163]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  919.974359]  ? syscall_enter_from_user_mode+0x1d/0x50
[  919.975735]  do_syscall_64+0x33/0x40
[  919.976634]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  919.977698] RIP: 0033:0x7f6a9e85fb19
[  919.978478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  919.982277] RSP: 002b:00007f6a9bdd5188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  919.983820] RAX: ffffffffffffffda RBX: 00007f6a9e972f60 RCX: 00007f6a9e85fb19
[  919.985248] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  919.986682] RBP: 00007f6a9bdd51d0 R08: 0000000000000000 R09: 0000000000000000
[  919.988133] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  919.989567] R13: 00007ffce56e72ef R14: 00007f6a9bdd5300 R15: 0000000000022000
18:23:59 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:23:59 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009000000000400"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:23:59 executing program 4:
perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0xfd, 0x40, 0xfb, 0x1f, 0x0, 0x7, 0x40080, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x95, 0x1000}, 0x4000, 0x10001, 0x4, 0x8, 0x6, 0x7, 0x6, 0x0, 0xfffffffe, 0x0, 0x81}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = gettid()
rt_sigqueueinfo(r2, 0x11, 0x0)
clone3(&(0x7f00000003c0)={0x200a00, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x5}, &(0x7f00000001c0)=""/219, 0xdb, &(0x7f00000002c0)=""/161, &(0x7f0000000380)=[r2], 0x1, {r1}}, 0x58)
fcntl$getflags(r0, 0x408)
ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f00000000c0))
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)

18:23:59 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x0, 0x0)

18:23:59 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 9)

18:23:59 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:23:59 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 7)

18:23:59 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 3)

[  935.054267] FAULT_INJECTION: forcing a failure.
[  935.054267] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  935.057261] FAULT_INJECTION: forcing a failure.
[  935.057261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  935.059948] CPU: 0 PID: 6659 Comm: syz-executor.3 Not tainted 5.10.199 #1
[  935.061372] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  935.063064] Call Trace:
[  935.063603]  dump_stack+0x107/0x167
[  935.064347]  should_fail.cold+0x5/0xa
[  935.065132]  _copy_from_user+0x2e/0x1b0
[  935.065947]  __copy_msghdr_from_user+0x91/0x4b0
[  935.066894]  ? __ia32_sys_shutdown+0x80/0x80
[  935.067804]  ? __lock_acquire+0x1657/0x5b00
[  935.068694]  ___sys_recvmsg+0xd5/0x200
[  935.069484]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  935.070482]  ? lock_downgrade+0x6d0/0x6d0
[  935.071342]  ? lock_acquire+0x197/0x470
[  935.072145]  ? find_held_lock+0x2c/0x110
[  935.072975]  ? __might_fault+0xd3/0x180
[  935.073783]  ? lock_downgrade+0x6d0/0x6d0
[  935.074650]  do_recvmmsg+0x24c/0x6d0
[  935.075413]  ? ___sys_recvmsg+0x200/0x200
[  935.076253]  ? lock_downgrade+0x6d0/0x6d0
[  935.077104]  ? ksys_write+0x12d/0x260
[  935.077899]  ? wait_for_completion_io+0x270/0x270
[  935.078882]  ? rcu_read_lock_any_held+0x75/0xa0
[  935.079844]  ? vfs_write+0x354/0xa70
[  935.080612]  __x64_sys_recvmmsg+0x20f/0x260
[  935.081483]  ? ksys_write+0x1a9/0x260
[  935.082252]  ? __do_sys_socketcall+0x600/0x600
[  935.083198]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  935.084255]  ? syscall_enter_from_user_mode+0x1d/0x50
[  935.085300]  do_syscall_64+0x33/0x40
[  935.086063]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  935.087105] RIP: 0033:0x7f6a9e85fb19
[  935.087859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  935.091637] RSP: 002b:00007f6a9bdd5188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  935.093200] RAX: ffffffffffffffda RBX: 00007f6a9e972f60 RCX: 00007f6a9e85fb19
[  935.094668] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  935.096150] RBP: 00007f6a9bdd51d0 R08: 0000000000000000 R09: 0000000000000000
[  935.097616] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  935.099087] R13: 00007ffce56e72ef R14: 00007f6a9bdd5300 R15: 0000000000022000
[  935.100653] CPU: 1 PID: 6648 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  935.102397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  935.104129] Call Trace:
[  935.104671]  dump_stack+0x107/0x167
[  935.105420]  should_fail.cold+0x5/0xa
[  935.106218]  _copy_from_user+0x2e/0x1b0
[  935.107071]  __copy_msghdr_from_user+0x91/0x4b0
[  935.108021]  ? __ia32_sys_shutdown+0x80/0x80
[  935.108926]  ? __lock_acquire+0x1657/0x5b00
[  935.109851]  ___sys_recvmsg+0xd5/0x200
[  935.110662]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  935.111695]  ? lock_downgrade+0x6d0/0x6d0
[  935.112551]  ? lock_acquire+0x197/0x470
[  935.113369]  ? find_held_lock+0x2c/0x110
[  935.114228]  ? __might_fault+0xd3/0x180
[  935.114937] FAULT_INJECTION: forcing a failure.
[  935.114937] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  935.115074]  ? lock_downgrade+0x6d0/0x6d0
[  935.118260]  do_recvmmsg+0x24c/0x6d0
[  935.119066]  ? ___sys_recvmsg+0x200/0x200
[  935.119936]  ? lock_downgrade+0x6d0/0x6d0
[  935.120815]  ? ksys_write+0x12d/0x260
[  935.121616]  ? wait_for_completion_io+0x270/0x270
[  935.122615]  ? rcu_read_lock_any_held+0x75/0xa0
[  935.123589]  ? vfs_write+0x354/0xa70
[  935.124366]  __x64_sys_recvmmsg+0x20f/0x260
[  935.125256]  ? ksys_write+0x1a9/0x260
[  935.126052]  ? __do_sys_socketcall+0x600/0x600
[  935.127011]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  935.128119]  ? syscall_enter_from_user_mode+0x1d/0x50
[  935.129198]  do_syscall_64+0x33/0x40
[  935.129983]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  935.131064] RIP: 0033:0x7f13d67b3b19
[  935.131840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  935.135648] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  935.137223] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  935.138697] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  935.140194] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  935.141668] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  935.143161] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[  935.144686] CPU: 0 PID: 6658 Comm: syz-executor.7 Not tainted 5.10.199 #1
[  935.146098] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  935.147814] Call Trace:
[  935.148351]  dump_stack+0x107/0x167
[  935.149099]  should_fail.cold+0x5/0xa
[  935.149874]  _copy_from_user+0x2e/0x1b0
[  935.150688]  __copy_msghdr_from_user+0x91/0x4b0
[  935.151638]  ? __ia32_sys_shutdown+0x80/0x80
[  935.152531]  ? __lock_acquire+0x1657/0x5b00
[  935.153431]  ___sys_recvmsg+0xd5/0x200
[  935.154225]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  935.155247]  ? lock_downgrade+0x6d0/0x6d0
[  935.156095]  ? lock_acquire+0x197/0x470
[  935.156911]  ? find_held_lock+0x2c/0x110
[  935.157749]  ? __might_fault+0xd3/0x180
[  935.158545]  ? lock_downgrade+0x6d0/0x6d0
[  935.159440]  do_recvmmsg+0x24c/0x6d0
[  935.160206]  ? ___sys_recvmsg+0x200/0x200
[  935.161053]  ? lock_downgrade+0x6d0/0x6d0
[  935.161906]  ? ksys_write+0x12d/0x260
[  935.162705]  ? wait_for_completion_io+0x270/0x270
[  935.163695]  ? rcu_read_lock_any_held+0x75/0xa0
[  935.164640]  ? vfs_write+0x354/0xa70
[  935.165407]  __x64_sys_recvmmsg+0x20f/0x260
[  935.166290]  ? ksys_write+0x1a9/0x260
[  935.167069]  ? __do_sys_socketcall+0x600/0x600
[  935.167997]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  935.169065]  ? syscall_enter_from_user_mode+0x1d/0x50
[  935.170116]  do_syscall_64+0x33/0x40
[  935.170879]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  935.171912] RIP: 0033:0x7fd50191ab19
[  935.172666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  935.176371] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  935.177911] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[  935.179362] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  935.180786] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[  935.182211] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  935.183655] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:23:59 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:23:59 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
ioctl$BTRFS_IOC_ADD_DEV(r0, 0x5000940a, &(0x7f00000001c0)={{r1}, "445c3e0d788e8e3957c06facd3f8381c9ecfb02a2585cdf0d17127dd7d3a817769cb54eff134ac5714345abbc06cd4e67e1a5b8de6e64b2e34eb83a0b8779c5bea1c9b1a48ed1bb48a3eb734378331e273fa5321b8f3a3ae6421891d497a12bd048135785105c3a90a59d0a3b8fe048635c1446ef966827cab1c29a3c9042ba7cd27b496dfde813abc5745ddb5778f4907f690678b9b0d75818fdeaddb06aa6b72a1f64cfad74a7a9cd0859994a5385876efe2c0c9f4fee4fdbbe35c19ea54fec888af39ca0ba21db4e71e07109dccb73323ec399e5bc073c0af89e3ed7e628414e91957f6dff15653e3023576d05319b578048261e5499a2018a80e386b2fc74a3325da733e67dea388c91f885ea6eca009ca5ce4af8ff1564279fb7b6154accb02a5548cba5521ac09f181b57954ecd59d878a3f896dab56b251b8dbc5d579041e78665a77b8977065d2e8bd50ef66729339c79e5679fff47dba286f174dea62e9eec5df658751af86e21dac269aef2cd14954dd7aec18b4a52f61111872defbd6e189cfcc53afb867a2e965a9054a80745ab59a0e56641fc1781dde64b43adb3988e5706d5b8d1b1ef25a35d2669fd47fd76b7b94a2e450107d8569a69d0fb2309e136b7d459ae4ff8c8c3cfa4a70e9e1fba5ff08d4a734768a0e9f594eefaa93ea500bdb47a31869613c20927ea228be1bf005f4499f6660677ac375f836c8339bd24efe068ceaaa247082799b1a0c5da47eecb9e43e0f375ec3845cc7ab30e17e0a0dea85b8cd35934a12581968fa42f7c0f0c7a1598490501078b1254808d6cd4e37cb8d4a7a0a0490d7ab48f68d08b6690bea37ccbd1709d22749ef34c3b1a0b1552c8fd1c064298e20a733ecb91314144bad5559c2d6645f582d9d04bb80c03a8889d1014c0e61f0cde6fff1f95763c8701bfa889a3b075b610105f0661b8fa3a3b5c2e1a2d6f6afa0104728342e5b40d9131cc0aea43b3cd548906b210af829703f3ead3e21b436846d2dd2d1f69f9779eefaf0b60ea2559167a118989d77db84804291ff7a5340852fa255e53bfa75eb1951c932f7163d43cafef0441e0b16c74f6fe670ecfafc1ffcce6e25aaf465c64de30448cd063d5bd67764a2bb976e8a8ed798252d3f6e615113face1d1a1c66ce5e4668571881c874dc2d511399eda0e21df53c86c6c7e0cbcadac00c582f348165ae6223193cfc0773922ab3e329a773c8da5486379230cd358f3e8d0e8561e51ee513395fa5ef7554ffee5f68a1cea0ce0263b45719d8ad1973a1420bffc3f63528b39ec63cb6a260040f71bdbe3f29b26bed6c24c4ab516878849fe32df91db5b75e5dfe65c6eefaa91123f43ba56164cb4790c2e7627038bc3c6a5ed5a35c58f3526e82c64ff74c29a9b2806f64cd9db25758f808ff97b1228df35311e9dbe56153779832a43a6a7d8f6d206ae347a66ce725524b0faa6ad3701b8a87ab6a34bff7ee7164a3bd0b809fc3bd5fe20ce7c703d45a4237a64760459e6196775f360c0eb03bdec7af41bd8db86d26f8ad7177afc9933913471705eb6d049fe2ea828355a401893cd902930e5cdfa72e3a0d4f5986949bb697217fefce32d0e38cb1d812b24abceef7786670bc981b6fe69dec1aa78372fd08dd4e41e520586870f95293b3c5cfcafef5224a6e9142cb5140b032b82f9ee8fe98ed0dc6dbc9a876f57082f73e4b0d9b852b2a2551385a89ee751b88eb1f0dfadab4bd253740e8fbba27a2abf01a150074f33cfca5e75f755da501b45e4fad4fe845800d7bf18b5e5537ee5fb359090587183e1c97f7c7abbc88374a273943ec629faceaaef97d00075411226127939f158bdd6944fac6e91773e0ac24f6d2d08fdc773f5b364dddfc9dd5a52aebaad9bfe0febc79e517b9f1358662f0c10e6a0527f9882e593f4977a46ec507d70312385b24f783cbef52d1f27050a021850a47283d02c1a6f4113f551d5fc3ef722dfcc43b863dbc5eba24d7065121ac0d02f247838bd9fee9ce2d054333284ce7da352f62dbd3c13b856536d9597aa69b95d9b62ea39dc5c33100a2d34cf42ba65b90c2a0f1f0833c71504af7ba896f19432bc3b938aab21d796e02ae7b2eda9461f9c81425c606e0b7fd1edbf9c4c8c72f73153547fc68dd949d1043c8f015f20d53f8b63ecbba1a3dca42a412235faa727d0bb8214a90147c631ae536b0ed273e9674c2a125535ae2cc4ee5d30ac497cb5b51f63c3fe8571fdd6ae1637273ed1ef9398ff7aec003ea9054f6cdad29825cfb4cd451ce62c0fd1b44ad1f9595fc79e8949419f212a0e5b65ecac01116816de5a977ae7e2e362411c9e0e1b443de918be7ecfb61a4b2dbd8422a78a2fb96ba8e41629c1db41b94c633874130e95b4ec07ffff1b1d2ac5b45dccfd76c3c93fedf219c677bb5abbd09bbdadbe2b77f9d28e7120e4acc00d180592967e7aac3c7da8091d2c1d30fee4963fd4176786692a99b8051541999bb6589a932ed2ce272b03bae347e2e76da0a90d1a1c98ec6bd51bd83c78ac7ba1d45d0c97367d8138bfa60bf9207743110ae4d3ae35e31fb2f9ea8300a5aa51903f17fa3d056bde701f2539afae10d4e15096ef9d5ed1fc40bbf984e9b239e5db5c4de1e40b320c3d6637a460ae83a1f59227eb3aa27b72e097439696b49950e7c85538ed458d8815f18947e43127012a83ac7812ce7a5b596f9c312bca945184d97f27505d887146e6e02264732af81ae79aee754634dd4559b8cfedb81346e0cca4d9678033f536175b9072e4af01b2400b3a2d6ae704ecc5a03181f326a077db0790c7bfc68c1c6c565e9d4b43edd3f279eb9ed575ad8bf8c1607ce8f1f8e34c54fb41eee837a59d92d275a503de7c7c0a8bdd27ed50618a1131781f5b9b4dc11e3e94c4765249f738060218d4ef8bac0181cbd9e0d33a44e9b51af1544e6825aa507c452777426f357e0dabd781e8805a0fad2aaea1fe1ca07796000c2c44b33e568be9db54e3820f5df4a040033fbc507a70e55a52d16cf1ab811c50378e99cc690d70ad129ac152c5bb4fc5d1271976a893fc17f1718d3da35a4966d52def61f9b8bf07f7111e8efff51a40064f5b77956e879c6a50ea7fef9d50836991103707c947de6a9d0a26fdecc3e42318951776c2c0d00b83bf60ad2fa40ebd6d282ca73b3ed30dd3475d2b2974e698e1946905bc1bfdafa4caeb1614b79661ab58151165ce9ee156601eeb22583aab455674d91e40849d23ad8d91ed82cfd992da390802a0e12d3e5393d7a9236a177bd97ecbfcc03c6024c87868eaaed8d1f7913ea80046862d50e25df6e128324322fe557e67d3cb90a1ec274a934f456338412afd2e8fe8d5ccf1c783bf78f779ccedc0486324d6472a0f5a4bc6a11be1e78cc8e7a0fe7693128768eacc086f7132636d6a9ee080501c8544536b559166004f13b3be0fca981096b6dd417b1e5825c4df0f488abb48a30a9368b22ef02b528d4d5ba09083c9c0888ed09e20f278fbc90b61aa34cacf01d090bdb27624cbeb7dce04cc4058f5fd0d0744de56b5393109903f65b58a2c7d6f8878e5bdc66b6260cbc953348d349684fd4f993fafb15946469a57aa9be43b0f3ffca3459f1b77fa2fec695235cab48f4e00769c9482199e046672f9a5ddf2ee9525cadfc3e1f2736a368bb35c58dc8b2705b42e9cacd4618cdd8d85f412262252caefd321158f87f9976d501b712e44be9cffa72dc1ef42dd08151bd04a5fee334fa31b14453aeb2c550cd977104e62056c649b90a79df91e94c191d1b0d80c4c73ec1046c796ecb3e9afc667d2bf520351ff32d789e66a5eb0de6ca1b8b4c11e5ced5d97630b541b6ae923efaecab2589818f2323fe7b307ce410af36526c2341ffcfe587102b83208e25747659054a65bfd78474be5622661f0d441ca733aa0619e452be318a2f348fe7dbc9b4afc6f7d9335b405c6e9f62a50ef9ede2f06749a901c9930d1804e0fe2361528ee520d1cb08768b7b09f60f2ad396db98a152c6db48559f1aa46354f9545f789254009beaab168b5866b8916427962f113b7a13bbd4a904804f982e29c1c675a82350d75132a8e766c045117e7f1ed4f2eabd6ac2fcf70b09c284adfa906491eadf3b5dc630d32901eb9a719154939abd8b6caf01b3d7d8838dca11edb57cf22a326032dac1e5379c5ec6b2bcd6b5709bed6ac96a144a61fcb11577d30b7327eba8c44cdd5e4c75440cbac7e8fbf7b09ae250e2f3934e429bca0aaa8bcc79e15ec8facf0285c6f9ad47012d0f962a763eae4b811b19ede579af915d461cb7c52613a17f1dcac9d51a7f7a24bd3a9b65fa5de6521ac935116931445a6cae4a96f66bdd702bb92859509dcf1f834acf527098f1fbf92e55354257e942d42f63f6ab6816a0ac469be8b0b4a75ab052f7264e8adc8ef7c611cdb164224ec5acfbdf98610f74a7b5cfbe98e5b83da9d27f09259b221b0cab23606609be0ba6a1dbca1ce6cbc5d38c4418a5e908ebdc94ee43bfd432980bc26ff250388f022dc71920626ffcc7f2eb7ea51f9b5aa3e94df79e544f5f0e300dd23e2f1bf83d87bd8dc754e7d739c3dcf06855298197c991101926cedcbe7e8fa29f24f7d20b95806cfc96bb38162cac9dc7222db457c4a8e787612290389006f23f6879859c297514566b5fe36b7549918c4b1e9b9e441137421137f97054f640fa8a5c3529b7fb3488111fe667e13eec348c99ad286a1be59d0219acdd3f11413985d3bd5d44f8c02958bafdb0d37ea3148b64be0950184b0b29566e2f85fe04cd73dfe937418b1cabd51582b5c152076e3b51c7c85cbe9addcfffaab9767149dcd79dc5b7600b250eef466dee2483369f695d18e8df3c7d736c6faca60d282c5fbc093e02403c0d8098bf701c43214ec75809c9f32ac3f62b5bdd83b89c9beffff4b7ca8364afc29fc2a526b141d8f439fe752c76bca69180b112519935bbe8f92adad77c282e22faf9612ca2ef51b8a48bbf68645f281a2988036a3aca03852155ed3fa20c409b11b9c1556bf9763d8e9e2e2b4173dee6b043d5284e7fbfaa8e3e61966faab83923ead683d6cea06c850745241e24aeaccf6b6202dafa308188ff964438f5e4fc4365fde9ae63050bef818700cdf46f6effd7a33c18c9c1631cc41cc2042508de711fcbd68cfa4ed31f4cee04a671ddf11608bc679c7ff763709f7fab3477a7559048ad70d6729eca9979a6bd4901305d95a6e142661c79b979f652a0ec17433229db821058eca811dc146463ee5437625b0b744e67e355eeff2b7b578ea025a28f8c6b512a6e6b5a88e4adf57456e4b9e83be4c0335c64395b42bc81d3189770ae667dd724257ad48de233c6b4111771e2cf2bfa37655e4409dc1ac1952b78497d9984ca5c2549a9a5bcaf9028ef04dff06019d08678ccb56daa976bb2ff01a53b971b0fec2a6f2800b8bff96000bad15ff1c79502657140907cda50b99e91aa428aa4782e8697f8a3b5b3ee08e0dc6b5e66f6367ab5554573680623294209c5da5ebb0eb1615b4daf3b60bb06165c4bf0a8183b2a823a495e7b8217bba2a6660235ef2349da6b2cf0094ca8164f5c4458aaf58bafe7b4d84f6d37040241c259b550a39115e4bf8e44ddb55bf105624e5c804ab29557f17684bcfd9ba57970e338718d2a10baeac42950f344b44d3b03728f3624c79bb7483126a964567f7bf2a92ea8d3e4b79304a2b85ba56010960adc1d1223e54d51da9096213506f01e9709a23f483d58b3269d12a60eec"})
fcntl$getflags(r0, 0x408)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x404100, 0x0)
read(r2, &(0x7f00000000c0)=""/203, 0xcb)

18:23:59 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009000000000400"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:23:59 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 8)

18:23:59 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:23:59 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 10)

[  935.372184] FAULT_INJECTION: forcing a failure.
[  935.372184] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  935.375054] CPU: 0 PID: 6673 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  935.376462] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  935.378155] Call Trace:
[  935.378699]  dump_stack+0x107/0x167
[  935.379454]  should_fail.cold+0x5/0xa
[  935.380241]  _copy_from_user+0x2e/0x1b0
[  935.381058]  __copy_msghdr_from_user+0x91/0x4b0
[  935.382001]  ? __ia32_sys_shutdown+0x80/0x80
[  935.382886]  ? __lock_acquire+0x1657/0x5b00
[  935.383804]  ___sys_recvmsg+0xd5/0x200
[  935.384602]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  935.385597]  ? lock_downgrade+0x6d0/0x6d0
[  935.386440]  ? lock_acquire+0x197/0x470
[  935.387259]  ? find_held_lock+0x2c/0x110
[  935.388085]  ? __might_fault+0xd3/0x180
[  935.388887]  ? lock_downgrade+0x6d0/0x6d0
[  935.389751]  do_recvmmsg+0x24c/0x6d0
[  935.390507]  ? ___sys_recvmsg+0x200/0x200
[  935.391356]  ? lock_downgrade+0x6d0/0x6d0
[  935.392196]  ? ksys_write+0x12d/0x260
[  935.392975]  ? wait_for_completion_io+0x270/0x270
[  935.393944]  ? rcu_read_lock_any_held+0x75/0xa0
[  935.394881]  ? vfs_write+0x354/0xa70
[  935.395646]  __x64_sys_recvmmsg+0x20f/0x260
[  935.396517]  ? ksys_write+0x1a9/0x260
[  935.397283]  ? __do_sys_socketcall+0x600/0x600
[  935.398230]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  935.399302]  ? syscall_enter_from_user_mode+0x1d/0x50
[  935.400348]  do_syscall_64+0x33/0x40
[  935.401111]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  935.402144] RIP: 0033:0x7f13d67b3b19
[  935.402898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  935.406619] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  935.408161] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  935.409592] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  935.411022] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  935.412465] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  935.413900] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[  935.437946] FAULT_INJECTION: forcing a failure.
[  935.437946] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  935.440844] CPU: 0 PID: 6678 Comm: syz-executor.3 Not tainted 5.10.199 #1
[  935.442232] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  935.443929] Call Trace:
[  935.444478]  dump_stack+0x107/0x167
[  935.445230]  should_fail.cold+0x5/0xa
[  935.446013]  _copy_from_user+0x2e/0x1b0
[  935.446828]  __copy_msghdr_from_user+0x91/0x4b0
[  935.447780]  ? __ia32_sys_shutdown+0x80/0x80
[  935.448671]  ? __lock_acquire+0x1657/0x5b00
[  935.449564]  ___sys_recvmsg+0xd5/0x200
[  935.450352]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  935.451363]  ? lock_downgrade+0x6d0/0x6d0
[  935.452213]  ? lock_acquire+0x197/0x470
[  935.453018]  ? find_held_lock+0x2c/0x110
[  935.453845]  ? __might_fault+0xd3/0x180
[  935.454649]  ? lock_downgrade+0x6d0/0x6d0
[  935.455519]  do_recvmmsg+0x24c/0x6d0
[  935.456278]  ? ___sys_recvmsg+0x200/0x200
[  935.457114]  ? lock_downgrade+0x6d0/0x6d0
[  935.457965]  ? ksys_write+0x12d/0x260
[  935.458746]  ? wait_for_completion_io+0x270/0x270
[  935.459723]  ? rcu_read_lock_any_held+0x75/0xa0
[  935.460653]  ? vfs_write+0x354/0xa70
[  935.461406]  __x64_sys_recvmmsg+0x20f/0x260
[  935.462270]  ? ksys_write+0x1a9/0x260
[  935.463054]  ? __do_sys_socketcall+0x600/0x600
[  935.463986]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  935.465041]  ? syscall_enter_from_user_mode+0x1d/0x50
[  935.466090]  do_syscall_64+0x33/0x40
[  935.466845]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  935.467893] RIP: 0033:0x7f6a9e85fb19
[  935.468644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  935.472373] RSP: 002b:00007f6a9bdd5188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  935.473910] RAX: ffffffffffffffda RBX: 00007f6a9e972f60 RCX: 00007f6a9e85fb19
[  935.475364] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  935.476791] RBP: 00007f6a9bdd51d0 R08: 0000000000000000 R09: 0000000000000000
[  935.478217] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  935.479652] R13: 00007ffce56e72ef R14: 00007f6a9bdd5300 R15: 0000000000022000
18:24:13 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 4)

18:24:13 executing program 4:
fsmount(0xffffffffffffffff, 0x1, 0xb)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)

18:24:13 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 9)

18:24:13 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009000000000400"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:13 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:24:13 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 11)

18:24:13 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:13 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[  949.610333] FAULT_INJECTION: forcing a failure.
[  949.610333] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  949.613340] CPU: 0 PID: 6692 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  949.614750] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  949.616489] Call Trace:
[  949.617047]  dump_stack+0x107/0x167
[  949.617815]  should_fail.cold+0x5/0xa
[  949.618607]  _copy_from_user+0x2e/0x1b0
[  949.619454]  __copy_msghdr_from_user+0x91/0x4b0
[  949.620405]  ? __ia32_sys_shutdown+0x80/0x80
[  949.620920] FAULT_INJECTION: forcing a failure.
[  949.620920] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  949.621297]  ? __lock_acquire+0x1657/0x5b00
[  949.621335]  ___sys_recvmsg+0xd5/0x200
[  949.624243]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  949.625245]  ? _raw_spin_unlock_irq+0x27/0x30
[  949.626161]  ? lock_acquire+0x197/0x470
[  949.626969]  ? find_held_lock+0x2c/0x110
[  949.627807]  ? __might_fault+0xd3/0x180
[  949.628614]  ? lock_downgrade+0x6d0/0x6d0
[  949.629457]  ? io_schedule_timeout+0x140/0x140
[  949.630393]  do_recvmmsg+0x24c/0x6d0
[  949.631153]  ? ___sys_recvmsg+0x200/0x200
[  949.632015]  ? lock_downgrade+0x6d0/0x6d0
[  949.632868]  ? ksys_write+0x12d/0x260
[  949.633648]  ? wait_for_completion_io+0x270/0x270
[  949.634631]  ? rcu_read_lock_any_held+0x75/0xa0
[  949.635573]  ? vfs_write+0x354/0xa70
[  949.636334]  __x64_sys_recvmmsg+0x20f/0x260
[  949.637194]  ? ksys_write+0x1a9/0x260
[  949.637968]  ? __do_sys_socketcall+0x600/0x600
[  949.638897]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  949.639953]  ? syscall_enter_from_user_mode+0x1d/0x50
[  949.641008]  do_syscall_64+0x33/0x40
[  949.641761]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  949.642800] RIP: 0033:0x7f13d67b3b19
[  949.643585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  949.647303] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  949.648828] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  949.650273] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  949.651734] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  949.653161] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  949.654598] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[  949.656068] CPU: 1 PID: 6701 Comm: syz-executor.3 Not tainted 5.10.199 #1
[  949.656851] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  949.657781] Call Trace:
[  949.658067]  dump_stack+0x107/0x167
[  949.658455]  should_fail.cold+0x5/0xa
[  949.658861]  _copy_from_user+0x2e/0x1b0
[  949.659299]  __copy_msghdr_from_user+0x91/0x4b0
[  949.659815]  ? __ia32_sys_shutdown+0x80/0x80
[  949.660287]  ? __lock_acquire+0x1657/0x5b00
[  949.660764]  ___sys_recvmsg+0xd5/0x200
[  949.661203]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  949.661744]  ? lock_downgrade+0x6d0/0x6d0
[  949.662188]  ? lock_acquire+0x197/0x470
[  949.662637]  ? find_held_lock+0x2c/0x110
[  949.663098]  ? __might_fault+0xd3/0x180
[  949.663551]  ? lock_downgrade+0x6d0/0x6d0
[  949.664024] FAULT_INJECTION: forcing a failure.
[  949.664024] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  949.664034]  do_recvmmsg+0x24c/0x6d0
[  949.664052]  ? ___sys_recvmsg+0x200/0x200
[  949.667199]  ? lock_downgrade+0x6d0/0x6d0
[  949.667678]  ? ksys_write+0x12d/0x260
[  949.668115]  ? wait_for_completion_io+0x270/0x270
[  949.668650]  ? rcu_read_lock_any_held+0x75/0xa0
[  949.669156]  ? vfs_write+0x354/0xa70
[  949.669568]  __x64_sys_recvmmsg+0x20f/0x260
[  949.670053]  ? ksys_write+0x1a9/0x260
[  949.670465]  ? __do_sys_socketcall+0x600/0x600
[  949.670984]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  949.671555]  ? syscall_enter_from_user_mode+0x1d/0x50
[  949.672125]  do_syscall_64+0x33/0x40
[  949.672533]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  949.673106] RIP: 0033:0x7f6a9e85fb19
[  949.673516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  949.675520] RSP: 002b:00007f6a9bdd5188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  949.676402] RAX: ffffffffffffffda RBX: 00007f6a9e972f60 RCX: 00007f6a9e85fb19
[  949.677222] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  949.678046] RBP: 00007f6a9bdd51d0 R08: 0000000000000000 R09: 0000000000000000
[  949.678876] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  949.679723] R13: 00007ffce56e72ef R14: 00007f6a9bdd5300 R15: 0000000000022000
[  949.680755] CPU: 0 PID: 6689 Comm: syz-executor.7 Not tainted 5.10.199 #1
[  949.682126] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  949.683781] Call Trace:
[  949.684310]  dump_stack+0x107/0x167
[  949.685039]  should_fail.cold+0x5/0xa
[  949.685804]  _copy_from_user+0x2e/0x1b0
[  949.686601]  __copy_msghdr_from_user+0x91/0x4b0
[  949.687534]  ? __ia32_sys_shutdown+0x80/0x80
[  949.688406]  ? __lock_acquire+0x1657/0x5b00
[  949.689280]  ___sys_recvmsg+0xd5/0x200
[  949.690053]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  949.691026]  ? lock_downgrade+0x6d0/0x6d0
[  949.691871]  ? lock_acquire+0x197/0x470
[  949.692661]  ? find_held_lock+0x2c/0x110
[  949.693470]  ? __might_fault+0xd3/0x180
[  949.694258]  ? lock_downgrade+0x6d0/0x6d0
[  949.695106]  do_recvmmsg+0x24c/0x6d0
[  949.695861]  ? ___sys_recvmsg+0x200/0x200
[  949.696684]  ? lock_downgrade+0x6d0/0x6d0
[  949.697512]  ? ksys_write+0x12d/0x260
[  949.698281]  ? wait_for_completion_io+0x270/0x270
[  949.699242]  ? rcu_read_lock_any_held+0x75/0xa0
[  949.700161]  ? vfs_write+0x354/0xa70
[  949.700910]  __x64_sys_recvmmsg+0x20f/0x260
[  949.701768]  ? ksys_write+0x1a9/0x260
[  949.702528]  ? __do_sys_socketcall+0x600/0x600
[  949.703454]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  949.704487]  ? syscall_enter_from_user_mode+0x1d/0x50
[  949.705513]  do_syscall_64+0x33/0x40
[  949.706252]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  949.707274] RIP: 0033:0x7fd50191ab19
[  949.708031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  949.711685] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  949.713225] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[  949.714639] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  949.716061] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[  949.717484] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  949.718902] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:24:13 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c220920000000000000100000000000000090000000004"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:13 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, 0x0, 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:24:13 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:13 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 12)

18:24:13 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 10)

[  949.822179] FAULT_INJECTION: forcing a failure.
[  949.822179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  949.823705] CPU: 1 PID: 6710 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  949.824378] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  949.825190] Call Trace:
[  949.825472]  dump_stack+0x107/0x167
[  949.825852]  should_fail.cold+0x5/0xa
[  949.826235]  _copy_from_user+0x2e/0x1b0
[  949.826653]  __copy_msghdr_from_user+0x91/0x4b0
[  949.827117]  ? __ia32_sys_shutdown+0x80/0x80
[  949.827583]  ? __lock_acquire+0x1657/0x5b00
[  949.828027]  ___sys_recvmsg+0xd5/0x200
[  949.828421]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  949.828909]  ? lock_downgrade+0x6d0/0x6d0
[  949.829321]  ? lock_acquire+0x197/0x470
[  949.829713]  ? find_held_lock+0x2c/0x110
[  949.830124]  ? __might_fault+0xd3/0x180
[  949.830519]  ? lock_downgrade+0x6d0/0x6d0
[  949.830929]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[  949.831481]  do_recvmmsg+0x24c/0x6d0
[  949.831852]  ? ___sys_recvmsg+0x200/0x200
[  949.832263]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  949.832798]  ? _raw_spin_unlock_irq+0x1f/0x30
[  949.833243]  ? trace_hardirqs_on+0x5b/0x180
[  949.833698]  ? _raw_spin_unlock_irq+0x1f/0x30
[  949.834167]  ? finish_task_switch+0x126/0x5d0
[  949.834646]  ? finish_task_switch+0xef/0x5d0
[  949.835119]  __x64_sys_recvmmsg+0x20f/0x260
[  949.835564]  ? ksys_write+0x1a9/0x260
[  949.835946]  ? __do_sys_socketcall+0x600/0x600
[  949.836422]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  949.836978]  ? syscall_enter_from_user_mode+0x1d/0x50
[  949.837521]  do_syscall_64+0x33/0x40
[  949.837909]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  949.838434] RIP: 0033:0x7f13d67b3b19
[  949.838833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  949.840669] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  949.841441] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  949.842142] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  949.842860] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  949.843580] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  949.844303] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[  949.908090] FAULT_INJECTION: forcing a failure.
[  949.908090] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  949.909732] CPU: 1 PID: 6712 Comm: syz-executor.3 Not tainted 5.10.199 #1
[  949.910434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  949.911270] Call Trace:
[  949.911548]  dump_stack+0x107/0x167
[  949.911921]  should_fail.cold+0x5/0xa
[  949.912321]  _copy_from_user+0x2e/0x1b0
[  949.912726]  __copy_msghdr_from_user+0x91/0x4b0
[  949.913205]  ? __ia32_sys_shutdown+0x80/0x80
[  949.913660]  ? __lock_acquire+0x1657/0x5b00
[  949.914112]  ___sys_recvmsg+0xd5/0x200
[  949.914509]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  949.915011]  ? lock_downgrade+0x6d0/0x6d0
[  949.915432]  ? lock_acquire+0x197/0x470
[  949.915828]  ? find_held_lock+0x2c/0x110
[  949.916244]  ? __might_fault+0xd3/0x180
[  949.916651]  ? lock_downgrade+0x6d0/0x6d0
[  949.917079]  do_recvmmsg+0x24c/0x6d0
[  949.917463]  ? ___sys_recvmsg+0x200/0x200
[  949.917887]  ? lock_downgrade+0x6d0/0x6d0
[  949.918314]  ? ksys_write+0x12d/0x260
[  949.918709]  ? wait_for_completion_io+0x270/0x270
[  949.919201]  ? rcu_read_lock_any_held+0x75/0xa0
[  949.919676]  ? vfs_write+0x354/0xa70
[  949.920053]  __x64_sys_recvmmsg+0x20f/0x260
[  949.920489]  ? ksys_write+0x1a9/0x260
[  949.920881]  ? __do_sys_socketcall+0x600/0x600
[  949.921345]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  949.921875]  ? syscall_enter_from_user_mode+0x1d/0x50
[  949.922402]  do_syscall_64+0x33/0x40
[  949.922783]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  949.923292] RIP: 0033:0x7f6a9e85fb19
[  949.923673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  949.925518] RSP: 002b:00007f6a9bdd5188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  949.926290] RAX: ffffffffffffffda RBX: 00007f6a9e972f60 RCX: 00007f6a9e85fb19
[  949.927003] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  949.927734] RBP: 00007f6a9bdd51d0 R08: 0000000000000000 R09: 0000000000000000
[  949.928454] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  949.929183] R13: 00007ffce56e72ef R14: 00007f6a9bdd5300 R15: 0000000000022000
18:24:29 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 11)

18:24:29 executing program 1:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x240000, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)

18:24:29 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10031, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8}, 0x11010, 0x80000000, 0xfffffffb, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x88)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ioctl$BTRFS_IOC_RM_DEV(r3, 0x5000940b, &(0x7f0000000280)={{}, "71b9b7f977a792ae49364c2ccfdd33ab37acba403387d2c72f43daf973dc830089a627be1eeeaf09a29e9e503f16f0d841af09a9c797c8ec99f63a645d5ae07aa17c4376365088402030f561b1bcdfcd6183ad8edb06d498fa5ac2cb3dfecad84544a02b835bf7d16ba1a78bedcde1934eacb35e16d44c64ad1829dcf26d16733f2f652b894df7308bfe01ee24a640767c2870a98a79e85eb081f13ee4f8c0cc17710317532ec5cfc773928846c3124a8b5acd37907656a4ce0fce2e09dc0d6569c6e09f02f9f938cf6055a403e1ddfa6136fcce5d26cdb937e2b070dbd3dc59a76208eeccaed0971a3938a2193e4a76f8d1c1e5dc8a2c9e7682339c2d6089b475dd83df93e67bcc8c7c81955da6d58deb44b9792b3fdcd7f6cff890aad237af64e2b65d2b98b88dc01dd1a17570a30571394ec5928ff89b5f50adab84d073b5ad13c2debdb6c46b6a339a6f8a869bb6d0b873b4bebf1f5e4b8347ea108b2bfd119f86e23948c33b42875b51ce0de12b38c3f6eb688a82a6e6f05c3ddd89de097d8e01e4b03a0d9520cf46c5e507b198ac4972a6de2f1da2ef1919ec519b9da4a43a2906616f4c8cceeb92a7a9b44763a87aad5d767523f7f5c3f4bd6cc0a12c0d48a5fcd681b839e68ee24f8368d0725fd4f3177422769fe6a8bc8b3545d128963d30f67d6b83ed9fba7a3b4fb1138338d6b04c4b69040da506761579781b617e04b2e5cb2b2ee253e3468eee0e845fe2ba199c194cd823e7289c236da50a6f96419994d7914af46d4044049c40825819bde00021101a23f9096c7f0b35d147ccb24922119a44602c95fc0caea526771e8b09e5726b379acf2a8d3b948d990c7088b2eb5c516e689498af16c7433763aaccdfb9690c10f27e1c80ce2e520d6ad1608114d91794254584409b54ce621fb98738c97c7827a78b5b33a320c6825314efbfa9f6666f3ed3e47acba93068fe2851c8050c350747e690b7d0a5738d8da849a631b86e478e999d4ee28a4d53f0d8c0a7bbd122e56552106ad4bc99dc0fa2c5007c646b53029de796e03176bb4e5006e6bb6f65c9336f90f85f330f7d2af53cee047b1139cb80388ebdd98cc2a7bb4c3b435c22cffcf12112506afc74ee26c3591b951384a7833ccda0044a9f6ba5920ff6bba44a82d71db020d8789a29bb21acacaef2a8345d31ab86be55abca188e9825ac3e38bbe35f322a6d385a9c54a16a9dcbee38c31651c0ebe2691a84512a01dd2a392964388c295ae9fff29c4560290b52219ad01050bef63ed1577fa3202514a4d2b2f375f32fc46bc8840f337b65f58040e492da26cabe29bb7d530b88a47e6915c4bbc21acf8a57d42e799eae33024ed0714ace42e285dd879ec5509e350ebc3b142d7ff5da2c6b6857d17fdaa558f6dfb7063498d650dc6e328859156bdeab820d421bb6d4e77bcf1a60887a0d472abcf2971e0138a1137b7325a5a39965799e092f8f74f5fb7d7ab8d0ef604912c5155bb68bd47195b83b6fd3c219dacd3d0cb26a4f40c702e5d67236a9d5898d613e91ea3c5159ffd1ebfcd3006c6ef816b3ff4d3ad44725ffd9b62acecb746450da208c9e29ed2138f1983c566d3d84eaa3111fecb3742d90ecd8b1c5eabed86f752d97a57c91c59a6b580c5925614b1b6c4593d97dcfc92b10192431ec4237aee932df8972ffdd6a923fa29b3d60d861b7dbb4bd68625f4bc3c8eedbbd7300cfd77e5853713196ce8e37d8457d689d0f5ec3ef674f1011d7ebf17026d2b30f2551605ab1c0902ffbcd881058b7a321d11d864361683bf6175fc1467718bf61441bc1e02796827d18e4cd42b1517f197d3203d928d6d1dd14a0081b6f4bd552d3c02da2ccde568049d16b9190971c1a34ab7baec6f6a92d2f944b1298c2963f38910f4f51e620f979a125c33c9090f8f32b71007a34b08d0f4e16f20fef70e90a507e8086c89120b2c28071760a0fd08620d712adb17a581eacdfbeffb088d3976e4a955bb953797830587e44d5e0797db9f705b5559d693e3595142d06d2103dc3a1a3c485038d1ed7da32b2ca12ee76e6a4163fbb9c6c16c42e934305db2bc7997af2057d5344c965471918dd9b9e39f93cb6e57ccb1a96c12b7c396f88babfa92fd34025454fe22f6a95904be657e1d844d64de184fcf77fddbb8cbead2462b6b060692c2665b194b2cdce1b97287708d783fbf621d951465e6cf0e553ceeaef7cd21b0a5baf65b36659baa459928ee8edac97a70bc2e9a1a2ea6b36ef13f9ecb1af469c47869c611ca42803a141c146d42a0626ce9cc89301ad3d4ad8bbb4e5c29001b3d5c4088274bb95a954ea87137f0ef57cc30f9b6a9270d2c01cd5e6e2d663e71e4632948e7fa2d8da7dc6e049d89ad523bc394feb660154cd6242b80ea433560e556e543a0995809bfee9c33d11db770cab0267d502a9fe262e62c9967243402cddd45eae0185018189c5ced8b966a57aabe430a1170d04d7b60a136790e13376426686eecd85a29bbaa427043c095010ef715ffc539c82d283944114b7cd484cbfef8e362278f8ec960edb3d6a6dc9cc8b72287a828e8a421b66fff5612af42d8def68881fa4e95882632caedee3212c1b339b56238c2b6db47ee3ef429f6c28d6068f71b1faa10f58c0318030131882925ee55ea793bde765e55d8227fbc188a3e68196d6b3ffbd6355edb8beeb66d390ea65119de3066bfc28aab4b54bed4cfc0de006fc2307efdb518061909c59904c76c6dfa017656e19b658ef982a81f61d35db74afa392e4c5556e290e1e68079b64bc6a2c1885f185093942be98a4092c5dc5e84779b40df7b582a0a920f4ba85fb813d6d00358a552133196d1420f9f3231489205be2e55133c40a6c4537d0df809c1b02fa8b75abf868c8a8018f549e0d493a2e056794c1f97ae52bf689e5b9d5b3bdca657ed4185da8562f70ea1c1054d870949b6b26e0555f3bac46a7c04723b1930559137213410c5c811f08667bfe6205ecb4d811c5955627c68f80f125cd866c2d3eb84e33ba76e1e1993f3fe844f3982b76af540fdcee340622f2e262f52ddf03c798528b4e44698ad9f5c282f69ecc6a57885ffd8b1198614df3f80ee5ae82f06759f702d53e3211d739a117e8d7e284c91b06b0dbfd2c1a9e504f92e6c9dc22eced6aa07a3a30ba10d23ecca4e63125c2c2dadb0d1cb951b3146818c7c857591939d1e3dd985904903f3bec1a8901e046dab351366a0cb44338dc33430f7b8b742845280941683ec2538c3e34baa5b183968a5e6f367aa31f0d3a5606e34be42c2c96f78a90ed296b2366ba1784b442cce70899e73661bdd5eb960041f6ef7d98722231f3bcef1ddfbde927ce127e18a8f4ce163a464965d22ff7d8dafbb6a26f865ba506aa0ef50edc40e0b404a8e5262a4f5d0ef7e14eaa66cbb111be7526b6b9cbbb0fd2505ffa4f7fd2ca7e4d83ec201bb6b8fc234cab0511f61d4dc25896c53cdee07a5437cd75c9fe9e56607d9176b1b834556e46295accfffd477f7642b080ec0e5e2428db27f436137d9f9021aa51c08d32f91b21e3632831b584152c2dbf0286c1d2043eff1075f9cec47b61091423633e28f65d218bb1b3fa2a1945b5f46aa9250236353956120eb7be1e1d59ee9a96335087a6caeef1fb9fe7be36751b9398b1f41247283a981cee2ac4993a244b7a2b3a0d1e25a9623b54f1b578563d29cc00a476ddcedfba15ca174b607dc456f5fe293454b09d6ac3e91578a31da0c77f03ee4bf426cd05211529bc0903485520ecd5047ff496169471cf0d64fa42ad0565275239c676208981521192dc99211a4b7e9707bb97a3835d83a6965f335cc2157e43551280105823397631a88ad2340840e3b8be9a97840b849e36e0aa6c2f15360886684211f29572f62696c05ddb4364471abd89e963f380662974369f04f6bdd211e46659c7fd20dc9d8b2b4a141e231ff7360ef5237cbe2cd4580bea619650002ffe397489967ef3344c65cf67d63fa18785cb3cdbebdaab0c87f969d5c6ed6059e49693d72cc5a980115128b05102a726b0410261734843fe6a1d02e3d32fcb4d5a12c3eb3d3438902ba87393d8b5e7afba0122c990558b73a5a5cd985e3dec88e1efd224689b990f2e7c0ffdf9a70e592f7dd3e96cf956e89ffbd2e50e154027e6aead9a49b49bf56c9329e46722fc3ecfc7b71779ffeb84b50d8dde0a685e54f0e265b601762b9b65766ea20c7a50724dea5b0b0ec6a8fd8d4e907c42fd4fc0f99e4e9b2cf0aac8863db8631064e06e511a53cf68bc28aff252cf2f2ba25f969a8f5468b1766d87442aef9c284369d823da84a68956b7a1da690bc56856f095c135ac4c83fa50a28610403fcfdc795afcfe36bb080cc1a4b538742d8cfe1ac97cbbdfba7b7bfc565d47869ccee20f44bc0dc8485c42f1d74013d7ea825641a737253bd025eea94d138d81410cc98decd80bc5bd15567aed84965198960fea2005cc10da88ae72e462403b00e8e6e4b677d2ea710c26d20e2ac114c1f10cef3693c899c2133192900deb75fd1f1c3466d148ea028cfe2cf23295602a89dd00cb1d89dc822ec45f68480b038c073fbc0ef25ba54fcb7a1a493b2cf57191576f7640520b7035cbcfac45e26e7c52477d44560f33c06b3a54a40b34421e8b639da7e572a4d522794f0549136c1aaec2a91a2e3d13b2ec570dccbaa1ed041a6b987b593332a8dfff885f2cac9e13064c0fae3058bab7d02130304cf23f5575d763e29d0df1cb2eff3358641213b791d318d853661fd33ae2a5708dfd4c7d59a1f4f3aa15d4c56939df7d028a28f60da24e77b52c48b78e51c30159fdef18910df88c254d955b3c098bc65253fd28d838976fec42a8fbb433bafaddcc1502ee493fc84d0aaa1736b6a7e35f537166c499329f7895290d0a5730fdae0fcf482dea698e7894332737c48f589aa52938df718dbbcd3f536cd7b938050e16a361c9f3c79dfdc47f0eea648948c54b29ef189fb09ff4143b786a8bb36fa717c87d92936f63f204a97c740630c1383518aa4188a26d6e9d8a1dd40dfd0413d6f177830d179afc94f4142817f272422944f97f6bdee566b53f416e88fd15adbd29e111560c084d7ff4e7a77beab76d055650b95646b4fdf1dd598857ae25aa34423f59f06ab268a7ced049a769e99b7c9975c0c27917cd2fbc5e1c21dabae70e50904cfe380fad6179ccb1def44a12993dbef50b67f58a5c099e68fdad40ffc7808926f301132bccfc2377b18918416468e4e5fe8dfcd615530659288de7f7373df4bc054069c4b3654efbb4a4438a3050db11bad7429a3d52497eb1b113eeec3ec048ca929288dd19db1b4a9e9b454a168c47adaa3e70e8358c34bc73b409da0c1bfb07d644678dd64faafc1cc15a1c15e899c6f940abdd06367aa1f86256985fa2884253bff64b1fb8e23476460f1663f8b7401b09f5a2e3bf8f42612e9f389ad550efe21e387225740c3e3442f81c397c288e9a631780405f22fc1ff6ebb024e2b456fd2b27a1c6ffd3d75cf738174ff101030b98f07b59ba285674238b8980b4e1583ed34b00d79b5da5800767862156dc5bad6967671849eee20f413d52eeb29658ed05027c27379d9b551253127e125d3ecb55794a9f37051c2216158ee1c185daf13812aadbbd3f39a690721f2d4b970a7df6960d6bf4a0bfb5fd417a48e2e80a46fd8f2f998e5309780467ec1416f8df3a7ed530d8ce0ed6447b675b4c05d58776f7491a006c42dba0d2077b40d1b52ea64f"})
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0)
pipe2(&(0x7f0000000080)={<r5=>0xffffffffffffffff}, 0x0)
syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000002a40)=<r7=>0x0)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r8, 0x80, &(0x7f0000000000)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}}, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000001500)=@IORING_OP_RECVMSG={0xa, 0x4, 0x0, r5, 0x0, &(0x7f00000014c0)={&(0x7f0000001280)=@xdp, 0x80, &(0x7f0000001440)=[{&(0x7f0000000240)=""/31, 0x1f}, {&(0x7f0000001300)=""/153, 0x99}, {&(0x7f00000013c0)=""/113, 0x71}], 0x3, &(0x7f0000001480)=""/60, 0x3c}, 0x0, 0x12100, 0x1, {0x2}}, 0x800)
fcntl$getflags(r5, 0x408)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r5, @ANYBLOB="6af9b15d75fbdbf9d7840400"])
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r9=>r2}, './file0\x00'})
ioctl$BTRFS_IOC_START_SYNC(r2, 0x80089418, &(0x7f0000000100)=<r10=>0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r3, 0x5000943f, &(0x7f0000001e00)={{r9}, r10, 0x2, @inherit={0x68, &(0x7f0000000140)={0x0, 0x4, 0x7, 0x9, {0x0, 0x0, 0x7, 0x7f, 0x8}, [0x1400000000, 0x6, 0x3, 0x100000000]}}, @subvolid=0xe1})
ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x40089416, &(0x7f0000000040)=r10)
pipe2(&(0x7f0000000080)={<r11=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r11, 0x408)

18:24:29 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 13)

18:24:29 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:24:29 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 5)

18:24:29 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea1", 0x2, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:29 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c220920000000000000100000000000000090000000004"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[  964.938163] FAULT_INJECTION: forcing a failure.
[  964.938163] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  964.940928] CPU: 0 PID: 6729 Comm: syz-executor.7 Not tainted 5.10.199 #1
[  964.942177] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  964.943196] FAULT_INJECTION: forcing a failure.
[  964.943196] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  964.943937] Call Trace:
[  964.943963]  dump_stack+0x107/0x167
[  964.943985]  should_fail.cold+0x5/0xa
[  964.944008]  _copy_from_user+0x2e/0x1b0
[  964.944029]  __copy_msghdr_from_user+0x91/0x4b0
[  964.944052]  ? __ia32_sys_shutdown+0x80/0x80
[  964.950752]  ? __lock_acquire+0x1657/0x5b00
[  964.951591]  ___sys_recvmsg+0xd5/0x200
[  964.952329]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  964.953247]  ? lock_downgrade+0x6d0/0x6d0
[  964.954025]  ? lock_acquire+0x197/0x470
[  964.954755]  ? find_held_lock+0x2c/0x110
[  964.955570]  ? __might_fault+0xd3/0x180
[  964.956352]  ? lock_downgrade+0x6d0/0x6d0
[  964.957180]  do_recvmmsg+0x24c/0x6d0
[  964.957915]  ? ___sys_recvmsg+0x200/0x200
[  964.958726]  ? lock_downgrade+0x6d0/0x6d0
[  964.959549]  ? ksys_write+0x12d/0x260
[  964.960315]  ? wait_for_completion_io+0x270/0x270
[  964.961261]  ? rcu_read_lock_any_held+0x75/0xa0
[  964.962161]  ? vfs_write+0x354/0xa70
[  964.962896]  __x64_sys_recvmmsg+0x20f/0x260
[  964.963754]  ? ksys_write+0x1a9/0x260
[  964.964499]  ? __do_sys_socketcall+0x600/0x600
[  964.965392]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  964.966413]  ? syscall_enter_from_user_mode+0x1d/0x50
[  964.967428]  do_syscall_64+0x33/0x40
[  964.968139]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  964.969057] RIP: 0033:0x7fd50191ab19
[  964.969754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  964.973074] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  964.974456] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[  964.975772] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  964.977170] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[  964.978560] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  964.979957] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[  964.981398] CPU: 1 PID: 6728 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  964.982921] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  964.984772] Call Trace:
[  964.985355]  dump_stack+0x107/0x167
[  964.986171]  should_fail.cold+0x5/0xa
[  964.987013]  _copy_from_user+0x2e/0x1b0
[  964.987900]  __copy_msghdr_from_user+0x91/0x4b0
[  964.988904]  ? __ia32_sys_shutdown+0x80/0x80
[  964.989849]  ? __lock_acquire+0x1657/0x5b00
[  964.990793]  ___sys_recvmsg+0xd5/0x200
[  964.991701]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  964.992775]  ? lock_acquire+0x197/0x470
[  964.993807]  ? find_held_lock+0x2c/0x110
[  964.994692]  ? __might_fault+0xd3/0x180
[  964.995613]  ? lock_downgrade+0x6d0/0x6d0
[  964.996548]  do_recvmmsg+0x24c/0x6d0
[  964.997378]  ? ___sys_recvmsg+0x200/0x200
[  964.998296]  ? lock_downgrade+0x6d0/0x6d0
[  964.999220]  ? ksys_write+0x12d/0x260
[  965.000101]  ? wait_for_completion_io+0x270/0x270
[  965.001167]  ? rcu_read_lock_any_held+0x75/0xa0
[  965.002190]  ? vfs_write+0x354/0xa70
[  965.003020]  __x64_sys_recvmmsg+0x20f/0x260
[  965.004000]  ? ksys_write+0x1a9/0x260
[  965.004841]  ? __do_sys_socketcall+0x600/0x600
[  965.005853]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  965.007012]  ? syscall_enter_from_user_mode+0x1d/0x50
[  965.008179]  do_syscall_64+0x33/0x40
[  965.009008]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  965.010138] RIP: 0033:0x7f13d67b3b19
[  965.010961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  965.015035] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  965.016732] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  965.018306] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  965.019902] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  965.021473] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  965.023048] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:24:29 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 1)

18:24:29 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c2209200000000000001000000000000000900000000"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:29 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[  965.103139] FAULT_INJECTION: forcing a failure.
[  965.103139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  965.106002] CPU: 1 PID: 6741 Comm: syz-executor.1 Not tainted 5.10.199 #1
[  965.107350] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  965.108997] Call Trace:
[  965.109520]  dump_stack+0x107/0x167
[  965.110242]  should_fail.cold+0x5/0xa
[  965.110997]  _copy_from_user+0x2e/0x1b0
[  965.111798]  __copy_msghdr_from_user+0x91/0x4b0
[  965.112710]  ? __ia32_sys_shutdown+0x80/0x80
[  965.113572]  ? SOFTIRQ_verbose+0x10/0x10
[  965.114370]  ? mark_lock+0xf5/0x2df0
[  965.115106]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  965.116164]  ___sys_recvmsg+0xd5/0x200
[  965.116929]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  965.117890]  ? lock_downgrade+0x6d0/0x6d0
[  965.118724]  ? __fget_files+0x296/0x4c0
[  965.119522]  ? __fget_light+0xea/0x290
[  965.120298]  do_recvmmsg+0x24c/0x6d0
[  965.121060]  ? ___sys_recvmsg+0x200/0x200
[  965.122021]  ? lock_downgrade+0x6d0/0x6d0
[  965.123005]  ? ksys_write+0x12d/0x260
[  965.123923]  ? __mutex_unlock_slowpath+0xe1/0x600
[  965.125053]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  965.126263]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[  965.127525]  __x64_sys_recvmmsg+0x20f/0x260
[  965.128536]  ? __do_sys_socketcall+0x600/0x600
[  965.129601]  ? __do_sys_socketcall+0x600/0x600
[  965.130681]  do_syscall_64+0x33/0x40
[  965.131571]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  965.132764] RIP: 0033:0x7f65a52bbb19
[  965.133633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  965.137930] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  965.139713] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[  965.141373] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  965.143033] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[  965.144718] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  965.146376] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:24:29 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:29 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea1", 0x2, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:29 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 14)

18:24:29 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 6)

18:24:29 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c2209200000000000001000000000000000900000000"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[  965.274138] FAULT_INJECTION: forcing a failure.
[  965.274138] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  965.276763] CPU: 0 PID: 6752 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  965.277759] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  965.278904] Call Trace:
[  965.279308]  dump_stack+0x107/0x167
[  965.279844]  should_fail.cold+0x5/0xa
[  965.280388]  _copy_from_user+0x2e/0x1b0
[  965.280947]  __copy_msghdr_from_user+0x91/0x4b0
[  965.281606]  ? __ia32_sys_shutdown+0x80/0x80
[  965.282219]  ? __lock_acquire+0x1657/0x5b00
[  965.282860]  ___sys_recvmsg+0xd5/0x200
[  965.283418]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  965.284147]  ? lock_downgrade+0x6d0/0x6d0
[  965.284733]  ? lock_acquire+0x197/0x470
[  965.285290]  ? find_held_lock+0x2c/0x110
[  965.285869]  ? __might_fault+0xd3/0x180
[  965.286430]  ? lock_downgrade+0x6d0/0x6d0
[  965.287027]  do_recvmmsg+0x24c/0x6d0
[  965.287574]  ? ___sys_recvmsg+0x200/0x200
[  965.288158]  ? lock_downgrade+0x6d0/0x6d0
[  965.288748]  ? ksys_write+0x12d/0x260
[  965.289293]  ? wait_for_completion_io+0x270/0x270
[  965.289979]  ? rcu_read_lock_any_held+0x75/0xa0
[  965.290627]  ? vfs_write+0x354/0xa70
[  965.291155]  __x64_sys_recvmmsg+0x20f/0x260
[  965.291764]  ? ksys_write+0x1a9/0x260
[  965.292299]  ? __do_sys_socketcall+0x600/0x600
[  965.292941]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  965.293677]  ? syscall_enter_from_user_mode+0x1d/0x50
[  965.294406]  do_syscall_64+0x33/0x40
[  965.294932]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  965.295665] RIP: 0033:0x7f13d67b3b19
[  965.296190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  965.298740] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  965.299810] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  965.300801] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  965.301794] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  965.302781] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  965.303782] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[  965.322107] FAULT_INJECTION: forcing a failure.
[  965.322107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  965.323933] CPU: 0 PID: 6754 Comm: syz-executor.7 Not tainted 5.10.199 #1
[  965.324854] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  965.326009] Call Trace:
[  965.326365]  dump_stack+0x107/0x167
[  965.326877]  should_fail.cold+0x5/0xa
[  965.327391]  _copy_from_user+0x2e/0x1b0
[  965.327969]  __copy_msghdr_from_user+0x91/0x4b0
[  965.328588]  ? __ia32_sys_shutdown+0x80/0x80
[  965.329207]  ? __lock_acquire+0x1657/0x5b00
[  965.329793]  ___sys_recvmsg+0xd5/0x200
[  965.330371]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  965.331017]  ? lock_downgrade+0x6d0/0x6d0
[  965.331617]  ? lock_acquire+0x197/0x470
[  965.332156]  ? find_held_lock+0x2c/0x110
[  965.332716]  ? __might_fault+0xd3/0x180
[  965.333257]  ? lock_downgrade+0x6d0/0x6d0
[  965.333836]  do_recvmmsg+0x24c/0x6d0
[  965.334347]  ? ___sys_recvmsg+0x200/0x200
[  965.334912]  ? lock_downgrade+0x6d0/0x6d0
[  965.335510]  ? ksys_write+0x12d/0x260
[  965.336038]  ? wait_for_completion_io+0x270/0x270
[  965.336687]  ? rcu_read_lock_any_held+0x75/0xa0
[  965.337317]  ? vfs_write+0x354/0xa70
[  965.337828]  __x64_sys_recvmmsg+0x20f/0x260
[  965.338409]  ? ksys_write+0x1a9/0x260
[  965.338923]  ? __do_sys_socketcall+0x600/0x600
[  965.339552]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  965.340256]  ? syscall_enter_from_user_mode+0x1d/0x50
[  965.340957]  do_syscall_64+0x33/0x40
[  965.341461]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  965.342155] RIP: 0033:0x7fd50191ab19
[  965.342659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  965.345145] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  965.346174] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[  965.347138] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  965.348122] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[  965.349086] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  965.350047] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:24:43 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009000000"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:43 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea1", 0x2, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:43 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 7)

18:24:43 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x3f, 0x40000000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xe, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x80049367, &(0x7f0000000000))
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/ip_mr_cache\x00')
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)

18:24:43 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d"], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:24:43 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 2)

18:24:43 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 15)

18:24:43 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[  979.338979] FAULT_INJECTION: forcing a failure.
[  979.338979] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  979.342801] CPU: 0 PID: 6766 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  979.344173] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  979.346149] Call Trace:
[  979.346685]  dump_stack+0x107/0x167
[  979.347557]  should_fail.cold+0x5/0xa
[  979.348353]  _copy_from_user+0x2e/0x1b0
[  979.349309]  __copy_msghdr_from_user+0x91/0x4b0
[  979.350228]  ? __ia32_sys_shutdown+0x80/0x80
[  979.351241]  ? __lock_acquire+0x1657/0x5b00
[  979.352124]  ___sys_recvmsg+0xd5/0x200
[  979.352895]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  979.353860]  ? lock_downgrade+0x6d0/0x6d0
[  979.354678]  ? lock_acquire+0x197/0x470
[  979.355459]  ? find_held_lock+0x2c/0x110
[  979.356277]  ? __might_fault+0xd3/0x180
[  979.357080]  ? lock_downgrade+0x6d0/0x6d0
[  979.358017]  do_recvmmsg+0x24c/0x6d0
[  979.358846]  ? ___sys_recvmsg+0x200/0x200
[  979.359780]  ? lock_downgrade+0x6d0/0x6d0
[  979.360705]  ? ksys_write+0x12d/0x260
[  979.361579]  ? wait_for_completion_io+0x270/0x270
[  979.362708]  ? rcu_read_lock_any_held+0x75/0xa0
[  979.363796]  ? vfs_write+0x354/0xa70
[  979.364667]  __x64_sys_recvmmsg+0x20f/0x260
[  979.365658]  ? ksys_write+0x1a9/0x260
[  979.366546]  ? __do_sys_socketcall+0x600/0x600
[  979.367637]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  979.368854]  ? syscall_enter_from_user_mode+0x1d/0x50
[  979.370063]  do_syscall_64+0x33/0x40
[  979.370932]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  979.372131] RIP: 0033:0x7f13d67b3b19
[  979.372995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  979.377142] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  979.378742] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  979.380252] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  979.381749] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  979.383277] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  979.384947] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[  979.396202] FAULT_INJECTION: forcing a failure.
[  979.396202] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  979.399321] CPU: 0 PID: 6775 Comm: syz-executor.1 Not tainted 5.10.199 #1
[  979.400916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  979.402835] Call Trace:
[  979.403453]  dump_stack+0x107/0x167
[  979.404326]  should_fail.cold+0x5/0xa
[  979.405218]  _copy_from_user+0x2e/0x1b0
[  979.406151]  __copy_msghdr_from_user+0x91/0x4b0
[  979.407236]  ? __ia32_sys_shutdown+0x80/0x80
[  979.408282]  ? __lock_acquire+0x1657/0x5b00
[  979.409307]  ___sys_recvmsg+0xd5/0x200
[  979.410212]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  979.411361]  ? lock_downgrade+0x6d0/0x6d0
[  979.412341]  ? lock_acquire+0x197/0x470
[  979.413270]  ? find_held_lock+0x2c/0x110
[  979.414226]  ? __might_fault+0xd3/0x180
[  979.415157]  ? lock_downgrade+0x6d0/0x6d0
[  979.416167]  do_recvmmsg+0x24c/0x6d0
[  979.417043]  ? ___sys_recvmsg+0x200/0x200
[  979.418005]  ? lock_downgrade+0x6d0/0x6d0
[  979.418977]  ? ksys_write+0x12d/0x260
[  979.419894]  ? wait_for_completion_io+0x270/0x270
[  979.421015]  ? rcu_read_lock_any_held+0x75/0xa0
[  979.422094]  ? vfs_write+0x354/0xa70
[  979.422977]  __x64_sys_recvmmsg+0x20f/0x260
[  979.423937] FAULT_INJECTION: forcing a failure.
[  979.423937] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  979.424008]  ? ksys_write+0x1a9/0x260
[  979.427402]  ? __do_sys_socketcall+0x600/0x600
[  979.428479]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  979.429692]  ? syscall_enter_from_user_mode+0x1d/0x50
[  979.430897]  do_syscall_64+0x33/0x40
[  979.431776]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  979.432966] RIP: 0033:0x7f65a52bbb19
[  979.433835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  979.438128] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  979.439896] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[  979.441549] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  979.443197] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[  979.444862] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  979.446512] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[  979.448218] CPU: 1 PID: 6777 Comm: syz-executor.7 Not tainted 5.10.199 #1
[  979.449766] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  979.451632] Call Trace:
[  979.452225]  dump_stack+0x107/0x167
[  979.453046]  should_fail.cold+0x5/0xa
[  979.453903]  _copy_from_user+0x2e/0x1b0
[  979.454794]  __copy_msghdr_from_user+0x91/0x4b0
[  979.455840]  ? __ia32_sys_shutdown+0x80/0x80
[  979.456826]  ? __lock_acquire+0x1657/0x5b00
[  979.457810]  ___sys_recvmsg+0xd5/0x200
[  979.458682]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  979.459798]  ? lock_acquire+0x197/0x470
[  979.460684]  ? find_held_lock+0x2c/0x110
[  979.461598]  ? __might_fault+0xd3/0x180
[  979.462486]  ? lock_downgrade+0x6d0/0x6d0
[  979.463415]  ? io_schedule_timeout+0x140/0x140
[  979.464469]  do_recvmmsg+0x24c/0x6d0
[  979.465312]  ? ___sys_recvmsg+0x200/0x200
[  979.466236]  ? lock_downgrade+0x6d0/0x6d0
[  979.467169]  ? ksys_write+0x12d/0x260
[  979.468062]  ? wait_for_completion_io+0x270/0x270
[  979.469143]  ? rcu_read_lock_any_held+0x75/0xa0
[  979.470177]  ? vfs_write+0x354/0xa70
[  979.471015]  __x64_sys_recvmmsg+0x20f/0x260
[  979.471984]  ? ksys_write+0x1a9/0x260
[  979.472836]  ? __do_sys_socketcall+0x600/0x600
[  979.473863]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  979.475028]  ? syscall_enter_from_user_mode+0x1d/0x50
[  979.476222]  do_syscall_64+0x33/0x40
[  979.477060]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  979.478200] RIP: 0033:0x7fd50191ab19
[  979.479032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  979.483123] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  979.484832] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[  979.486413] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  979.488027] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[  979.489614] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  979.491197] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:24:43 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x4, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:43 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x800, 0x0, 0x0, 0x9, 0xa3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000000)=0x81, &(0x7f0000000040)=0x2)

18:24:43 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d"], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:24:43 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 16)

18:24:43 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a", 0x3, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:43 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009000000"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:43 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 8)

18:24:43 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
syz_io_uring_setup(0x3068, &(0x7f0000000000)={0x0, 0xd4ae, 0x8, 0x0, 0x1e1, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000000200)={0x5, 0x80, 0x4, 0x8, 0x8, 0xfd, 0x0, 0x30f38fc5, 0x0, 0xc, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000001c0), 0x4}, 0x8400, 0x800, 0x4, 0x7, 0x0, 0x3, 0x202, 0x0, 0x1}, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000180)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x5, &(0x7f0000000140)={0x77359400}, 0x1, 0x0, 0x0, {0x0, r3}}, 0x7)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r5=>r4, {0xffffffffffffffff, 0xffffffffffffffff}}, './file0\x00'})
ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x0, '\x00', [{0x3, 0x3, 0x7fff, 0xbbd2, 0x10001, 0x100}, {0x7, 0x5, 0x7, 0x200000000000000, 0x3ff, 0x2}], ['\x00', '\x00']})
fcntl$getflags(r0, 0x408)
pipe2(&(0x7f0000000080)={<r6=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r6, 0x408)
ioctl$KDSETKEYCODE(r6, 0x4b4d, &(0x7f0000000400)={0x1, 0x6})
tee(r0, r1, 0x0, 0x3)

18:24:43 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 3)

[  979.708183] FAULT_INJECTION: forcing a failure.
[  979.708183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  979.711314] CPU: 0 PID: 6795 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  979.712966] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  979.714946] Call Trace:
[  979.715583]  dump_stack+0x107/0x167
[  979.716474]  should_fail.cold+0x5/0xa
[  979.717395]  _copy_from_user+0x2e/0x1b0
[  979.718357]  __copy_msghdr_from_user+0x91/0x4b0
[  979.719404]  ? __ia32_sys_shutdown+0x80/0x80
[  979.720290]  ? __lock_acquire+0x1657/0x5b00
[  979.721156]  ___sys_recvmsg+0xd5/0x200
[  979.721921]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  979.722888]  ? lock_downgrade+0x6d0/0x6d0
[  979.723729]  ? lock_acquire+0x197/0x470
[  979.724509]  ? find_held_lock+0x2c/0x110
[  979.725308]  ? __might_fault+0xd3/0x180
[  979.726090]  ? lock_downgrade+0x6d0/0x6d0
[  979.726917]  do_recvmmsg+0x24c/0x6d0
[  979.727660]  ? ___sys_recvmsg+0x200/0x200
[  979.728466]  ? lock_downgrade+0x6d0/0x6d0
[  979.729289]  ? ksys_write+0x12d/0x260
[  979.730051]  ? wait_for_completion_io+0x270/0x270
[  979.730999]  ? rcu_read_lock_any_held+0x75/0xa0
[  979.731922]  ? vfs_write+0x354/0xa70
[  979.732653]  __x64_sys_recvmmsg+0x20f/0x260
[  979.733499]  ? ksys_write+0x1a9/0x260
[  979.734283]  ? __do_sys_socketcall+0x600/0x600
[  979.735321]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  979.736560]  ? syscall_enter_from_user_mode+0x1d/0x50
[  979.737773]  do_syscall_64+0x33/0x40
[  979.738641]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  979.739843] RIP: 0033:0x7f13d67b3b19
[  979.740710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  979.744942] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  979.746521] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  979.748076] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  979.749738] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  979.751396] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  979.753070] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[  979.782012] FAULT_INJECTION: forcing a failure.
[  979.782012] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  979.784957] CPU: 0 PID: 6797 Comm: syz-executor.7 Not tainted 5.10.199 #1
[  979.786389] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  979.788143] Call Trace:
[  979.788699]  dump_stack+0x107/0x167
[  979.789473]  should_fail.cold+0x5/0xa
[  979.790283]  _copy_from_user+0x2e/0x1b0
[  979.791128]  __copy_msghdr_from_user+0x91/0x4b0
[  979.792168]  ? __ia32_sys_shutdown+0x80/0x80
[  979.793198]  ? __lock_acquire+0x1657/0x5b00
[  979.794221]  ___sys_recvmsg+0xd5/0x200
[  979.795127]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  979.796285]  ? lock_downgrade+0x6d0/0x6d0
[  979.797259]  ? lock_acquire+0x197/0x470
[  979.798180]  ? find_held_lock+0x2c/0x110
[  979.799132]  ? __might_fault+0xd3/0x180
[  979.800085]  ? lock_downgrade+0x6d0/0x6d0
[  979.801042]  do_recvmmsg+0x24c/0x6d0
[  979.801827]  ? ___sys_recvmsg+0x200/0x200
[  979.802699]  ? lock_downgrade+0x6d0/0x6d0
[  979.803586]  ? ksys_write+0x12d/0x260
[  979.804416]  ? wait_for_completion_io+0x270/0x270
[  979.805509]  ? rcu_read_lock_any_held+0x75/0xa0
[  979.806590]  ? vfs_write+0x354/0xa70
[  979.807463]  __x64_sys_recvmmsg+0x20f/0x260
[  979.808476]  ? ksys_write+0x1a9/0x260
[  979.808936] FAULT_INJECTION: forcing a failure.
[  979.808936] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  979.809356]  ? __do_sys_socketcall+0x600/0x600
[  979.809387]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  979.809407]  ? syscall_enter_from_user_mode+0x1d/0x50
[  979.809440]  do_syscall_64+0x33/0x40
[  979.816312]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  979.817500] RIP: 0033:0x7fd50191ab19
[  979.818365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  979.822628] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  979.824418] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[  979.826080] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  979.827753] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[  979.829408] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  979.831069] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[  979.832846] CPU: 1 PID: 6805 Comm: syz-executor.1 Not tainted 5.10.199 #1
[  979.834397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  979.836254] Call Trace:
[  979.836863]  dump_stack+0x107/0x167
[  979.837708]  should_fail.cold+0x5/0xa
[  979.838560]  _copy_from_user+0x2e/0x1b0
[  979.839454]  __copy_msghdr_from_user+0x91/0x4b0
[  979.840507]  ? __ia32_sys_shutdown+0x80/0x80
[  979.841528]  ? __lock_acquire+0x1657/0x5b00
[  979.842511]  ___sys_recvmsg+0xd5/0x200
[  979.843417]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  979.844526]  ? lock_downgrade+0x6d0/0x6d0
[  979.845458]  ? lock_acquire+0x197/0x470
[  979.846345]  ? find_held_lock+0x2c/0x110
[  979.847298]  ? __might_fault+0xd3/0x180
[  979.848212]  ? lock_downgrade+0x6d0/0x6d0
[  979.849164]  do_recvmmsg+0x24c/0x6d0
[  979.850052]  ? ___sys_recvmsg+0x200/0x200
[  979.850983]  ? lock_downgrade+0x6d0/0x6d0
[  979.851929]  ? ksys_write+0x12d/0x260
[  979.852798]  ? wait_for_completion_io+0x270/0x270
[  979.853903]  ? rcu_read_lock_any_held+0x75/0xa0
[  979.854954]  ? vfs_write+0x354/0xa70
[  979.855825]  __x64_sys_recvmmsg+0x20f/0x260
[  979.856810]  ? ksys_write+0x1a9/0x260
[  979.857657]  ? __do_sys_socketcall+0x600/0x600
[  979.858682]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  979.859890]  ? syscall_enter_from_user_mode+0x1d/0x50
[  979.861085]  do_syscall_64+0x33/0x40
[  979.861918]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  979.863049] RIP: 0033:0x7f65a52bbb19
[  979.863901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  979.868019] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  979.869749] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[  979.871354] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  979.872950] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[  979.874570] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  979.876202] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:24:56 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a", 0x3, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:56 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 9)

18:24:56 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)

18:24:56 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x2000, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:56 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d"], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:24:56 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009000000"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:56 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 17)

18:24:56 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 4)

[  992.338225] FAULT_INJECTION: forcing a failure.
[  992.338225] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  992.340845] CPU: 1 PID: 6829 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  992.342131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  992.343703] Call Trace:
[  992.344229]  dump_stack+0x107/0x167
[  992.344929]  should_fail.cold+0x5/0xa
[  992.345651]  _copy_from_user+0x2e/0x1b0
[  992.346425]  __copy_msghdr_from_user+0x91/0x4b0
[  992.347332]  ? __ia32_sys_shutdown+0x80/0x80
[  992.348140]  ? __lock_acquire+0x1657/0x5b00
[  992.348945]  ___sys_recvmsg+0xd5/0x200
[  992.349643]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  992.350541]  ? lock_downgrade+0x6d0/0x6d0
[  992.351316]  ? lock_acquire+0x197/0x470
[  992.352057]  ? find_held_lock+0x2c/0x110
[  992.352836]  ? __might_fault+0xd3/0x180
[  992.353557]  ? lock_downgrade+0x6d0/0x6d0
[  992.354372]  do_recvmmsg+0x24c/0x6d0
[  992.355054]  ? ___sys_recvmsg+0x200/0x200
[  992.355849]  ? lock_downgrade+0x6d0/0x6d0
[  992.356609]  ? ksys_write+0x12d/0x260
[  992.357359]  ? wait_for_completion_io+0x270/0x270
[  992.358247]  ? rcu_read_lock_any_held+0x75/0xa0
[  992.359127]  ? vfs_write+0x354/0xa70
[  992.359804]  __x64_sys_recvmmsg+0x20f/0x260
[  992.360626]  ? ksys_write+0x1a9/0x260
[  992.361006] FAULT_INJECTION: forcing a failure.
[  992.361006] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  992.361331]  ? __do_sys_socketcall+0x600/0x600
[  992.361352]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  992.361368]  ? syscall_enter_from_user_mode+0x1d/0x50
[  992.361389]  do_syscall_64+0x33/0x40
[  992.361408]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  992.361419] RIP: 0033:0x7f13d67b3b19
[  992.361436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  992.361445] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  992.361463] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  992.361472] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  992.361482] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  992.361491] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  992.361500] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[  992.384990] FAULT_INJECTION: forcing a failure.
[  992.384990] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  992.385976] CPU: 0 PID: 6824 Comm: syz-executor.7 Not tainted 5.10.199 #1
[  992.389574] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  992.391473] Call Trace:
[  992.392112]  dump_stack+0x107/0x167
[  992.392940]  should_fail.cold+0x5/0xa
[  992.393801]  _copy_from_user+0x2e/0x1b0
[  992.394701]  __copy_msghdr_from_user+0x91/0x4b0
[  992.395743]  ? __ia32_sys_shutdown+0x80/0x80
[  992.396804]  ? __lock_acquire+0x1657/0x5b00
[  992.397796]  ___sys_recvmsg+0xd5/0x200
[  992.398674]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  992.399789]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  992.400977]  ? _raw_spin_unlock_irq+0x1f/0x30
[  992.401952]  ? trace_hardirqs_on+0x5b/0x180
[  992.402909]  ? lock_acquire+0x197/0x470
[  992.403799]  ? find_held_lock+0x2c/0x110
[  992.404724]  ? __might_fault+0xd3/0x180
[  992.405596]  ? lock_downgrade+0x6d0/0x6d0
[  992.406513]  do_recvmmsg+0x24c/0x6d0
[  992.407335]  ? ___sys_recvmsg+0x200/0x200
[  992.408317]  ? recalibrate_cpu_khz+0x10/0x10
[  992.409292]  ? lapic_next_deadline+0x1/0x50
[  992.410236]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  992.411384]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[  992.412643]  __x64_sys_recvmmsg+0x20f/0x260
[  992.413597]  ? __do_sys_socketcall+0x600/0x600
[  992.414609]  ? syscall_enter_from_user_mode+0x1d/0x50
[  992.415784]  do_syscall_64+0x33/0x40
[  992.416642]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  992.417803] RIP: 0033:0x7fd50191ab19
[  992.418622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  992.422750] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  992.424442] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[  992.426064] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  992.427606] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[  992.429215] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  992.430818] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[  992.432487] CPU: 1 PID: 6823 Comm: syz-executor.1 Not tainted 5.10.199 #1
[  992.433820] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  992.435420] Call Trace:
[  992.435925]  dump_stack+0x107/0x167
[  992.436633]  should_fail.cold+0x5/0xa
[  992.437361]  _copy_from_user+0x2e/0x1b0
[  992.438116]  __copy_msghdr_from_user+0x91/0x4b0
[  992.438997]  ? __ia32_sys_shutdown+0x80/0x80
[  992.439841]  ? __lock_acquire+0x1657/0x5b00
[  992.440667]  ___sys_recvmsg+0xd5/0x200
[  992.441390]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  992.442303]  ? lock_downgrade+0x6d0/0x6d0
[  992.443078]  ? lock_acquire+0x197/0x470
[  992.443829]  ? find_held_lock+0x2c/0x110
[  992.444585]  ? __might_fault+0xd3/0x180
[  992.445324]  ? lock_downgrade+0x6d0/0x6d0
[  992.446111]  do_recvmmsg+0x24c/0x6d0
[  992.446807]  ? ___sys_recvmsg+0x200/0x200
[  992.447573]  ? lock_downgrade+0x6d0/0x6d0
[  992.448358]  ? ksys_write+0x12d/0x260
[  992.449080]  ? wait_for_completion_io+0x270/0x270
[  992.449985]  ? rcu_read_lock_any_held+0x75/0xa0
[  992.450847]  ? vfs_write+0x354/0xa70
[  992.451548]  __x64_sys_recvmmsg+0x20f/0x260
[  992.452357]  ? ksys_write+0x1a9/0x260
[  992.453069]  ? __do_sys_socketcall+0x600/0x600
[  992.453916]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  992.454886]  ? syscall_enter_from_user_mode+0x1d/0x50
[  992.455863]  do_syscall_64+0x33/0x40
[  992.456552]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  992.457496] RIP: 0033:0x7f65a52bbb19
[  992.458182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  992.461575] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  992.462983] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[  992.464301] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  992.465614] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[  992.466944] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  992.468279] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:24:56 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a", 0x3, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:56 executing program 4:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r0=>0x0})
sendmsg$NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, 0x0, 0x200, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TSID={0x5, 0xd2, 0x9}, @NL80211_ATTR_TSID={0x5, 0xd2, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
r2 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x0, 0x0)
pwrite64(r2, &(0x7f00000000c0)="dde60c76072cfeefd1ecbc169e225ba210da97ab39a074db646c0293e7a2d97c2b15dc3d86ebcde93026edf92b579a1469ad464bf56193a31d7f723c1e17a64e98a403d8bb047a58f6676d843c414c8b3e1dd46f492a374bec3b5e42ea3da28caabe6712efd77e4193dbe1dc37952ef5d4f668be7bb6eb449913068362352b104d61d8e97d852edec5775ce8b6801d0a6b23395ac3e7f5ebfe62763ce8d7eb822755c36a86b2dfdf3b7bfb17f94a0f12750255a301f619e83d9e3179", 0xbc, 0x5)
fcntl$getflags(r1, 0x408)

18:24:56 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c3000000000000000000"], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:24:56 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 18)

18:24:56 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c220920000000000000100000000000000090000"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:56 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)

18:24:56 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x4000, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:56 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[  992.687119] FAULT_INJECTION: forcing a failure.
[  992.687119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  992.690211] CPU: 0 PID: 6842 Comm: syz-executor.0 Not tainted 5.10.199 #1
[  992.691747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  992.693673] Call Trace:
[  992.694271]  dump_stack+0x107/0x167
[  992.695097]  should_fail.cold+0x5/0xa
[  992.696011]  _copy_from_user+0x2e/0x1b0
[  992.696909]  __copy_msghdr_from_user+0x91/0x4b0
[  992.697941]  ? __ia32_sys_shutdown+0x80/0x80
[  992.698960]  ? __lock_acquire+0x1657/0x5b00
[  992.699963]  ___sys_recvmsg+0xd5/0x200
[  992.700838]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  992.701924]  ? lock_downgrade+0x6d0/0x6d0
[  992.702888]  ? lock_acquire+0x197/0x470
[  992.703815]  ? find_held_lock+0x2c/0x110
[  992.704761]  ? __might_fault+0xd3/0x180
[  992.705649]  ? lock_downgrade+0x6d0/0x6d0
[  992.706585]  do_recvmmsg+0x24c/0x6d0
[  992.707424]  ? ___sys_recvmsg+0x200/0x200
[  992.708398]  ? lock_downgrade+0x6d0/0x6d0
[  992.709333]  ? ksys_write+0x12d/0x260
[  992.710195]  ? wait_for_completion_io+0x270/0x270
[  992.711265]  ? rcu_read_lock_any_held+0x75/0xa0
[  992.712350]  ? vfs_write+0x354/0xa70
[  992.713222]  __x64_sys_recvmmsg+0x20f/0x260
[  992.714190]  ? ksys_write+0x1a9/0x260
[  992.715035]  ? __do_sys_socketcall+0x600/0x600
[  992.716098]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  992.717303]  ? syscall_enter_from_user_mode+0x1d/0x50
[  992.718469]  do_syscall_64+0x33/0x40
[  992.719295]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  992.720453] RIP: 0033:0x7f13d67b3b19
[  992.721322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  992.725417] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  992.727103] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[  992.728709] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  992.730324] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[  992.731916] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  992.733535] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:24:56 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c3000000000000000000"], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:24:56 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 5)

18:24:56 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 10)

18:24:56 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000040)=<r3=>0x0)
r4 = clone3(&(0x7f0000000280)={0x0, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140), {0x2d}, &(0x7f0000000180)=""/10, 0xa, &(0x7f00000001c0)=""/69, &(0x7f0000000240)=[0x0], 0x1, {r1}}, 0x58)
sendmsg$nl_generic(r2, &(0x7f0000000b80)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000300)={0x830, 0x30, 0x100, 0x70bd25, 0x25dfdbfc, {0x1f}, [@generic="f87a998bd1b5c874fe105b5ff74e9daa5b4274fe58309b5337bc0e93f874f27d455a28135e00754bbb6bdb0f3d0d5e7a4180df4ba0ed", @nested={0x120, 0x2, 0x0, 0x1, [@typed={0xf7, 0x3e, 0x0, 0x0, @binary="c8ab613d2a1a152f2c6db34c4b26f0b8ba12629590c6ec84e347bf6260bd2c523d7ccdb17f39830586c1dd2a156ebc057f696435c9159c5f9d31f4c97c3ded2d92b24bd5eafa2294288c98d75e27bc13fe7d19bd4b785e9e7488ea0347fd19a0ed7e04057e3d3e896150e0e0278a19f9be5e8cf2de4059594f12e207a5113b7534c6f39f5b69893cab75989f021f8c173be2a32ac2c183c94b62ea12799a6e75d202d0a48ab5ee011c6c02e70cfed0ba97508309abd231ccf72fc4f376b11619fb293215a19c2d2522c564cab2beaef3cc9824c50c3e9a930ceee6917ecb6cba6bde0aa737fb4cad81c0b21f7acb85b28d08f7"}, @typed={0x14, 0x88, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0x30, 0x0, 0x0, @pid=r3}, @typed={0x8, 0x68, 0x0, 0x0, @fd=r0}]}, @generic="e3d25b8638d4b89447ed7cacdb8c8baaa4dd6aeb8b8a8c7f23127c1030457754e778a2c4c0d8409e238a4174d6768fa066536c4c547775a82d49b8aaaf6e18a3195ccef93ed8990499d686051b20608cd7081361fe4711ee8fcc414aa489c5dcb0681196254995b6ebab346c3e2ce1e7795999c6940988db96afd8739c4261ff4efd3dc43bbb27128a1d7e4acca087505b1976b88da92c7eee578717ee120cd8505a021d5765", @generic, @typed={0x8, 0x87, 0x0, 0x0, @uid=0xffffffffffffffff}, @nested={0x616, 0x76, 0x0, 0x1, [@generic="1f31ebbac197e0f5d895407b9386d9319fbf69389132837a4eb95681f1e8dd4285573958f7ae6c7984d788b88be4569983d03d34d359160b7dfca4e10ffc791b24e9e6f5c4322584854f09624eae6ac4463333d5c7cdc84dc8dd4c599bc96386d918cbe38a4db0420d886b1d92d9dfeedaed6fca913d8ebffc66485a79b601dd1b63fa8c75081b0b6d9a6be1952a7f78785c9f8b5ab3b11a89dd660b416d492a13e4718cc1c00bc6e277f36e62b3e7811f6b29", @generic="0ccb65e9f4e5f77256120c6827501e99dcbb995c01eccd02424378fab174dbfe5f7157b9810ebaa66997cd0285ce00398fbd004e810d164ea179c1ee8531da037bba463f", @generic="a09172b5fe0f6afbdf0ade3ab264b7979ed70e690e330726c47fecf4a950d7cc168f8504d18b60685626f92c64d352aa24fd7fdeb27c5c1e5b791f3833ca5450afa963d71d644a22baeb95d6eab60fc01aa4b016709767b677519f500b01966a45c896d6c4dbd74d939a4f4bf9184baa1e5f1b893995e0c4321cbf56c703f313340e1280b47e55e2448aee11a6ba36409b66f946cbcd049e9c8df5c9137d3e3d1c6354310ca38d07078f3ea5348243762df8d4b793088308d1f0503e375e6b112773bfc1be8fb320ed1b825b0550485143c7cd88b5957108c9494ad43d755ebbc6", @generic="7c9388fbe11980d1e3918a221ba5b0a9bc9251104bde1983dcffea1ead74eb0f78da31654741a89b2db9cb79a8359bfb9094bf426e7b4d403a0061f55cd993357c995086709120744404694e85a439b183bfe3e88044380604b52e54c87c62c86417e738d6832c79dd32c8bb00a324a8f6b65842885a2f83bb7f854243cec3e2022b59ff966c2a359186941c4377685540fd6c0ad10ee809a27a09348861e472c2928c8f31aca197df7f8ed86ace92e3bee852aff84f08eab688ca32b9b68be22cc19136c3211244d276cbeca7e0aa8764e16a5ad054571cf28d1d0cda", @generic="827692d1b914fed8a954f144f0154ead318821f1aead18e9a360c9fe5221e23182420b7a23d5b6e43f1e0b893a3eb9767c08ee3badfca35d37eed2f76b45b8951a4853121b11c090764b629d052f9457385753757113a6919012b03ed0ba410323e1b3591e2a14a94126cd6337a0518de7f1744fe5e2e8daf553be10b81c713b3651c01d773e44868811cc7cf6423e514e96f2eab390c96cebbe13694d735822b860b1384d6795e1e7731723195138d2150a511e7f8360d3856952abacc97b39e1a065c230ca3a4ddcf4252e31074096ef1fb1e80850e5d46233d03e81cda5b047080a0c9b8d26f2a1c548e4", @generic="fc7a9477088763711e4668e011b53db76e623b2ffef41f9f51343e383b6bf53d0c82633bc5ee796bc5dc9d6825520396022b866a657c9cbebea3d9a065654b67adff86e1a707189eca617d5b27ec8f70c51a090ff5caeca2d8df7b6500f040fd4c9d9e5124026c50f8efe25c8910c5f152e6eb774191f46eace1d863f4059e42f79995e97ca269fe511fa0e294a4527dce216fec566865b4cb6b7f75d9b569c62dcd88620bfb91c1218672307af0e151b62c7ffc3a2c5c2cf726b738bc9ee86ee9b677a220b39aa7cfe2496873", @generic="b46b6690c2af9ff8a5d7eeb7d74fe57afef9c488e50669d13f030a49edab94d0a4aed657876c35cac2072aefd1e1a5769b66a04a9366ca11e27226088bb39a4ccf27d3940e75b19803a4db8524881d93f76bce45000cdd2842cb3e72c09d5067009f0ff36d728f104a446a75d2f3e5e754ea7e3663b5848675466d0c591cf02e946e90bca5c81a", @typed={0x8, 0x46, 0x0, 0x0, @pid=r4}, @generic="120caad7b616e7d0c439a40f0d51594d3e702b291dd35dc9f9d60fab9a520cc3ebba3e76e11f6efee075219a7d1dbc22386ce80f36a984388a0d7ff56d4dd3edbd09d7f50876dfec92ca69d0c14ac844e9f6b0ada0144e3a6fa6e0b576a49779edf996ff70f4c121b150b9e100234bf05951cf863f30e9e61e3ba0c10b1835a1b6811b943d443ac72efb17d898fafcacf955894921ddec6c62d978f11491d6851d6cf78732ed04577498d19076cb462b0536f06ca4c8dde6561f50f7fbbe5864737e14a8f79f99952f5df58ad1f1dc77283b8f52e3c4e9eca829e59944", @generic="a3da213e1f41bf057910d68359ffe9743cd29e38f434f1cfafe3fdf65e84a4c62197b406795035619ea9456d59c1ad6780ebac0f3c027d94"]}]}, 0x830}, 0x1, 0x0, 0x0, 0x408c0}, 0x0)
fcntl$getflags(r1, 0x408)

18:24:56 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x40000, 0x0}}], 0x35f, 0x10062, 0x0)

18:24:57 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[  992.896947] FAULT_INJECTION: forcing a failure.
[  992.896947] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  992.899794] CPU: 1 PID: 6861 Comm: syz-executor.1 Not tainted 5.10.199 #1
[  992.900985] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  992.902425] Call Trace:
[  992.902891]  dump_stack+0x107/0x167
[  992.903534]  should_fail.cold+0x5/0xa
[  992.904225]  _copy_from_user+0x2e/0x1b0
[  992.904923]  __copy_msghdr_from_user+0x91/0x4b0
[  992.905734]  ? __ia32_sys_shutdown+0x80/0x80
[  992.906507]  ? __lock_acquire+0x1657/0x5b00
[  992.907271]  ___sys_recvmsg+0xd5/0x200
[  992.907956]  ? __copy_msghdr_from_user+0x4b0/0x4b0
18:24:57 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c2209200000000000001000000000000000900"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[  992.908810]  ? lock_downgrade+0x6d0/0x6d0
[  992.909691]  ? lock_acquire+0x197/0x470
[  992.910386]  ? find_held_lock+0x2c/0x110
[  992.911094]  ? __might_fault+0xd3/0x180
[  992.911797]  ? lock_downgrade+0x6d0/0x6d0
[  992.912531]  do_recvmmsg+0x24c/0x6d0
[  992.913186]  ? ___sys_recvmsg+0x200/0x200
[  992.913908]  ? lock_downgrade+0x6d0/0x6d0
[  992.914638]  ? ksys_write+0x12d/0x260
[  992.915310]  ? wait_for_completion_io+0x270/0x270
[  992.916172]  ? rcu_read_lock_any_held+0x75/0xa0
[  992.916974]  ? vfs_write+0x354/0xa70
[  992.917648]  __x64_sys_recvmmsg+0x20f/0x260
[  992.918391]  ? ksys_write+0x1a9/0x260
[  992.919046]  ? __do_sys_socketcall+0x600/0x600
[  992.919848]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  992.920727]  ? syscall_enter_from_user_mode+0x1d/0x50
[  992.921612]  do_syscall_64+0x33/0x40
[  992.922242]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  992.923140] RIP: 0033:0x7f65a52bbb19
[  992.923800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  992.926874] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  992.928200] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[  992.929421] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  992.930644] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[  992.931878] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[  992.933094] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[  992.936217] FAULT_INJECTION: forcing a failure.
[  992.936217] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  992.938703] CPU: 1 PID: 6859 Comm: syz-executor.7 Not tainted 5.10.199 #1
[  992.939896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  992.941317] Call Trace:
[  992.941774]  dump_stack+0x107/0x167
[  992.942406]  should_fail.cold+0x5/0xa
[  992.943067]  _copy_from_user+0x2e/0x1b0
[  992.943752]  __copy_msghdr_from_user+0x91/0x4b0
[  992.944574]  ? __ia32_sys_shutdown+0x80/0x80
[  992.945334]  ? __lock_acquire+0x1657/0x5b00
[  992.946091]  ___sys_recvmsg+0xd5/0x200
[  992.946753]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[  992.947592]  ? lock_downgrade+0x6d0/0x6d0
[  992.948320]  ? lock_acquire+0x197/0x470
[  992.949010]  ? find_held_lock+0x2c/0x110
[  992.949714]  ? __might_fault+0xd3/0x180
[  992.950407]  ? lock_downgrade+0x6d0/0x6d0
[  992.951129]  do_recvmmsg+0x24c/0x6d0
[  992.951788]  ? ___sys_recvmsg+0x200/0x200
[  992.952512]  ? lock_downgrade+0x6d0/0x6d0
[  992.953234]  ? ksys_write+0x12d/0x260
[  992.953897]  ? wait_for_completion_io+0x270/0x270
[  992.954729]  ? rcu_read_lock_any_held+0x75/0xa0
[  992.955520]  ? vfs_write+0x354/0xa70
[  992.956188]  __x64_sys_recvmmsg+0x20f/0x260
[  992.956925]  ? ksys_write+0x1a9/0x260
[  992.957581]  ? __do_sys_socketcall+0x600/0x600
[  992.958367]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  992.959266]  ? syscall_enter_from_user_mode+0x1d/0x50
[  992.960165]  do_syscall_64+0x33/0x40
[  992.960812]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[  992.961687] RIP: 0033:0x7fd50191ab19
[  992.962325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  992.965498] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  992.966803] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[  992.968040] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[  992.969274] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[  992.970486] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[  992.971708] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:25:10 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 19)

18:25:10 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c3000000000000000000"], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:25:10 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c2209200000000000001000000000000000900"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:10 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x200000, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:10 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 6)

18:25:10 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 11)

18:25:10 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
fchdir(r2)
write(r0, &(0x7f0000000000)="fb9ad61f7684c08661bc80cf956dcbfaa7b8d78527b4e6732b49196489d84452", 0x20)

18:25:10 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1006.819939] FAULT_INJECTION: forcing a failure.
[ 1006.819939] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1006.821871] CPU: 1 PID: 6878 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1006.822704] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1006.823710] Call Trace:
[ 1006.824038]  dump_stack+0x107/0x167
[ 1006.824485]  should_fail.cold+0x5/0xa
[ 1006.824956]  _copy_from_user+0x2e/0x1b0
[ 1006.825440]  __copy_msghdr_from_user+0x91/0x4b0
[ 1006.826019]  ? __ia32_sys_shutdown+0x80/0x80
[ 1006.826569]  ? __lock_acquire+0x1657/0x5b00
[ 1006.827103]  ___sys_recvmsg+0xd5/0x200
[ 1006.827591]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1006.828209]  ? lock_downgrade+0x6d0/0x6d0
[ 1006.828709]  ? lock_acquire+0x197/0x470
[ 1006.829193]  ? find_held_lock+0x2c/0x110
[ 1006.829696]  ? __might_fault+0xd3/0x180
[ 1006.830173]  ? lock_downgrade+0x6d0/0x6d0
[ 1006.830687]  do_recvmmsg+0x24c/0x6d0
[ 1006.831159]  ? ___sys_recvmsg+0x200/0x200
18:25:11 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1006.831668]  ? lock_downgrade+0x6d0/0x6d0
[ 1006.832258]  ? ksys_write+0x12d/0x260
[ 1006.832720]  ? wait_for_completion_io+0x270/0x270
[ 1006.833314]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1006.833862]  ? vfs_write+0x354/0xa70
[ 1006.834322]  __x64_sys_recvmmsg+0x20f/0x260
[ 1006.834837]  ? ksys_write+0x1a9/0x260
[ 1006.835298]  ? __do_sys_socketcall+0x600/0x600
[ 1006.835837]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1006.836494]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1006.837114]  do_syscall_64+0x33/0x40
[ 1006.837569]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1006.838181] RIP: 0033:0x7f13d67b3b19
[ 1006.838626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1006.840876] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1006.841837] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
18:25:11 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/52], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1006.842727] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1006.843687] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1006.844614] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1006.845519] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1006.852943] FAULT_INJECTION: forcing a failure.
[ 1006.852943] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1006.854755] CPU: 1 PID: 6891 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1006.855602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1006.856647] Call Trace:
18:25:11 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000140)="1783919791234f593920e026627ba13f39b48c02ba8a5aee12310d20352e169e8410d23ad25d0ce9729d39cdf7bc90152c172986334484d2edbcdbc8fdb29fdb664a622161dfd8ee6544acc3b6d45c91a8854f8ed2ec870da32d81a750de7695d6bbdce081c7b323db70f5c5a803f75e29ebb046dd8061ea9c9baa8152c8c3305e5eaf352719fdddad97ad802ac4e71c35e05aa3c59aebe261a555d955dbaf37310c779ba9d75f6e5df64b6394ea7d4cdc477205e047cc7373236a9a7c7b64ed649bd85d9eb05bf15f0d4ba5ad89a3c95beccd0e618b71c85e34bfead1d55f3eb220138cf77add70fab83833d5bd544906a75c4674ee2977a515f51e2958b77c")
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
syz_io_uring_setup(0x483c, &(0x7f0000000000)={0x0, 0x9c64, 0x20, 0x3, 0x179, 0x0, r2}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100))

[ 1006.856963]  dump_stack+0x107/0x167
[ 1006.857513]  should_fail.cold+0x5/0xa
[ 1006.857992]  _copy_from_user+0x2e/0x1b0
[ 1006.858468]  __copy_msghdr_from_user+0x91/0x4b0
[ 1006.859020]  ? __ia32_sys_shutdown+0x80/0x80
[ 1006.859542]  ? __lock_acquire+0x1657/0x5b00
[ 1006.860076]  ___sys_recvmsg+0xd5/0x200
[ 1006.860548]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1006.861149]  ? lock_downgrade+0x6d0/0x6d0
[ 1006.861651]  ? lock_acquire+0x197/0x470
[ 1006.862115]  ? find_held_lock+0x2c/0x110
[ 1006.862615]  ? __might_fault+0xd3/0x180
[ 1006.863091]  ? lock_downgrade+0x6d0/0x6d0
[ 1006.863596]  do_recvmmsg+0x24c/0x6d0
[ 1006.864067]  ? ___sys_recvmsg+0x200/0x200
[ 1006.864563]  ? lock_downgrade+0x6d0/0x6d0
[ 1006.865082]  ? ksys_write+0x12d/0x260
[ 1006.865565]  ? wait_for_completion_io+0x270/0x270
[ 1006.866172]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1006.866753]  ? vfs_write+0x354/0xa70
[ 1006.867237]  __x64_sys_recvmmsg+0x20f/0x260
[ 1006.867786]  ? ksys_write+0x1a9/0x260
[ 1006.868279]  ? __do_sys_socketcall+0x600/0x600
[ 1006.868856]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1006.869487]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1006.870155]  do_syscall_64+0x33/0x40
[ 1006.870622]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1006.871285] RIP: 0033:0x7f65a52bbb19
[ 1006.871791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1006.874113] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1006.875145] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1006.876075] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1006.877017] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1006.877968] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1006.878900] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1006.885081] FAULT_INJECTION: forcing a failure.
[ 1006.885081] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1006.888968] CPU: 1 PID: 6889 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1006.889793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1006.890789] Call Trace:
[ 1006.891110]  dump_stack+0x107/0x167
[ 1006.891563]  should_fail.cold+0x5/0xa
[ 1006.892024]  _copy_from_user+0x2e/0x1b0
[ 1006.892485]  __copy_msghdr_from_user+0x91/0x4b0
[ 1006.893054]  ? __ia32_sys_shutdown+0x80/0x80
[ 1006.893564]  ? __lock_acquire+0x1657/0x5b00
[ 1006.894100]  ___sys_recvmsg+0xd5/0x200
[ 1006.894563]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1006.895162]  ? lock_downgrade+0x6d0/0x6d0
[ 1006.895648]  ? lock_acquire+0x197/0x470
[ 1006.896138]  ? find_held_lock+0x2c/0x110
[ 1006.896621]  ? __might_fault+0xd3/0x180
[ 1006.897119]  ? lock_downgrade+0x6d0/0x6d0
[ 1006.897646]  do_recvmmsg+0x24c/0x6d0
[ 1006.898109]  ? ___sys_recvmsg+0x200/0x200
[ 1006.898656]  ? lock_downgrade+0x6d0/0x6d0
[ 1006.899181]  ? ksys_write+0x12d/0x260
[ 1006.899665]  ? wait_for_completion_io+0x270/0x270
[ 1006.900264]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1006.900845]  ? vfs_write+0x354/0xa70
[ 1006.901309]  __x64_sys_recvmmsg+0x20f/0x260
[ 1006.901875]  ? ksys_write+0x1a9/0x260
[ 1006.902375]  ? __do_sys_socketcall+0x600/0x600
[ 1006.902936]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1006.903592]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1006.904281]  do_syscall_64+0x33/0x40
[ 1006.904750]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1006.905373] RIP: 0033:0x7fd50191ab19
[ 1006.905838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1006.908098] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1006.909044] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1006.909931] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1006.910795] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1006.911664] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1006.912538] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:25:11 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:11 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c2209200000000000001000000000000000900"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:11 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 20)

18:25:11 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 12)

[ 1007.013946] FAULT_INJECTION: forcing a failure.
[ 1007.013946] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1007.015424] CPU: 1 PID: 6910 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1007.016235] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1007.016878] FAULT_INJECTION: forcing a failure.
[ 1007.016878] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1007.017169] Call Trace:
[ 1007.017186]  dump_stack+0x107/0x167
[ 1007.017206]  should_fail.cold+0x5/0xa
[ 1007.019607]  _copy_from_user+0x2e/0x1b0
[ 1007.020074]  __copy_msghdr_from_user+0x91/0x4b0
[ 1007.020601]  ? __ia32_sys_shutdown+0x80/0x80
[ 1007.021094]  ? __lock_acquire+0x1657/0x5b00
[ 1007.021592]  ___sys_recvmsg+0xd5/0x200
[ 1007.022035]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1007.022596]  ? lock_downgrade+0x6d0/0x6d0
[ 1007.023071]  ? lock_acquire+0x197/0x470
[ 1007.023528]  ? find_held_lock+0x2c/0x110
[ 1007.024001]  ? __might_fault+0xd3/0x180
[ 1007.024456]  ? lock_downgrade+0x6d0/0x6d0
[ 1007.024961]  do_recvmmsg+0x24c/0x6d0
[ 1007.025399]  ? ___sys_recvmsg+0x200/0x200
[ 1007.025893]  ? lock_downgrade+0x6d0/0x6d0
[ 1007.026381]  ? ksys_write+0x12d/0x260
[ 1007.026840]  ? wait_for_completion_io+0x270/0x270
[ 1007.027406]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1007.027963]  ? vfs_write+0x354/0xa70
[ 1007.028398]  __x64_sys_recvmmsg+0x20f/0x260
[ 1007.028902]  ? ksys_write+0x1a9/0x260
[ 1007.029325]  ? __do_sys_socketcall+0x600/0x600
[ 1007.029874]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1007.030477]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1007.031074]  do_syscall_64+0x33/0x40
[ 1007.031521]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1007.032097] RIP: 0033:0x7fd50191ab19
[ 1007.032538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1007.034680] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1007.035544] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1007.036389] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1007.037214] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1007.038046] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1007.038884] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1007.039736] CPU: 0 PID: 6909 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1007.040525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1007.041465] Call Trace:
[ 1007.041774]  dump_stack+0x107/0x167
[ 1007.042189]  should_fail.cold+0x5/0xa
[ 1007.042632]  _copy_from_user+0x2e/0x1b0
[ 1007.043079]  __copy_msghdr_from_user+0x91/0x4b0
[ 1007.043595]  ? __ia32_sys_shutdown+0x80/0x80
[ 1007.044100]  ? __lock_acquire+0x1657/0x5b00
[ 1007.044576]  ___sys_recvmsg+0xd5/0x200
[ 1007.045011]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1007.045530]  ? lock_downgrade+0x6d0/0x6d0
[ 1007.045996]  ? lock_acquire+0x197/0x470
[ 1007.046436]  ? find_held_lock+0x2c/0x110
[ 1007.046887]  ? __might_fault+0xd3/0x180
[ 1007.047330]  ? lock_downgrade+0x6d0/0x6d0
[ 1007.047798]  do_recvmmsg+0x24c/0x6d0
[ 1007.048200]  ? ___sys_recvmsg+0x200/0x200
[ 1007.048658]  ? lock_downgrade+0x6d0/0x6d0
[ 1007.049127]  ? ksys_write+0x12d/0x260
[ 1007.049559]  ? wait_for_completion_io+0x270/0x270
[ 1007.050094]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1007.050611]  ? vfs_write+0x354/0xa70
[ 1007.051005]  __x64_sys_recvmmsg+0x20f/0x260
[ 1007.051484]  ? ksys_write+0x1a9/0x260
[ 1007.051908]  ? __do_sys_socketcall+0x600/0x600
[ 1007.052401]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1007.052983]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1007.053530]  do_syscall_64+0x33/0x40
[ 1007.053956]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1007.054492] RIP: 0033:0x7f13d67b3b19
[ 1007.054905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1007.056931] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1007.057777] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1007.058563] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1007.059341] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1007.060131] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1007.060906] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:25:22 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 7)

18:25:22 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 21)

18:25:22 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 13)

18:25:23 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:23 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/52], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:25:23 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r1)

18:25:23 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x3665c4, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:23 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1018.884828] FAULT_INJECTION: forcing a failure.
[ 1018.884828] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1018.887708] CPU: 0 PID: 6927 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1018.889149] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1018.890835] Call Trace:
[ 1018.891384]  dump_stack+0x107/0x167
[ 1018.892155]  should_fail.cold+0x5/0xa
[ 1018.892938]  _copy_from_user+0x2e/0x1b0
[ 1018.893777]  __copy_msghdr_from_user+0x91/0x4b0
[ 1018.894741]  ? __ia32_sys_shutdown+0x80/0x80
[ 1018.895653]  ? __lock_acquire+0x1657/0x5b00
[ 1018.896587]  ___sys_recvmsg+0xd5/0x200
[ 1018.897394]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1018.898407]  ? lock_downgrade+0x6d0/0x6d0
[ 1018.898810] FAULT_INJECTION: forcing a failure.
[ 1018.898810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1018.899258]  ? lock_acquire+0x197/0x470
[ 1018.899287]  ? find_held_lock+0x2c/0x110
[ 1018.903302]  ? __might_fault+0xd3/0x180
[ 1018.904144]  ? lock_downgrade+0x6d0/0x6d0
[ 1018.905012]  do_recvmmsg+0x24c/0x6d0
[ 1018.905799]  ? ___sys_recvmsg+0x200/0x200
[ 1018.906656]  ? lock_downgrade+0x6d0/0x6d0
[ 1018.907540]  ? ksys_write+0x12d/0x260
[ 1018.908359]  ? wait_for_completion_io+0x270/0x270
[ 1018.909349]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1018.910297]  ? vfs_write+0x354/0xa70
[ 1018.911066]  __x64_sys_recvmmsg+0x20f/0x260
[ 1018.911945]  ? ksys_write+0x1a9/0x260
[ 1018.912753]  ? __do_sys_socketcall+0x600/0x600
[ 1018.913696]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1018.914770]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1018.915831]  do_syscall_64+0x33/0x40
[ 1018.916619]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1018.917679] RIP: 0033:0x7f65a52bbb19
[ 1018.918447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1018.922226] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1018.923779] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1018.925241] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1018.926692] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1018.928177] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1018.929629] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1018.931119] CPU: 1 PID: 6931 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1018.932551] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1018.934227] Call Trace:
[ 1018.934774]  dump_stack+0x107/0x167
[ 1018.935528]  should_fail.cold+0x5/0xa
[ 1018.936324]  _copy_from_user+0x2e/0x1b0
[ 1018.937149]  __copy_msghdr_from_user+0x91/0x4b0
[ 1018.938100]  ? __ia32_sys_shutdown+0x80/0x80
[ 1018.938998]  ? __lock_acquire+0x1657/0x5b00
[ 1018.939894]  ___sys_recvmsg+0xd5/0x200
[ 1018.940712]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1018.941716]  ? lock_downgrade+0x6d0/0x6d0
[ 1018.942578]  ? lock_acquire+0x197/0x470
[ 1018.943383]  ? find_held_lock+0x2c/0x110
[ 1018.944222]  ? __might_fault+0xd3/0x180
[ 1018.945037]  ? lock_downgrade+0x6d0/0x6d0
[ 1018.945902]  do_recvmmsg+0x24c/0x6d0
[ 1018.946073] FAULT_INJECTION: forcing a failure.
[ 1018.946073] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1018.946655]  ? ___sys_recvmsg+0x200/0x200
[ 1018.946674]  ? lock_downgrade+0x6d0/0x6d0
[ 1018.946701]  ? ksys_write+0x12d/0x260
[ 1018.946735]  ? wait_for_completion_io+0x270/0x270
[ 1018.946757]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1018.946772]  ? vfs_write+0x354/0xa70
[ 1018.946796]  __x64_sys_recvmmsg+0x20f/0x260
[ 1018.946814]  ? ksys_write+0x1a9/0x260
[ 1018.946832]  ? __do_sys_socketcall+0x600/0x600
[ 1018.946855]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1018.946872]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1018.946902]  do_syscall_64+0x33/0x40
[ 1018.959527]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1018.960584] RIP: 0033:0x7fd50191ab19
[ 1018.961333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1018.965061] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1018.966603] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1018.968040] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1018.969493] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1018.970938] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1018.972407] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1018.973912] CPU: 0 PID: 6935 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1018.975377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1018.977114] Call Trace:
[ 1018.977667]  dump_stack+0x107/0x167
[ 1018.978417]  should_fail.cold+0x5/0xa
[ 1018.979211]  _copy_from_user+0x2e/0x1b0
[ 1018.980015]  __copy_msghdr_from_user+0x91/0x4b0
[ 1018.980998]  ? __ia32_sys_shutdown+0x80/0x80
[ 1018.981895]  ? __lock_acquire+0x1657/0x5b00
[ 1018.982799]  ___sys_recvmsg+0xd5/0x200
[ 1018.983608]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1018.984625]  ? lock_downgrade+0x6d0/0x6d0
[ 1018.985589]  ? lock_acquire+0x197/0x470
[ 1018.986609]  ? find_held_lock+0x2c/0x110
[ 1018.987659]  ? __might_fault+0xd3/0x180
[ 1018.988697]  ? lock_downgrade+0x6d0/0x6d0
[ 1018.989792]  do_recvmmsg+0x24c/0x6d0
[ 1018.990768]  ? ___sys_recvmsg+0x200/0x200
[ 1018.991834]  ? lock_downgrade+0x6d0/0x6d0
[ 1018.992912]  ? ksys_write+0x12d/0x260
[ 1018.993914]  ? wait_for_completion_io+0x270/0x270
[ 1018.995153]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1018.996365]  ? vfs_write+0x354/0xa70
[ 1018.997333]  __x64_sys_recvmmsg+0x20f/0x260
[ 1018.998433]  ? ksys_write+0x1a9/0x260
[ 1018.999408]  ? __do_sys_socketcall+0x600/0x600
[ 1019.000501]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1019.001574]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1019.002633]  do_syscall_64+0x33/0x40
[ 1019.003393]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1019.004440] RIP: 0033:0x7f13d67b3b19
[ 1019.005200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1019.008958] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1019.010499] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1019.011942] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1019.013393] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1019.014828] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1019.016287] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:25:37 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x10062, 0x0)

18:25:37 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r2, 0x408)
sendfile(r1, r2, &(0x7f0000000000)=0x9d22, 0x0)
fcntl$getflags(r0, 0x408)

18:25:37 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 14)

18:25:37 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 22)

18:25:37 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/52], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:25:37 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x4000000, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:37 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 8)

18:25:37 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1033.485920] FAULT_INJECTION: forcing a failure.
[ 1033.485920] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1033.488772] CPU: 1 PID: 6945 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1033.490135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1033.491777] Call Trace:
[ 1033.492311]  dump_stack+0x107/0x167
[ 1033.493044]  should_fail.cold+0x5/0xa
[ 1033.493809]  _copy_from_user+0x2e/0x1b0
[ 1033.494605]  __copy_msghdr_from_user+0x91/0x4b0
[ 1033.495530]  ? __ia32_sys_shutdown+0x80/0x80
[ 1033.496415]  ? __lock_acquire+0x1657/0x5b00
[ 1033.497289]  ___sys_recvmsg+0xd5/0x200
[ 1033.498063]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1033.499037]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1033.499935]  ? lock_acquire+0x197/0x470
[ 1033.500742]  ? find_held_lock+0x2c/0x110
[ 1033.501556]  ? __might_fault+0xd3/0x180
[ 1033.502344]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.503171]  ? io_schedule_timeout+0x140/0x140
[ 1033.504096]  do_recvmmsg+0x24c/0x6d0
[ 1033.504848]  ? ___sys_recvmsg+0x200/0x200
[ 1033.505671]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.506503]  ? ksys_write+0x12d/0x260
[ 1033.507285]  ? wait_for_completion_io+0x270/0x270
[ 1033.508243]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1033.509209]  ? vfs_write+0x354/0xa70
[ 1033.509954]  __x64_sys_recvmmsg+0x20f/0x260
[ 1033.510830]  ? ksys_write+0x1a9/0x260
[ 1033.511586]  ? __do_sys_socketcall+0x600/0x600
[ 1033.512518]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1033.513555]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1033.514603]  do_syscall_64+0x33/0x40
[ 1033.515348]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1033.516370] RIP: 0033:0x7fd50191ab19
[ 1033.517118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1033.520766] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1033.522307] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1033.523723] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1033.525144] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1033.526556] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1033.527966] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:25:37 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c220920000000000000100000000000000"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:37 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/56], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:25:37 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080), 0x0)

18:25:37 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x10062, 0x0)

[ 1033.555585] FAULT_INJECTION: forcing a failure.
[ 1033.555585] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1033.558560] CPU: 1 PID: 6959 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1033.559935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1033.561677] Call Trace:
[ 1033.562210]  dump_stack+0x107/0x167
[ 1033.562972]  should_fail.cold+0x5/0xa
[ 1033.563741]  _copy_from_user+0x2e/0x1b0
[ 1033.564584]  __copy_msghdr_from_user+0x91/0x4b0
[ 1033.565508]  ? __ia32_sys_shutdown+0x80/0x80
[ 1033.566413]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1033.567453]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1033.568572]  ? trace_hardirqs_on+0x5b/0x180
[ 1033.569446]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1033.570572]  ___sys_recvmsg+0xd5/0x200
[ 1033.571349]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1033.572356]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1033.573249]  ? finish_task_switch+0x126/0x5d0
[ 1033.574154]  ? finish_task_switch+0xef/0x5d0
[ 1033.575032]  ? __switch_to+0x572/0xf70
[ 1033.575812]  ? __switch_to_asm+0x3a/0x60
[ 1033.576626]  ? __switch_to_asm+0x34/0x60
[ 1033.577464]  ? __schedule+0x82c/0x1ea0
[ 1033.578249]  ? io_schedule_timeout+0x140/0x140
[ 1033.579187]  do_recvmmsg+0x24c/0x6d0
[ 1033.579931]  ? ___sys_recvmsg+0x200/0x200
[ 1033.580770]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.581602]  ? ksys_write+0x12d/0x260
[ 1033.582386]  ? wait_for_completion_io+0x270/0x270
[ 1033.583366]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1033.584304]  ? vfs_write+0x354/0xa70
[ 1033.585053]  __x64_sys_recvmmsg+0x20f/0x260
[ 1033.585914]  ? ksys_write+0x1a9/0x260
[ 1033.586680]  ? __do_sys_socketcall+0x600/0x600
[ 1033.587590]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1033.588649]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1033.589680]  do_syscall_64+0x33/0x40
[ 1033.590424]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1033.591463] RIP: 0033:0x7f65a52bbb19
[ 1033.592214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1033.595912] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1033.597430] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1033.598842] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1033.600253] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1033.601669] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1033.603079] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1033.618283] FAULT_INJECTION: forcing a failure.
[ 1033.618283] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1033.621057] CPU: 1 PID: 6968 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1033.622421] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1033.624066] Call Trace:
[ 1033.624611]  dump_stack+0x107/0x167
[ 1033.625348]  should_fail.cold+0x5/0xa
[ 1033.626120]  _copy_from_user+0x2e/0x1b0
[ 1033.626932]  __copy_msghdr_from_user+0x91/0x4b0
[ 1033.627882]  ? __ia32_sys_shutdown+0x80/0x80
[ 1033.628709] FAULT_INJECTION: forcing a failure.
[ 1033.628709] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1033.628793]  ? __lock_acquire+0x1657/0x5b00
[ 1033.628831]  ___sys_recvmsg+0xd5/0x200
[ 1033.631725]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1033.632723]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.633573]  ? lock_acquire+0x197/0x470
[ 1033.634371]  ? find_held_lock+0x2c/0x110
[ 1033.635236]  ? __might_fault+0xd3/0x180
[ 1033.636038]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.636921]  do_recvmmsg+0x24c/0x6d0
[ 1033.637680]  ? ___sys_recvmsg+0x200/0x200
[ 1033.638532]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.639368]  ? ksys_write+0x12d/0x260
[ 1033.640145]  ? wait_for_completion_io+0x270/0x270
[ 1033.641128]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1033.642056]  ? vfs_write+0x354/0xa70
[ 1033.642810]  __x64_sys_recvmmsg+0x20f/0x260
[ 1033.643680]  ? ksys_write+0x1a9/0x260
[ 1033.644457]  ? __do_sys_socketcall+0x600/0x600
[ 1033.645378]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1033.646427]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1033.647487]  do_syscall_64+0x33/0x40
[ 1033.648235]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1033.649277] RIP: 0033:0x7f13d67b3b19
[ 1033.650024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1033.653715] RSP: 002b:00007f13d3d08188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1033.655232] RAX: ffffffffffffffda RBX: 00007f13d68c7020 RCX: 00007f13d67b3b19
[ 1033.656682] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1033.658109] RBP: 00007f13d3d081d0 R08: 0000000000000000 R09: 0000000000000000
[ 1033.659539] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1033.660970] R13: 00007ffe26e173ff R14: 00007f13d3d08300 R15: 0000000000022000
[ 1033.662421] CPU: 0 PID: 6969 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1033.663186] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1033.664099] Call Trace:
[ 1033.664410]  dump_stack+0x107/0x167
[ 1033.664811]  should_fail.cold+0x5/0xa
[ 1033.665232]  _copy_from_user+0x2e/0x1b0
[ 1033.665671]  __copy_msghdr_from_user+0x91/0x4b0
[ 1033.666180]  ? __ia32_sys_shutdown+0x80/0x80
[ 1033.666664]  ? __lock_acquire+0x1657/0x5b00
[ 1033.667140]  ___sys_recvmsg+0xd5/0x200
18:25:37 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 15)

18:25:37 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x10062, 0x0)

[ 1033.667570]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1033.668253]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.668713]  ? lock_acquire+0x197/0x470
[ 1033.669132]  ? find_held_lock+0x2c/0x110
[ 1033.669567]  ? __might_fault+0xd3/0x180
[ 1033.669997]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.670448]  do_recvmmsg+0x24c/0x6d0
[ 1033.670842]  ? ___sys_recvmsg+0x200/0x200
[ 1033.671278]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.671719]  ? ksys_write+0x12d/0x260
[ 1033.672128]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1033.672680]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1033.673256]  __x64_sys_recvmmsg+0x20f/0x260
[ 1033.673721]  ? __do_sys_socketcall+0x600/0x600
[ 1033.674208]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1033.674757]  do_syscall_64+0x33/0x40
[ 1033.675151]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1033.675690] RIP: 0033:0x7fd50191ab19
[ 1033.676087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1033.678071] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1033.678878] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1033.679660] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1033.680448] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1033.681192] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1033.681966] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:25:37 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x40000000, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:37 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c220920000000000000100000000000000"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:37 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x101800, 0x4)
fcntl$getflags(r0, 0x408)

18:25:37 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 23)

18:25:38 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
r2 = openat2(r1, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x10000, 0x91}, 0x18)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r2, 0xc0189377, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="e62c482cb912b9339f2b0c0100010100"])
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x10010, r0, 0x7e3ac000)

18:25:38 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/56], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1033.903084] FAULT_INJECTION: forcing a failure.
[ 1033.903084] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1033.906060] CPU: 1 PID: 6987 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1033.907431] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1033.909097] Call Trace:
[ 1033.909626]  dump_stack+0x107/0x167
[ 1033.910358]  should_fail.cold+0x5/0xa
[ 1033.911122]  _copy_from_user+0x2e/0x1b0
[ 1033.911919]  __copy_msghdr_from_user+0x91/0x4b0
[ 1033.912854]  ? __ia32_sys_shutdown+0x80/0x80
[ 1033.913730]  ? __lock_acquire+0x1657/0x5b00
[ 1033.914606]  ___sys_recvmsg+0xd5/0x200
[ 1033.915382]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1033.916393]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.917222]  ? lock_acquire+0x197/0x470
[ 1033.918010]  ? find_held_lock+0x2c/0x110
[ 1033.918826]  ? __might_fault+0xd3/0x180
[ 1033.919617]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.920468]  do_recvmmsg+0x24c/0x6d0
[ 1033.921219]  ? ___sys_recvmsg+0x200/0x200
[ 1033.922047]  ? lock_downgrade+0x6d0/0x6d0
[ 1033.922901]  ? ksys_write+0x12d/0x260
[ 1033.923674]  ? wait_for_completion_io+0x270/0x270
[ 1033.924641]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1033.925561]  ? vfs_write+0x354/0xa70
[ 1033.926307]  __x64_sys_recvmmsg+0x20f/0x260
[ 1033.927163]  ? ksys_write+0x1a9/0x260
[ 1033.927920]  ? __do_sys_socketcall+0x600/0x600
[ 1033.928843]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1033.929880]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1033.930909]  do_syscall_64+0x33/0x40
[ 1033.931661]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1033.932701] RIP: 0033:0x7f13d67b3b19
[ 1033.933443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1033.937101] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1033.938606] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1033.940015] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1033.941430] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1033.942838] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1033.944252] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:25:55 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 16)

18:25:55 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00), 0x0, 0x10062, 0x0)

18:25:55 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/56], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:25:55 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0xc4653600, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:55 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 9)

18:25:55 executing program 4:
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
sendmsg$nl_generic(r1, &(0x7f00000012c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x11d8, 0x29, 0x400, 0x70bd26, 0x25dfdbfd, {0xf}, [@generic="474a773f2683d3f8b2d9acaa59fd1f8807620cdcfd253bbe93cc03fbc839970e043455df92061c7cf331ab2c92f537badc7eedb2d1c06552927a8d430e192085e0363888d05867cbac455dc66922af8d96e417b43cab376dd5f09d0f99c900a079d7db3dd4de3cb7411ac079c4b3b8d110c3ea2377a7a8ae1e7cc4012b65b7433c675d65baab6f85cffd6b95f18f3be24f04afa1581e24aa9f3012467a9136c81b89d65fedc51e4ba67acc04b5d492d75f16df3027ffab631674ec6e88c0e902622ba084b1002a2f9ce0586b6007d06ae9b546dc285cab96b98c9b06762f712b6e4807e8226dfec0f92ff4e26b49", @nested={0x10d3, 0x44, 0x0, 0x1, [@typed={0x4, 0x94}, @generic="ae9bd2796d5f2dc9adcb55b433fa609248e2e57673089ea60e59213e377d216d6941b5638e857105278c304832d23011553200807c171268e966f3df8437d2b6231c58e453b9a48db1b58071bfcbd47871d1e80a2b8a350217ea951ce84d80f2531b83efb979664912f6b106a24cdfcdd2c8ecbf64335a841108685492dd3b4882f8cef94ed5131b89a5aa61b722b6fe6f4353ffcad967344b689661ec12320add0750191a9620140ac095683cf3779fbac2b29a00d5079e69155c", @typed={0x8, 0x88, 0x0, 0x0, @u32=0x1}, @generic="de87d89c1d16951f39035ac4e1d4c2933f743862ac919057e0f21a9a1f3a5ce9b411688591915ab91355fd37c076121a8d902882b6c9d0a01b02eaabadcb894d9dec31a5e04858c8c9ab9b7add230f8379d9372f2264d902375592c779c4a300d3eb08a8191cb16c6759553b4afbecf7f7bba7e36aebd55d2e62160f5e6ad9471cf79c08d1021bbd92d5fc2dbf98439ecc2b4a7e936429a9be097af672190e893f851f1e7eb8f211754d474b9099a9695cc003731951596a156090f61a2552438edafd85120868f599fcc0de3332108a82abb5a11969ed88f5cb2f7f4b9d9849a0dfcda460b3e496c08ee19bd33d1b302fe0d4822b5eb48dd9af2dff806c0c71bf8f82af33daf2218d7d99c6dbf6bd348dad8543310fa6d10289080a663af3e73edea44aa92722c720fb7bf1f90c007b355b8b35894666ec91736bdc67e875bd7ea30515f13e8ab9a27e2d8a305fccb47d39cc8a1141502933b261e2570680bb193266d33599934b2da69e9ab09b32a2c0cd1bfc8a8565ec8958ba66bc92325e7741f39b383967437552b2320d4ecc94f5b8c91576312fe56a5e2ab061baf9d5e7ae10c0f19b03cfb7172bb82ef03b7cf2813b83ad042af738017d8f7e62cabbbe8fc084f03063c2547b53707b52f80966aa33e2d9cbacf5a74f7c329dfe0688fb5493c0cca49eefa0df604b68991e8a9dbb62bd5dd91a2da9b740e83e201de802f7cd93e65fb9389fe21781915ea854f4b75d7cfd08ee0eaa3228fb7efeadbba4d001850d0b76da1c6a1f69f7786dfdc4452fbe653f4737d1e091e42eec839f35f70d26355f4e0555a6cf604131f8e6c368d5b5a15b88ccec0bf4699cf567aa3c55d6e9a0a6618a2c8d7742b71a99bf2f52951264c6f0743d4740bdd40d85e7b42852ac8ee53e7941868f7bddceadc0efa0c3aa6509d983465ffe5ffd969b6a81275daa5ecff9f89006d808d4713d73ae1fde3225ca9d3b254adfa57dd2f00e67fb29549f5f7091518e3cc88b6b5ac17766722a6fc68e91246a8bb2da559a140002b304e4f5893ecba37d3bcae09dd2b445d22624f64d5df91ad6d36577225e10bcdae17550ea8f7af103d182e88979a8066be6e540c9ce982fd932a6e4a1362ff23d6f8465fe870a6a115b2d8e882f675a711aeefa936ba54cea6b078fc20ddd92e98f7149d608c6b37c6421491db280097a3885e9ed28b482a550cd4da2b8754617088f937c154a85d2cf5f5a29f458c29807f8477863133597dd7daa01d79ed49c3f39878d116fb8393ac9d488ba42405edcf3f5d1cfecac63f763538c2b63f5b5b4e9efc27c0173ea2ebfc94b19a34db16eecaef82dabf2e82f0e542c56a614f314ccb815cae1c3e48f40b075b1db82f7b4d9054bfae90cf5f95bbecad2026b02aa64d70a03e4d69d9801a7ea90ccca18293514daf39cf653def6c4b68581c505c3c227c6057424d304c3a0f415df4b3f87e59f482390f88081344ca34809698a5c1748021d49ec9f54859fed07e162d4163b315ba5d6869daf5a33178383fa1a3ebf8dea334a06975304251a5fc83f4f47688b7780c0069cbb853e311faa4d9d61983e218c0acc0437ae76a2976fd2c315117ea12748728151ce0c15cec45a47a5136f2194ce329e8f56eaa8c61dcd92027f81be5ef1009c67274d74beb24f66933c42fb2775bc0da5285c39509339aa571071bcaf88f5dd87232674876e7a3652154d3925ba23349f4aa8145ca93c2758dabc2d52122180b99dc59729da2e2f8699187f8c817987d3c7087eb973c61567b43e5a5063e3369a2f9d116bb72a7476f82f0d6bf975ff284f333764a45ff82a8d5f62eb4f53c950d7b4af5c10099fdfe656319ab2cdc10ced8e0d1aaf7b94fa23a5da2788d49e7aa91fb3ee099567b90cc470274853c2688ff706ccc856213f340deae34e21dafdca26832a1ca220c497531bf171c3d71ea30eb8da25153482a1610cbabce4ffaa1b4fadd289ad42487b0f05ab9259ceaedf563c7c28367435a0a6dbc7e0b99da61e19f78558065c034c568a85116e65beb04400f4c82c88eb7d296ab0aa1b0ddbf2cb14ae97ab413aea8c8706345bc53de14d1acd4906822f998db14c5a5200b24a4b80b330457b61df67cd9c0b4b5b4a8d267fd96a380b237c6be86b39e471eb265433e2af297bfe5776ba5bc44d11f5647ab6b5b869986125f15cb95de2a50e7d7c8add799873c4e3a32a44af33e30a004c658bdf08be79e432501ba6a8c61ccbb7611085b126f8d22da9bffe256d9f2193b080b822be9dcde6b80c1e9c32b82c467d8791ce19e367fb125e0821259d9ebf3c63755c2a0664df77abeaf2440b6a4657c143b0724bcba47f56a75c38844a09578f355ec47d79d6b5dc322f0828e1f6d9c077437434c38bda25ce780ca2cb3979c0c4a84dc58fc3d64a8cad2aeafde263ab41658d20299fb6757cae53bb51956384815ac052b88cb4cf79b6ac934af61cdf2791ab959ebb22807ff9e1579cf2119d80c348fbe29ec5bf9da7b3829701e43228d0cc476577925d2847899a4860a5c71b59808b7013254351a2d4351cd902242fefbcaeae5e1617dc9282efb792d83319a1f04d8111f53c652fed81d0987640b90e8e589263bed1952e7b8e244971d4d69b18da362c7e0ca234c09d3c33fe68aa2d99b7cddb52b2821dc482eb63aa22e789f9a742c9e662b2d272fd524d1b4c6d153b115c957a2979abfe329a7861063dd7ab95f0a5cb082b46d6e2a4fef761249c17d042e9fefe30f4979820e8c3a2179882a941ad6e2947a876d7c94f639563e56ce518aab5470d63cccdf9b5bc89c075e72f81365972597b596e0bff67ec31c4a23b62be38472847648cea877344169cc74c3c798303391d9f007094776aa4ddc794516d23d72e026663c698f6ac5eb1bc4970cf273c7935227c665c0f3c725d936a18f7195a9f17dfb58337a64c2ab11f563b60ab716add44cc3b374508799502cfb44fad0088c17a7aa75071e078c4320bc37acff8b60619a2e3582b20fd529a7051f188435ab42a2518f2e8b7d1438ebea92a94af94272b42fe754124ba5a4edd4a6d0d959696dd7249b7d8fa542b8f1f43acb120d23fc8cae9fb88e7b763d07dc29965ca2d98e5f876547eaf83e33ae5b7faf61c9a62adc4de9d6f5470307ce9a4530c774a6c46149605b3d9f18debd1c59056a039526f37145176003a33c1b3d4018c01cf9200a377638e9c4af5411b12179a6a77316f4683c348eb888bd08ad7169f527b45bf6b39e9543c12f2a2565827b7af8558ed63462a433712ecd1e5e82745a4eaccf17411c9e1909633af4cf7cdc693104cab2aac9f16ceddd647be125ee12a6a4c34e1bf4dd5c5ccc190e56e7a0f4ba83b44127c8c829ab1440c978255d8f73f40a162028820467a7ddd0a837734dae52ee947fe1a1718a68ef13d1dbf4171421617e2d4d6a85bc5aaa8cfee40a973c58317ad0bc0f79209e3832183017e464f4eceed135bcf5f82d03e06aa41a607feee36222b75bc29dd1c9b07c009ac78395fe4992889bf56dd6ad8beb38bb5bf4abd699862b15120ef2d9e47673fbacf4b38840aaf7657b4d8e5c8b259a009b847a574a4a16ec4b23962c584051016ca5f0ec9902e46665f840a3412384640e6faf21c89ba9d7fb8217fd7bb010d6ec5135125e71802b404adfa1c531c42999e20443bfc7379b61255396e120a2f14efda75d895b120e42c6ba422833895611a47094ca57636b77aa29356e15291513d4e0f9f0baa7239e04b6d8d7c67aa92512d61bd07bf12c492a30ee8f6019dd2d4f1c5e46c7ea56741cac6e42d9ec830ac4e86e3521a19df21f0c8795d1e9c4032353ffebffd7ca170573bee479b52f9354c69f0b1453f7bcdb11c4090f7338400bc29134e15142c8e6c6bdb443155b941a065a2e20e69ae79b12c47222cc1214c552730b3503aaba64b7e4ce1f418608c0f14026e05385d0f17a8638b4cbe6a37502c9deaf9201e489674477d7efb2db02d0cd3a82d9e9ad78f00f4d96644bd8b534106b38e6e7671450d509d4b58ada81783883a388f03ee376fadf055a843683020e7b260021600089655812aa5998b204abb5b59f90b6cb83c2ffa9ad8e7dd600774868eca73ca6c45eaae080941d7963c72e536eeaa4bcd1d5376a4ac4f7c1e1ed6cfd0a0a35ac6535adfc3c830e2209cef910c957344171184f68b7ff39bf88268a29ff0dfabe381ade7d72de7e96d79517a4b7f1752b563d2719c734a3975eecbf3396685f54a8f27c3072c0d692fa57011682c2cd31c5ea8f90473c6fb57b74876b9b7c5742459fb3562d635e6cf6dd43b7448cdb489cfa0d0e3725eafdbdd0115c9d597e0df56ae0dccf2c66825864fc95fb549fb65317b08862b73671012a5fb31edf4784168bfa8651b030748bdd96864e08e659ee455b8dc0627f9e09c8d38b09043dbd4002106905e608a0ea5c5892124b44f63ce1b5a91406ff99aeadaeaa1bf589076ec4e6740dabfe2cf7d902f240e8394494400ebbc77ce5529bc238be7eaf25845e9716fb83d4a6fc1591b494886b3f8943466640fd8b80a58f832a0b1f0c2dee93994bc8cec9a3aa44527ded9576b823e3962ff79296b35f80c85fced846063c042e0391c2ec5789a33f58a05fdf9290333862961d900ff2f1412eeb6d06ef799018b46c2341f14823b0a628f98d9b63c9db719d1a3086a25cd2cd1b815b824ef78163b23dda7ab19cc8f475545a249fd20e6a54051f3829239d565dd8c44b6674076ad5e3f6c14ccb2f4b465df67a6a4888aeb698668592f78712aa30f86dae4eac649d03d92370de20b92700d9f5b83388b6dc4fa95b1b7ac8fbea9406d4bc3ab4b9955bff19d056d9208883c96e8906bc6b4abfe651223d6301e9d9a7fc9a29ae14c446a1fe6d8b1f65c1aead92ac7f2d9c618fba67b90a80c7b4b5f87bb8ee9b59009a963d95514538b9abd5c7a1a18342e9474c9fb4219ccb6a94c22d8c728e86b09bb0101716bf1bbea98cf2d8013b984e56babe3977102c62ba858bf7d5e1349f191bc219c1ea51f832a1585081df816c6b5cf1897eadea9536f44bd37e9858f47b98d76e477487750cf676e87c2e9b3af6d161d99e4bfc8adda3bedd924e3edd24eba2228024b3d92096061140f3a7a21243ac4cb1429ae6c2a538b009fbeedc19e6c37c603b3e57270c410a984bba9bc2eec6e150ff8d46808ee7fb2324658608b63bb380775ef74f33cd27d3fb3d1c5c92602afab69c4f67db4d8504f132bd0af06add0fd3e95ff2c001dadf752be526b63ff8265eaa6ec5ec6ae2ae9f86a247985b52056322ea000afea89a94347d179a2fec42ffef54bf24ed3676880740953579878d249f0c42ce16c1cc814a4e3d8102abd95f6d9a5dcf11417f18271c230db6c3db2bb4b4ddea0ecf3e4c22321aa9c1419cebe570f4609febf9dd9850260ef745dbfc9b701bef182f69ae9ffb8b2ee8682697335fbb13227b067fb05e274e6b1508f6fc5c6a6043e215f4d45c7d24de9363bf1020e0000f963a056fcaf4139bcffd577b84645e09029b7b99091c9099204f3d46bfa2b94b488c0c0de8763da053aa4564d1a0b52eb9f98d787a9530df5f50d6c527cb9aaa313f3ed121131ddf2b4a45fcea35d235961db3a7db2380935264128e2a58506e508744123fbe5a371e28df85bb48cba49e6b656bd64ba2a3d61b014db6e0d4c7396d4439907c216a86c56388631e2dbde3e2d1d2c736e667b6fa9f1e78b44f68306fe15580e02bee8dcb3f111c47f06b8", @typed={0x8, 0x91, 0x0, 0x0, @fd=r0}]}]}, 0x11d8}, 0x1, 0x0, 0x0, 0x44004001}, 0xc880)

18:25:55 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 24)

18:25:55 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c220920000000000000100000000000000"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1051.270809] FAULT_INJECTION: forcing a failure.
[ 1051.270809] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1051.273427] CPU: 1 PID: 7013 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1051.274813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1051.276485] Call Trace:
[ 1051.277050]  dump_stack+0x107/0x167
[ 1051.277799]  should_fail.cold+0x5/0xa
[ 1051.278587]  _copy_from_user+0x2e/0x1b0
[ 1051.279404]  __copy_msghdr_from_user+0x91/0x4b0
[ 1051.280344]  ? __ia32_sys_shutdown+0x80/0x80
[ 1051.281247]  ? __lock_acquire+0x1657/0x5b00
[ 1051.282149]  ___sys_recvmsg+0xd5/0x200
[ 1051.282939]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1051.283948]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1051.284879]  ? lock_acquire+0x197/0x470
[ 1051.285683]  ? find_held_lock+0x2c/0x110
[ 1051.286518]  ? __might_fault+0xd3/0x180
[ 1051.287324]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.288169]  ? io_schedule_timeout+0x140/0x140
[ 1051.289126]  do_recvmmsg+0x24c/0x6d0
[ 1051.289895]  ? ___sys_recvmsg+0x200/0x200
[ 1051.290734]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.291594]  ? ksys_write+0x12d/0x260
[ 1051.292374]  ? wait_for_completion_io+0x270/0x270
[ 1051.293367]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1051.294313]  ? vfs_write+0x354/0xa70
[ 1051.295084]  __x64_sys_recvmmsg+0x20f/0x260
[ 1051.295956]  ? ksys_write+0x1a9/0x260
[ 1051.296749]  ? __do_sys_socketcall+0x600/0x600
[ 1051.297674]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1051.298723]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1051.299765]  do_syscall_64+0x33/0x40
[ 1051.300534]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1051.301586] RIP: 0033:0x7fd50191ab19
[ 1051.302345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1051.306181] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1051.307756] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1051.309201] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1051.310657] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1051.312092] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1051.313543] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:25:55 executing program 4:
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x24, 0x33, 0x12, 0xb, 0x0, 0x8, 0x6, 0x128, 0x1})
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
write$nbd(r1, &(0x7f00000000c0)={0x67446698, 0x1, 0x0, 0x0, 0x3, "c8aaafa8a8ceea7693edca99891548bb132971e4f81c409d90379268a5f62183d42c1db875fa53830d4ed2d86ebb69bb2820f8feb1fc942eed7a859cc03e8025dbb13fe6282bc3a31e71f7adf718cbcdefd5f58492fa17405db438fd828b77784dc5f0ba0f8d33504b085f7e9a20f3cfe76d90aabffea6bea86d5d6c705f7ace4ebd8b43af030efdd693a2917f7fb33ccc09724a711332faa9c01ded86ef25015298b0a37fb57df6f834f7efbf62be26e5b2136b6e9a804ad65764cd41b98f2c018aed13124ba82c04e38aaa15a8e94ed097c3e050407774a6e04e8b12535334e37dbfb439273c677e"}, 0xf9)

[ 1051.325811] FAULT_INJECTION: forcing a failure.
[ 1051.325811] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1051.332007] CPU: 1 PID: 7012 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1051.333406] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1051.335071] Call Trace:
[ 1051.335605]  dump_stack+0x107/0x167
[ 1051.336344]  should_fail.cold+0x5/0xa
[ 1051.337158]  _copy_from_user+0x2e/0x1b0
[ 1051.337979]  __copy_msghdr_from_user+0x91/0x4b0
[ 1051.338931]  ? __ia32_sys_shutdown+0x80/0x80
[ 1051.339832]  ? __lock_acquire+0x1657/0x5b00
[ 1051.340747]  ___sys_recvmsg+0xd5/0x200
[ 1051.341560]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1051.342574]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1051.343491]  ? lock_acquire+0x197/0x470
[ 1051.344292]  ? find_held_lock+0x2c/0x110
[ 1051.345148]  ? __might_fault+0xd3/0x180
[ 1051.345950]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.346810]  ? io_schedule_timeout+0x140/0x140
[ 1051.347747]  do_recvmmsg+0x24c/0x6d0
[ 1051.348526]  ? ___sys_recvmsg+0x200/0x200
[ 1051.349368]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.350226]  ? ksys_write+0x12d/0x260
[ 1051.351021]  ? wait_for_completion_io+0x270/0x270
[ 1051.352000]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1051.352959]  ? vfs_write+0x354/0xa70
[ 1051.353713]  __x64_sys_recvmmsg+0x20f/0x260
[ 1051.354576]  ? ksys_write+0x1a9/0x260
[ 1051.355351]  ? __do_sys_socketcall+0x600/0x600
[ 1051.356274]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1051.357347]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1051.358440]  do_syscall_64+0x33/0x40
[ 1051.359199]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1051.360236] RIP: 0033:0x7f13d67b3b19
[ 1051.360994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1051.364752] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1051.366301] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1051.367741] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1051.369212] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1051.370656] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1051.372096] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:25:55 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1051.383833] FAULT_INJECTION: forcing a failure.
[ 1051.383833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1051.386777] CPU: 1 PID: 7014 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1051.388188] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1051.389923] Call Trace:
[ 1051.390467]  dump_stack+0x107/0x167
[ 1051.391217]  should_fail.cold+0x5/0xa
[ 1051.391997]  _copy_from_user+0x2e/0x1b0
[ 1051.392824]  __copy_msghdr_from_user+0x91/0x4b0
[ 1051.393788]  ? __ia32_sys_shutdown+0x80/0x80
[ 1051.394685]  ? __lock_acquire+0x1657/0x5b00
[ 1051.395615]  ___sys_recvmsg+0xd5/0x200
[ 1051.396412]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1051.397424]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1051.398502]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1051.399425]  ? trace_hardirqs_on+0x5b/0x180
[ 1051.400294]  ? lock_acquire+0x197/0x470
[ 1051.401112]  ? find_held_lock+0x2c/0x110
[ 1051.401931]  ? __might_fault+0xd3/0x180
[ 1051.402746]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.403575]  ? io_schedule_timeout+0x140/0x140
[ 1051.404518]  do_recvmmsg+0x24c/0x6d0
[ 1051.405306]  ? ___sys_recvmsg+0x200/0x200
[ 1051.406151]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.406995]  ? ksys_write+0x12d/0x260
[ 1051.407782]  ? wait_for_completion_io+0x270/0x270
[ 1051.408772]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1051.409698]  ? vfs_write+0x354/0xa70
[ 1051.410459]  __x64_sys_recvmmsg+0x20f/0x260
[ 1051.411323]  ? ksys_write+0x1a9/0x260
[ 1051.412087]  ? __do_sys_socketcall+0x600/0x600
[ 1051.413014]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1051.414068]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1051.415150]  do_syscall_64+0x33/0x40
[ 1051.415901]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1051.416955] RIP: 0033:0x7f65a52bbb19
[ 1051.417704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1051.421429] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1051.422959] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1051.424400] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1051.425851] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1051.427304] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1051.428771] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:25:55 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0xffffff7f, 0x0}}], 0x35f, 0x10062, 0x0)

18:25:55 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00), 0x0, 0x10062, 0x0)

18:25:55 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 17)

18:25:55 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 10)

18:25:55 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 25)

18:25:55 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/58], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:25:55 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
ftruncate(r1, 0x4)
fsetxattr$security_selinux(r0, &(0x7f0000000040), &(0x7f00000000c0)='system_u:object_r:audit_spool_t:s0\x00', 0x23, 0x3)
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
fcntl$getflags(r2, 0x408)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)
io_uring_enter(r3, 0x491, 0xabee, 0xcd70f6a7beb39304, &(0x7f0000000000)={[0xbf69]}, 0x8)

[ 1051.598807] FAULT_INJECTION: forcing a failure.
[ 1051.598807] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1051.601713] CPU: 0 PID: 7026 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1051.603093] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1051.604766] Call Trace:
[ 1051.605310]  dump_stack+0x107/0x167
[ 1051.606046]  should_fail.cold+0x5/0xa
[ 1051.606818]  _copy_from_user+0x2e/0x1b0
[ 1051.607624]  __copy_msghdr_from_user+0x91/0x4b0
[ 1051.608570]  ? __ia32_sys_shutdown+0x80/0x80
[ 1051.608853] FAULT_INJECTION: forcing a failure.
[ 1051.608853] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1051.609453]  ? __lock_acquire+0x1657/0x5b00
[ 1051.609489]  ___sys_recvmsg+0xd5/0x200
[ 1051.609513]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1051.614425]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1051.615498]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1051.616393]  ? trace_hardirqs_on+0x5b/0x180
[ 1051.617284]  ? lock_acquire+0x197/0x470
[ 1051.618085]  ? find_held_lock+0x2c/0x110
[ 1051.618920]  ? __might_fault+0xd3/0x180
[ 1051.619721]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.620586]  ? io_schedule_timeout+0x140/0x140
[ 1051.621518]  do_recvmmsg+0x24c/0x6d0
[ 1051.622272]  ? ___sys_recvmsg+0x200/0x200
[ 1051.623106]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.623955]  ? ksys_write+0x12d/0x260
[ 1051.624742]  ? wait_for_completion_io+0x270/0x270
[ 1051.625715]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1051.626679]  ? vfs_write+0x354/0xa70
[ 1051.627448]  __x64_sys_recvmmsg+0x20f/0x260
[ 1051.628315]  ? ksys_write+0x1a9/0x260
[ 1051.629099]  ? __do_sys_socketcall+0x600/0x600
[ 1051.630026]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1051.631082]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1051.632131]  do_syscall_64+0x33/0x40
[ 1051.632931]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1051.633966] RIP: 0033:0x7fd50191ab19
[ 1051.634730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1051.638493] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1051.640028] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1051.641470] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1051.642905] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1051.644373] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1051.645820] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1051.647390] CPU: 1 PID: 7030 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1051.648817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1051.650494] Call Trace:
[ 1051.651044]  dump_stack+0x107/0x167
[ 1051.651793]  should_fail.cold+0x5/0xa
[ 1051.652585]  _copy_from_user+0x2e/0x1b0
[ 1051.653394]  __copy_msghdr_from_user+0x91/0x4b0
[ 1051.654345]  ? __ia32_sys_shutdown+0x80/0x80
[ 1051.655239]  ? __lock_acquire+0x1657/0x5b00
[ 1051.656135]  ___sys_recvmsg+0xd5/0x200
[ 1051.656952]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1051.657948]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1051.658874]  ? lock_acquire+0x197/0x470
[ 1051.659689]  ? find_held_lock+0x2c/0x110
[ 1051.660527]  ? __might_fault+0xd3/0x180
[ 1051.661067] FAULT_INJECTION: forcing a failure.
[ 1051.661067] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1051.661340]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.661361]  ? io_schedule_timeout+0x140/0x140
[ 1051.661393]  do_recvmmsg+0x24c/0x6d0
[ 1051.666241]  ? ___sys_recvmsg+0x200/0x200
[ 1051.667074]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.667970]  ? ksys_write+0x12d/0x260
[ 1051.668770]  ? wait_for_completion_io+0x270/0x270
[ 1051.669750]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1051.670719]  ? vfs_write+0x354/0xa70
[ 1051.671493]  __x64_sys_recvmmsg+0x20f/0x260
[ 1051.672361]  ? ksys_write+0x1a9/0x260
[ 1051.673144]  ? __do_sys_socketcall+0x600/0x600
[ 1051.674069]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1051.675122]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1051.676168]  do_syscall_64+0x33/0x40
[ 1051.676940]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1051.677983] RIP: 0033:0x7f13d67b3b19
[ 1051.678746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1051.682512] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1051.684050] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1051.685514] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1051.686954] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1051.688412] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1051.689894] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1051.691414] CPU: 0 PID: 7029 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1051.692833] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1051.694514] Call Trace:
[ 1051.695057]  dump_stack+0x107/0x167
[ 1051.695824]  should_fail.cold+0x5/0xa
[ 1051.696615]  _copy_from_user+0x2e/0x1b0
[ 1051.697461]  __copy_msghdr_from_user+0x91/0x4b0
[ 1051.698420]  ? __ia32_sys_shutdown+0x80/0x80
[ 1051.699329]  ? __lock_acquire+0x1657/0x5b00
[ 1051.700245]  ___sys_recvmsg+0xd5/0x200
[ 1051.701051]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1051.702039]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1051.703103]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1051.704005]  ? trace_hardirqs_on+0x5b/0x180
[ 1051.704891]  ? lock_acquire+0x197/0x470
[ 1051.705696]  ? find_held_lock+0x2c/0x110
[ 1051.706519]  ? __might_fault+0xd3/0x180
[ 1051.707324]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.708163]  ? io_schedule_timeout+0x140/0x140
[ 1051.709109]  do_recvmmsg+0x24c/0x6d0
[ 1051.709866]  ? ___sys_recvmsg+0x200/0x200
[ 1051.710698]  ? lock_downgrade+0x6d0/0x6d0
[ 1051.711540]  ? ksys_write+0x12d/0x260
[ 1051.712323]  ? wait_for_completion_io+0x270/0x270
[ 1051.713306]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1051.714245]  ? vfs_write+0x354/0xa70
[ 1051.715006]  __x64_sys_recvmmsg+0x20f/0x260
[ 1051.715879]  ? ksys_write+0x1a9/0x260
[ 1051.716673]  ? __do_sys_socketcall+0x600/0x600
[ 1051.717616]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1051.718671]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1051.719718]  do_syscall_64+0x33/0x40
[ 1051.720469]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1051.721516] RIP: 0033:0x7f65a52bbb19
[ 1051.722278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1051.726001] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1051.727559] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1051.728995] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1051.730436] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1051.731875] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1051.733330] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:26:10 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 11)

18:26:10 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:26:10 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 26)

18:26:10 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 18)

18:26:10 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/58], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:26:10 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00), 0x0, 0x10062, 0x0)

18:26:10 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x84800)
fcntl$getflags(r0, 0x408)

18:26:10 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0xffffffff, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1066.150166] FAULT_INJECTION: forcing a failure.
[ 1066.150166] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1066.153544] CPU: 0 PID: 7046 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1066.154913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1066.156704] Call Trace:
[ 1066.157226]  dump_stack+0x107/0x167
[ 1066.157980]  should_fail.cold+0x5/0xa
[ 1066.158737]  _copy_from_user+0x2e/0x1b0
[ 1066.159524]  __copy_msghdr_from_user+0x91/0x4b0
[ 1066.160434]  ? __ia32_sys_shutdown+0x80/0x80
[ 1066.161307]  ? __lock_acquire+0x1657/0x5b00
[ 1066.162172]  ___sys_recvmsg+0xd5/0x200
[ 1066.162955]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1066.163922]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.164798]  ? lock_acquire+0x197/0x470
[ 1066.165579]  ? find_held_lock+0x2c/0x110
[ 1066.166378]  ? __might_fault+0xd3/0x180
[ 1066.167148]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.167972]  do_recvmmsg+0x24c/0x6d0
[ 1066.168712]  ? ___sys_recvmsg+0x200/0x200
[ 1066.169521]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.170341]  ? ksys_write+0x12d/0x260
[ 1066.171107]  ? wait_for_completion_io+0x270/0x270
[ 1066.172052]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1066.172975]  ? vfs_write+0x354/0xa70
[ 1066.173715]  __x64_sys_recvmmsg+0x20f/0x260
[ 1066.174560]  ? ksys_write+0x1a9/0x260
[ 1066.175304]  ? __do_sys_socketcall+0x600/0x600
[ 1066.176203]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1066.177245]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1066.178259]  do_syscall_64+0x33/0x40
[ 1066.178992]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1066.179998] RIP: 0033:0x7fd50191ab19
[ 1066.180732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1066.184551] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1066.186054] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1066.187447] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1066.188957] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1066.190490] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1066.191884] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1066.200166] FAULT_INJECTION: forcing a failure.
[ 1066.200166] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1066.202020] FAULT_INJECTION: forcing a failure.
[ 1066.202020] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 1066.202509] CPU: 0 PID: 7048 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1066.202519] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1066.202524] Call Trace:
[ 1066.202542]  dump_stack+0x107/0x167
[ 1066.202564]  should_fail.cold+0x5/0xa
[ 1066.202587]  _copy_from_user+0x2e/0x1b0
[ 1066.202609]  __copy_msghdr_from_user+0x91/0x4b0
[ 1066.202629]  ? __ia32_sys_shutdown+0x80/0x80
[ 1066.202646]  ? __lock_acquire+0x1657/0x5b00
[ 1066.202682]  ___sys_recvmsg+0xd5/0x200
[ 1066.202701]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1066.202721]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.202745]  ? lock_acquire+0x197/0x470
[ 1066.202761]  ? find_held_lock+0x2c/0x110
[ 1066.202784]  ? __might_fault+0xd3/0x180
[ 1066.202802]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.202839]  do_recvmmsg+0x24c/0x6d0
[ 1066.202863]  ? ___sys_recvmsg+0x200/0x200
[ 1066.202881]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.202906]  ? ksys_write+0x12d/0x260
[ 1066.202938]  ? wait_for_completion_io+0x270/0x270
[ 1066.202961]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1066.202977]  ? vfs_write+0x354/0xa70
[ 1066.225273]  __x64_sys_recvmmsg+0x20f/0x260
[ 1066.226140]  ? ksys_write+0x1a9/0x260
[ 1066.226905]  ? __do_sys_socketcall+0x600/0x600
[ 1066.227825]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1066.228889]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1066.229928]  do_syscall_64+0x33/0x40
[ 1066.230678]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1066.231705] RIP: 0033:0x7f65a52bbb19
[ 1066.232452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1066.236148] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1066.237681] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1066.239114] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1066.240544] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1066.241990] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1066.243420] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1066.244887] CPU: 1 PID: 7049 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1066.246275] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1066.247945] Call Trace:
[ 1066.248478]  dump_stack+0x107/0x167
[ 1066.249237]  should_fail.cold+0x5/0xa
[ 1066.250011]  __alloc_pages_nodemask+0x182/0x600
[ 1066.250947]  ? lock_chain_count+0x20/0x20
[ 1066.251788]  ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130
[ 1066.253023]  alloc_pages_vma+0xbb/0x410
[ 1066.253827]  wp_page_copy+0xee7/0x1f00
[ 1066.254624]  ? print_bad_pte+0x5a0/0x5a0
[ 1066.255440]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.256273]  ? vm_normal_page+0x162/0x2e0
[ 1066.257128]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1066.258198]  do_wp_page+0x27b/0x1390
[ 1066.258958]  handle_mm_fault+0x1cc7/0x3500
[ 1066.259819]  ? ip6_datagram_recv_common_ctl+0x3f0/0x3f0
[ 1066.260908]  ? ip6_datagram_recv_common_ctl+0x2c2/0x3f0
[ 1066.261978]  ? __skb_datagram_iter+0x1aa/0x880
[ 1066.262895]  ? __pmd_alloc+0x5e0/0x5e0
[ 1066.263690]  ? vmacache_find+0x55/0x2a0
[ 1066.264502]  do_user_addr_fault+0x56e/0xc60
[ 1066.265386]  exc_page_fault+0xa2/0x1a0
[ 1066.266172]  asm_exc_page_fault+0x1e/0x30
[ 1066.267009] RIP: 0010:__put_user_nocheck_4+0x3/0x11
[ 1066.268010] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca e9 f1 2c 1e 02 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca e9 d2 2c 1e 02 66 90 48 bb f9 ef ff ff ff 7f
[ 1066.271713] RSP: 0018:ffff8880485779c8 EFLAGS: 00050206
[ 1066.272792] RAX: 0000000000000028 RBX: ffffffff830fc720 RCX: 0000000020002030
[ 1066.274226] RDX: 1ffff110090aefc3 RSI: ffffffff830f236a RDI: 0000000000000005
[ 1066.275660] RBP: ffff888048577dc8 R08: 0000000000000001 R09: ffff88804724385f
[ 1066.277106] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000020002030
[ 1066.278553] R13: 0000000020002000 R14: 0000000000000062 R15: 0000000000000004
[ 1066.280000]  ? sock_common_getsockopt+0xb0/0xb0
[ 1066.280950]  ? ____sys_recvmsg+0x2aa/0x590
[ 1066.281807]  ____sys_recvmsg+0x2dd/0x590
[ 1066.282634]  ? kernel_recvmsg+0x80/0x80
[ 1066.283439]  ? __import_iovec+0x458/0x590
[ 1066.284286]  ? import_iovec+0x83/0xb0
[ 1066.285067]  ___sys_recvmsg+0x127/0x200
[ 1066.285871]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1066.286860]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.287702]  ? lock_acquire+0x197/0x470
[ 1066.288502]  ? find_held_lock+0x2c/0x110
[ 1066.289340]  ? __might_fault+0xd3/0x180
[ 1066.290144]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.291002]  do_recvmmsg+0x24c/0x6d0
[ 1066.291761]  ? ___sys_recvmsg+0x200/0x200
[ 1066.292597]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.293447]  ? ksys_write+0x12d/0x260
[ 1066.294231]  ? wait_for_completion_io+0x270/0x270
[ 1066.295203]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1066.296137]  ? vfs_write+0x354/0xa70
[ 1066.296900]  __x64_sys_recvmmsg+0x20f/0x260
[ 1066.297767]  ? ksys_write+0x1a9/0x260
[ 1066.298533]  ? __do_sys_socketcall+0x600/0x600
[ 1066.299456]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1066.300507]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1066.301565]  do_syscall_64+0x33/0x40
[ 1066.302320]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1066.303350] RIP: 0033:0x7f13d67b3b19
[ 1066.304098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1066.307805] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1066.309347] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1066.310779] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1066.312211] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1066.313648] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1066.315078] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:26:10 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x0, 0x0)

18:26:10 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r2, 0x408)
sendmsg$nl_generic(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000040)={&(0x7f0000001e00)={0x211c, 0x20, 0x100, 0x70bd2c, 0x25dfdbff, {0x1}, [@typed={0x14, 0x22, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x2a}}, @generic="4608c2bb197eb9ed8d32a39695d56d6aebf42518b29523758aceefc735eb49bf7d4a1946adfb45aacf9424a2dabaa922f338ccfa1da2c99e19aac60f2688528ab8df85ffa98bc4f200de1ac6afc5ff8d4554bb192984a40626334ee79e856e6cbfa0904b9c90606a455076cbe67ec166d23860e6a6cbe00907e3c9dd138c21497ffa24d52140d82b72351fcc1041ce2d4e7c80a8df8cd7716c8abb68313ac86ed37b2e8cda63f01810c4909b0e873f66cca016f613e33d2c2f71e3c5b6ab1f16549c6c53e0a75e7b96869a40b5b41057ebf5017f62df580c3b756dcf327d07c3d4c632b843ca6387444f86a3ba4922a6de6e0e9091bddc07b04f21c5bff2a2a31b6ac6dcc47af78111df3773543387fc6a624313f1353b07f107a66801d58a59e14eb6e0d2be5567920186e48e982bc7f37e8f303369fd9192c953b6978b0e7d7c476642a741a1d05477fc3593d8725be6161402ef366462978524bdc82c139d7f8e4ab964c754a8e1e37d28eda821dce4e410bed00b32624c0d99a64c5ff517adc83ac9f90687c936d11b442c746db9bae7cbcf840852976d9827978a05cd8c64a20da49624a88e3c717da25e7d0f270f7befd7a39b9d0741d87786dd047cb869c4ba135e88d90dbabd860737254c5847b52b566258f1c52163088b3195561789a22c961304f55d7cc3fa2711a6db3102d125c9f3c0e7ddaa8758cff7fbacdfafd121025c25979194e326c962ec02865dde218546fffd6931791231e9c34f1290314f8112ba798dfa3589473b96d1d15e93d9e5e7111b613184aebe4092f0223afc084b53f97401be9db2564e4772c3eea2c82293e00175e1ca06597a878bb863a9d22e81a824f1953b1bb9933696fe92a5a6fc4f873cdf77d0aab21437679f26fe2abeb916b601f771b07361f582e95079c2586cc3a4a173fce141cd7efe259940e7745b49fb5375875ed75d8a9213e11fbc36293a2acfc18b591b27cde9cec7a0c68c670306e258b8a45e049e6a4ff1caab61df3f91e0f0839a9993586ecb526b8a4c973a8463fa403019cc00c3a5940a4b0b22ea7661e8372b2b61da14afac305e002ce3d8f7a13b23665737617980c6c734e59952c70277a9dd7482035723c931022da57a93f0ccbac7e6f91b3b0892b0b1616ac6b4026705bcc5435aa698914b1caf4a9960b1b72768076338ce91498d9a092f012451df637249f0eb8d2db57e8c9d8a621255193d5b8d0184f51aa6bcc363bdb015f83ca41d8f1d8f784c488679bba4efcfe0feb5394b3fff5b1db52f5e27b7a848cb4a2747ff6f73fe30b6bc69990d93f9187032741a3fdae43cae43d7abc0ac92d89a452704702712a22bd820fd7de30cb23eb447c449a9ceb2d85e9797996653eff15ef0bdfab618172c94a4676708c8b20cc8c70d001129b31e3b0f55e9d2f1fc22d8ba1e9a8d2748a1afe230cb78b2d365da8aa87001242b9b07019cc9ea1ad019c1016bd4efcb3e3bda26bcbea70d84887ee002c1da4a0c4e1f945b1e6a9cf7f858eb5d3d11a5dd3428c3b656c84377fc8f1763a1745c77bd5a3edc962844e709871e64b442e8a0b24be9bfa1c0950877a9c55e4b77486c4e3ac58b9af4938c674a271fdc1415266a27ce7edc4aaa4b8283dfb460efed0b262e6e8bd60620538fbcf6cb3b623958250182589bb866e57da1768f713262a0f8d84f499b8374c41ecaacfca5f73d8d0edcc47fcfb242cdf353d85d9b6fbab8482727a83a5c5bdc5cf0c87e2ce8cfcddd9718ad4d9b5ec49f64bfe53fe30691d98401670c087cc5934e96450c26ab6a9b929758503c47795bfa3545b1ae6e4604d8d81d5a9a3a3d2c810157923fc9c5f2276f05a3ac42d27477c5a0d623e196e99cb9654e9e98911f221238718c2cb6969bb7cfe08265dd271125ec20e2a5b029404bae2cb8b07aa327f0f17750218cd6be8621b58ec97f0b70df56c52dc2af67e630831268c30db1551d4761a39b129d51686a062ee460462e31213a171ca7d61b893944914d12503e49230e07877e5642ddb82436b7d87bf8c459040af482e5bf0bb259c0094549f0ea677aff60171f8476daacadd88d027957ae809a11e449d240822fe5aa7e7111e2f6ec13bc023fc2e2cc97093d5991963b087d870585fc3cbecf559666a9ece7632f593d13bc4e421e0ffa0620edf70868d51ff06259ad723e5705e314e1bf82fea66dc450991f24d65601664c78f173454a0061f1a22389bf086bf69b34316435bf56ef3a0d2a8d04206e1651a45ae630124a9b404af1a6f1a0a1d17e87b6e230bf79472a465f0b701727df8b16542dd061f39c7bbc94d75a500cd05ee2400ddcb346916bfe898da2ee2a1fed4c8c9257de22abafea3232ac86d5a225dcb8328c6e32e0f550d09ad1e002870949a168a2ea976b7f45d9941f74e0681ec15f9a5c789cecaaa6cdcf7fad73efc881ee0e4e36dfc36bae52e41010ce3f3a40d8299833c295c17b0c18501dccda302d0151c643e5da1ee230ad4eb9d2b85dcc158761776ab7e02b877f945a88bb7be44a6277d562bbde0c959e8cb9926eca3eb7a4040ecc5d7e703672f20d0947b0083598e09915277c99c147cd10b35c43a969baf27232d02fcf393c360da4caba3b98f14a74a35c8014922bf41128eadbe4f2f02c3c39f605dbdd89ff41dde94bd981ec27e16ee78e2e1e3828cab2611db898568462a1bd616de403dcfdfc4fa3d35a05adb2d72727559a42f2f18dc2b00c6f9ecbc96b4f624685e9018c093a7f4ceedd1eac50d8901e901c48fe98b302ac71925a193ab9f755035fb6d503aae72a313ef022a65f9b118cfe53911636fc7ad60c56afd97ad60900ba4f163eb2a0806e0a4bd34adf3d9797955295ae19ec816c4b74d44b6d5974240e6672f08a90d8c4dae165815e3ac6ea9231ee1a9201c5d435caf2d5c2d3fe910b7838676bfcccb80e5285a8de41c74276f421f3b4c6221a188ecdacd129bb5ba413641af0b5d53fa5c26ffa38552b0bf80c8ba30b73a623fc20a4b2b718cf57b03bee1749d7d2ec5bc54c2d9b50b34e1ce10424f2ca0a5c809294a6be81ae53f58f2931ffda0f2bdea184c4925f85f7a40c48f39883d4388fc503a2123552e29f636107de670af39fb11564ab9953ec768aa25e88c1362e1e9d97f47b1ef02900336fdd24ca57da41f34db6b6758b2c5eafc2a5628d28370df236b3125d249f2fed7db00383890c2eeb785b8964083bac4124b9648f58b3fb787eb43f300d326975551db8638ee90e350c3fcab23208438347db0f4bef7221537d522b0508966940a4dde314f0d3236ba9b5407125e2a11c4678a1abd5f65041151b695a4de09293c1fc23e2c774e05c74a7cab35a69aa5ee61c77bdcb5da11c2c26da63ddaba05294471ff0be099ad2835f91c3ad6de36ace5de1878f77f16992aaab0b8625402aea4cd5fb00a23c19a8bc235743f52005428575a844c91d50d455f36299c22db1b012aed41cc68203695f2326c77ed7b18b4be3c35afa20dcea0b6a8677ddebb8688ba961432256000b7f83a93d2951cbe5d1fadc62ae5ea4950a18245a8f095bac114835e72ee4c0ca5edb67f86792217a406010f227d7f856c8bed0eaf23c384a5e39b07e36d1a8c956445dc0297a670e081f64d420442870c5371fb692be1887f1c33a7c2e6243f9dcee3d9206e9fa56dbda5debfc2ad345238c4a71df31b75bf918211adf41248cf55801f1e3332842dbe8a54e13e9b5a7e1013fd869cf1d4f70ad5082a53e079e8b61a14e6fdc8f6d2748e4c4f3d38ca745328f54b9e51cd1395aae3f9dc9761270eb734efc1a621d9f12f81519310ac57ae6deb3e8098520333b4ae8ea8b8d4a0caa1f6e91ceb954bb8554f719e726b62078f27d78b9c6c8d423b6afb5c06c09855b1dd593bef0dc5a56b4bec3b5eba6c90131fd32b87bfde5ab0907404fe36828699e1bfe9b514f44951d6d76f4e862dc942d4a97caf32959a76a0392d9ed5d016111bc607ddf97d2206fdf9dd4699c44753587c15dea4432d2773f151491df263bc34b144281bee97eeb728a2199f70b3a13dcc1f367ab5a5e636a19e7a32fcf8894851d205570bf8971d41657c0d8cc2565335a588845fa3e768f5c48f5f5719433481ced16f85ebb9cc2a3f8bc59c9906937b7b0816c503b38b7e85f7d42e8b65771f5d52c9572e52fa490dfdf917ccb3953e190dc5e4181da6cf575a5b2902e40485d46efa298f006a88906b7b4257087ca0ee4630073ab435e92eb6a8647e3265f61e28724aa5cb32da01f5216b491e24315bda83cb2555757fbdd5da7c92145271e38fa01728df0d2259123385c8a036049af4c63fd18b1e3f07a5d4785025bab2149563f0c1c0265236fc4f9c788d9eea819e56b40346391369edfe91feeb35ed98d43bb3f0e35259dbaa99cf74b96525470ee93071f6519564bebf8d273327b6fe36ea70b6a518b41123e6bed9f7287c2566bb4a97008a8a6be21171d29e68faec26790655f1397d385b8bb2c904bc606347408bc9838cb25e7f1994806226f21b2065c47ae2635e2bba5a1ce322737a3ad3126ae94000fe6b46cd4e97ebc1c8609d2b747e6cfed55ab1d87b3cf06aa177a95604fe873abe790a54315c7bef7a79d528a48577037311e93afb9d738df457eb3c17e599c50f71731c30228e0df5d77db484faa6b708805a3d88da8d42d30a4592e3cbd75da5db2db30e37cf8942f020408e95210cacb17307dc07880d465e7122b63c3ccb72590784955e45d6dac99f63fc2f5f227462145a9ea51ece617548a2867481675758123d106966695eea6bf3228258ddc0d3fadc78c00bdca45620cc74f766ee4642f6f40cdff5cd304a2ed3ed4194fa57c0f5a658c52b1a8ed98079963dc9e28ab6464def7f0dc5f0888f35e86a70ac2ecbfdffdd35be3e463885d60bbaa18401d86ea742963b84558f91ef0b020691667a78c38f94fb217750f4fcdf6bd752c354ba08e1be71722982d73f41becab17a4a4ea6ed37eff76a7280aa3c6810f5996af617c6511492db5721326a7aefd2c30d6a8ae8e3b7bc26f39d51cc9291660e62db73306cef032742046f11f4366fee1156601a06b460778930278b42db0a2b6359d7861e6d8e1b6ec0bbc8716f16dd778a72ddb3727722b55d6a8951a4cee04a4c80eca2f780a1e1256fdb6571b3b0798ba7f5b09f7b0453b0abc4bda087d566a8633cae8acdf139ca219e451db9253282836c8a7ed05ece90e2e7238aa85435cf97a5440b18a35315446a899023ce354005b2a8e4331cff61bfa7decc1610ed7b7b17106d652c7d13069cb0c365a525bf1d8139ceb7b9cc3adc860b8c80fd488bea962dfdf60d9dca0b42c095549b1ee07cd1f66ad1e570c352f8d54b7d0fe963d3275f6ee2028ae845151ecb6f2143b502fae8d48ecdbe699c2baa7bde4e09caa922c4b5702cb42f11c0299176c0b03b56a030d7908ad098096d992ef4d8f86587cc85f63eea4ca1e4bcf2564e2c049e4564f99c61e5f6aae8a162367e884093ba955bc1685ea069e2553008ad4f3a77c56b79f5da9af784093bb2b3178eee2c99dfb549d26b24943f30f5ba4d49487e847ab4abc11c625c705dcb0090122cb727e1a26149a9ee229d023655ff1a78805e3cc4026c9dfc059bb8fbe0f77bd062506f2902332d78f29441f0ac9cea0bb9f43b22ed01cb5d39980df39f09a89c19bbfd7706fef1d890182e1b05e451f2fee4bfc1387ccf9e0760390ca3200ae16ccfebdfbc6b5a74b6bbcd79816a48fdd94118e58da", @nested={0xea, 0x8c, 0x0, 0x1, [@typed={0x8, 0x7b, 0x0, 0x0, @ipv4=@loopback}, @generic="6dd4a4e1de62cc111a0fe7da78c64cb7ac92d1521b30113520fe9c8284aa93f179f42cfac7d50b16af6de4ccdf7efa9121c54a6899c77c9073905539135098be2db7cae4d17e85bebf22684f6a617102aadb8224a8d2d1caf56960d7212a138e54e46a09425b16bab5c1f721bffd5b0932ff4a2d842b73fdd2e24f1ccd1de079caf94eb542993ff0758bbe", @generic="64957097d013444b45db35bd0f13aaf916107885810fe941686de24c751e28881f3927ef6a2b5e0ee4b857ed7dd2bbcb43c3b2f86466c5755cd82bb874ba8b36a2a118aa428bad9dbdfd4d271e9d92071555af"]}, @generic="acc346e8a998fa247c478f051764aba222daefda4c32c47f2f6ad7c3167ee26e6393c13802ab3393ad49163684c13f3ca9b2ce3bf12fc1783abe79b238ff3a871d6b508bf03a55a8292fab6a22e8e8fdb99b01bfd083d19336e25174d7b085a3622a354bfdf6f8313469bfe4153cd449c8afdc240166d66d75b715df8f9db07fdb4a8c42f2c66fb999e6d1adc96c3100e1d800911d85a1bea5ed894fe3f3a28bddab5df87383b6a1eab5734e0accc783458e9adebf7544460c11c64f6f71eefabd1cc9793b4523e7f9d91681d5ad10f3b1b0d65bd0c3fc1da6226e9bb4e86fd409805dc92ddbbcee0f3630138b7a60143f02fcdcd91a7cdd2ba6fc7683b1767c7d5709b6dcac0ac51b7bb66387af330425d60766f372669ae01b8a4134e8816076bb5ace133dcd4e41cb29af34866e00f86516a3e860f053c29b9412490c8d381c1fb55f0623306f8e07bd36adfeb5e1d38828272407dee486be4039c2fd399184c8dbfd29fd574992e65ce5dcaa506b9c3a74186fbb1b839e090ea1c37709e664d797b79dc8b38d19088867fabfaee6a0d9e70fc79c5a61338e13cb759e7748af4ebccd709b8033e06b38f1e8ab7033fe6e01960cc31b74cea27f58208852864367f7ea4820e747f1e793ebf84242b8f0267ca09b6658b23cdd431fc431c3caa873a8f71ace1e0650a66c9c1fe05b6ca7eccf79974bbc36b80884e65525ba5089cac1e74c2d7f114ec27710bbcef752b23b671d61d5c21a3da1fcc64dc818a0e6714b258f7c92a0c2d086b6a042cc3ab863382c8adf819101392f8f74a9e2462bb0d9d02e1f03926c6dde20c0e7c98a86443d53f20d38851e00fe4937da9462a41971d2bf1e2c5a2b16c3589e6d9f5c6c73a22830ee7c86b36aaa7263be19b4ff5e7277c4a34fc9ccb540926202b4b298331288e75e40ee4c92bac0673447cc52f065d7491c458490def835b45d9c31e4b00e8d50412eb61531e010a26e4ed35d34b9fe8d04f450de8e869594f4d21a35208cf9501f8d5cff07c62388a8c11d037c696f660a20f1990d8b0d8cf531a4a3a904c57cbc8cc3f4d9f65090c16c381804e442fc4deda6eb2c578eb21ca900df24a9805c91748b231412e782a9c8b46e7cb4a36285bdbbf45323d2735dbcca51bccd1ce88c9a39c2316b3a9e0f17d5ba152d660846ce90c7324cbb0ad4be2149288db3ebabfd2e3969e361d2376446e28ffb19fffcd25400d56486f96adfba39ab7f654426b90c76b658f74020ce1618c642b666fe3cbe51dc19def9d1be111a15015bd8b5f7126561c88a9ef03bd0d14e9318ab17cecff609c968bf1d161b557a1889de2801cc42d118ba33eeef20f9bfae378ba78bc19d7216bcbaf3daeb0dd24d29baa8879359ed2f490d9eda36f1cdd729c103aca765886fc1e3378f61f7ea8b300bc06b537facd900ab043de0f35f767561fdf06c2f2ccbdffc00f46aa71a9af10618c2bb486a84771605a3ec67d70ef2a144d86673b7ff0a29c462b8dbea1c4f09bb37f9983873e7033727653df9b4e8eb0792eae02fcd8b1bf97cbec28a8ec4b1c47c87994b18a2e0c52547ec0a0fd9e16abd4bf1b07a9f2fc989178249ad5cefc11710f6fd9bb14f110bc62c84d10ee2d7c77bddfc6cf83a0c5a867951f3cc95e78f3ef7816c8d88db18eac2f4e6307adb47647f44828971687ac1150fa18526e49cedcff4530043547fbb34c74cd7a70a822de20529b628d34a5b939ce8df26082e3f2b47e57a7ad4a7da4a7f4911cc097254499a7f924cc150726a0355be8802f2f9391f49d6f62b04e1525dc2d54d5145fc3277e28d5e4835219102edc6b78fb3059e0f3c6d4e4ad3529f611827f5fb68a14acfff196ce81fd80df4d05f112fa1d86d3ada88b3eae266344459835a2aacd007234500dd34dbca0e42bf31a477ca86c4d67f5d4d873295c3a7cd8b119f6b68b3f1d9cbbf89c5056c958b6c6a55f5e05f0397fc49f77ef89337ec0fe2ac7c0b6419cf0e0e0cdc5c83f9a1ba9b7c108aac49370b0751e2159ba6b7fb1264775670443c776246fd62134fa8d1db770980cd63a554c0d6ae5c511028a082f8399dc2347b4d6b220eb866b42c91fe6117f9e33bfd6ad7f6e96222d5534edd63c67f1c4425de4c39e6c2f04bda21c6c41bd8b611241e82879122c1fd1c01d657d1e803028708f30c46595c6ae7a0fd4e1e87cd4a32157b4d682fe13f39796e43505077b5cbf7602836e024ec8ad3d07d8ec28e79180cb8471f10a6e51e9163bed60660ddfbbec0424cda50c0756544c67e2c7ce024f1041b15cf2a84b8202e95e4f9b38fb67b5d41f2daaf5e98d3a3d35ab4d33868f0d062762cdc7a872cb043bb69985f0ec0c1abb059e2b087f5ca19a61543d701d2453671195637e18cc12d66f1b97ad453058410a4a02a6b69c08feb11a288e61c3c878eea6c2229893c99c2fa304802d51d4aed31a6fe6c186199082f9a5de5cb5f77e93a3d38c30e69c5dcf4f550333777317c63b315a2e9356da1be0188d2aeba6524a9b6d77c54fc0e289b1c389a9586fd48a731628342e67245a1dd5603ca5d73c77b21a9428eab807b008cf7015ae8c6a9fcccca1f60819c827c985d2f46cc080380606dfe57dc43d1d75c0e0c65ce08b98a14fca3a69455b70f25a9b3f1e9c4249e371295c2b789c2b0a35f6d82393a3da6d1184b6fb0e19a8309f0fd04c63093913bc7868ece0c75a483d252d5d9ef3b8321acda995b511b29a372e8c1aba411e49e3c33e12077eaad3988d8de0721017f5c166886048cb42ac739d821da3819d34c6db57c082bf79f027c54a5a6018cfa80f78f93df317a22fec8454bcd9b428168920e4ec4dea46d49696cf4d83bd36c34def25e8b7950893e2d5c3b88594718096b11b44dadc411023d0034f5b7c737f95ea958cc068ef6fec18c5b6c355a9ab75a02053b201007d659a46eed6b2b2e2f4d3a40efc3795f3c8962d850d229cbd21f19fcc3481c9ec0be3b7c7fb2cbf3cc3b8ec41bf81b88e9802c8eec602b7b8731fd79fe663dba12adb2a7fe301e80091eb39311d51090fbd675e9cfa2691ee60b91b9b201321238d4e85e2dfc11b87ec59b570b5dce031e9cdf0a1cf900e1683f3e3d5732577b069e31a804f77e62a514a277a79ea3678e5d79dcfa1cf02b041437961be88667ba7eb53563cd12c832e441585063dfcad86b6d24081c2e6975082440d79b9b12820c8806f77df52531ef88d9686bf4e7444a3cb12b49552aa4156bb48cf16a0904138061c099fee84275d5d14439be669ae95a3cbb83a1335a22e8e5f18e01bf3f0197aaa5596700992472649e444faa65bc2403e6d6a66966f35ca306ccb86fb06fc1d90acd35dce174084f6a64061d27926cf5e1a45b81ca488f8bd3449437c08416b38b35075ddd0a74e4ec43081b1115770f1ac5ab3f294bad5f138dd69d88fc305daf799e36e9056b1356357dca6f681ab467307d71257c1d789add352b112a01ad13d68315dd0ce6d2930e417d25ba901b6d2896b5753bd75901694e47c6fbe0b21637c3c2445084e778b66b8f58b8827b66f75f4d90b8731065c508639d2b404614439f4f1550a17f91f2c43e856ace34aa0962936164d1a85152192d701d2944d22cc9b1400c9c6f40401c3242dc345b99d96c4a55f7f2defc3cd8c1e3ee8f003e487e212be9b6c7176cb1ff87844d6446e8dacf92a773374343b19914d1b0fc3fba43db485951e71d5656f69c0cab493352e53f48f22956fc2e76095b27c761ada8db54e074a15c91613b93f94ddf82e9e5d0beb7e010af04fc4bde74b584657a46f3db8d648c9d228dec1227ead58130d845715502022f5b72d33e88abe49a66322449acb4413970b5661eab3eb9ee0d3f510b46db86e439d0c9542ad7628e4b8ca99fd429cee82e11fa491e3be4b0558056a9cdd50937e9abc9a4634017b07878afdd132b0f7e6e33c927ff7d355c3f1424088f548df8b1e96ecbddb613d22c296c07a703dc7846f4baa78be9f92361c358cec678a3b858c6a8d7b1f7129828aba29f2f97504241dc06b02c5013971d6cb2f4294f298d62b27e330c108b44e23b0d0bbf1a81dba3372af6e35183dc4694e4e7f0b30dddd988605a091c6d6be2313a28b41ec36d8fbb9410f2b66483e54edc3676c85992eb92217a9490f784dc50e669e22944aff354a7b09a98b96a3b21b05aceea08936adafc9d81e8c3e04f65b526e65e516c93618ffbd1f5a0c53ec2b4ef923c40147e05ed26a3c2f24524159c2e16bac0732841ebda69a2e67d53f7cbd2eb8188e27604af82464e999429f3b73fae39e95f6c6676390c7ef57fe1f5ead55a30a3aa5ca35fdb52002b4932c32a021476262006f36793856dd280fbc2dee1427f5ddde2943c80a26b9c105a24869c1e4b601c6ec45500903473788f87f93357a3a7b5084a3fa4db6c9627dabcbcc744cbcfbb8026f0039eda44364d44cf6f7090c3d22ebc649b130d965608104625f48d224e1ef6bba3363e7707444f7c901fa6fcc0a9677c78ff81b7a2cc6470081f2d8f70fe9c92a8ffe1f53d6db7207811556187f2a5edbb824b95f8247ffcf8b420d226eac0d098a92d32f63235a4fe180fb44e9a096beb2298574d6e1a1794633399d176b998e6748245db2af4d3530e266ac470731f5f90ed0761c347d35937771fab6f6317d66c1cd0c96c6e650c42b06844d240a4ffe4f0195cb1053f97899b6a1460c2c20a190bef398984ce70de9b5a5ff1d047916ae7fb1d0ca462b30b11678befdcde5bbc871bf191b0ce5472278249c73768b941a7e4ebf13f650c5e672216e9d2713f2211c9d63cffc54b1bd2c381a5eef2cdbab1ad705fb94c77734c0909c7e863f0850d30f71961de0c9d98457b14c6cd6d9b48d6a0b3e7efac2870e93e9db018a9c81219d40e7e599a5749baf2227dd09eb88a26d7797ac3df93923104be1d9bd10d0527dc8d0966edabc2feabaf4a1bdab4169815286d5d591cdc7d44092f1a5da1861b3c9c4a508e5dbcc6846497332d776c07212b115db67d53d55d191723baf84a58438274a2a1433f0a89856c0099be30fc1f2f22944b6b931cfca6613b75f485b6581e66f5d2d3c9afe81a4de965cd0b50134e25b2e42b9e0e82a1ddabb13450644f15d8774d3493f3dd909e5f25aa551c45e548f07c8d5b87efaf3e7174383626c5e1db14bf3d02127eba48adc43f4d5bfc9a6602dac142f3ca750d81783b8c31a8333e9b8ff6d029ec9e0469065b211d8b1ba0fefc58feb4b33f6ac65da10ec16627ac1a474fd025f189dc55f4155f3af391ca459d6527053a1913816e79fdc1731c48ea3370566460c023b8aedea35b30ecd32e5a7bce101ca26aed51182c1edd65a5fe7dff199c27ab86a719df5828e7a10d5270bbed2dc520f63f320e6caa74d94b8a6e0cdedbc70307d3a5058e437cc27f6c57c21666f44a5604a9c6f0272f55d420ad5b20e2b706114d5e0e4cd2247235fa58056c9b25a1b2345de812e77b072279c10b95637ef6c03d3b9e3bb22897e832aec5543e6340a774cb417a1f89b34a55322df6a05930543d55655192d8cb21729e5ba81772417c53c6cf2f87e48068d7e0751ca2e49abd9fec5f37aa3e4d95f1a6a05e5c18c97d5f258e7713af3ce9f47024db477ceba724080585fab3a68db979ae71e60fc3fa1b7706df3576f35616617029a9ab290be03b1f266d202d68c05d7f79602b4924133dbb0f9a7592cae0ccf2c04925e36fd8889aefccd1c4545126ede85739d8c42f6f2cf92c3765faa7aa", @typed={0x8, 0x27, 0x0, 0x0, @u32=0x2}]}, 0x211c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
fcntl$getflags(r1, 0x408)
ftruncate(r0, 0x9)
read(0xffffffffffffffff, &(0x7f00000000c0)=""/159, 0x9f)

18:26:10 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:26:10 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/58], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:26:10 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 27)

18:26:10 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x4}}], 0x35f, 0x10062, 0x0)

18:26:10 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_config_ext, 0x0, 0x0, 0x2, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0xee01}}, './file0\x00'})
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)=0x1f7b)

18:26:10 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 19)

[ 1066.579046] FAULT_INJECTION: forcing a failure.
[ 1066.579046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1066.582260] CPU: 0 PID: 7076 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1066.583835] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1066.585734] Call Trace:
[ 1066.586340]  dump_stack+0x107/0x167
[ 1066.587179]  should_fail.cold+0x5/0xa
[ 1066.588057]  _copy_from_user+0x2e/0x1b0
[ 1066.588994]  __copy_msghdr_from_user+0x91/0x4b0
[ 1066.590060]  ? __ia32_sys_shutdown+0x80/0x80
[ 1066.591062]  ? __lock_acquire+0x1657/0x5b00
[ 1066.592070]  ___sys_recvmsg+0xd5/0x200
[ 1066.592974]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1066.594096]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1066.595130]  ? lock_acquire+0x197/0x470
[ 1066.596043]  ? find_held_lock+0x2c/0x110
[ 1066.597008]  ? __might_fault+0xd3/0x180
[ 1066.597923]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.598881]  ? io_schedule_timeout+0x140/0x140
[ 1066.599945]  do_recvmmsg+0x24c/0x6d0
[ 1066.600821]  ? ___sys_recvmsg+0x200/0x200
[ 1066.601774]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.602742]  ? ksys_write+0x12d/0x260
[ 1066.603635]  ? wait_for_completion_io+0x270/0x270
[ 1066.604755]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1066.605826]  ? vfs_write+0x354/0xa70
[ 1066.606691]  __x64_sys_recvmmsg+0x20f/0x260
[ 1066.607695]  ? ksys_write+0x1a9/0x260
[ 1066.608580]  ? __do_sys_socketcall+0x600/0x600
[ 1066.609650]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1066.610847]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1066.612041]  do_syscall_64+0x33/0x40
[ 1066.612914]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1066.614065] RIP: 0033:0x7f13d67b3b19
[ 1066.614908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1066.619125] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1066.620864] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1066.622488] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1066.624112] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1066.625751] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1066.627377] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:26:10 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 12)

18:26:10 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x2000}}], 0x35f, 0x10062, 0x0)

18:26:10 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1066.675090] FAULT_INJECTION: forcing a failure.
[ 1066.675090] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1066.677783] CPU: 1 PID: 7083 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1066.679115] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1066.680719] Call Trace:
[ 1066.681233]  dump_stack+0x107/0x167
[ 1066.681949]  should_fail.cold+0x5/0xa
[ 1066.682711]  _copy_from_user+0x2e/0x1b0
[ 1066.683482]  __copy_msghdr_from_user+0x91/0x4b0
[ 1066.684394]  ? __ia32_sys_shutdown+0x80/0x80
[ 1066.685270]  ? __lock_acquire+0x1657/0x5b00
[ 1066.686126]  ___sys_recvmsg+0xd5/0x200
[ 1066.686883]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1066.687816]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.688594]  ? lock_acquire+0x197/0x470
[ 1066.689337]  ? find_held_lock+0x2c/0x110
[ 1066.690108]  ? __might_fault+0xd3/0x180
[ 1066.690853]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.691644]  do_recvmmsg+0x24c/0x6d0
[ 1066.692349]  ? ___sys_recvmsg+0x200/0x200
[ 1066.693129]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.693915]  ? ksys_write+0x12d/0x260
[ 1066.694643]  ? wait_for_completion_io+0x270/0x270
[ 1066.695547]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1066.696416]  ? vfs_write+0x354/0xa70
[ 1066.697131]  __x64_sys_recvmmsg+0x20f/0x260
[ 1066.697933]  ? ksys_write+0x1a9/0x260
[ 1066.698636]  ? __do_sys_socketcall+0x600/0x600
[ 1066.699486]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1066.700450]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1066.701413]  do_syscall_64+0x33/0x40
[ 1066.702103]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1066.703048] RIP: 0033:0x7fd50191ab19
[ 1066.703734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1066.707135] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1066.708541] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1066.709870] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1066.711188] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1066.712509] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1066.713831] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:26:10 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
r1 = accept4$bt_l2cap(r0, &(0x7f0000000100)={0x1f, 0x0, @fixed}, &(0x7f0000000140)=0xe, 0x81800)
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r2, 0x408)
ioctl$BTRFS_IOC_SNAP_DESTROY(r2, 0x5000940f, &(0x7f0000000180)={{r1}, "35e622a5c955b302c48acf6c5c2a7469abe83e18b6b6e790505f2b704a87df76af82091ad53adccdd11b9829453b306ae6ec4291b4378b517c1fb50a489609fe765a947839a783af97299055a12e3b8f8111ca8c8907c042574911ebf7d0ace3f3cbded07982a072919c4683b92660ef36c4c94f634bf86370a7896135b0e0215c766a42145a8018083b3eec33e2289f144cf7bd72e883faa125a658f92e737f8808d11a9dbe65955ba6d988bb356f02bd82dc1a88389754cd12822a32e5ab3ed0de3f2ac93a9d63c56761b56c3e72b1579efd31fd8331044cd31ac60000b0afc3e37caf4513d0ffed0be093c9b2135c22604317e2f96b68bd1463be54b5a44a064578fd6c359de42cbdbc7126fa89d06f98a0cb4da8475767d30b6cd9d70e6583ab0bd0133e44f534e468bd03592a479dbbf36b9f0827372e3e2b7e78d70b795b7e12c37f0c742209b6ef221aa9445c297d604fdb5992b30299fe6a3deabbd868c5f32a418d16dd10a5a3c33dc722cc30190b66cb89478bde36d66a9b45a055e7ea7fc9ec11b78a02a0de78149af3514f93a105a00a4c6704a182cf94667cfa02847ce8d603c3cf1be778e242f5f0adf4659cbdad200f68519d0552a178fa2371c77db9eac54a7843b40bb24e8c307d032b786c78bfdcbdbf3b60fbc162ee9e905aa862b3e0302e26aa8f05f6b0c6985eb7342e5c4bc9798c35a571457adcd203757771c08a551eaf70195aa427ce8978a3a288bcc991ca6b9eda6d1151891a890612cee9c623a12090c90e7b11e78270466c1efb1e625e4c3fcfea872db5be6595ad74d46a6f38dad45cbf7f38913560cfaf96355d262159d19aaee135337a424c222aa48f5b573ed1065a95b25366c1a6ddaae0291e673d3c15ed4a1c3ed24f3a33e1a1a75618a7765f1ba5cbb08641297c3300786233aab8aa270e1d996aace30bdbad23b9e39094f724fed0f5fd0bcd1006ef97461b182dd270b3eed9e479d335163f4e92a0049821be79016731e73b16e105e329ba20cc1640632fad8df46d6e8dc6f8d7e5f9fe2893deea0103ea88171a4b37dad153cd02883369304ea02fd1d2ecc1e1251f66be60a6b57c9a54e08f00a958de2331319b4c4050659f68b7cd6bc25a2c5631cd5347ab8402e1b987370f511bca6f743b56c90f2cc0aa65edf5b232cc1d4f692cd2989d9b8ad81fa8ad906e3fd22c4d3e92b0752482987ad9cc1cccd24252df1542c1a96a05a212e3176fd2ece7c32b493ddf31a317d611cd77f1e8241e524ba5f918477564db8e42a5d3e9c9de8557d3f4d7f3b0450b0553edfb40759a6ce999dbc4d0537ac3e70c33e73440d6bb7d8eff340eb9a95ec2fff75293067457c0bbf01037d6bb09fd843a019f86d971d7db03bc041a564f1b660403f3bc6d2c5afe452bdb5680fd2095730e981360db877ccdbdfa5be404876770ee1e0f06f6b9ccb0447e241725b43ded7ff2fc2a33c225b95fd8a1d8ee61d29a7ac6f4d021d83de4ead871cd68cae124462b9f18ec9291c915aa9a22933b61eaebf08249f11903404c79d6c41f629a1b51fefc45aa850f9d1812796d8d4d97196d1ac45e819d679836d843adfb3b1d6189e65d9caef1ba83541232848fa924b10036f58d0753f458b9f11825881d7eec730f4a836a911a908146fd34ca713cb7793d5801b959b392730f84e6a5dbb5ea22596697f33d8448bcf903cdbd0f0936d7769098158c83e894e662206a05a0a9d87bb26eb193d6a83a2c76a80a443166dca8f69f80e836f7a888b4a19878979a057b56f018e40425544874c02de12c71213151f6f1707ea0cc8df059f0d1976d6085652a1e238c3c6333570990f8e9532ccd859c2fcce3e4326140d2c02977b49f5defaef0eeee7d471986fec1d6396eeb3f028411ebba25a7ffab9d0c1b537c3522ca549dbf1c8c74b5aa24654e346c0713e0216510446f44ce8f13c26ddd97c3c6f8e790b338b3d9873ee315b2098923e313b4ce7b45022ed815143e16e034021c01650143a9be67e6b2c38b7512301e3f2d9aed9764b32d1cd0d553731ecc25b910854ff8ec640897921c617ea8d1b6f59bb976098045f127ffa6e0a0267909c35d53c35eca631a38fe3831387c9191fc9a04ba578deef0b09051374de9044fa5877bf653dc0eea59cdc0a6eb6592da7b15c2d9b1c0c9f6a7c237a8391414a661080d747f6fb2af85364e1cefc9e90167f9bcead9139d7439ef61061533eaf3b3a6f7740acfa0e84cb88fed272e7ba75ccb1b08ef3419589e9a831e57494706fe9fdd0c8db8772003e4b025748c419b4428c00e6a6f610a98cdcfd8a23bb35f033d13e38ac9a448e5a77d759507575db7971abfcd97238c4a54a6aef6d74fb4c3fc004660445bacc9fba850a000cc248466f37e0583f6383dabd1252590642f1a85d720fc347dc6a78a5e23ea8d8ce7e9179222b690223c4c458d587edf31b8139249ab318cd55824ac8e4f055127affe5065a7b8b78454325e8656b024f0a1dc800596d4e80e35ede45bc374046342a7a741d5a9e6501e6f3f729b5bd588eb411209005ef97dc2fa757f47b170eb8a36fa1d9af768049911a5a153bc98a165b3d5ab4fc0824ec9eae2faa5387b0f93ea5327dfab0177289cee500884c134f6fd4ce3000c158862cd5ec7654bc96a7958f5914e8a2e8505105cd482bce1ecc6006e47e39aa6d29462a15dc7c2f66881e5a06de0c76efc0588b768a6ed49a7b54c668809ae4adf3d1248167de765c38fb6480deb0185ec5a586708c3a41c36efefd903b29b92f7ace2621020599198780f3beae8646b794b55bb4ccc01815052e0d0a7455b696aaa7a2f5b4061080315cbc760c4f033bbae6d38eaa530395443b16352a850761f6a06f5e9fc68e14230ce776d9cfb88152a06c337cee1412a1c522cf739c10eeee8b08ba1f1432d8c7e87fa881380a3eba4c2a055206d2b7aafe88abd7c645b833c974ad7dad04e2a9dffb88f02ddaf73fe5a3c19488f3ccab51a654a7abcb9ecd1f55c943c6e179caf0cc02695c1d50c3025050601795f6fcc82656911bd3cde0a3c5f78c34ba6e254c0bc5920f7381b0c84c4a872faadea1c28dc1577af685649be18a48fd568f00380686e773dc8a37dd896676ec62e6bc22f94549ba479a6ef3e088c7c4fe5b77a18afe76d22fc9d9079b13bb35c0df19cb6231f75b208b35ef3d230e2d459df08e9fa9074dd7ef6b4fe21dd5118b1bcc712cb0ec0094bdf84a916898aa5fc5ed9aaa4e2582c46ae5d15d81b0f8ccd105db5a69769d1784ebdb464e7225b6d281334e44fadcae44a3b2e3de31fd075e5a010d0a5ba9f55fc0f5151ef5a7194db78004e317533e9afb59a1ea087fec1ef071e044f64eaebe561e3b6ff8d4cf27f725d5c3bf3610dd85b1168f7ef12f703ddc116c0848f3e9806a5a54cb87265eaa6c69fff617ac1d6efb0deb3345cec0c962a6b0c1aa3450205ee7e69e0ee0a40d46f4fbbc0792790f3370f212951095eee5064697b8dc52a71dc9ffcb33731a7c4b8c0e3dec9297eb64b138a495d3cacb8e95f938214f591ff32d678feaac58ed63d2303e6e4ae0e3c155b791d2b7c0e2c6e72043ebfbcbb08fd159ec4b7db40730f1fb60f46f5a637ebb1d92da7dbeb4eb2ad577deb24f290bf26f874a125451f98a08efcd44ac4a3780131e8a4acc008e3dc2aaa17348ec56b897e4527d48bb067719596ed5a046a483bf62094c5d88cdc53f782ec5354b6ab841a096841f1be7e8ba04aec0016eb241b84e0cf760fd19f5496fc0150f588e7b2593b1d9e758ad74a2941287ae35ba6fbc5bae4ec14d331841c64bcfdfe6d3a87b88483868a0b4eba6de9ca16445d4208c7f91db8bf5b3ab9ca777a65f8864fcc4b8f41edb96bae77fa2a5199f64f76e3a17512a7fd292921d1a01ba733ba16c3d6d6f040906c7443808bba300115c3da4973ab95e1b6b2529ab24e3bf7cd55baeb4e861c808f95dde941066239949f658465f3239e6f0864ba5a89ece5e540782e29125e5604fe991b7a7a88b46c41fbd9558192c1fb43b815400588a8b875a9e3054183b4aa03745107290de98de648da96f6e49c9d7c76329fe1ccdfad80d1c59c1cf39f8231bfac23c99ab0698fc694a7d6789ea76416f471c33abdcb500c3ddf4ef78a43b5ee0260e14c8b23c6cbd22ab1023e865b7d04c897258a34ac9656364fbf65152162fa504e6cb3998cdb0fb645738ea8109e1e58d5af772813419614eb9c2b1cb876ad2b8452c10aee47bb5d8644ca7a816efc8969ea9f9cf4c39c13dafd4dc4c929834b62f197e498c9f833c2fcd7bbd8815d23d1bc35f0942dbb377dec6951066e1213dadf2e2fdc76e43c58e40ad0f4fe59760731d316339b18bc969be75630eb42848407a330f8cbc18c66bf174063921b30700b88e642baf9841a1068fe1e469ff9ee13c5be13efc70f8250af231c07b310c3e516e6a3850d92713758abbd328679958804ca5f5aff6c7808415130893d9747bb2b7090883b35cd1b983747f312c9bb88de36cc82f4e18b0e006e1fe0991a946f11f6ac4410fafe3cb3a6f7f113f1239b8fd370a3b6eafc274c416819e5e6a3a2235e1ea6e477f737310c33b1e90b58eb9b9c439722658bfa6ecb714e72af7b7adaa8bc4783d8fcfccea2c5aaaf25044d464697ba7e8000efd07e48e68e4049615fd26b504d7bba4d082675466a273a161977f85b26d9f03d48a40bd0e68c79d3657efb27062529114fb947ee28aa10fd814af9d5112b6394c51178028c5e2cb7c1baf4cfa1b1ccf72c8b83e31dd56071214cc18c2ea519fcc71b51b8f9ee35e6e11b78ff3e4d2b02df44010549b973fd79b64b27ea01b50fa66110778d0f667a6d44428d8312cbcf0c40ea4c03b720fc276d6b69ddbdc88e16dbef5c331752644053e0b088366540b804e271e7c2277efdf83f87da07df9ada2f1d2a90f5be02480fa53540d3de9caa7e01143cae81530cb225b24ebaf096de96232823ac4616b6eba88176705d153e24b974ae53fc079ea1738f7134db3a822a1fca72474a8f81f2dcedf1cd406504f2e14236ddadfcfaebad7b0693ee48f518c4949e40d7b23e2cb98f6f12761c5a001ab9fc6ade3add53c5b7858d69f38cd12744779295af99760e96e9eb28b1588f3afb4def50c39c5a83ed0263ada4b2040ce007ee919662b5797dc4ab91834dcd8964ccd3cd6316bd925c3b963236d2d3435a7c50eb4713ac5264e4819c9c65d74d53fc121709aa650f0419ead1e20f70d2067c73c3a8e36a2864edf7ce318d35228f56222b18225443a7bf0a861564d40c9581aaa73e64a07d4d1a4c3e37469762a3a3257ec2cda869a4a2b9dc20edda073eac846aacc39c3a61e81bd689ce258a35f1df35244d836d9c63027e5d835e04538e43c30dfd4be6848970718ee17a1b33bc96e2d962f29693d8eef58da76c0bc729da7fd05b199291f3feca205429caad9ff72c724e82c3dbf4fb0de4e7cb4f8d6978e5b9e39a9b499081893895527bd7697cdfdbf531308c16e9dbf930a175c93c9750af9607aad169bcb1b6ca274a77084204ab0e5b11a056b4e8d928599e6ff046a732e211e5998164a881ef1ac26c058c4e6c920d82638f481561adddd9d9b128cad8c49f34b0b5e6e1fd6e9254efdbdde5e4f4a4f7560907f3954cdfee1b7d8b090c339a5381f4eb0c665965da554ff5a820f5b0c8684ecf5be599560ff0b3099feb071035edb66e88e960d8270bf6cc8192192f06181fb0aaed65be82bd4d43"})
fcntl$getflags(r0, 0x408)
r3 = gettid()
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000001240)=ANY=[@ANYBLOB="01000000030000000300290d7d6bbc0c62b51cee1eb30b61ced21f215a574fdfeb12e4aca6e9934b9a4382b1645804a7cf8fbce8b8e0f442d7c7ea81b3ccd042da42129bdacf808486a8c96a26ea583553175e3afe9a3ce8e3a1ea6bc1bce6a90b02ca134a5016a36b4fb8f96ef0e8d927c901ec6633478c3714638a94027b735bdd6d74489a6e21bb029b8a4163d543baef4aef20cac5f78e", @ANYRES32=r0, @ANYBLOB="01000080000000002e2f66697235aba366946a744194f40fede23822874dd9e0795c66cabbd4f3ff5adda60c6efb5196bdf52660848aed0dc9a051e220a248d1a73d65d352acca9043d7777a13e72dcddf57f128bee2b4fc236d63cd0cf4ce41a4737dcf43dbb37deef99d877d00"/125])
r4 = syz_io_uring_complete(0x0)
ioctl$EXT4_IOC_MIGRATE(r4, 0x6609)
perf_event_open(&(0x7f0000000000)={0x3, 0xfffffffffffffe7e, 0xfe, 0x2, 0x6, 0x1f, 0x0, 0x2, 0x43000, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x48, 0x8}, 0x4, 0x0, 0x1, 0x8, 0x800003, 0x1d1, 0x6, 0x0, 0x0, 0x0, 0x5}, r3, 0x0, r0, 0x8)

18:26:10 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1066.785935] FAULT_INJECTION: forcing a failure.
[ 1066.785935] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1066.788957] CPU: 0 PID: 7086 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1066.790459] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1066.792294] Call Trace:
[ 1066.792899]  dump_stack+0x107/0x167
[ 1066.793705]  should_fail.cold+0x5/0xa
[ 1066.794552]  _copy_from_user+0x2e/0x1b0
[ 1066.795425]  __copy_msghdr_from_user+0x91/0x4b0
[ 1066.796445]  ? __ia32_sys_shutdown+0x80/0x80
[ 1066.797420]  ? __lock_acquire+0x1657/0x5b00
[ 1066.798377]  ___sys_recvmsg+0xd5/0x200
[ 1066.799227]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1066.800293]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.801201]  ? lock_acquire+0x197/0x470
[ 1066.802056]  ? find_held_lock+0x2c/0x110
[ 1066.802943]  ? __might_fault+0xd3/0x180
[ 1066.803801]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.804736]  do_recvmmsg+0x24c/0x6d0
[ 1066.805548]  ? ___sys_recvmsg+0x200/0x200
[ 1066.806443]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.807348]  ? ksys_write+0x12d/0x260
[ 1066.808189]  ? wait_for_completion_io+0x270/0x270
[ 1066.809243]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1066.810250]  ? vfs_write+0x354/0xa70
[ 1066.811063]  __x64_sys_recvmmsg+0x20f/0x260
[ 1066.811996]  ? ksys_write+0x1a9/0x260
[ 1066.812830]  ? __do_sys_socketcall+0x600/0x600
[ 1066.813820]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1066.814950]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1066.816074]  do_syscall_64+0x33/0x40
[ 1066.816896]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1066.817996] RIP: 0033:0x7f65a52bbb19
[ 1066.818799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1066.822729] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1066.824353] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1066.825891] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1066.827409] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1066.828948] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1066.830463] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:26:11 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x4000}}], 0x35f, 0x10062, 0x0)

18:26:11 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:26:11 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 28)

[ 1066.912801] FAULT_INJECTION: forcing a failure.
[ 1066.912801] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1066.915735] CPU: 0 PID: 7101 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1066.917180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1066.918883] Call Trace:
[ 1066.919439]  dump_stack+0x107/0x167
[ 1066.920199]  should_fail.cold+0x5/0xa
[ 1066.921035]  _copy_from_user+0x2e/0x1b0
[ 1066.921842]  __copy_msghdr_from_user+0x91/0x4b0
[ 1066.922792]  ? __ia32_sys_shutdown+0x80/0x80
[ 1066.923672]  ? __lock_acquire+0x1657/0x5b00
[ 1066.924568]  ___sys_recvmsg+0xd5/0x200
[ 1066.925361]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1066.926342]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1066.927391]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1066.928284]  ? trace_hardirqs_on+0x5b/0x180
[ 1066.929151]  ? lock_acquire+0x197/0x470
[ 1066.929950]  ? find_held_lock+0x2c/0x110
[ 1066.930765]  ? __might_fault+0xd3/0x180
[ 1066.931574]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.932409]  ? io_schedule_timeout+0x140/0x140
[ 1066.933371]  do_recvmmsg+0x24c/0x6d0
[ 1066.934122]  ? ___sys_recvmsg+0x200/0x200
[ 1066.934997]  ? lock_downgrade+0x6d0/0x6d0
[ 1066.935849]  ? ksys_write+0x12d/0x260
[ 1066.936653]  ? wait_for_completion_io+0x270/0x270
[ 1066.937630]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1066.938555]  ? vfs_write+0x354/0xa70
[ 1066.939282]  __x64_sys_recvmmsg+0x20f/0x260
[ 1066.940137]  ? ksys_write+0x1a9/0x260
[ 1066.940940]  ? __do_sys_socketcall+0x600/0x600
[ 1066.941852]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1066.942915]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1066.943943]  do_syscall_64+0x33/0x40
[ 1066.944701]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1066.945724] RIP: 0033:0x7f13d67b3b19
[ 1066.946483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1066.950144] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1066.951644] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1066.953065] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1066.954465] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1066.955870] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1066.957268] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:26:23 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x0, 0x0)

18:26:23 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:26:23 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x50102, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)=<r2=>0x0)
r3 = creat(&(0x7f0000000140)='./file0\x00', 0x18)
perf_event_open(&(0x7f00000000c0)={0x6, 0x80, 0x6, 0x8, 0xcd, 0xbd, 0x0, 0x97e5, 0x1220, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x101, 0x1, @perf_config_ext={0x7, 0xfffffffffffffff9}, 0x1, 0x7, 0x1f, 0x7, 0x0, 0xd3, 0xf6f, 0x0, 0x1f, 0x0, 0xa19}, r2, 0xffffffffffffffff, r3, 0x9)
fcntl$dupfd(r0, 0x0, r0)

18:26:23 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 20)

18:26:23 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 29)

18:26:23 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:26:23 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 13)

18:26:23 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x40000}}], 0x35f, 0x10062, 0x0)

[ 1079.529919] FAULT_INJECTION: forcing a failure.
[ 1079.529919] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1079.531308] CPU: 1 PID: 7120 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1079.532225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1079.533326] Call Trace:
[ 1079.533622]  dump_stack+0x107/0x167
[ 1079.534106]  should_fail.cold+0x5/0xa
[ 1079.534612]  _copy_from_user+0x2e/0x1b0
[ 1079.535140]  __copy_msghdr_from_user+0x91/0x4b0
[ 1079.535750]  ? __ia32_sys_shutdown+0x80/0x80
[ 1079.536341]  ? __lock_acquire+0x1657/0x5b00
[ 1079.536934]  ___sys_recvmsg+0xd5/0x200
[ 1079.537455]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1079.538104]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.538655]  ? lock_acquire+0x197/0x470
[ 1079.539177]  ? find_held_lock+0x2c/0x110
[ 1079.539639]  ? __might_fault+0xd3/0x180
[ 1079.540057]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.540501]  do_recvmmsg+0x24c/0x6d0
[ 1079.540904]  ? ___sys_recvmsg+0x200/0x200
[ 1079.541334]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.541775]  ? ksys_write+0x12d/0x260
[ 1079.542183]  ? wait_for_completion_io+0x270/0x270
[ 1079.542719]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1079.543211]  ? vfs_write+0x354/0xa70
[ 1079.543623]  __x64_sys_recvmmsg+0x20f/0x260
[ 1079.544077]  ? ksys_write+0x1a9/0x260
[ 1079.544472]  ? __do_sys_socketcall+0x600/0x600
[ 1079.544980]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1079.545544]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1079.546096]  do_syscall_64+0x33/0x40
[ 1079.546511]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1079.547063] RIP: 0033:0x7f65a52bbb19
[ 1079.547465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1079.549438] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1079.550259] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1079.551025] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1079.551784] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1079.552541] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1079.552995] FAULT_INJECTION: forcing a failure.
[ 1079.552995] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1079.553308] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1079.558582] CPU: 0 PID: 7116 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1079.560041] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1079.561831] Call Trace:
[ 1079.562394]  dump_stack+0x107/0x167
[ 1079.563179]  should_fail.cold+0x5/0xa
[ 1079.564000]  _copy_from_user+0x2e/0x1b0
[ 1079.564862]  __copy_msghdr_from_user+0x91/0x4b0
[ 1079.565857]  ? __ia32_sys_shutdown+0x80/0x80
[ 1079.566827]  ? __lock_acquire+0x1657/0x5b00
[ 1079.567762]  ___sys_recvmsg+0xd5/0x200
[ 1079.568599]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1079.569663]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.570555]  ? lock_acquire+0x197/0x470
[ 1079.571394]  ? find_held_lock+0x2c/0x110
[ 1079.572262]  ? __might_fault+0xd3/0x180
[ 1079.573114]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.574022]  do_recvmmsg+0x24c/0x6d0
[ 1079.574819]  ? ___sys_recvmsg+0x200/0x200
[ 1079.575702]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.576589]  ? ksys_write+0x12d/0x260
[ 1079.577418]  ? wait_for_completion_io+0x270/0x270
[ 1079.578441]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1079.579425]  ? vfs_write+0x354/0xa70
[ 1079.580221]  __x64_sys_recvmmsg+0x20f/0x260
[ 1079.581154]  ? ksys_write+0x1a9/0x260
[ 1079.581960]  ? __do_sys_socketcall+0x600/0x600
[ 1079.582929]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1079.584067]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1079.585172]  do_syscall_64+0x33/0x40
[ 1079.585981]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1079.587065] RIP: 0033:0x7fd50191ab19
[ 1079.587869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1079.591763] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1079.593370] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1079.594863] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1079.596357] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1079.597857] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1079.599347] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1079.619240] FAULT_INJECTION: forcing a failure.
[ 1079.619240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1079.621778] CPU: 0 PID: 7129 Comm: syz-executor.0 Not tainted 5.10.199 #1
18:26:23 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 14)

18:26:23 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x200000}}], 0x35f, 0x10062, 0x0)

[ 1079.623331] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1079.625101] Call Trace:
[ 1079.625663]  dump_stack+0x107/0x167
[ 1079.626446]  should_fail.cold+0x5/0xa
[ 1079.627261]  _copy_from_user+0x2e/0x1b0
[ 1079.628116]  __copy_msghdr_from_user+0x91/0x4b0
[ 1079.629108]  ? __ia32_sys_shutdown+0x80/0x80
[ 1079.630052]  ? __lock_acquire+0x1657/0x5b00
[ 1079.630983]  ___sys_recvmsg+0xd5/0x200
[ 1079.631814]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1079.632868]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1079.633983]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1079.634929]  ? trace_hardirqs_on+0x5b/0x180
[ 1079.635852]  ? lock_acquire+0x197/0x470
[ 1079.636691]  ? find_held_lock+0x2c/0x110
[ 1079.637571]  ? __might_fault+0xd3/0x180
[ 1079.638411]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.639292]  ? io_schedule_timeout+0x140/0x140
[ 1079.640298]  do_recvmmsg+0x24c/0x6d0
[ 1079.641104]  ? ___sys_recvmsg+0x200/0x200
[ 1079.641985]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.642874]  ? ksys_write+0x12d/0x260
[ 1079.643716]  ? wait_for_completion_io+0x270/0x270
[ 1079.644737]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1079.645750]  ? vfs_write+0x354/0xa70
[ 1079.646542]  __x64_sys_recvmmsg+0x20f/0x260
[ 1079.647475]  ? ksys_write+0x1a9/0x260
[ 1079.648300]  ? __do_sys_socketcall+0x600/0x600
[ 1079.649281]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1079.650410]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1079.651508]  do_syscall_64+0x33/0x40
[ 1079.652306]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1079.653408] RIP: 0033:0x7f13d67b3b19
[ 1079.654211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1079.658093] RSP: 002b:00007f13d3d08188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1079.659701] RAX: ffffffffffffffda RBX: 00007f13d68c7020 RCX: 00007f13d67b3b19
[ 1079.661223] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1079.662723] RBP: 00007f13d3d081d0 R08: 0000000000000000 R09: 0000000000000000
[ 1079.664224] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1079.665997] R13: 00007ffe26e173ff R14: 00007f13d3d08300 R15: 0000000000022000
18:26:23 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, 0x0, 0x0, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:26:23 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:26:23 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 21)

[ 1079.705221] FAULT_INJECTION: forcing a failure.
[ 1079.705221] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1079.709033] CPU: 0 PID: 7132 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1079.710489] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1079.712252] Call Trace:
[ 1079.712816]  dump_stack+0x107/0x167
[ 1079.713606]  should_fail.cold+0x5/0xa
[ 1079.714420]  _copy_from_user+0x2e/0x1b0
[ 1079.715273]  __copy_msghdr_from_user+0x91/0x4b0
[ 1079.716267]  ? __ia32_sys_shutdown+0x80/0x80
[ 1079.717225]  ? __lock_acquire+0x1657/0x5b00
[ 1079.718168]  ___sys_recvmsg+0xd5/0x200
[ 1079.719004]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1079.720062]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.720978]  ? lock_acquire+0x197/0x470
[ 1079.721832]  ? find_held_lock+0x2c/0x110
[ 1079.722722]  ? __might_fault+0xd3/0x180
[ 1079.723574]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.724497]  do_recvmmsg+0x24c/0x6d0
[ 1079.725322]  ? ___sys_recvmsg+0x200/0x200
[ 1079.726214]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.727123]  ? ksys_write+0x12d/0x260
[ 1079.727962]  ? wait_for_completion_io+0x270/0x270
[ 1079.729030]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1079.730033]  ? vfs_write+0x354/0xa70
[ 1079.730843]  __x64_sys_recvmmsg+0x20f/0x260
[ 1079.731778]  ? ksys_write+0x1a9/0x260
[ 1079.732615]  ? __do_sys_socketcall+0x600/0x600
[ 1079.733600]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1079.734709]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1079.735811]  do_syscall_64+0x33/0x40
[ 1079.736604]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1079.737707] RIP: 0033:0x7f65a52bbb19
[ 1079.738497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1079.740977] FAULT_INJECTION: forcing a failure.
[ 1079.740977] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1079.742417] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1079.742440] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1079.742451] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1079.742462] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1079.742476] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1079.751434] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1079.753003] CPU: 1 PID: 7142 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1079.753723] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1079.754588] Call Trace:
[ 1079.754862]  dump_stack+0x107/0x167
[ 1079.755250]  should_fail.cold+0x5/0xa
[ 1079.755655]  _copy_from_user+0x2e/0x1b0
[ 1079.756080]  __copy_msghdr_from_user+0x91/0x4b0
[ 1079.756574]  ? __ia32_sys_shutdown+0x80/0x80
[ 1079.757043]  ? __lock_acquire+0x1657/0x5b00
[ 1079.757526]  ___sys_recvmsg+0xd5/0x200
[ 1079.757936]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1079.758453]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.758890]  ? lock_acquire+0x197/0x470
[ 1079.759307]  ? find_held_lock+0x2c/0x110
[ 1079.759741]  ? __might_fault+0xd3/0x180
[ 1079.760166]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.760613]  do_recvmmsg+0x24c/0x6d0
[ 1079.761014]  ? ___sys_recvmsg+0x200/0x200
[ 1079.761447]  ? lock_downgrade+0x6d0/0x6d0
[ 1079.761889]  ? ksys_write+0x12d/0x260
[ 1079.762301]  ? wait_for_completion_io+0x270/0x270
[ 1079.762814]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1079.763301]  ? vfs_write+0x354/0xa70
[ 1079.763694]  __x64_sys_recvmmsg+0x20f/0x260
[ 1079.764157]  ? ksys_write+0x1a9/0x260
[ 1079.764556]  ? __do_sys_socketcall+0x600/0x600
[ 1079.765057]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1079.765603]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1079.766156]  do_syscall_64+0x33/0x40
[ 1079.766545]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1079.767081] RIP: 0033:0x7fd50191ab19
[ 1079.767471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1079.769391] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1079.770189] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1079.770944] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1079.771700] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1079.772447] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1079.773213] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:26:23 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x1f, 0x0, 0xfa, 0x5, 0x0, 0x9, 0x4044, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, @perf_config_ext={0x0, 0x8}, 0x4244, 0x80000000, 0x7f, 0x8, 0x7, 0x9, 0xf800, 0x0, 0x4}, 0xffffffffffffffff, 0xf, r1, 0xb)

18:26:23 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:26:23 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x3665c4}}], 0x35f, 0x10062, 0x0)

18:26:36 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, 0x0, 0x0, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:26:36 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x0, 0x0)

18:26:36 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 22)

18:26:36 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 30)

18:26:36 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080), 0x0)
fcntl$getflags(r0, 0x408)

18:26:36 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:26:36 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x4000000}}], 0x35f, 0x10062, 0x0)

18:26:36 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 15)

[ 1092.220947] FAULT_INJECTION: forcing a failure.
[ 1092.220947] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1092.222423] CPU: 1 PID: 7165 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1092.223196] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1092.224139] Call Trace:
[ 1092.224446]  dump_stack+0x107/0x167
[ 1092.224869]  should_fail.cold+0x5/0xa
[ 1092.225317]  _copy_from_user+0x2e/0x1b0
[ 1092.225778]  __copy_msghdr_from_user+0x91/0x4b0
[ 1092.226306]  ? __ia32_sys_shutdown+0x80/0x80
[ 1092.226837]  ? __lock_acquire+0x1657/0x5b00
[ 1092.227354]  ___sys_recvmsg+0xd5/0x200
[ 1092.227802]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1092.228385]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1092.229028]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1092.229554]  ? trace_hardirqs_on+0x5b/0x180
[ 1092.230066]  ? lock_acquire+0x197/0x470
[ 1092.230528]  ? find_held_lock+0x2c/0x110
[ 1092.230996]  ? __might_fault+0xd3/0x180
[ 1092.231464]  ? lock_downgrade+0x6d0/0x6d0
[ 1092.231945]  ? io_schedule_timeout+0x140/0x140
[ 1092.232500]  do_recvmmsg+0x24c/0x6d0
[ 1092.232947]  ? ___sys_recvmsg+0x200/0x200
[ 1092.233448]  ? lock_downgrade+0x6d0/0x6d0
[ 1092.233950]  ? ksys_write+0x12d/0x260
[ 1092.234418]  ? wait_for_completion_io+0x270/0x270
[ 1092.234975]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1092.235507]  ? vfs_write+0x354/0xa70
[ 1092.235938]  __x64_sys_recvmmsg+0x20f/0x260
[ 1092.236462]  ? ksys_write+0x1a9/0x260
[ 1092.236919]  ? __do_sys_socketcall+0x600/0x600
[ 1092.237474]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1092.238110]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1092.238723]  do_syscall_64+0x33/0x40
[ 1092.239168]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1092.239775] RIP: 0033:0x7f65a52bbb19
[ 1092.240225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1092.242435] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1092.243343] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1092.244203] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1092.245065] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1092.245921] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1092.246778] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1092.264274] FAULT_INJECTION: forcing a failure.
[ 1092.264274] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1092.267301] CPU: 0 PID: 7168 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1092.268693] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1092.270448] Call Trace:
[ 1092.271046]  dump_stack+0x107/0x167
[ 1092.271875]  should_fail.cold+0x5/0xa
[ 1092.272742]  _copy_from_user+0x2e/0x1b0
[ 1092.273656]  __copy_msghdr_from_user+0x91/0x4b0
[ 1092.274706]  ? __ia32_sys_shutdown+0x80/0x80
[ 1092.275696]  ? __lock_acquire+0x1657/0x5b00
[ 1092.276688]  ___sys_recvmsg+0xd5/0x200
[ 1092.277575]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1092.278682]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1092.279700]  ? lock_acquire+0x197/0x470
[ 1092.280593]  ? find_held_lock+0x2c/0x110
[ 1092.281530]  ? __might_fault+0xd3/0x180
[ 1092.282427]  ? lock_downgrade+0x6d0/0x6d0
[ 1092.283361]  ? io_schedule_timeout+0x140/0x140
[ 1092.284404]  do_recvmmsg+0x24c/0x6d0
[ 1092.285258]  ? ___sys_recvmsg+0x200/0x200
[ 1092.286190]  ? lock_downgrade+0x6d0/0x6d0
[ 1092.287131]  ? ksys_write+0x12d/0x260
[ 1092.288003]  ? wait_for_completion_io+0x270/0x270
[ 1092.289107]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1092.290142]  ? vfs_write+0x354/0xa70
[ 1092.290980]  __x64_sys_recvmmsg+0x20f/0x260
[ 1092.291940]  ? ksys_write+0x1a9/0x260
[ 1092.292792]  ? __do_sys_socketcall+0x600/0x600
[ 1092.293839]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1092.295018]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1092.296182]  do_syscall_64+0x33/0x40
[ 1092.297043]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1092.298197] RIP: 0033:0x7f13d67b3b19
[ 1092.299042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1092.303180] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1092.304895] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1092.306506] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1092.308101] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1092.309710] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1092.311298] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:26:36 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x40000000}}], 0x35f, 0x10062, 0x0)

18:26:36 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0xc0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x9}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)

[ 1092.331969] FAULT_INJECTION: forcing a failure.
[ 1092.331969] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1092.334649] CPU: 0 PID: 7181 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1092.336169] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1092.338016] Call Trace:
[ 1092.338606]  dump_stack+0x107/0x167
[ 1092.339411]  should_fail.cold+0x5/0xa
[ 1092.340264]  _copy_from_user+0x2e/0x1b0
[ 1092.341166]  __copy_msghdr_from_user+0x91/0x4b0
[ 1092.342198]  ? __ia32_sys_shutdown+0x80/0x80
[ 1092.343163]  ? __lock_acquire+0x1657/0x5b00
[ 1092.344129]  ___sys_recvmsg+0xd5/0x200
[ 1092.344985]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1092.346070]  ? lock_downgrade+0x6d0/0x6d0
[ 1092.346985]  ? lock_acquire+0x197/0x470
[ 1092.347856]  ? find_held_lock+0x2c/0x110
[ 1092.348753]  ? __might_fault+0xd3/0x180
[ 1092.349641]  ? lock_downgrade+0x6d0/0x6d0
[ 1092.350571]  do_recvmmsg+0x24c/0x6d0
[ 1092.351395]  ? ___sys_recvmsg+0x200/0x200
[ 1092.352304]  ? lock_downgrade+0x6d0/0x6d0
[ 1092.353229]  ? ksys_write+0x12d/0x260
[ 1092.354079]  ? wait_for_completion_io+0x270/0x270
[ 1092.355138]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1092.356152]  ? vfs_write+0x354/0xa70
[ 1092.356972]  __x64_sys_recvmmsg+0x20f/0x260
[ 1092.357931]  ? ksys_write+0x1a9/0x260
[ 1092.358765]  ? __do_sys_socketcall+0x600/0x600
[ 1092.359764]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1092.360900]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1092.362032]  do_syscall_64+0x33/0x40
[ 1092.362843]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1092.363955] RIP: 0033:0x7fd50191ab19
[ 1092.364763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
18:26:36 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0xc4653600}}], 0x35f, 0x10062, 0x0)

[ 1092.368809] RSP: 002b:00007fd4fee6f188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1092.370567] RAX: ffffffffffffffda RBX: 00007fd501a2e020 RCX: 00007fd50191ab19
[ 1092.372122] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1092.373691] RBP: 00007fd4fee6f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1092.375237] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1092.376768] R13: 00007ffcb71c4b0f R14: 00007fd4fee6f300 R15: 0000000000022000
18:26:50 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 31)

18:26:50 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, 0x0, 0x0, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:26:50 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:26:50 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 16)

18:26:50 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000040)={0x80000001, 0x18, '\x00', 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0]})
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, &(0x7f0000000100)={{r1}, "ba3235d8c86e3b8de5d926006d90fe703d9547fef5cd5d45dc748be2aeea8a8bd801af5aafba98614fe50f14f9b02c86ff9c89c5e21e501b36a6089ed44966acbd7d8921f0d1f71bcba6d0bcf95a02cf2b81fa48487de9b189fe4dd049a57ee504f50f21480f232cccab91ac6590cd41ae64806bee5743e0a76efefe8312ec082325f31adfca1384022216f1ba60e8d863a8e6565655e7bf295af6e99298967b7d82a39d5cf3d0743e3e067a149bd4c49dfe2a2c000ac988898674a36020b2ba39b1f2db00c959bf797c4642160b3ec7b6a2ae30ee13268eb74b70ee54cb41915f88f77359c53a82e7ecf29f234b29fcc1cdad49cd439d32e47be40c51b3f85cd2be9e1e34dd419f4fda8d061b7760f5915e90b8654c03494aa03de5bb549a7716ea42db778c2934442f2ade79eaf7ed8ca90ba8ab1918a7eff48d077fa7251ac39c883ffe9a7268dc85fe55420569968722216db4e4e9e08ccd1fc57ea3287de987ce49f2d35b6fc275350e920f961a73244e8df68a389369ff0046e8da75e25a695968c408658b7d6551b2d246cf00e9d23b1b51e4b03797ef61eee9ddfdba68740633497378ca4cf03d6beb01612c2f2a08c79372fb52bc5ea5a9f389b79fb4d3e484ccbe575de22fa002f9107c3d15bf4fdc2da3def5d693a22c295b17e38e81dc5db379a3d56009bc8f27be523f4082a1e5ade9e7ffcd4f1d4caab41ef11abc91c2510da525f77f4e71ad814f1e434634b941fe834eae9ac46a2174581213375db3f31d1107c553263422f6f3733f509fbdb8bd34cb973f471653c2b22f7aadc10efa66b9843a881dbb2917d18b3cf5d61f123024ee438f4edee6a0b124c8bdfbe9dcef71cfbab2cd8c557c1366133186c417501838e34d57e4f91d9a6e1c237efe478fec88797813faf71560747ee42e3c8715239c31860426fc39f38d7d73f42ced49007bdd68ac5b48ebac293c62bd4eb1322501c999c0861069e765223f4c50d7b69ec7fe4d0a0b3ac0ca6604353ed2db0f9efecbe12e2414e5189f6308d92ea64127e017ec845c8c12337b8c75d732b39a39cd3056f24f28be39cfc2e420fdd87e5d263ed3c932e77e78bcef44e992cd1a952eab6b23af925f3b88d0362235839abdfccaf4dddb76603c0fb5c1674bc719abc85336417a00648753fb37c4f983f33f1cb889de6a617cbf74fd27f78f5197989e001f946f6e2273a449da140bfc53cf74c8d1966a564696428259756136df38bc6ff89789e1eff32951550cfd5140855d680e2bd1cff10a271827cb29176036db7c068092a11c2f241006232dd7fa7d002130db462b65cf7baf9ee0a910d62a8c49fc2d2afe716996b00bacb0220da2e776ffa75395a6845b8971cc42db104a07c7fe94f3e5afa324cf5d9d03db419b1c641d93006ae3e602729e232a135778bfcf79db6d3a8acd9bf092a821a62b6585bd6ec1dd5089ea69facaacb36fd4d11a84e47cbdbb9f1e2c8fd3c8b5502477785e4c6d1cbf0e9d50481f1250d96190948f6d2006368d43ca90911f1ac56aef0bd210c6693953a3c8d59c1d72e36bf20c6cd5d6881f806dd9308eea489cf7bc8f1e4f9141f0bd41b6eb7e9455097fa27e0e8d3bb7deae59a979df0d697e47e7fe0f962dba7fd562337af013c5bb850c1d9cb0257f94812184d4da35c590d1e571639ac2a9a973a86c1ae726355dfbe8c18f6f0fc1e7dd899839ab88bc9882a6e43e168983a712d87cc736d0c3013a458634cee4a0702f15a07e086f14d2c798c380daf88b0846232109fe9a2518fedecda268438f395e70647667cb107413d356277cd42458e7b309feade15954cb2c2e1e7ef4d24738ee0da9471b846a0d9ccf688fefb77e85062261cea6a4c5ef2243598c708102d7ae0059214db9910041a88114caad186909d03f68c4d2b4fe372062c460ef27722366acf699f5f0419131e03607be07973d5d1e1921b863312668fb41fe23a12c4611ed0db417f0c77c6d72eb68b1171abe0e6be12ad48329103b3551112d1e06295e6b3fea96b8faa2c4a77b1a87fb53f61eaccc69875d286fe590f80930cc1d17f2462ef222892d70b19226d965087d200bf2af0cbf9cd13e15ddd69f6b739b3c29d2d43421048698ad94609fb3917a572ec74931877408a215ca006c9aa8386a34282d2c711f96fffffd7eaf6ef509d920035610dbe79e9f1c5255a6d396c17d6315aa5e0367f6b3a32ec5d18a79cb93787f758af794b41563cefc82d56721aad680ffd281e6610c8760ed8dda64e8da219f7c4c61100ac011215c810437e605f962e8896bfd1983f58f24a2b17812dc1d3059a909cac15b16155df3c35e25c4cc31e7cf71dcdbaa85b4685ebd323f7c8e30ff5d8d79805b0cda93f19e3f5be54f9f8bfbf03f7335e24bfcba4a80c2cffefa88b1ce01ab070f9a7d043a08692d26ad9714057e1ab88d34213afaee0dd30271db84fba22bab7e3fceddb814612799ebff188a0684d04eab0a911f41d6cfb71ae599efa710a3345dbadf3435b2ff2b08fd0fc258597906af8caa160d50a4851b4e63896d08578f6f0c40964c7ea212cc8b13a95e8d83de33dcd94ee56e3e4499e56e5f3eac7ce871126641ba8f6c1180ee895cbe2c77953dc6888b1b8b43b4d41a24ea80c42eaeefa37cc739d54c50886a8dc074e360e78df581daebebef03a64342de372a48a17383f6eae9672085654cdd14176690c3a5051472486447269bd88b9561ff1e031224ea6095e03fd5af7eb9ef8eba28dc20a4400a08482b25b7645db0ee779497a7abebe2bda3287bf5947ea20f93dce746a23c0bd145c64c40ce4f7737a483b3cf3345dc26351ec00f25f274c31e981e69a780f5d3d270937b16d39cb416bf069fbc37af256a343af6047b51e94ad54ab07841db882bd1abf771846ceac73f09ffb9bd76332443ebb30e71ecb7ddbaeab5497148146c8a94c1d84bb07a9ca360b5d2484ce922971019cd0772e6d65a114910c6f8bc11bd335ab275fe6461424196aa6130c486bf6ce1008b43817fc42b2d9f1271d112f550a79846755e1400b33d34c9189c684e05ae0547a9d4eacd7767450e70b57cdf9ffbef4372c92cc95ec028da7b93f33ac8256d5971f66d877ff09fff4f496f02df52fbdfc9f94ecb4a39a2a878f00d418e0e41cf5bca716d23bb495c63f49ac159d59f9d48636aa9f2443a659a319512f83310402c53e129371c2df0771ba3c34fc06db26bf41e2a73b15b46bf51b821101e76061310eaf90a025a07b871f5692fc2a8d27dfdf0596fc8b4b24a44b5527e420c760387a355742b3ab4ab840727b4c6370a1318635bf9b8930186aa3c067594da6351344bea4e6a46f28923b8d9b1f6b2bdae83890bb8cb2844fbabbb3cc5316a74ce58de68f1ce41c06e81690bdbbb448af94cd80e34376d365ef07324c2dcbb41a403e1f3338f1682af86dbade8ea1c64855651d23e8ace87c800228d608d854b029e40c2072548b3f506d7a70ee24a58da36241c76226d67382496c08a49e0bc54ad5936593fbb7c9464e010e8d1501f06851313e1a7b23345cb141f26a5b2b3b4aef42e4ff759acaefe79bbadd0bfa6a12c71e53b5c068e85585a7973cd795c41261dfa4a17f2664e087cddd9747c27f58aa481a0b6ed3dc45c9a705ec4414ae210d9d89f1105c0848f0b02934d9283aea70a5724a77016dbe0a2c836d9b9abcd31b081c5a13889d4591acf818c68771868f3518a0ba2f518f457f3d0b67204a6f858d4bb310d04cc277c663437b5d75f9598e867ab8bb8f493c454bfea2c3042d606c2c47da9b64aca7a08e69a276bbc41a642a806d8626bd11eebc6b6f18f4a5cb0631b4f50c743d9bd55e8120383b063e08258b18778787cc643880f6e8ed959fa50491535df394b1ae6672290561a68ad0c738d09d319fcb2e5bfed19faf4f0528a7b26b523e9c2abb31b16e9247ce17853ee77d1d53fa23841e11b2a319c0eb3f0d5db5c55d7f55a3acc6fad43558ff26734ecc06b575b4a0aec1b43d8f166f7c83de91351315e1ef445fd6189ae4dbacc1dd9779ff11aa20436a38dbed790d142735298e8317ea4f188a38c25a0eb5b233321e7f8da8d7a2beef8927b870261fd54e5135b670d5e87b67889ef019752c89d70e357488279fba940aeb85e02eb0c13a25f373cfbba791bf6f43f48a632ff7b577f306087d1f09cc0fe789f082cf5aceef8618524aad0e17973a013d467692f44934c72ff1683865287d2dc8eccd2519972f5fae187a2fecc9a67dab2682e88b64b93cfad70dcc223643559fb5ce19c890fb85af4aa9bd0dc529f5045c3911549ad7e230b4f0b41a061ebc3bda38079362bc7dc164947232b730468c12a2913434395796eb5e583ac2b01f1afc54ba7ef6954cf386c33dc3c3b4a5d057ad96ff01d581c467e459af8b11638a27b09c47686259d6ad650d4f5492eea48750d9e7ae01d408cf718bf0200cd4cbee6a63b25873500566b549f6b1f87062c8401b44122d7b8027dbc4bf7c26b00db70f2daa23068e754850c483bc45c60695a10b484b83a18dfc3f152d5a2c271f927f8a0b3e054897b57527c043716e19259b7004fe41056dd187a87547e1a986ba9229a3c486074ef664bbb3c2ae6687476337edc526689bf35478c2afddc3ee0752cac326c965e4ab55677e98e2077ff3d04e774ec7b8978e07152c26c9cfb01a9dee06610f158e161381e4524114fa440fc3200afa343a25ad25791b94d5e6212743f48227ce094541d071403456a9fbc38d8b0c28351821e2c20f5372f3ab090f5ff2513071bc7fa995b831d2ef8b1f66a80954bc6c7d6acb76bff27e63c9d394ae9fbcfb8129bc6c4886c46555d3e261b93fb91df914b615770e24311eefef5c1ebc7925435d6f6c3baad8171b8baa88dcb514222828958bbb0d5f99bec32abce624c6ceab9bdd04c95dffb43adcd1d5b1987abbae104a6454a0f80bf184390ad9d13ab4c1db465cef3104380b2ea3446927e9491e3edeb0f8c69f588e953818ad5dd148e614438513d806a468270dff0842b62cd1e2f3b521675622d28a3f4eaf3dfd672a03449c2eac6627f71626bd82374b283f16f65e88aa51801a01b779196a4f6aa84cb44589ff1f994ffc6919a2a8bdcf229507017406c4a5c41c68058c2e8691c77fc1dee0873948875fe41a53fada337126ad33c3abd6fe0eb9b316fa0ac5d27dd111ecfe3df038fa867c74c8d2c914927c8804a70b36e3804238acd0afc506017fe7e3d94ab2da11669d765b10920af9bb31c90bc6cc4b91334c36c035177df8d58d92db1fa04e4e461404a48436aad77b1d5904e95ad470294745880a1bdac114d5846b16a9786ec9d4544efbfeb634f9b71b0c6b67c435b22dc0ee9c3e67be568fa334b51c655f14463360f8e182d6d25368b26e042dc3faa6980a36480eb497582b8564e8b44bf825af53ad7f02c4fb8afd01668e0fbeb1a8405146cd5277257ba2025b58c8075174ff56ee80b8069ba12d1839cce377474f33dcc97223b3ddfa7e801ce8cc15b7fcb67cdae63f295586d70b17510908a1fdd220b4f9ffb1874a2f1825ecfbf852b97636f504fa0ca37e375619d2c61f2badb0795b0a971de7ce6885f74f9d8d7c05b637ecc80a2e2352a9f33cbdb6751a65fd78ac5103b77954d7814d99abc6b0a9e44024f173fb63910452cd8e040811dac294517fc7d483e755dfc95eb0b8628af075411804ff772a4c929f47b8584e15e300b8214203a455f2b5d472735fe04afa860"})
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)
openat(r3, &(0x7f0000001100)='./file0\x00', 0x80100, 0x0)
fcntl$getflags(r2, 0x408)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r2, 0x8040942d, &(0x7f00000000c0))
fcntl$getflags(r1, 0x408)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
ftruncate(r4, 0x7fff)

18:26:50 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0xffffff7f}}], 0x35f, 0x10062, 0x0)

18:26:50 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 23)

18:26:50 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1105.933192] FAULT_INJECTION: forcing a failure.
[ 1105.933192] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1105.936921] CPU: 0 PID: 7204 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1105.938485] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1105.940322] Call Trace:
[ 1105.940909]  dump_stack+0x107/0x167
[ 1105.941752]  should_fail.cold+0x5/0xa
[ 1105.941980] FAULT_INJECTION: forcing a failure.
[ 1105.941980] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1105.942606]  _copy_from_user+0x2e/0x1b0
[ 1105.942633]  __copy_msghdr_from_user+0x91/0x4b0
[ 1105.942654]  ? __ia32_sys_shutdown+0x80/0x80
[ 1105.946750]  ? __lock_acquire+0x1657/0x5b00
[ 1105.947726]  ___sys_recvmsg+0xd5/0x200
[ 1105.948590]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1105.949700]  ? lock_downgrade+0x6d0/0x6d0
[ 1105.950624]  ? lock_acquire+0x197/0x470
[ 1105.951500]  ? find_held_lock+0x2c/0x110
[ 1105.952406]  ? __might_fault+0xd3/0x180
[ 1105.953303]  ? lock_downgrade+0x6d0/0x6d0
[ 1105.954242]  do_recvmmsg+0x24c/0x6d0
[ 1105.955072]  ? ___sys_recvmsg+0x200/0x200
[ 1105.955989]  ? lock_downgrade+0x6d0/0x6d0
[ 1105.956908]  ? ksys_write+0x12d/0x260
[ 1105.957778]  ? wait_for_completion_io+0x270/0x270
[ 1105.958841]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1105.959873]  ? vfs_write+0x354/0xa70
[ 1105.960718]  __x64_sys_recvmmsg+0x20f/0x260
[ 1105.961697]  ? ksys_write+0x1a9/0x260
[ 1105.962533]  ? __do_sys_socketcall+0x600/0x600
[ 1105.963541]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1105.964695]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1105.965854]  do_syscall_64+0x33/0x40
[ 1105.966675]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1105.967801] RIP: 0033:0x7f65a52bbb19
[ 1105.968622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1105.972670] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1105.974346] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1105.975908] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1105.977510] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1105.979070] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1105.980632] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1105.982227] CPU: 1 PID: 7203 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1105.982979] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1105.983902] Call Trace:
[ 1105.984213]  dump_stack+0x107/0x167
[ 1105.984636]  should_fail.cold+0x5/0xa
[ 1105.985054]  _copy_from_user+0x2e/0x1b0
[ 1105.985504]  __copy_msghdr_from_user+0x91/0x4b0
[ 1105.986022]  ? __ia32_sys_shutdown+0x80/0x80
[ 1105.986513]  ? __lock_acquire+0x1657/0x5b00
[ 1105.987004]  ___sys_recvmsg+0xd5/0x200
[ 1105.987438]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1105.987982]  ? lock_downgrade+0x6d0/0x6d0
[ 1105.988440]  ? lock_acquire+0x197/0x470
[ 1105.988509] FAULT_INJECTION: forcing a failure.
[ 1105.988509] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1105.988878]  ? find_held_lock+0x2c/0x110
[ 1105.988891]  ? __might_fault+0xd3/0x180
[ 1105.988909]  ? lock_downgrade+0x6d0/0x6d0
[ 1105.992728]  do_recvmmsg+0x24c/0x6d0
[ 1105.993148]  ? ___sys_recvmsg+0x200/0x200
[ 1105.993610]  ? lock_downgrade+0x6d0/0x6d0
[ 1105.994078]  ? ksys_write+0x12d/0x260
[ 1105.994507]  ? wait_for_completion_io+0x270/0x270
[ 1105.995043]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1105.995554]  ? vfs_write+0x354/0xa70
[ 1105.995963]  __x64_sys_recvmmsg+0x20f/0x260
[ 1105.996446]  ? ksys_write+0x1a9/0x260
[ 1105.996874]  ? __do_sys_socketcall+0x600/0x600
[ 1105.997381]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1105.997955]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1105.998519]  do_syscall_64+0x33/0x40
[ 1105.998926]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1105.999491] RIP: 0033:0x7fd50191ab19
[ 1105.999900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1106.001943] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1106.002770] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1106.003554] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1106.004311] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1106.005091] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1106.005866] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1106.006720] CPU: 0 PID: 7206 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1106.008208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1106.010011] Call Trace:
[ 1106.010580]  dump_stack+0x107/0x167
[ 1106.011375]  should_fail.cold+0x5/0xa
[ 1106.012202]  _copy_from_user+0x2e/0x1b0
[ 1106.013065]  __copy_msghdr_from_user+0x91/0x4b0
[ 1106.014076]  ? __ia32_sys_shutdown+0x80/0x80
[ 1106.015024]  ? __lock_acquire+0x1657/0x5b00
[ 1106.015974]  ___sys_recvmsg+0xd5/0x200
[ 1106.016816]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1106.017890]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1106.019091]  ? lock_release+0x3b4/0x680
[ 1106.019957]  ? __might_fault+0xd3/0x180
[ 1106.020815]  ? lock_downgrade+0x6d0/0x6d0
[ 1106.021724]  ? io_schedule_timeout+0x140/0x140
[ 1106.022725]  do_recvmmsg+0x24c/0x6d0
[ 1106.023540]  ? ___sys_recvmsg+0x200/0x200
[ 1106.024441]  ? lock_downgrade+0x6d0/0x6d0
[ 1106.025354]  ? ksys_write+0x12d/0x260
[ 1106.026193]  ? wait_for_completion_io+0x270/0x270
[ 1106.027249]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1106.028249]  ? vfs_write+0x354/0xa70
[ 1106.029060]  __x64_sys_recvmmsg+0x20f/0x260
[ 1106.030010]  ? ksys_write+0x1a9/0x260
[ 1106.030835]  ? __do_sys_socketcall+0x600/0x600
[ 1106.031827]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1106.032959]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1106.034089]  do_syscall_64+0x33/0x40
[ 1106.034910]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1106.036008] RIP: 0033:0x7f13d67b3b19
[ 1106.036815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1106.040724] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1106.042373] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1106.043912] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1106.045459] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1106.046998] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1106.048538] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1106.090661] FAULT_INJECTION: forcing a failure.
[ 1106.090661] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1106.092061] CPU: 1 PID: 7214 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1106.092819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1106.093744] Call Trace:
[ 1106.094044]  dump_stack+0x107/0x167
[ 1106.094450]  should_fail.cold+0x5/0xa
[ 1106.094880]  _copy_from_user+0x2e/0x1b0
[ 1106.095326]  __copy_msghdr_from_user+0x91/0x4b0
[ 1106.095838]  ? __ia32_sys_shutdown+0x80/0x80
[ 1106.096328]  ? __lock_acquire+0x1657/0x5b00
[ 1106.096811]  ___sys_recvmsg+0xd5/0x200
[ 1106.097247]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1106.097789]  ? lock_downgrade+0x6d0/0x6d0
[ 1106.098244]  ? lock_acquire+0x197/0x470
[ 1106.098671]  ? find_held_lock+0x2c/0x110
[ 1106.099126]  ? __might_fault+0xd3/0x180
18:26:50 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 24)

18:26:50 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040), 0x0, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1106.099566]  ? lock_downgrade+0x6d0/0x6d0
[ 1106.100209]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1106.100835]  do_recvmmsg+0x24c/0x6d0
[ 1106.101269]  ? ___sys_recvmsg+0x200/0x200
[ 1106.101728]  ? lock_downgrade+0x6d0/0x6d0
[ 1106.102189]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1106.102794]  ? wait_for_completion_io+0x270/0x270
[ 1106.103326]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1106.103842]  ? vfs_write+0x354/0xa70
[ 1106.104259]  __x64_sys_recvmmsg+0x20f/0x260
[ 1106.104735]  ? ksys_write+0x1a9/0x260
[ 1106.105160]  ? __do_sys_socketcall+0x600/0x600
[ 1106.105680]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1106.106260]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1106.106832]  do_syscall_64+0x33/0x40
[ 1106.107246]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1106.107811] RIP: 0033:0x7fd50191ab19
[ 1106.108223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1106.110263] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1106.111307] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1106.112107] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
18:26:50 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63804, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x46020, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f00000000c0)={<r2=>0x0, 0x0, "532a1aa36d60c849fce27ffe68407adb4d2f17e94d60fb5cc3a9ab8e60383631a370313568af16e4a97bfc57402fd7abe3ffdf4e5932fe3deb24b0f98c46feec4e2e8037dc2ed3cc8505dbb44320918ddc44fd06a1b3705a16480870b7a28cdebd1f152467f1d16bd344eb8701867fff93c9537abad99829e869662141b25caa58fe57a5f5ea68c4c365d5bb8426aca6a97970bca8b83191a5dc60fff433fa539bcd5fee96ee0e8677843f8982b682cb07f92c519dadb16e3031dbaeef3fa90b3d4e7bc351553b388e85bfc72d22555cc589b1dc492058455464596f96af326114ba654652a04d03670dbb4e478f17323253ac2479e9569f0beeee933a827b8f", "16b1d35a74a8f9b7a40b4f34eefedab94b1323818f5387351025e7a7e9f73c6105365cf52872faedab2ab54fe4ca8dd539d8767e52bd181ff24dbf1e5337c03acbc2fe04635efce0d9c8df5ffe4079198631b5cfea87be00064cc952a36b2cdba663dfd3f16b6c79e75390eb26ae871be2433444fcb5656a26054612ef14de4054c20c2dbf1a0b4e05b7edae4c7062b394294798f2b11f0836072a912cc15740183b5f5bad4dfefddf737e139dbdf1921bd084feecf8a0441222deb6d3581a2053ad8d4f3fbf0f3351e5892f9d7602c66e3b91c3a8e3a1ea5a3c703112d45176d2f962c43dc26b473c12367ca7feae4a91edd4d660532e8b75b964306636ddee1acdbfa36d55d4d5f611ade1d732c1016cfb99121337c10ddbdabde1b3158da8cb25e49afd9969e450a866f55d947df9b91d77a1af60c55fe56b31baa63018d26053bcae3824c940e26545ec0ca95aec3fac8deacef31e7427b71e63b2285b1c87e6f9fecbcc06bd6847c7a5a0d2821529075e3b979b16fbd91f8ac28e97e0bc83925a19ee78b2bdab56ddf1f5eff42d9a87c04a18e4cb04da4bb5dafc7af0998fc2fc131ef88dd34c5699b86e71be5ee1ccacb971f6566eb482005dd1bcd315fa0ca1efd131e4284699a2de499dac94da2c46b737a8253075034133879ccea8bc58a456870eb95d6f81e816da8c440d1e8a2bf36a19236a3b700d8917745d9de080fc5a4de493b80d2b3b30375f622e8bc77f2ed49e3183c435bab91f25ae8453c137d2a099f7893afd301aa63dc669f2eb7d2aee62f2d97b00dbc80a17fac34c5a6a7b09bd1b13a6748363ecfadd3d4c4aa95bba27125d7b64e0d54589b5719d12060292c7abc37f77eb0d628de2a630ab678951520216e250eeb09cdc33884b85fd86ae9188c1258e6f6e8c1c6d1a95f911acd70698a50a6a743029b629bfef988b24a915c5a4cdbaaab41a769477cb4492e79bddf9932015a93c239b4d65c1c1a09e25de6f3dc2456d270c58d8b5592f519ea5379b0b2d8cab91f228dd0057e75a06d143f62be763b28ea4ea4f62d103f19707a617f064991315d732cc5d497de6d941691603ddba84aa460807786d657ee853ee29a6daebe10f885280b5dc1916beede3d282694d64582f22ec1cbfe485e0b5428451c6aa2f42eef8b3986354b0baec5aaa2febb17c82c6b8618cb12030cace374890cc0ba4ea9ac9e8f70a0bed16b18ffc086e2846b707068b226c37251a3a54d4869e3d589f22f035adcb15456522bb3752bf49454c4519d6eda5c327ade673f16d2d5749159fa4eecd6d52a849d1a0467b0a505781da83a2696b7d835a17c889ec5cec1e5ddd75931c5dc4435eb3a29a62dbe7bb490fa5b0776c1ffd37393bd9485c4c07fcbeec155b47b4483f1758f447610b7da181e6557887183272ea9c48d1769d3dae099584df24ce17108f947a6347fd5181879690ae29f53757cf97d8cb85de1855671a1e01850f54501937166f3f7cc92bac34e65be223d04e6613144886aa81ecf5fecaa974633b0cee6f9ff3d3afc10acf3305d1238f471bd310c4e69ff93a94f72455420cad7b7eaf62f056bb083bdc4afcf874be893ac2b5e212c13e29e265ddb58bdee4a409c5b431de0f84ce57ffdce9592799493f34c71594b2529b114f6340dc22480f3e306a028797e2b1bb350f7ce23a1717ad6270e3fdc1e0ea259d0a90f53f7b72801621c28b096348f980eabf1bc4c7c54e94b1b5b97db2c9985726432efcfc6aa6abc8c2fdffd7cbba94182b06ab5558602046b0fdffb1d53ca657aaa64411133cdb88af41158b215158259d0c4f23b7b5b3ed89289a79f03a751cd4fb516fc9935d353fd49a11f30525ae3fcf7830d6adfa87b54244fbeb0ebc538a353d433c29a2915d3efcab383925d745609cac65fb42b3055f038de6c4993c9c904f4f09688884ea13a2a124a3819dfe9cc3a78a96ce6dd809ca429d18c42ecbb1d58dd44827a588657b0fa3811288cad24bc36984bf083883a4bab41145f88f82bd7c49032c8e72448063cf1dd808c5cc8e4279da0d68b39354a2879c55fef773ec46052e5ff16dec6cea26a22da395b26177a18dba6bf6492a46bce81c70206de7d90c2a704fe80879c6f815dd70fc31d3c024178d1eba2f2b5720e15a3906f974fdfda232c08d2b074f0956162af91411c2946d53a3129c9d01a97f2eceb8b969146615695588ec0381343a4a1acd4b67716c01cd980f8831e619efc411c49b172c7916c5527cfca44f798d8fa3a802bd5575af143eda2eb599e9e742ba5b24856ac4758ad72d69a601df674b2fcd4ab944876138205db69980b9790b9cbb0022d2fcdbb006844748470bc8c4f8152694f85e22ae3bbad0eb26918f7710527346aefe75722ea72c56537bbee178fe61a54cc365d73c5258e4799e6315fc5e07d83bbef78a6f58094f5cde63e651f76c317680c7e341042f2a95cc8c80e32f739605816741eb4905cef99ebcc406ca4806301841f285e49a5b14d848791d4d1e79e3fe54818fa55112dd1255f0d61b41118bab601215be4f0bf274a661a61f398f8342ab8f162e1bffe6fb2a6aeeea7c812f62fbc61f0f069ecd198b608e49ca48d11717ca8f960f5ffca1ad08f0186ff0708d995d754f7bae7a8b20e53a49ed13d0925038c47fefbad7eb410cdfc6ab483c2077631400c7e2973c5484202a1fba83d8e49777f4f7c88c86de284a6c3431f880f6626649c8433455c81b4f2d536ad12200b40c79b67b245fb667bc70ee1faca94129788eabb93d1814fb7d094db1afb54ceac250f4f9081d2000149921af63d18c656278234bec74a292b103ccfa06bea86d6ba6803ece17de154ab57a370089406f796fedbf820ae3b4548888c4503444cf64ca64fe2a32b1513eeadb61f2be0bbc3422f9f499796854e849088716b90a5180022b393294a24af65981b13111fd1685605962bcce189b8b5bd1558e59d24bae2788cd97e3f7fc5dbf1c8a6ce9a53684bfc26680defbe70fea8c6ded13bf5aeaa056cbb7d1a24bde4e5bafa83ee6f34a601df16456190fc49930bfaf5189cdec00034916d1866f516c92902684a57da6ff25dee17c4bf0ece68361aa0f4648df63ed18bcc1e56cc352eba9df80373f8e3b2e4f640ba171c2e0f559e422341856e235ad98a56343c8c7c3923811ee6c4778e975b38228bcbc14bbf4ab3f8293e9aac16a57b4399ba8d898c558286de3273b92a6d05e8eee67bdfc293576fc6f16a6c6413a41eb5cb2b62ed488b50b8122bdaedd9d8e47aeb046c31720ea487b143e7156d3fd60b94b547b7e08dd9d4c56af2cc006bf1585796aef87329852e95f8a2e520078931e65d361016ecf4b582f49829da6e05c154a7c390089c16a34dcd6d19f78d6ced20250fb18194e26d5183aac48405e32496b18dedff253cdfc22656003ec8ec107f9411b5f22aa18a9dcf29fd163a23214b81cb464a83e4e3414b55f22808f843b095cd6f4ee446cbb975b1168a4dca61fb5b066bb3b2fb8fbbe7ef6053aa61881386e2932795b8649181ec5cce9ed29846ee882466a1da865613f4076fb92ab7328f045b475a2a1e8dcb2eef6c01fcf88c8fb4369e859dd795dddb7b60687c54b5f56dda9d3769f75fec25f03594f3c69650067de8ad5a0ced217b7b7fbbe8e5b48d1f627e9ac50abf438895ecb759012bd184e813db14a08f2d6eefad8e4d45f3af3a1f0117307cc584d4ab15de42de8a6ed98b136b39fb0229448adcf57319bff25de2bbe957d9f57d6ca6a18e12bb71b0ad811d123a0a6d74374dfdde2a828a2ecca0ff0ef6a525d7bc81cd204294c62cb97a9b9f5f6c6d065c036b45a9f8fd3d5a6214d4d75d2f3d61ce0007c76932596cac407ae9e575cee26c9394627856e11600efa2123025bdc6f5a5c54b6dd1b692dd883032873491c68dc9e6f5c7bf00079a8cb109a4f65861d22f246839759ac52f0c3bbea814bcacbaab7a68b93dbb4a422ea1f986cb58b2d1cc2a8f8872c54afc1cc078ff558336ff8a8bd9305302892a0ef7841e846bb8c6a3a237b4b7003c6a2666b403956b6a3e012041038ea55dda7aaaa957144847dbf5867d33c1d371cd6660ee21e721e8f85f24840e09ed5c221674135c16dd172e63b1705e1e2c23dfe16071092ddc82c9e68789a770b9789e1ee6e6ff65604047a9ef26722939274fca742d8cadd8bcec89466238f20c4cd0579054d251053036616116fe90c0cd62fe2b88251a8c57594b7ce4e79e420aee3122d84b791093766276b8f929e4cf05262c71e4568bbe05ce91d5caf1e36c950839bac0566e8edcb7ed1841597a56421e71a44ae05c5a89eb276828cf430a14034307682dc5c326f875ec54144416fe052a21a57eaab9168c2da2a31f65587281d5251a7141d0058e5d14101edb36ffcbd97dea227873188fde596a43cb5b83b4408531cec44ac6300e28dd9332ebfc6018824f24ffc3b84461eb23292fae0ef4d0584e1e0d221e8d42eb2a6e006b34df6080f07d925896da5c9734eb3d8e926ab66b205ca6627f713f88a588f5a19c692397762cc45ffdc5f7352a21534828670af0f3118283c2bacc24eca7db97603b918b570ba5901d2bd48ad6f0eea3895c56057d92773308e76e2856a83bc327f07b2d45cfb06e81548d094327f685ce042cd1a7bc130d8b261136abf7ab6e0824579627c6b261fa2261d6058eb3ec6b26f5ced388521a5a91a2909a822bef4a8efd387d37102266bb6afe43452a44f6a0275a576335905eebc79b7469a232d0b2b45c69ac37cf99fc8424d3101665b3a0c58e7432945aa23ce807df0518ea67cf62f899ee6b7ee640a8c75688dd850a9e599f4d97e7c18fe2c3ea6de8741bcacf7dcfbdc144fcacaa66734e3cf72a6a3c538f056c26590c4902015e351797a4f91eba009bc6d4739fc243075ae6d02c37127aabce74a04584432af6fd9320be89453cd814fa7ad2e74eda2ed9f40dade45eeda23422c3f3ceac3298f314ce94f9cd5f234a254119807105a91010d9e21ee77a92a6000808608aff227c4f46504231b97f8078ff96d1984a38b8348bb5987929f73d06e8c36b496066d65c16ea96af2ae95fefbb65c7868a2eec8d1a207d6748b19dca8694dd74642838042f7b23121bb0e3213b6ef0b1928d67c6374b0a7d84b2c83b14878704d58e5d7668843545107ec08d2e35c9a510d7220f2cfdaac6db265fb192776c3cfceb9a9fdb9a24bfff0de850fe4dbd857709c330e6ad9ff498410f915a8b09ce76921963e6f643ba4db17def4ed8da927c551980ab5be58e5088c4d68d1481c89fe64a36d33034b951afab823ce4a76f664416aba2258ee1934ae537190825d269382f3538dd1e655f5b349cc99e5065d11dc671b7294"})
[ 1106.113055] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1106.113866] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1106.114660] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f0000001e00)={r2, 0x0, "9269e9ec1ad3305a65d9767060dddffa5a51075b477ad5b3334caf2144bba62f674e2044fa4b74723d0359cdd1414a7e610515579e563309c1cbd6092e892c3ffed326aafb50a9baabd0871fc4beb11d6b79c1ecdc233a7f4c9d7c3f0ac5170276d8a38c5de6b92a0a55b652a2546e95d1a544239d18f8a0428a8c0dae7bfd85a4f92f30159bbeae334023682184de25a704215ef967bc17f17623388bfda154909d0ac06119961fc5e3488cf3b470f3e9196a88f2797cbc22e8045c8818bc0e271716df3e86aceee183ef443ccddbd591f28b3df416199c3f6f9876d021fb891cd5ec8227661a35e9f548fd1e3c36ea910962f599f65309d6abb819d9902a05", "56e26b047f5558972ae303484ac1071757eede44580521c1c074b82112a9ca2b3a67300f2881b49b57cf732f93d154ee611fd890634d6146850d0d2b0ea8f1366240edf309fbf66e2a1bc6913d998fd433481c3f2063d63087a04bc6610f923db651e147551645a50c3977df9ca5015ceb48b76e4cc97d2525ded908049c3e0b05914682ea4ed78888c30bf3662892c200d31c7232394d1cccd26e5b25672a846455ac99ddd300a836ee7a09bb7d661a6e3412c06e6af166f9d56b24be4bcef0d11035cecdc40ef0d640e5b20e1b993808ae193219a0477e086cb290aba44b9c89f69662188d1ef4a85bacf952f9b809faec006663b9f9ef5ea6ced81d53b39fa164fd31f7e4ed8aac07663a52ca6cd96e0ca1c3ea87e2a600fb2c1fd24825ab858af22ada73ffdae48fbf2e1877ea34e55cbf1e285c2f080de752d15527534742eef1bee55801aa121ff214881f845952d5d5a342e5b8923776415723a6837cef077976a5fada4690657f4521b317ee853027947aa1c666e9c7dfa646ebc6465637bd29ac4f224bf76629576a0ab296a95cc55044b525e1b611ef4af1394e3dbd517cd71d02c16ce18b848cc79e29166188902be67a4f3fb3fc067d809321f37755ed3ccac32144094e4401f6638ff28ee908d51058511b9f513d6b56074bca4da46dc8665ac4b0a08d4bd838afc5a996f1b2ae548fb05680a6fd008aef04786a1483202c470286e21217c2c237be3b911ae0ba54dfe94a12c5c375616ae04b18f4b88fa56d7627e2cdd602b1c4d462a09ba38f6a4a0b76aa068a484bed636d5b4c77f5081da52d27491d3c635f8948e13842fa9491101a83a24af72fc983db3bbdda54f99b7ce2753bbf8b182bbeda6bce4bd27cc7bc9aba498692eeebde5155b53f50152f3c1d355cf772789bd927662fc720770e95a858059137ff5b4014d7974fcf4b3b234ffd7da32ce4800e8286da919d3af333480c2c51e59c59dcdf6842cfe5422c1f5c792adba22381f00d3b2ec3390548e94622e256499e346f9584d56cf224e8e1d9dfaa44a493e9c94c9d6a16a002b37691820fe8704062342aff428a90815437e745fab0b87df00972ac7dd4f18b1eaefb5b4e37d50e90288f4cc7e8ae7e62d0c08af877d191fba2e9fa3226d230ecec7f94955d82a6fc615d5936fdbc1c883eb4d15600dc4103f65d5a5cb2daaf020d03d3f6213b9016fe2aaddf6a3adf821bbc21eadc9dc29ca3f1e8dd81c4dcdb417ddda25a91d33dd743655df826457ba1a12a79779f09d920c3ae15d467ad45384a05882d4c99cbe31b1657edac7878b8a8c84a191a5784b493e9ac3a92b403cd5bc63ed4c6d367fdfe89ff5136981539c4ad8c717299b348611090d749860992092458d1228de9c84744f85870892893e0ac4b3ac05350cb18f14925b1a849c998ebcef535dee226879e1a4133a3c320581c069bb00e6a7995b28f6d710bd194eae44b78304c9fe481c89ab99fb4ac62b74a9f4f2d399e83b679549df807d07e7011c863ced9dcc5f08e67fa8d2cf59d8d0cdf6e95316ca6f74e0be5514ccddfbf5bce578acc467c6171dd7dde22b188f016eab8e4734f5290458e99be1ac9cd2d82e5603e07a3e8bbe6a06c26325303244ab4a40b55a7a077de08ec627051f14ba7b4c2c38c6c477c0f260adc8552725f9322c490ac2314c4545852823d89923c4a134249e4da60f050c401332d30e5439685c9ecf1914268ccd5d2cdfd55b0f40d341e605d77059d174fe0ed79c326c8661bca4abe67112e760b19cf7e1ed1ebe63e823a1c9465a2af411870eccc99c7158efbd9b6ec64ac612fb87b27d60b2c846dec3709ea49e2d88174b09d2b2e0d15bfee9bb23cac1faf8bd3bfe89ef2849aa0e8ee62a833078be647c1e1e8a95d1a566df7b7a229635aa407fc40a2861f9cf54faef86596a639d99c67a683b424b90b87d57bd6b929de46cf08fdd0ade43e4dc0c6759bdf9e572d3d1821ea895826f9b7f139aa8de2ed0c729d121fd397baa8364b08b605f9addcc509eaaf05c3a2a79104c683caa1d8c200bade92564656b55e55a7aa4ec2a4bf9331055846b42727b005e687cc48cdd188de0f6fadc3e5f1169d2ac8d4a7c5c5fb17489ef6da6e85d3273a7e3bb4b2ebb78d32b10d2c5094686415a183288564b8924737c69936ff58dabed0274f4eead3cc74b9276005e955ce41b4eaedacb2665090619bb9b9f6e085eb524c5a72afcbfbb930345265e7e27c857b83f01808fc5ce87b7e9fd0d5613c3f2dc12551b197f00bab81952b0f8c4bd9de2ac87d9bd8aabf60faa32637a55e1972fb4836a74ba7393a6e9870323cd3745f5781c398e683b45f87f7848e7bf964f85258f2f42644e9a05a9b2089c890ceff9a1b4ae8999e93b0acdf76283d68b7afae5405932d11d6c96e6092fa315d4a43e43c7f55a1236b67826d310e99d1a5f93b93503e7eadfbd386c8998766b8a8ce42b2e83af7ba321294f87889fd6c44cb3fb3b0b2276b683aea9d8e30485f9481fa4bdabdc83ce0a511a14f152414882a66d881d7e6f51bda7311ad78493cb41fc177134f1d01fd5afcbee5cfd6465f831cb7c27e7f64a54055a9edd7563efdf1ef63a9539c44bee0f99a6d3031a0e497a9fafb31d87a7bb96765dd530f7dd0a4cf7167692283bca572962326e943373d8b8bf83517ff81cb8d7f11136faf486355d4caab58e8d2674784585fcdee10207e070d9757cf22a7e422986d7cdea298ffde3e3ab6072d92fd75f18d808033f762f4bf52e4da4119d048d5c6d736ce4e55e72da1fad3958aee286c19cfac33036dc3824e5e9ef3184cc1baf1d50e6d849792c18d569f98842bacc15179a06235b130bf5bd70ad905aa4ea0afd505234ac4ed8f76bb121a6efd8d451f350fe35e22d30edb77a7cf37eb6756ad6bccbfd6ec0a971409ec4e618e9b395d7d2fc481678e499b2e2c70ab1ee1affc6c010f342be27cbe96c8039c1bc32ec1ff90bc39a5a24e61e0cff6cc0c492ed595474168bf2f5eb3c320b142539e64362dce4ef7f41e5b3a36963de405788078f52af7222b373e5e86a8601d844675f1985b0195bdc88395a6111906b9ad6c3adb536a9410970f09f43f4aa146b5f8f9a9bb0b63be508fd62ac2b2ae2729857ed8595e5ec0e09098fda43b3cbdf6807a25f0a8ca978c8f7948340e04235e5aa8ed430c8a84305b69d212fd7b10d14f36eb3a06bfdc8a86e7d1403ff31f4c368ae2479ffd50fc1859fa6abb86e42177dd178db5d19eca81bd8791dc88cf8f87767d7f52c79aa129b0fee30e52a41c76f07f10c5fa693d4815c104bfd52928229f1626fe063450c84156603f04a3966bac69b1cc4fe7db95a429ff02ee39a9f477219412b6857f60169ec174086d5b5f53e91d72a840410745a9dffa25530017ae73e2ee0f6f076e793c34f13aa3eb4757bf54ae14daeeb6bdc22ce9b6c6721ecc30964cf1f8671b20da64f212a126de9edbc0ea138e0cc9e7836ff8b206240807777960dbd425bab15ae76724444b506ec11097e9e9b815a7987f6fc8bbce09ef2a6e53fe9e6237e7611b9b56897cbd2897fd638a9191c8b238f4bae29da83ecb148dd3069d1bc43defffd33d6811d9b70a163f01f2104efd333b848bcebae74f14e6db0bb9cb6c7c911d1ccab13ba85623b182bf8a1df0874ef1fc5b135f0e4cffec955d8c2aca9fb55989eb82eb7a9c3f795cb036f3aca04c3065e953434540b28cfb913d765150b7446dff7b7fc9298704f23489935ad8bd6df85f6fc409cb20a8f35fb2d7561132f84089c08d5e95de3764559eb9a39ca5addf0f1c52e8b458ce88d9f757ac4c85c5c9047af5331e5deccff19346c8fbefd130ff5cd0fc73e51c28aa43edbf8d0835b24b516b5b36d6c67154fa3060f04797cb6d9cc5c44599b933c32128169c4ff99cf40f31c0a24b2b0311c622f7ddf97b215403f5b6997b01927422a19bbcf28395019795a1e88720f191562cf1eeffa1adfa66ed8fb2106974ffe182a94ca16e7842824f340d3fbdb073974845b5b09f2240290be4959a2f3b07f0e686c2994c6c0c2c6295f98606ab72e713129cdff54ca937b8755de3df76adac4f4ca60b07b64a0aca215dce685e995bbe34d9e293cd3d8e03f647a9dacc8cd6b34359bbccc09c7ce6b488dce6a25d9cfbed1716f1cd69b2e32d74bbdc3e98a666fafafce5b183a587ff5265251e70b58cfbd64c88b303ad6e6d54b26fa35471f35d67bd64d99e5bbc23e59158c568eb4b32696c035b054c6819cf19c4d6e05c68a99c2538d16e59e41c839947cd0db2d7e5d9c938af63662efef038971dfb78e142d242eb8dc37be194915965152080eb891e2ceb369b259f9d1962e7fbc6b611dd4bd566c6f246b65b50c3a8535eb7f72a41cb103734108b3f5f7b93bb4ed5ce30a6d04bf5abbce7337b93febacd99b998bfb6542e0ab46b2eaa87590c488dab50019bb232b5ba10707f7322e069befb4c80e28f938504f2193643a9731865c73ac5f7ff5e7e78375a19f82c9a57aac63a924ab828d3fb8b32b47471432f88679aa371a0dc50542d7f6ded178c758b5206472a62ce05c7ebc8b2df61b65be707ddb21bb9872f827798f459a5a42ce8cbcc1bd4b5c349626487448e84b77740415d6561ac8c1b93aafdf7067d1a749a00054f490448edc1429875522221c5645f246b9f923c29589a4d5cdd0788b04240dd32a473eae993775579ae8210590e40789154de37870781d674dfd33cf6f6160125e3a1d463b70afbf509f66c7486ce94793a67054766d12e8a8b7ea48170cdac2921f2a0f9a17381ae7d2572dc6f34758b434c55c69f5654b5ca78ea63747f9a4fa349ad98a249c380e8e821c2ec6747edef5ad115d539ff59f3f41d0b60aa7dea65193f88895dcdf44933338a3d3189d4dfb7c455369185b9ba1fe32a429b037a98be491309c98a634c64c539c4d8f9114fe1acd9d0e849961a3dfb12191be0c046e8f7163278be41ce25327ae02b2587e89551403017ec632a30e253722d5973562f153fffc01eb8d44415c0db94fb0234fb87ee75c194fe9a7092d751603570f35395ea98c5ef00cb805cf9a4a0a79a967d1145a5b75de6d273eafca441a9e494afe483ef2150ef38b6b4985f9fb2265eb4102e47d48e953cd7041e4c6ca75eb2e9cb6c7664c16621a8791d63b3a0ef15afb51bdb3504db149246f3c8f953a27679e87a663d70b69dc53ea17452cb6fb6693bf44ffe9987293b47d9ba16a813fe268fe2a014987aedae43f2da91514d355bc5fc6fbdd860f20401cd44d6f040280dc179c0653b0c12c66771d6939c9f2cca7403247949fe852dcd83341058dca1e267b0cce91f8d408e5561da53e1d8bfa466704d8c91b66e687cdc411a"})
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)
mmap$perf(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000008, 0x1010, r0, 0x1f)

18:26:50 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:27:03 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x10062, 0x0)

18:27:03 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x4000000000000}}], 0x35f, 0x10062, 0x0)

18:27:03 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 25)

18:27:03 executing program 4:
fadvise64(0xffffffffffffffff, 0x9dc, 0x7ff, 0x3)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)

18:27:03 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:27:03 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040), 0x0, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:27:03 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 17)

18:27:03 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 32)

[ 1119.512158] FAULT_INJECTION: forcing a failure.
[ 1119.512158] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1119.515058] CPU: 1 PID: 7243 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1119.516461] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1119.518159] Call Trace:
[ 1119.518698]  dump_stack+0x107/0x167
[ 1119.519449]  should_fail.cold+0x5/0xa
[ 1119.520231]  _copy_from_user+0x2e/0x1b0
[ 1119.521051]  __copy_msghdr_from_user+0x91/0x4b0
[ 1119.522014]  ? __ia32_sys_shutdown+0x80/0x80
[ 1119.522905]  ? __lock_acquire+0x1657/0x5b00
[ 1119.523793]  ___sys_recvmsg+0xd5/0x200
[ 1119.524580]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1119.525580]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.526427]  ? lock_acquire+0x197/0x470
[ 1119.527226]  ? find_held_lock+0x2c/0x110
[ 1119.528053]  ? __might_fault+0xd3/0x180
[ 1119.528860]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.529745]  do_recvmmsg+0x24c/0x6d0
[ 1119.530509]  ? ___sys_recvmsg+0x200/0x200
[ 1119.531352]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.532206]  ? ksys_write+0x12d/0x260
[ 1119.532881] FAULT_INJECTION: forcing a failure.
[ 1119.532881] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1119.532996]  ? wait_for_completion_io+0x270/0x270
[ 1119.536452]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1119.537387]  ? vfs_write+0x354/0xa70
[ 1119.538135]  __x64_sys_recvmmsg+0x20f/0x260
[ 1119.539000]  ? ksys_write+0x1a9/0x260
[ 1119.539759]  ? __do_sys_socketcall+0x600/0x600
[ 1119.540674]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1119.541739]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1119.542770]  do_syscall_64+0x33/0x40
[ 1119.543512]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1119.544539] RIP: 0033:0x7f13d67b3b19
[ 1119.545283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1119.548982] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1119.550534] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1119.551971] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1119.553405] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1119.554841] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1119.556268] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1119.557782] CPU: 0 PID: 7242 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1119.559256] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1119.561019] Call Trace:
[ 1119.561608]  dump_stack+0x107/0x167
[ 1119.562403]  should_fail.cold+0x5/0xa
[ 1119.563222]  _copy_from_user+0x2e/0x1b0
[ 1119.564078]  __copy_msghdr_from_user+0x91/0x4b0
[ 1119.565093]  ? __ia32_sys_shutdown+0x80/0x80
[ 1119.566049]  ? __lock_acquire+0x1657/0x5b00
[ 1119.567002]  ___sys_recvmsg+0xd5/0x200
[ 1119.567830]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1119.568891]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.569785]  ? lock_acquire+0x197/0x470
[ 1119.570638]  ? find_held_lock+0x2c/0x110
[ 1119.571514]  ? __might_fault+0xd3/0x180
[ 1119.571871] FAULT_INJECTION: forcing a failure.
[ 1119.571871] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1119.572360]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.572399]  do_recvmmsg+0x24c/0x6d0
[ 1119.576339]  ? ___sys_recvmsg+0x200/0x200
[ 1119.577224]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.578127]  ? ksys_write+0x12d/0x260
[ 1119.578964]  ? wait_for_completion_io+0x270/0x270
[ 1119.580006]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1119.580999]  ? vfs_write+0x354/0xa70
[ 1119.581814]  __x64_sys_recvmmsg+0x20f/0x260
[ 1119.582740]  ? ksys_write+0x1a9/0x260
[ 1119.583562]  ? __do_sys_socketcall+0x600/0x600
[ 1119.584558]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1119.585703]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1119.586819]  do_syscall_64+0x33/0x40
[ 1119.587625]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1119.588722] RIP: 0033:0x7f65a52bbb19
[ 1119.589536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1119.593491] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1119.595130] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1119.596660] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1119.598226] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1119.599762] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1119.601292] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1119.602860] CPU: 1 PID: 7240 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1119.604231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1119.605889] Call Trace:
[ 1119.606420]  dump_stack+0x107/0x167
[ 1119.607159]  should_fail.cold+0x5/0xa
[ 1119.607928]  _copy_from_user+0x2e/0x1b0
[ 1119.608734]  __copy_msghdr_from_user+0x91/0x4b0
[ 1119.609700]  ? __ia32_sys_shutdown+0x80/0x80
[ 1119.610577]  ? __lock_acquire+0x1657/0x5b00
[ 1119.611454]  ___sys_recvmsg+0xd5/0x200
[ 1119.612234]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1119.613216]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1119.614125]  ? lock_acquire+0x197/0x470
[ 1119.614926]  ? find_held_lock+0x2c/0x110
[ 1119.615749]  ? __might_fault+0xd3/0x180
[ 1119.616545]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.617388]  ? io_schedule_timeout+0x140/0x140
[ 1119.618335]  do_recvmmsg+0x24c/0x6d0
[ 1119.619085]  ? ___sys_recvmsg+0x200/0x200
[ 1119.619917]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.620756]  ? ksys_write+0x12d/0x260
[ 1119.621558]  ? wait_for_completion_io+0x270/0x270
[ 1119.622531]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1119.623468]  ? vfs_write+0x354/0xa70
[ 1119.624220]  __x64_sys_recvmmsg+0x20f/0x260
[ 1119.625083]  ? ksys_write+0x1a9/0x260
[ 1119.625858]  ? __do_sys_socketcall+0x600/0x600
[ 1119.626802]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1119.627862]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1119.628894]  do_syscall_64+0x33/0x40
[ 1119.629653]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1119.630671] RIP: 0033:0x7fd50191ab19
[ 1119.631413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1119.635082] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1119.636596] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1119.638022] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1119.639439] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1119.640853] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1119.642272] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:27:03 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 1)

18:27:03 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x1)

[ 1119.703803] FAULT_INJECTION: forcing a failure.
[ 1119.703803] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1119.706781] CPU: 1 PID: 7250 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1119.708151] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1119.709830] Call Trace:
[ 1119.710361]  dump_stack+0x107/0x167
[ 1119.711099]  should_fail.cold+0x5/0xa
[ 1119.711866]  _copy_from_user+0x2e/0x1b0
[ 1119.712669]  __copy_msghdr_from_user+0x91/0x4b0
[ 1119.713607]  ? __ia32_sys_shutdown+0x80/0x80
[ 1119.714484]  ? SOFTIRQ_verbose+0x10/0x10
[ 1119.715297]  ? mark_lock+0xf5/0x2df0
[ 1119.716045]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1119.717102]  ___sys_recvmsg+0xd5/0x200
[ 1119.717896]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1119.718878]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.719728]  ? __fget_files+0x296/0x4c0
[ 1119.720530]  ? __fget_light+0xea/0x290
[ 1119.721333]  do_recvmmsg+0x24c/0x6d0
[ 1119.722087]  ? ___sys_recvmsg+0x200/0x200
[ 1119.722923]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.723760]  ? ksys_write+0x12d/0x260
[ 1119.724543]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1119.725525]  ? wait_for_completion_io+0x270/0x270
[ 1119.726497]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1119.727420]  ? vfs_write+0x354/0xa70
[ 1119.728185]  __x64_sys_recvmmsg+0x20f/0x260
[ 1119.729042]  ? ksys_write+0x1a9/0x260
[ 1119.729843]  ? __do_sys_socketcall+0x600/0x600
[ 1119.730766]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1119.731834]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1119.732866]  do_syscall_64+0x33/0x40
[ 1119.733646]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1119.734673] RIP: 0033:0x7f301b410b19
[ 1119.735415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1119.739072] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1119.740613] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1119.742064] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1119.743506] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1119.744966] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1119.746426] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:27:03 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040), 0x0, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:27:03 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:27:03 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x20000000000000}}], 0x35f, 0x10062, 0x0)

18:27:04 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 33)

18:27:04 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x3665c4ffffffff}}], 0x35f, 0x10062, 0x0)

18:27:04 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 26)

[ 1119.930279] FAULT_INJECTION: forcing a failure.
[ 1119.930279] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1119.933197] CPU: 1 PID: 7262 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1119.934596] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1119.936280] Call Trace:
[ 1119.936814]  dump_stack+0x107/0x167
[ 1119.937646]  should_fail.cold+0x5/0xa
[ 1119.938515]  _copy_from_user+0x2e/0x1b0
[ 1119.939417]  __copy_msghdr_from_user+0x91/0x4b0
[ 1119.940466]  ? __ia32_sys_shutdown+0x80/0x80
[ 1119.941459]  ? __lock_acquire+0x1657/0x5b00
[ 1119.942445]  ___sys_recvmsg+0xd5/0x200
[ 1119.943319]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1119.944420]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.945365]  ? lock_acquire+0x197/0x470
[ 1119.946256]  ? find_held_lock+0x2c/0x110
[ 1119.947174]  ? __might_fault+0xd3/0x180
[ 1119.948066]  ? lock_downgrade+0x6d0/0x6d0
[ 1119.949015]  do_recvmmsg+0x24c/0x6d0
[ 1119.949882]  ? ___sys_recvmsg+0x200/0x200
[ 1119.950821]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1119.951827]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1119.952835]  ? finish_task_switch+0x126/0x5d0
[ 1119.953842]  ? finish_task_switch+0xef/0x5d0
[ 1119.954860]  __x64_sys_recvmmsg+0x20f/0x260
[ 1119.955828]  ? ksys_write+0x1a9/0x260
[ 1119.956683]  ? __do_sys_socketcall+0x600/0x600
[ 1119.957733]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1119.958907]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1119.960070]  do_syscall_64+0x33/0x40
[ 1119.960911]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1119.962068] RIP: 0033:0x7f13d67b3b19
[ 1119.962906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1119.967028] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1119.968733] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1119.970354] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1119.971955] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1119.973566] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1119.975167] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1120.032799] FAULT_INJECTION: forcing a failure.
[ 1120.032799] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1120.035703] CPU: 1 PID: 7268 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1120.037089] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1120.038770] Call Trace:
[ 1120.039320]  dump_stack+0x107/0x167
[ 1120.040157]  should_fail.cold+0x5/0xa
[ 1120.041042]  __alloc_pages_nodemask+0x182/0x600
[ 1120.042116]  ? lock_chain_count+0x20/0x20
[ 1120.043060]  ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130
[ 1120.044440]  alloc_pages_vma+0xbb/0x410
[ 1120.045349]  wp_page_copy+0xee7/0x1f00
[ 1120.046255]  ? print_bad_pte+0x5a0/0x5a0
[ 1120.047174]  ? lock_downgrade+0x6d0/0x6d0
[ 1120.048115]  ? vm_normal_page+0x162/0x2e0
[ 1120.049061]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1120.050277]  do_wp_page+0x27b/0x1390
[ 1120.051128]  handle_mm_fault+0x1cc7/0x3500
[ 1120.052095]  ? ip6_datagram_recv_common_ctl+0x3f0/0x3f0
[ 1120.053301]  ? ip6_datagram_recv_common_ctl+0x2c2/0x3f0
[ 1120.054509]  ? __skb_datagram_iter+0x1aa/0x880
[ 1120.055543]  ? __pmd_alloc+0x5e0/0x5e0
[ 1120.056435]  ? vmacache_find+0x55/0x2a0
[ 1120.057347]  do_user_addr_fault+0x56e/0xc60
[ 1120.058363]  exc_page_fault+0xa2/0x1a0
[ 1120.059247]  asm_exc_page_fault+0x1e/0x30
[ 1120.060188] RIP: 0010:__put_user_nocheck_4+0x3/0x11
[ 1120.061317] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca e9 f1 2c 1e 02 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca e9 d2 2c 1e 02 66 90 48 bb f9 ef ff ff ff 7f
[ 1120.065488] RSP: 0018:ffff888048e179c8 EFLAGS: 00050206
[ 1120.066694] RAX: 0000000000000028 RBX: ffffffff830fc720 RCX: 0000000020002030
[ 1120.068307] RDX: 1ffff110091c2fc3 RSI: ffffffff830f236a RDI: 0000000000000005
[ 1120.069935] RBP: ffff888048e17dc8 R08: 0000000000000001 R09: ffff88801e14471f
[ 1120.071545] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000020002030
[ 1120.073158] R13: 0000000020002000 R14: 0000000000000062 R15: 0000000000000004
[ 1120.074818]  ? sock_common_getsockopt+0xb0/0xb0
[ 1120.075879]  ? ____sys_recvmsg+0x2aa/0x590
[ 1120.076841]  ____sys_recvmsg+0x2dd/0x590
[ 1120.077785]  ? kernel_recvmsg+0x80/0x80
[ 1120.078691]  ? __import_iovec+0x458/0x590
[ 1120.079644]  ? import_iovec+0x83/0xb0
[ 1120.080511]  ___sys_recvmsg+0x127/0x200
[ 1120.081421]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1120.082536]  ? lock_downgrade+0x6d0/0x6d0
[ 1120.083481]  ? lock_acquire+0x197/0x470
[ 1120.084377]  ? find_held_lock+0x2c/0x110
[ 1120.085302]  ? __might_fault+0xd3/0x180
[ 1120.086215]  ? lock_downgrade+0x6d0/0x6d0
[ 1120.087175]  do_recvmmsg+0x24c/0x6d0
[ 1120.088030]  ? ___sys_recvmsg+0x200/0x200
[ 1120.088977]  ? lock_downgrade+0x6d0/0x6d0
[ 1120.089928]  ? ksys_write+0x12d/0x260
[ 1120.090806]  ? wait_for_completion_io+0x270/0x270
[ 1120.091904]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1120.092955]  ? vfs_write+0x354/0xa70
[ 1120.093826]  __x64_sys_recvmmsg+0x20f/0x260
[ 1120.094805]  ? ksys_write+0x1a9/0x260
[ 1120.095672]  ? __do_sys_socketcall+0x600/0x600
[ 1120.096714]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1120.097898]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1120.099067]  do_syscall_64+0x33/0x40
[ 1120.099913]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1120.101071] RIP: 0033:0x7fd50191ab19
[ 1120.102089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1120.106457] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1120.108019] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1120.109483] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1120.110898] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1120.112318] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1120.113749] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:27:18 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 27)

18:27:18 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x400000000000000}}], 0x35f, 0x10062, 0x0)

18:27:18 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9", 0x3, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:27:18 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:27:18 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 18)

18:27:18 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 2)

18:27:18 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 34)

[ 1134.224792] FAULT_INJECTION: forcing a failure.
[ 1134.224792] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1134.226039] FAULT_INJECTION: forcing a failure.
[ 1134.226039] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1134.227325] CPU: 1 PID: 7284 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1134.230036] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1134.231731] Call Trace:
[ 1134.232274]  dump_stack+0x107/0x167
[ 1134.233026]  should_fail.cold+0x5/0xa
[ 1134.233841]  _copy_from_user+0x2e/0x1b0
[ 1134.234663]  __copy_msghdr_from_user+0x91/0x4b0
[ 1134.235616]  ? __ia32_sys_shutdown+0x80/0x80
[ 1134.236518]  ? __lock_acquire+0x1657/0x5b00
[ 1134.237420]  ___sys_recvmsg+0xd5/0x200
[ 1134.238227]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1134.239246]  ? lock_acquire+0x197/0x470
[ 1134.240064]  ? find_held_lock+0x2c/0x110
[ 1134.240901]  ? __might_fault+0xd3/0x180
[ 1134.241732]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.242579]  ? asm_sysvec_call_function_single+0x12/0x20
[ 1134.243705]  do_recvmmsg+0x24c/0x6d0
[ 1134.244473]  ? ___sys_recvmsg+0x200/0x200
[ 1134.245324]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.246188]  ? ksys_write+0x12d/0x260
[ 1134.246982]  ? wait_for_completion_io+0x270/0x270
[ 1134.247971]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1134.248921]  ? vfs_write+0x354/0xa70
[ 1134.249706]  __x64_sys_recvmmsg+0x20f/0x260
[ 1134.250588]  ? ksys_write+0x1a9/0x260
[ 1134.251369]  ? __do_sys_socketcall+0x600/0x600
[ 1134.252308]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1134.253380]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1134.254444]  do_syscall_64+0x33/0x40
[ 1134.255208]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1134.256255] RIP: 0033:0x7f65a52bbb19
[ 1134.257017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1134.260773] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1134.262344] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1134.263804] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1134.265245] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1134.266692] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1134.268129] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1134.269609] CPU: 0 PID: 7289 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1134.270400] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1134.271394] Call Trace:
[ 1134.271705]  dump_stack+0x107/0x167
[ 1134.272148]  should_fail.cold+0x5/0xa
[ 1134.272605]  _copy_from_user+0x2e/0x1b0
[ 1134.273085]  __copy_msghdr_from_user+0x91/0x4b0
[ 1134.273645]  ? __ia32_sys_shutdown+0x80/0x80
[ 1134.274173]  ? __lock_acquire+0x1657/0x5b00
[ 1134.274701]  ___sys_recvmsg+0xd5/0x200
[ 1134.275163]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1134.275750]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.276249]  ? lock_acquire+0x197/0x470
[ 1134.276723]  ? find_held_lock+0x2c/0x110
[ 1134.277210]  ? __might_fault+0xd3/0x180
[ 1134.277698]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.278216]  do_recvmmsg+0x24c/0x6d0
[ 1134.278662]  ? ___sys_recvmsg+0x200/0x200
[ 1134.279161]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.279661]  ? ksys_write+0x12d/0x260
[ 1134.280124]  ? wait_for_completion_io+0x270/0x270
[ 1134.280702]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1134.281192] FAULT_INJECTION: forcing a failure.
[ 1134.281192] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1134.281253]  ? vfs_write+0x354/0xa70
[ 1134.281276]  __x64_sys_recvmmsg+0x20f/0x260
[ 1134.284530]  ? ksys_write+0x1a9/0x260
[ 1134.284981]  ? __do_sys_socketcall+0x600/0x600
[ 1134.285526]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1134.286155]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1134.286764]  do_syscall_64+0x33/0x40
[ 1134.287200]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1134.287778] RIP: 0033:0x7f13d67b3b19
[ 1134.288218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1134.290394] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1134.291289] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1134.292094] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1134.292948] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1134.293803] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1134.294649] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1134.295668] CPU: 1 PID: 7280 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1134.297057] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1134.298762] Call Trace:
[ 1134.299299]  dump_stack+0x107/0x167
[ 1134.300045]  should_fail.cold+0x5/0xa
[ 1134.300829]  _copy_from_user+0x2e/0x1b0
[ 1134.301645]  __copy_msghdr_from_user+0x91/0x4b0
[ 1134.302590]  ? __ia32_sys_shutdown+0x80/0x80
[ 1134.303486]  ? __lock_acquire+0x1657/0x5b00
[ 1134.304377]  ___sys_recvmsg+0xd5/0x200
18:27:18 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x40062}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="280000001000010000000000000000000000000005000000000000000c000080080010", @ANYRES32, @ANYBLOB="5dc07f58a3256c4d5f3dd27206f04fe9295d791481adc131040127d140d0e99c9353d6f4044c4f9ed3f18bfe7dc5bab1eb8b71f8845681cda47f106f612bf95996680ee509008d38775905f2f2ac599c42eaf951bbb06302663b6ba2fdef0e3fdd78be061c65b9a2a5f1ab4e3d7acee0f0c546c885cf76a3d05522f43b1db09bae2403038039ca9a453c21d171dd7ebb6661ae6042bd6c9bd4fec536832f7278accf6d1d50678c7779b1376500e9b018c81882cbb3dc7ffb6cc642d54d1e555c42686356cfbe0dd390a76f412d7b2ecdff63eb7ee1212ac65295587e542c6a7188bd7d562e14d1aaeab1e9ddbc9060cb250e122a5610195294d47c862549b84a56e2624e4ec6504a08c748351bb2bbc8c5e3332db578d774ffb3d7cad8bad91fe7c4a2d46765e3249a046aff3abcf799a0baf65f69"], 0x28}}, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8914, &(0x7f0000000140)={'lo\x00', <r2=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'sit0\x00', r2, 0x4, 0x85, 0x52, 0x0, 0x24, @empty, @mcast2, 0x0, 0x80, 0x402, 0xa273}})
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x406e2, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="280000001000010000000000000000000000000005000000000000000c000080080010", @ANYRES32=r4, @ANYBLOB="5dc07f58a3256c4d5f3dd27206f04fe9295d791481adc131040127d140d0e99c9353d6f4044c4f9ed3f18bfe7dc5bab1eb8b71f8845681cda47f106f612bf95996681ee509008d38775905f2f2ac599c42eaf951bbb06302663b6ba2fdef0e3fdd78be061c65b9a2a5f1ab4e3d7acee0f0c546c885cf76a3d05522f43b1db09bae2403038039ca9a453c21d171dd7ebb6661ae6042bd6c9bd410c636832f7278accf6d1d50678c7779b1376500e9b018c81882cbb3dc7ffb6cc642d54d1e555c42686356cfbe0dd390a76f41cdff63eb7ee121700334"], 0x28}}, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8914, &(0x7f0000000140)={'lo\x00', <r6=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r4, 0x89f9, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'sit0\x00', r6, 0x4, 0x85, 0x52, 0x0, 0x24, @empty, @mcast2, 0x0, 0x80, 0x402, 0xa273}})
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x406e2, 0x0)
sendmsg$nl_generic(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="280000001000010000000000000000000000000005000000000000000c000080080000", @ANYRES32=r8, @ANYBLOB="5dc07f58a3256c4d5f3dd27206f04fe9295d791481adc131040127d140d0e99c9353d6f4044c4f9ed3f18bfe7dc5bab1eb8b71f8845681cda47f106f612bf95996681ee509008d38775905f2f2ac599c42eaf951bbb06302663b6ba2fdef0e3fdd78be061c65b9a2a5f1ab4e3d7acee0f0c546c885cf76a3d05522f43b1db09bae2403038039ca9a453c21d171dd7ebb6661ae6042bd6c9bd410c636832f7278accf6d1d50678c7779b1376500e9b018c81882cbb3dc7ffb6cc642d54d1e555c42686356cfbe0dd390a76f41cdff63eb7ee121700334"], 0x28}}, 0x0)
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r9, 0x8914, &(0x7f0000000140)={'lo\x00', <r10=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r8, 0x89f9, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'sit0\x00', r10, 0x4, 0x85, 0x52, 0x0, 0x24, @empty, @mcast2, 0x0, 0x80, 0x402, 0xa273}})
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x108, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4088095}, 0x40004)
fcntl$getflags(r0, 0x408)

[ 1134.305172]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1134.306422]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.307266]  ? lock_acquire+0x197/0x470
[ 1134.308063]  ? find_held_lock+0x2c/0x110
[ 1134.308892]  ? __might_fault+0xd3/0x180
[ 1134.309705]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.310572]  do_recvmmsg+0x24c/0x6d0
[ 1134.311345]  ? ___sys_recvmsg+0x200/0x200
[ 1134.312193]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.313050]  ? ksys_write+0x12d/0x260
[ 1134.313857]  ? wait_for_completion_io+0x270/0x270
[ 1134.314847]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1134.315790]  ? vfs_write+0x354/0xa70
[ 1134.316557]  __x64_sys_recvmmsg+0x20f/0x260
[ 1134.317422]  ? ksys_write+0x1a9/0x260
[ 1134.318224]  ? __do_sys_socketcall+0x600/0x600
[ 1134.319151]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1134.320223]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1134.321276]  do_syscall_64+0x33/0x40
18:27:18 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 35)

[ 1134.322037]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1134.323155] RIP: 0033:0x7fd50191ab19
[ 1134.323909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1134.327618] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1134.329175] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
18:27:18 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1134.330641] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1134.332286] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1134.333860] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1134.335419] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1134.354979] FAULT_INJECTION: forcing a failure.
[ 1134.354979] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1134.357577] CPU: 0 PID: 7287 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1134.358958] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1134.360647] Call Trace:
[ 1134.361188]  dump_stack+0x107/0x167
[ 1134.361952]  should_fail.cold+0x5/0xa
[ 1134.362735]  _copy_from_user+0x2e/0x1b0
[ 1134.363550]  __copy_msghdr_from_user+0x91/0x4b0
[ 1134.364496]  ? __ia32_sys_shutdown+0x80/0x80
[ 1134.365398]  ? __lock_acquire+0x1657/0x5b00
[ 1134.366285]  ___sys_recvmsg+0xd5/0x200
[ 1134.367082]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1134.368084]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.368940]  ? lock_acquire+0x197/0x470
[ 1134.369757]  ? find_held_lock+0x2c/0x110
[ 1134.370587]  ? __might_fault+0xd3/0x180
[ 1134.371393]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.372260]  do_recvmmsg+0x24c/0x6d0
[ 1134.373023]  ? ___sys_recvmsg+0x200/0x200
[ 1134.373881]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.374746]  ? ksys_write+0x12d/0x260
[ 1134.375551]  ? wait_for_completion_io+0x270/0x270
[ 1134.376545]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1134.377487]  ? vfs_write+0x354/0xa70
[ 1134.378252]  __x64_sys_recvmmsg+0x20f/0x260
[ 1134.379127]  ? ksys_write+0x1a9/0x260
[ 1134.379898]  ? __do_sys_socketcall+0x600/0x600
[ 1134.380833]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1134.381919]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1134.382985]  do_syscall_64+0x33/0x40
[ 1134.383746]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1134.384792] RIP: 0033:0x7f301b410b19
[ 1134.385557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1134.389254] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1134.390808] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1134.392269] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1134.393740] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1134.395175] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1134.396629] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:27:18 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x4000000000000000}}], 0x35f, 0x10062, 0x0)

18:27:18 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9", 0x3, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1134.469216] FAULT_INJECTION: forcing a failure.
[ 1134.469216] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1134.472073] CPU: 0 PID: 7294 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1134.473471] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1134.475177] Call Trace:
[ 1134.475713]  dump_stack+0x107/0x167
[ 1134.476462]  should_fail.cold+0x5/0xa
[ 1134.477245]  _copy_from_user+0x2e/0x1b0
[ 1134.478088]  __copy_msghdr_from_user+0x91/0x4b0
[ 1134.479046]  ? __ia32_sys_shutdown+0x80/0x80
[ 1134.479939]  ? __lock_acquire+0x1657/0x5b00
[ 1134.480825]  ___sys_recvmsg+0xd5/0x200
[ 1134.481631]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1134.482636]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.483485]  ? lock_acquire+0x197/0x470
[ 1134.484283]  ? find_held_lock+0x2c/0x110
[ 1134.485117]  ? __might_fault+0xd3/0x180
[ 1134.485937]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.486802]  do_recvmmsg+0x24c/0x6d0
[ 1134.487579]  ? ___sys_recvmsg+0x200/0x200
[ 1134.488426]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.489295]  ? ksys_write+0x12d/0x260
[ 1134.490096]  ? wait_for_completion_io+0x270/0x270
[ 1134.491074]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1134.492026]  ? vfs_write+0x354/0xa70
[ 1134.492788]  __x64_sys_recvmmsg+0x20f/0x260
[ 1134.493668]  ? ksys_write+0x1a9/0x260
[ 1134.494440]  ? __do_sys_socketcall+0x600/0x600
[ 1134.495381]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1134.496448]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1134.497507]  do_syscall_64+0x33/0x40
[ 1134.498287]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1134.499338] RIP: 0033:0x7f13d67b3b19
[ 1134.500095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1134.503788] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1134.505330] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1134.506777] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1134.508223] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1134.509674] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1134.511118] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:27:18 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 3)

18:27:18 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 28)

18:27:18 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)

[ 1134.632934] FAULT_INJECTION: forcing a failure.
[ 1134.632934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1134.634200] FAULT_INJECTION: forcing a failure.
[ 1134.634200] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1134.635699] CPU: 0 PID: 7307 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1134.639299] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1134.640982] Call Trace:
[ 1134.641519]  dump_stack+0x107/0x167
[ 1134.642274]  should_fail.cold+0x5/0xa
[ 1134.643061]  _copy_from_user+0x2e/0x1b0
[ 1134.643882]  __copy_msghdr_from_user+0x91/0x4b0
[ 1134.644829]  ? __ia32_sys_shutdown+0x80/0x80
[ 1134.645736]  ? __lock_acquire+0x1657/0x5b00
[ 1134.646632]  ___sys_recvmsg+0xd5/0x200
[ 1134.647429]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1134.648433]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1134.649351]  ? lock_acquire+0x197/0x470
[ 1134.650174]  ? find_held_lock+0x2c/0x110
[ 1134.651009]  ? __might_fault+0xd3/0x180
[ 1134.651817]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.652662]  ? io_schedule_timeout+0x140/0x140
[ 1134.653615]  do_recvmmsg+0x24c/0x6d0
[ 1134.654382]  ? ___sys_recvmsg+0x200/0x200
[ 1134.655226]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.656078]  ? ksys_write+0x12d/0x260
[ 1134.656873]  ? wait_for_completion_io+0x270/0x270
[ 1134.657871]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1134.658813]  ? vfs_write+0x354/0xa70
[ 1134.659587]  __x64_sys_recvmmsg+0x20f/0x260
[ 1134.660462]  ? ksys_write+0x1a9/0x260
[ 1134.661239]  ? __do_sys_socketcall+0x600/0x600
[ 1134.662190]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1134.663255]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1134.664326]  do_syscall_64+0x33/0x40
[ 1134.665087]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1134.666143] RIP: 0033:0x7fd50191ab19
[ 1134.666899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1134.670632] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1134.672198] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1134.673699] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1134.675151] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1134.676593] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1134.678048] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1134.679631] CPU: 1 PID: 7305 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1134.681034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1134.682731] Call Trace:
[ 1134.683277]  dump_stack+0x107/0x167
[ 1134.684026]  should_fail.cold+0x5/0xa
[ 1134.684816]  _copy_from_user+0x2e/0x1b0
[ 1134.685650]  __copy_msghdr_from_user+0x91/0x4b0
[ 1134.686602]  ? __ia32_sys_shutdown+0x80/0x80
[ 1134.687507]  ? __lock_acquire+0x1657/0x5b00
[ 1134.688407]  ___sys_recvmsg+0xd5/0x200
[ 1134.689198]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1134.690198]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.691057]  ? lock_acquire+0x197/0x470
[ 1134.691867]  ? find_held_lock+0x2c/0x110
[ 1134.692707]  ? __might_fault+0xd3/0x180
[ 1134.693518]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.694390]  do_recvmmsg+0x24c/0x6d0
[ 1134.695160]  ? ___sys_recvmsg+0x200/0x200
[ 1134.696010]  ? lock_downgrade+0x6d0/0x6d0
[ 1134.696868]  ? ksys_write+0x12d/0x260
[ 1134.697676]  ? wait_for_completion_io+0x270/0x270
[ 1134.698666]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1134.699622]  ? vfs_write+0x354/0xa70
[ 1134.700388]  __x64_sys_recvmmsg+0x20f/0x260
[ 1134.701272]  ? ksys_write+0x1a9/0x260
[ 1134.702058]  ? __do_sys_socketcall+0x600/0x600
[ 1134.703002]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1134.704072]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1134.705134]  do_syscall_64+0x33/0x40
[ 1134.705903]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1134.706956] RIP: 0033:0x7f301b410b19
[ 1134.707722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1134.711520] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1134.713079] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1134.714552] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1134.716013] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1134.717474] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1134.718937] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:27:31 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 4)

18:27:31 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:27:31 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 29)

18:27:31 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 36)

18:27:31 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x8000000000000000}}], 0x35f, 0x10062, 0x0)

18:27:31 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 19)

18:27:31 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9", 0x3, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1147.176208] FAULT_INJECTION: forcing a failure.
[ 1147.176208] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1147.177894] CPU: 0 PID: 7325 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1147.178755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1147.179834] Call Trace:
[ 1147.180168]  dump_stack+0x107/0x167
[ 1147.180648]  should_fail.cold+0x5/0xa
[ 1147.181128]  _copy_from_user+0x2e/0x1b0
[ 1147.181643]  __copy_msghdr_from_user+0x91/0x4b0
[ 1147.182225]  ? __ia32_sys_shutdown+0x80/0x80
[ 1147.182804]  ? __lock_acquire+0x1657/0x5b00
[ 1147.183361]  ___sys_recvmsg+0xd5/0x200
[ 1147.183874]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1147.184491]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.185035]  ? lock_acquire+0x197/0x470
[ 1147.185529]  ? find_held_lock+0x2c/0x110
[ 1147.186077]  ? __might_fault+0xd3/0x180
[ 1147.186570]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.187124]  do_recvmmsg+0x24c/0x6d0
[ 1147.187614]  ? ___sys_recvmsg+0x200/0x200
[ 1147.188161]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.188709]  ? ksys_write+0x12d/0x260
[ 1147.189211]  ? wait_for_completion_io+0x270/0x270
[ 1147.189855]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1147.190462]  ? vfs_write+0x354/0xa70
[ 1147.190952]  __x64_sys_recvmmsg+0x20f/0x260
[ 1147.191522]  ? ksys_write+0x1a9/0x260
[ 1147.192018]  ? __do_sys_socketcall+0x600/0x600
[ 1147.192621]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1147.193301]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1147.193981]  do_syscall_64+0x33/0x40
[ 1147.194462]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1147.195130] RIP: 0033:0x7f13d67b3b19
[ 1147.195609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1147.198011] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1147.199012] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1147.199949] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1147.200884] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1147.201821] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1147.202761] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1147.205055] FAULT_INJECTION: forcing a failure.
[ 1147.205055] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1147.206632] CPU: 0 PID: 7320 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1147.207517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1147.208591] Call Trace:
[ 1147.208931]  dump_stack+0x107/0x167
[ 1147.209406]  should_fail.cold+0x5/0xa
[ 1147.209872] FAULT_INJECTION: forcing a failure.
[ 1147.209872] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1147.209919]  _copy_from_user+0x2e/0x1b0
[ 1147.212780]  __copy_msghdr_from_user+0x91/0x4b0
[ 1147.213366]  ? __ia32_sys_shutdown+0x80/0x80
[ 1147.213946]  ? __lock_acquire+0x1657/0x5b00
[ 1147.214518]  ___sys_recvmsg+0xd5/0x200
[ 1147.215026]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1147.215656]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.216195]  ? lock_acquire+0x197/0x470
[ 1147.216704]  ? find_held_lock+0x2c/0x110
[ 1147.217233]  ? __might_fault+0xd3/0x180
[ 1147.217759]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.218305]  do_recvmmsg+0x24c/0x6d0
[ 1147.218782]  ? ___sys_recvmsg+0x200/0x200
[ 1147.219328]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.219864]  ? ksys_write+0x12d/0x260
[ 1147.220366]  ? wait_for_completion_io+0x270/0x270
[ 1147.221003]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1147.221606]  ? vfs_write+0x354/0xa70
[ 1147.222101]  __x64_sys_recvmmsg+0x20f/0x260
[ 1147.222668]  ? ksys_write+0x1a9/0x260
[ 1147.223171]  ? __do_sys_socketcall+0x600/0x600
[ 1147.223765]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1147.224455]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1147.225134]  do_syscall_64+0x33/0x40
[ 1147.225624]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1147.226303] RIP: 0033:0x7f301b410b19
[ 1147.226793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1147.229197] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1147.230210] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1147.231129] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1147.232053] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1147.232988] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1147.233918] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1147.234869] CPU: 1 PID: 7331 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1147.236284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1147.238000] Call Trace:
[ 1147.238551]  dump_stack+0x107/0x167
[ 1147.239314]  should_fail.cold+0x5/0xa
[ 1147.240106]  _copy_from_user+0x2e/0x1b0
[ 1147.240940]  __copy_msghdr_from_user+0x91/0x4b0
[ 1147.241937]  ? __ia32_sys_shutdown+0x80/0x80
[ 1147.242734] FAULT_INJECTION: forcing a failure.
[ 1147.242734] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1147.242847]  ? __lock_acquire+0x1657/0x5b00
[ 1147.245151]  ___sys_recvmsg+0xd5/0x200
[ 1147.245951]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1147.246958]  ? lock_acquire+0x197/0x470
[ 1147.247768]  ? find_held_lock+0x2c/0x110
[ 1147.248597]  ? __might_fault+0xd3/0x180
[ 1147.249405]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.250270]  ? io_schedule_timeout+0x140/0x140
[ 1147.251217]  do_recvmmsg+0x24c/0x6d0
[ 1147.251976]  ? ___sys_recvmsg+0x200/0x200
[ 1147.252826]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.253677]  ? ksys_write+0x12d/0x260
[ 1147.254475]  ? wait_for_completion_io+0x270/0x270
[ 1147.255454]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1147.256404]  ? vfs_write+0x354/0xa70
[ 1147.257163]  __x64_sys_recvmmsg+0x20f/0x260
[ 1147.258057]  ? ksys_write+0x1a9/0x260
[ 1147.258837]  ? __do_sys_socketcall+0x600/0x600
[ 1147.259782]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1147.260854]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1147.261929]  do_syscall_64+0x33/0x40
[ 1147.262693]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1147.263742] RIP: 0033:0x7f65a52bbb19
[ 1147.264503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1147.268264] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1147.269835] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1147.271275] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1147.272741] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1147.274194] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1147.275656] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1147.277121] CPU: 0 PID: 7328 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1147.278043] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1147.279119] Call Trace:
[ 1147.279467]  dump_stack+0x107/0x167
[ 1147.279944]  should_fail.cold+0x5/0xa
[ 1147.280433]  _copy_from_user+0x2e/0x1b0
[ 1147.280950]  __copy_msghdr_from_user+0x91/0x4b0
[ 1147.281524]  ? __ia32_sys_shutdown+0x80/0x80
[ 1147.282120]  ? __lock_acquire+0x1657/0x5b00
[ 1147.282664]  ___sys_recvmsg+0xd5/0x200
[ 1147.283175]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1147.283795]  ? lock_acquire+0x197/0x470
[ 1147.284312]  ? find_held_lock+0x2c/0x110
[ 1147.284832]  ? __might_fault+0xd3/0x180
[ 1147.285350]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.285881]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1147.286593]  do_recvmmsg+0x24c/0x6d0
[ 1147.287066]  ? ___sys_recvmsg+0x200/0x200
[ 1147.287613]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.288124]  ? ksys_write+0x12d/0x260
[ 1147.288635]  ? wait_for_completion_io+0x270/0x270
[ 1147.289227]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1147.289853]  ? vfs_write+0x354/0xa70
[ 1147.290324]  __x64_sys_recvmmsg+0x20f/0x260
[ 1147.290881]  ? ksys_write+0x1a9/0x260
[ 1147.291378]  ? __do_sys_socketcall+0x600/0x600
[ 1147.291975]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1147.292674]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1147.293340]  do_syscall_64+0x33/0x40
[ 1147.293838]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1147.294506] RIP: 0033:0x7fd50191ab19
[ 1147.295003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1147.297408] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1147.298406] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1147.299310] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1147.300222] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1147.301118] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1147.302039] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:27:31 executing program 4:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x400c40, 0x0)
ioctl$PTP_PIN_GETFUNC2(r0, 0xc0603d0f, &(0x7f0000000180)={'\x00', 0x4, 0x3, 0x44e8})
sendfile(r0, r0, &(0x7f0000000280)=0xa7e, 0x9)
ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f0000000140)={0x200, 0x1, 0x4, 0x7, 0x9, 0x1})
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0, 0x8)
ioctl$BTRFS_IOC_SEND(r2, 0x40489426, &(0x7f00000000c0)={{r1}, 0x1, &(0x7f0000000000)=[0x10], 0x6, 0x1, [0xe3, 0x8001, 0x5964, 0xfffffffffffffffc]})

18:27:31 executing program 4:
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, 0x7, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4810}, 0x20040800)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x12800, 0x0)
ftruncate(r1, 0xffffffffffffff11)

18:27:31 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0xffffff7f00000000}}], 0x35f, 0x10062, 0x0)

18:27:31 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:27:31 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 37)

18:27:31 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e971", 0x4, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1147.413186] FAULT_INJECTION: forcing a failure.
[ 1147.413186] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1147.415125] CPU: 0 PID: 7345 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1147.415977] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1147.417015] Call Trace:
[ 1147.417350]  dump_stack+0x107/0x167
[ 1147.417832]  should_fail.cold+0x5/0xa
[ 1147.418323]  _copy_from_user+0x2e/0x1b0
[ 1147.418823]  __copy_msghdr_from_user+0x91/0x4b0
[ 1147.419402]  ? __ia32_sys_shutdown+0x80/0x80
[ 1147.419938]  ? __lock_acquire+0x1657/0x5b00
[ 1147.420477]  ___sys_recvmsg+0xd5/0x200
[ 1147.420953]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1147.421571]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.422099]  ? lock_acquire+0x197/0x470
[ 1147.422596]  ? find_held_lock+0x2c/0x110
[ 1147.423111]  ? __might_fault+0xd3/0x180
[ 1147.423613]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.424142]  do_recvmmsg+0x24c/0x6d0
[ 1147.424604]  ? ___sys_recvmsg+0x200/0x200
[ 1147.425115]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.425631]  ? ksys_write+0x12d/0x260
[ 1147.426125]  ? wait_for_completion_io+0x270/0x270
[ 1147.426744]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1147.427311]  ? vfs_write+0x354/0xa70
[ 1147.427769]  __x64_sys_recvmmsg+0x20f/0x260
[ 1147.428315]  ? ksys_write+0x1a9/0x260
[ 1147.428789]  ? __do_sys_socketcall+0x600/0x600
[ 1147.429371]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1147.430031]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1147.430667]  do_syscall_64+0x33/0x40
[ 1147.431128]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1147.431758] RIP: 0033:0x7f13d67b3b19
[ 1147.432221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1147.434484] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1147.435431] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1147.436297] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1147.437165] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1147.438050] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1147.438916] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:27:31 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 20)

18:27:31 executing program 4:
keyctl$read(0xb, 0x0, &(0x7f00000000c0)=""/227, 0xe3)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffff001}, 0x20, 0x0, 0x0, 0x0, 0x1, 0x40}, 0x0, 0x100000000005, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)

18:27:31 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 5)

18:27:31 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 30)

[ 1147.525670] FAULT_INJECTION: forcing a failure.
[ 1147.525670] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1147.527166] CPU: 0 PID: 7356 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1147.527934] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1147.528861] Call Trace:
[ 1147.529169]  dump_stack+0x107/0x167
[ 1147.529595]  should_fail.cold+0x5/0xa
[ 1147.530051]  _copy_from_user+0x2e/0x1b0
[ 1147.530516]  __copy_msghdr_from_user+0x91/0x4b0
[ 1147.531057]  ? __ia32_sys_shutdown+0x80/0x80
[ 1147.531572]  ? __lock_acquire+0x1657/0x5b00
[ 1147.532076]  ___sys_recvmsg+0xd5/0x200
[ 1147.532520]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1147.533076]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1147.533670]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1147.534196]  ? trace_hardirqs_on+0x5b/0x180
[ 1147.534692]  ? lock_acquire+0x197/0x470
[ 1147.535155]  ? find_held_lock+0x2c/0x110
[ 1147.535645]  ? __might_fault+0xd3/0x180
[ 1147.536117]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.536609]  ? io_schedule_timeout+0x140/0x140
[ 1147.537162]  do_recvmmsg+0x24c/0x6d0
[ 1147.537609]  ? ___sys_recvmsg+0x200/0x200
[ 1147.538137]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.538636]  ? ksys_write+0x12d/0x260
[ 1147.539096]  ? wait_for_completion_io+0x270/0x270
[ 1147.539677]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1147.540228]  ? vfs_write+0x354/0xa70
[ 1147.540679]  __x64_sys_recvmmsg+0x20f/0x260
[ 1147.541191]  ? ksys_write+0x1a9/0x260
[ 1147.541640]  ? __do_sys_socketcall+0x600/0x600
[ 1147.542200]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1147.542827]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1147.543444]  do_syscall_64+0x33/0x40
[ 1147.543887]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1147.544487] RIP: 0033:0x7f301b410b19
[ 1147.544927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1147.547099] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1147.547997] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1147.548839] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1147.549670] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1147.550520] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1147.551372] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1147.608173] FAULT_INJECTION: forcing a failure.
[ 1147.608173] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1147.610879] CPU: 1 PID: 7358 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1147.612253] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1147.613936] Call Trace:
[ 1147.614473]  dump_stack+0x107/0x167
[ 1147.615212]  should_fail.cold+0x5/0xa
[ 1147.615987]  _copy_from_user+0x2e/0x1b0
[ 1147.616801]  __copy_msghdr_from_user+0x91/0x4b0
[ 1147.617779]  ? __ia32_sys_shutdown+0x80/0x80
[ 1147.618666]  ? __lock_acquire+0x1657/0x5b00
[ 1147.619560]  ___sys_recvmsg+0xd5/0x200
[ 1147.620347]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1147.621337]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.622186]  ? lock_acquire+0x197/0x470
[ 1147.622991]  ? find_held_lock+0x2c/0x110
[ 1147.623817]  ? __might_fault+0xd3/0x180
[ 1147.624619]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.625481]  do_recvmmsg+0x24c/0x6d0
[ 1147.626262]  ? ___sys_recvmsg+0x200/0x200
[ 1147.627101]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.627944]  ? ksys_write+0x12d/0x260
[ 1147.628726]  ? wait_for_completion_io+0x270/0x270
[ 1147.629710]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1147.630647]  ? vfs_write+0x354/0xa70
[ 1147.631398]  __x64_sys_recvmmsg+0x20f/0x260
[ 1147.632263]  ? ksys_write+0x1a9/0x260
[ 1147.633026]  ? __do_sys_socketcall+0x600/0x600
[ 1147.633954]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1147.635002]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1147.636030]  do_syscall_64+0x33/0x40
[ 1147.636776]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1147.637814] RIP: 0033:0x7fd50191ab19
[ 1147.638566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1147.642233] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1147.643745] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1147.645159] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1147.646592] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1147.648002] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1147.649417] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1147.655063] FAULT_INJECTION: forcing a failure.
[ 1147.655063] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1147.656886] CPU: 0 PID: 7359 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1147.657666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1147.658627] Call Trace:
[ 1147.658944]  dump_stack+0x107/0x167
[ 1147.659369]  should_fail.cold+0x5/0xa
[ 1147.659804]  _copy_from_user+0x2e/0x1b0
[ 1147.660265]  __copy_msghdr_from_user+0x91/0x4b0
[ 1147.660804]  ? __ia32_sys_shutdown+0x80/0x80
[ 1147.661310]  ? __lock_acquire+0x1657/0x5b00
[ 1147.661830]  ___sys_recvmsg+0xd5/0x200
[ 1147.662271]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1147.662843]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.663312]  ? lock_acquire+0x197/0x470
[ 1147.663761]  ? find_held_lock+0x2c/0x110
[ 1147.664230]  ? __might_fault+0xd3/0x180
[ 1147.664680]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.665159]  do_recvmmsg+0x24c/0x6d0
[ 1147.665585]  ? ___sys_recvmsg+0x200/0x200
[ 1147.666063]  ? lock_downgrade+0x6d0/0x6d0
[ 1147.666540]  ? ksys_write+0x12d/0x260
[ 1147.666967]  ? wait_for_completion_io+0x270/0x270
[ 1147.667518]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1147.668027]  ? vfs_write+0x354/0xa70
[ 1147.668449]  __x64_sys_recvmmsg+0x20f/0x260
[ 1147.668910]  ? ksys_write+0x1a9/0x260
[ 1147.669339]  ? __do_sys_socketcall+0x600/0x600
[ 1147.669841]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1147.670435]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1147.670996]  do_syscall_64+0x33/0x40
[ 1147.671416]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1147.671976] RIP: 0033:0x7f65a52bbb19
[ 1147.672399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1147.674419] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1147.675249] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1147.676032] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1147.676812] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1147.677580] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1147.678381] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:27:44 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 21)

18:27:44 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 31)

18:27:44 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 38)

18:27:44 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:27:44 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
fcntl$setlease(r0, 0x400, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
ppoll(&(0x7f0000000100)=[{0xffffffffffffffff, 0x508}, {r4, 0x20}, {r2, 0x4400}], 0x3, &(0x7f0000000140)={0x0, 0x989680}, &(0x7f0000000180)={[0xc06d]}, 0x8)
pipe2(&(0x7f0000000080)={<r5=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r5, 0x408)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r5, 0xc008240a, &(0x7f0000000240)=ANY=[@ANYBLOB="08000000000000000000000000000a00000000000000000000000000000000000000000000000000abd8671cda7acfd1c546be35f19507e01dd82df1be711a6639f32462b064ce6c82da27f6fd1ec0b51a0c2ee02a977dffd50b59c2bc1f4cbeb6"])
r6 = accept$inet(r1, 0x0, &(0x7f0000000000))
sendmmsg$inet(r1, &(0x7f0000000fc0)=[{{&(0x7f00000001c0)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000200)="1a36f026a85d2e88099998e640b46dfb25bf71a1cbc4a8f54d5cf0eb38543973aae21e38b16270d2c185cbbf5816a8625d686f7da44882d6f904702b", 0x3c}, {&(0x7f00000002c0)="736a0c5d7c7addc06d8e3721ad4e4c1edd00179eabb87500870cd03f3c", 0x1d}], 0x2, &(0x7f0000000340)=[@ip_tos_int={{0x14, 0x0, 0x1, 0xff}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x20}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x6}}, @ip_ttl={{0x14, 0x0, 0x2, 0x24}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}, @ip_ttl={{0x14, 0x0, 0x2, 0xffffffff}}], 0xb0}}, {{&(0x7f0000000400)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000440)="47b0550d3eab385ba55d0116d232f262be638d9f1631a7c577a35fc5cc0d76ce97bd674b540a8bb2e37acb30b055e70521022cb56670ed79e33e4a4e1c289494fa430db02aa91693d8bffec0296c0836062e2608d6c132c64f951ba5a5e890c1e8861a9d3f6a18c1a5644ed6e04a7d6b475fe4cb01b94416efd3c27438cff842de779033122b7ad6c716fd32cedf8a629981499d555e05bd7da02943c8d79819798d3e0dae2a9579b982fdc52c8d", 0xae}, {&(0x7f0000000500)="5ab8d04eb506bc9080d87271d094f5e5f859fbc40f282d86ab1a843eb544cfcc8229e6a89d4604ccac90394ef8695fd2938473888bcecd0b9d", 0x39}, {&(0x7f0000000540)="6ba10f78fcbe03aad208e6d5950aedc1202fec3e081cc7bb9b0e60a0163b11412b09ae9aefcaa873f1d32fe479cc819304af216d05a3b2a2d9c24bd86bb42c80dac981d0cad40448aa56aafda93d77fd872a93de891f072f3541b2c0a2733ce42309b16c2834cb22450f4f87fd22ae25f8d98b11842efc132f847f84062933b7ed46e78b17fa8b1cc2d9b8ecd48b45d4", 0x90}], 0x3, &(0x7f0000000640)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x7f}}], 0x18}}, {{&(0x7f0000000680)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f0000000980)=[{&(0x7f00000006c0)="869b4f9d6b2a0d", 0x7}, {&(0x7f0000000700)="cb5bd022e52a277d", 0x8}, {&(0x7f0000000740)="13a22235d6416542f5a039d44e9b40f59c34b65235ce59c264526935f5bb298ca697e3139b599eda46b6ecb0477d67f956fda27767a73f9e43aeb1", 0x3b}, {&(0x7f0000000780)="ad2e0af9a8cc9db2e2a88c89e4b3d0edeb7e08d35f0ce57fd0e58bf52458215504b396228c6dd8a5edc614ed06f72d98b8c1f1d614aea3ee3c5c883e91ceadec8167b0ebbb172d400790fc8d90fadffe15bcc2045521b623e4666d51", 0x5c}, {&(0x7f0000000800)="9659576ad5c41b688729cc8cf1ddb63dcf051ead06faeed15161c13572775aa0b4ac8813f4e0175a97ee9e24442ebaf5fb23e3cbf5402dbcdea4f3624e96a774bd33b8043b", 0x45}, {&(0x7f0000000880)}, {&(0x7f00000008c0)="08f435e41239efd099ce5216354efdba4bc10d1e1a740f9b2c547af6cb0efa82d8f8a75deecd2b04e0b98bb3f7bfc880df350a5195f3ff8fcc7d7f34be7c2e3e8e650bad4be58eec01df67dc567ad12f0e58e166860f93642c24dd2dd90028883c990db72473fcd672d2d040e5163f20b63bb47a2d896fe8443560d0371fd988b5d9ab2b14b2d6dd2508f22063be9d47c1d9fc2e25b344d345308c587d6f71664230dbd8d3799911a0ffe42576ffd38b048419", 0xb3}], 0x7, &(0x7f0000000a00)=[@ip_ttl={{0x14, 0x0, 0x2, 0x7}}], 0x18}}, {{&(0x7f0000000a40)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000d40)=[{&(0x7f0000000a80)="f308a68f4693478dec17dee5402fef32039c6c412c6aa9644b8a842e790aa7f99039c89d9151c61df106cd67d7104cd00aaf8da879f8abf8ec527266712f02c3c54ee3b554ba382a7797d2db620c7ef15bc7a17632866d071c6da1723149514c5381dc92287eec282cdd72d3543798a7d29a83d6c20bfbf7e40a82c88bd4a07c896644cfbc0385fe615ed13141168380bb970314689215df7db5247bbe721bb8e6f935d14a6e66c18a4d0dae10799408a7824b5935c0ef0f02156e7e0c1dfa87959e91e13eda1f0fa1e73e3e7c74091b8e7a0198e3fdad8944ac8dad9ad0e8a7f300bc0db515f497d03481a8a30b49cc81d759a75f14", 0xf6}, {&(0x7f0000000b80)="4cb369a4ae1e5f55760114aa998e70457cbbcec286d199ce98f56da3349a3fba84cf9fd717439dd6f1d9c9c96bfc7812370becde65c6be26d04058991fe1c0fdef1b8929dc656e862d94f316ca177b3e83abcad046f31d2b4c78af414698ee68469cf08969076cc3ad2963aca5fec7a7d11a2986262a69a7eb707bb66caca61d2700569e4a77c663b13e773911a1a26ba13e3accc7705b81b59cf7d8b13869119a4ea2cb0f6899b50994be602aa033f9f2c4bfa712ec1183f4f3b7a94315c4af5879118fc90548ff664acb386acb41a5f615fd4b899c2f4612cccf6fa4e5cc5a87762b3f5cdbe57208", 0xe9}, {&(0x7f0000000c80)="3cdf1410533ff1dabeae1581f42844494e22acbc4331571a75dc89b298177a5d9bc8636573bc9cadda0eee97745089ca8444ba84f85298f4ca78f2fc8c363d2e7d30c9656ec8a2e507a49c1b4562400bfa46d44c8bd11d8ddd49eb3525a3cc5d1d394088e88bf7487c4c5c9fb54c375c2eee3e325aaf100ffc3de726d2dcbe4389d38405472cdd1f789c0a0930ee56ce560949522c0094342d1fbaa26f8802cc7d8a9dadea8ed8", 0xa7}], 0x3, &(0x7f0000000d80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private=0xa010100, @empty}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x2}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xa3}}, @ip_retopts={{0x7c, 0x0, 0x7, {[@lsrr={0x83, 0xb, 0x3d, [@private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @cipso={0x86, 0x5f, 0x1, [{0x2, 0x6, "b741c2dc"}, {0x2, 0xa, "1b5cc934cffd64f5"}, {0x7, 0x2}, {0x7, 0x12, "d1af7e830bfdf24d3a4daacb79d3f2c8"}, {0x0, 0x9, "8e63e993e6a1c3"}, {0x5, 0xd, "fd25193adc077575f21b62"}, {0x7, 0x4, "1755"}, {0x7, 0xc, "28d6a9cbc38fcd03e046"}, {0x6, 0xf, "66dca1d2a0c9f7d1eb9e34bbed"}]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x2}}, @ip_retopts={{0x58, 0x0, 0x7, {[@ssrr={0x89, 0x2b, 0xfc, [@remote, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x33}, @empty, @multicast1, @local, @remote, @empty, @empty]}, @rr={0x7, 0x1b, 0x93, [@multicast2, @dev={0xac, 0x14, 0x14, 0x42}, @multicast1, @remote, @remote, @loopback]}]}}}, @ip_retopts={{0x10}}, @ip_ttl={{0x14, 0x0, 0x2, 0x9}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x11}, @empty}}}, @ip_retopts={{0x30, 0x0, 0x7, {[@timestamp={0x44, 0x1c, 0xb9, 0x0, 0xa, [0x0, 0x5, 0x10001, 0x4, 0x3, 0x464b]}, @ra={0x94, 0x4}]}}}], 0x1b8}}], 0x4, 0x4004010)
sendfile(r3, r6, &(0x7f0000000040)=0x6, 0x2)
fcntl$getflags(r1, 0x408)

18:27:44 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0xffffffff00000000}}], 0x35f, 0x10062, 0x0)

18:27:44 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e971", 0x4, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:27:44 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 6)

[ 1160.516814] FAULT_INJECTION: forcing a failure.
[ 1160.516814] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1160.519663] CPU: 1 PID: 7368 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1160.521056] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1160.522754] Call Trace:
[ 1160.523289]  dump_stack+0x107/0x167
[ 1160.524042]  should_fail.cold+0x5/0xa
[ 1160.524825]  _copy_from_user+0x2e/0x1b0
[ 1160.525646]  __copy_msghdr_from_user+0x91/0x4b0
[ 1160.526629]  ? __ia32_sys_shutdown+0x80/0x80
[ 1160.527503]  ? __lock_acquire+0x1657/0x5b00
[ 1160.528411]  ___sys_recvmsg+0xd5/0x200
[ 1160.529211]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1160.530232]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1160.531094] FAULT_INJECTION: forcing a failure.
[ 1160.531094] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1160.531173]  ? lock_acquire+0x197/0x470
[ 1160.531191]  ? find_held_lock+0x2c/0x110
[ 1160.531219]  ? __might_fault+0xd3/0x180
[ 1160.535873]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.536707]  ? io_schedule_timeout+0x140/0x140
[ 1160.537665]  do_recvmmsg+0x24c/0x6d0
[ 1160.538429]  ? ___sys_recvmsg+0x200/0x200
[ 1160.539264]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.540126]  ? ksys_write+0x12d/0x260
[ 1160.540922]  ? wait_for_completion_io+0x270/0x270
[ 1160.541899]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1160.542855]  ? vfs_write+0x354/0xa70
[ 1160.543621]  __x64_sys_recvmmsg+0x20f/0x260
[ 1160.544530]  ? ksys_write+0x1a9/0x260
[ 1160.545307]  ? __do_sys_socketcall+0x600/0x600
[ 1160.546260]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1160.547376]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1160.548439]  do_syscall_64+0x33/0x40
[ 1160.549198]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1160.550261] RIP: 0033:0x7fd50191ab19
[ 1160.551035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1160.554760] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1160.556314] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1160.557803] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1160.559279] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1160.560761] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1160.562218] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1160.563770] CPU: 0 PID: 7380 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1160.565180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1160.566863] Call Trace:
[ 1160.567407]  dump_stack+0x107/0x167
[ 1160.568150]  should_fail.cold+0x5/0xa
[ 1160.568935]  _copy_from_user+0x2e/0x1b0
[ 1160.569762]  __copy_msghdr_from_user+0x91/0x4b0
[ 1160.570746]  ? __ia32_sys_shutdown+0x80/0x80
[ 1160.571665]  ? __lock_acquire+0x1657/0x5b00
[ 1160.572631]  ___sys_recvmsg+0xd5/0x200
[ 1160.573426]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1160.574434]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.575296]  ? lock_acquire+0x197/0x470
[ 1160.576251]  ? find_held_lock+0x2c/0x110
[ 1160.577106]  ? __might_fault+0xd3/0x180
[ 1160.577133] FAULT_INJECTION: forcing a failure.
[ 1160.577133] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1160.578037]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.578077]  do_recvmmsg+0x24c/0x6d0
[ 1160.578110]  ? ___sys_recvmsg+0x200/0x200
[ 1160.583163]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.584169]  ? ksys_write+0x12d/0x260
[ 1160.585106]  ? wait_for_completion_io+0x270/0x270
[ 1160.586305]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1160.587427]  ? vfs_write+0x354/0xa70
[ 1160.588334]  __x64_sys_recvmmsg+0x20f/0x260
[ 1160.589382]  ? ksys_write+0x1a9/0x260
[ 1160.590315]  ? __do_sys_socketcall+0x600/0x600
[ 1160.591415]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1160.592677]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1160.593935]  do_syscall_64+0x33/0x40
[ 1160.594839]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1160.596069] RIP: 0033:0x7f301b410b19
[ 1160.596969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1160.601013] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1160.602596] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1160.604058] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1160.605519] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1160.607017] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1160.608467] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1160.609971] CPU: 1 PID: 7369 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1160.611419] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1160.613130] Call Trace:
[ 1160.613682]  dump_stack+0x107/0x167
[ 1160.614452]  should_fail.cold+0x5/0xa
[ 1160.615252]  _copy_from_user+0x2e/0x1b0
[ 1160.616100]  __copy_msghdr_from_user+0x91/0x4b0
[ 1160.617066]  ? __ia32_sys_shutdown+0x80/0x80
[ 1160.617988]  ? __lock_acquire+0x1657/0x5b00
[ 1160.618895]  ___sys_recvmsg+0xd5/0x200
[ 1160.619696]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1160.620713]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.621569]  ? lock_acquire+0x197/0x470
[ 1160.622397]  ? find_held_lock+0x2c/0x110
[ 1160.623243]  ? __might_fault+0xd3/0x180
[ 1160.624066]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.624946]  do_recvmmsg+0x24c/0x6d0
[ 1160.625720]  ? ___sys_recvmsg+0x200/0x200
[ 1160.626571]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.627437]  ? ksys_write+0x12d/0x260
[ 1160.628246]  ? wait_for_completion_io+0x270/0x270
[ 1160.629248]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1160.630192]  ? vfs_write+0x354/0xa70
[ 1160.630942]  __x64_sys_recvmmsg+0x20f/0x260
[ 1160.631842]  ? ksys_write+0x1a9/0x260
[ 1160.632622]  ? __do_sys_socketcall+0x600/0x600
[ 1160.633557]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1160.634664]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1160.635731]  do_syscall_64+0x33/0x40
[ 1160.636511]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1160.637564] RIP: 0033:0x7f65a52bbb19
[ 1160.638328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1160.642122] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1160.643704] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1160.645160] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1160.646636] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1160.648086] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1160.649529] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1160.666926] FAULT_INJECTION: forcing a failure.
[ 1160.666926] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1160.669798] CPU: 1 PID: 7378 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1160.671284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1160.673009] Call Trace:
[ 1160.673548]  dump_stack+0x107/0x167
[ 1160.674317]  should_fail.cold+0x5/0xa
[ 1160.675102]  _copy_from_user+0x2e/0x1b0
[ 1160.675936]  __copy_msghdr_from_user+0x91/0x4b0
[ 1160.676905]  ? __ia32_sys_shutdown+0x80/0x80
[ 1160.677801]  ? __lock_acquire+0x1657/0x5b00
[ 1160.678709]  ___sys_recvmsg+0xd5/0x200
[ 1160.679525]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1160.680533]  ? lock_acquire+0x197/0x470
[ 1160.681340]  ? find_held_lock+0x2c/0x110
[ 1160.682183]  ? __might_fault+0xd3/0x180
[ 1160.682991]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.683839]  ? io_schedule_timeout+0x140/0x140
[ 1160.684784]  do_recvmmsg+0x24c/0x6d0
[ 1160.685545]  ? ___sys_recvmsg+0x200/0x200
[ 1160.686402]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.687256]  ? ksys_write+0x12d/0x260
[ 1160.688043]  ? wait_for_completion_io+0x270/0x270
[ 1160.689026]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1160.690261]  ? vfs_write+0x354/0xa70
[ 1160.691024]  __x64_sys_recvmmsg+0x20f/0x260
[ 1160.691904]  ? ksys_write+0x1a9/0x260
[ 1160.692678]  ? __do_sys_socketcall+0x600/0x600
[ 1160.693608]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1160.694684]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1160.695732]  do_syscall_64+0x33/0x40
[ 1160.696492]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1160.697527] RIP: 0033:0x7f13d67b3b19
18:27:44 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r0, 0x408)
r2 = signalfd4(r1, &(0x7f0000000000)={[0x992]}, 0x8, 0x0)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)
r4 = syz_io_uring_setup(0x11a3, &(0x7f00000000c0)={0x0, 0x53f0, 0x2, 0x2, 0x16b, 0x0, r1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000140))
pipe2(&(0x7f0000000080)={<r5=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r5, 0x408)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
pipe2(&(0x7f0000000080)={<r7=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r7, 0x408)
ioctl$FS_IOC_FSSETXATTR(r7, 0x401c5820, &(0x7f0000000200)={0x4, 0xe6, 0xfffffff7, 0x7, 0x10001})
pipe2(&(0x7f0000000080)={<r8=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r8, 0x408)
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f00000001c0)=[r3, r0, r4, r5, r6, r8], 0x6)

[ 1160.698302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1160.702312] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1160.703877] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1160.705336] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1160.706810] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1160.708264] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
18:27:44 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 32)

[ 1160.709731] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:27:44 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e971", 0x4, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:27:44 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:27:44 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0xffffffffc4653600}}], 0x35f, 0x10062, 0x0)

[ 1160.832119] FAULT_INJECTION: forcing a failure.
[ 1160.832119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1160.834695] CPU: 0 PID: 7393 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1160.836063] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1160.837738] Call Trace:
[ 1160.838290]  dump_stack+0x107/0x167
[ 1160.839035]  should_fail.cold+0x5/0xa
[ 1160.839816]  _copy_from_user+0x2e/0x1b0
[ 1160.840645]  __copy_msghdr_from_user+0x91/0x4b0
[ 1160.841665]  ? __ia32_sys_shutdown+0x80/0x80
[ 1160.842610]  ? __lock_acquire+0x1657/0x5b00
[ 1160.843591]  ___sys_recvmsg+0xd5/0x200
[ 1160.844411]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1160.845444]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.846335]  ? lock_acquire+0x197/0x470
[ 1160.847128]  ? find_held_lock+0x2c/0x110
[ 1160.847952]  ? __might_fault+0xd3/0x180
[ 1160.848782]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.849637]  do_recvmmsg+0x24c/0x6d0
[ 1160.850432]  ? ___sys_recvmsg+0x200/0x200
[ 1160.851295]  ? lock_downgrade+0x6d0/0x6d0
[ 1160.852170]  ? ksys_write+0x12d/0x260
[ 1160.852958]  ? wait_for_completion_io+0x270/0x270
[ 1160.853957]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1160.854982]  ? vfs_write+0x354/0xa70
[ 1160.855730]  __x64_sys_recvmmsg+0x20f/0x260
[ 1160.856611]  ? ksys_write+0x1a9/0x260
[ 1160.857379]  ? __do_sys_socketcall+0x600/0x600
[ 1160.858322]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1160.859442]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1160.860510]  do_syscall_64+0x33/0x40
[ 1160.861257]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1160.862305] RIP: 0033:0x7fd50191ab19
[ 1160.863054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1160.866818] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1160.868446] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1160.869993] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1160.871531] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1160.872942] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1160.874424] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:27:45 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:27:45 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}], 0x35f, 0x10062, 0x0)

18:27:45 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 7)

18:27:45 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 22)

18:27:45 executing program 4:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
vmsplice(r0, &(0x7f0000000040)=[{}], 0x1, 0x0)
fcntl$getflags(r1, 0x408)

[ 1161.005208] FAULT_INJECTION: forcing a failure.
[ 1161.005208] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1161.008127] CPU: 0 PID: 7405 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1161.009528] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1161.011225] Call Trace:
[ 1161.011769]  dump_stack+0x107/0x167
[ 1161.012520]  should_fail.cold+0x5/0xa
[ 1161.013307]  _copy_from_user+0x2e/0x1b0
[ 1161.014158]  __copy_msghdr_from_user+0x91/0x4b0
[ 1161.015103]  ? __ia32_sys_shutdown+0x80/0x80
[ 1161.015989]  ? __lock_acquire+0x1657/0x5b00
[ 1161.016880]  ___sys_recvmsg+0xd5/0x200
[ 1161.017660]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1161.018666]  ? lock_downgrade+0x6d0/0x6d0
[ 1161.019512]  ? lock_acquire+0x197/0x470
[ 1161.020338]  ? find_held_lock+0x2c/0x110
[ 1161.021160]  ? __might_fault+0xd3/0x180
[ 1161.021962]  ? lock_downgrade+0x6d0/0x6d0
[ 1161.022857]  do_recvmmsg+0x24c/0x6d0
[ 1161.023614]  ? ___sys_recvmsg+0x200/0x200
[ 1161.024442]  ? lock_downgrade+0x6d0/0x6d0
[ 1161.025301]  ? ksys_write+0x12d/0x260
[ 1161.026130]  ? wait_for_completion_io+0x270/0x270
[ 1161.027097]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1161.028019]  ? vfs_write+0x354/0xa70
[ 1161.028775]  __x64_sys_recvmmsg+0x20f/0x260
[ 1161.029684]  ? ksys_write+0x1a9/0x260
[ 1161.030489]  ? __do_sys_socketcall+0x600/0x600
[ 1161.031480]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1161.032539]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1161.033593]  do_syscall_64+0x33/0x40
[ 1161.034361]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1161.035459] RIP: 0033:0x7f301b410b19
[ 1161.036222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1161.039996] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1161.041558] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1161.043025] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1161.044478] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1161.045934] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1161.047389] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:27:45 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 39)

18:27:45 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:27:45 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1161.097119] FAULT_INJECTION: forcing a failure.
[ 1161.097119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1161.099917] CPU: 1 PID: 7411 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1161.101312] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1161.103035] Call Trace:
[ 1161.103586]  dump_stack+0x107/0x167
[ 1161.104341]  should_fail.cold+0x5/0xa
[ 1161.105139]  _copy_from_user+0x2e/0x1b0
[ 1161.105953]  __copy_msghdr_from_user+0x91/0x4b0
[ 1161.106905]  ? __ia32_sys_shutdown+0x80/0x80
[ 1161.107828]  ? __lock_acquire+0x1657/0x5b00
[ 1161.108726]  ___sys_recvmsg+0xd5/0x200
[ 1161.109523]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1161.110528]  ? lock_downgrade+0x6d0/0x6d0
[ 1161.111370]  ? lock_acquire+0x197/0x470
[ 1161.112174]  ? find_held_lock+0x2c/0x110
[ 1161.113002]  ? __might_fault+0xd3/0x180
[ 1161.113796]  ? lock_downgrade+0x6d0/0x6d0
[ 1161.114656]  do_recvmmsg+0x24c/0x6d0
[ 1161.115438]  ? ___sys_recvmsg+0x200/0x200
[ 1161.116292]  ? lock_downgrade+0x6d0/0x6d0
[ 1161.117144]  ? ksys_write+0x12d/0x260
[ 1161.117934]  ? wait_for_completion_io+0x270/0x270
[ 1161.118937]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1161.119897]  ? vfs_write+0x354/0xa70
[ 1161.120651]  __x64_sys_recvmmsg+0x20f/0x260
[ 1161.121517]  ? ksys_write+0x1a9/0x260
[ 1161.122308]  ? __do_sys_socketcall+0x600/0x600
[ 1161.123250]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1161.124308]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1161.125355]  do_syscall_64+0x33/0x40
[ 1161.126133]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1161.127174] RIP: 0033:0x7f65a52bbb19
[ 1161.127939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1161.131640] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1161.133171] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1161.134638] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1161.136067] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1161.137491] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1161.137844] FAULT_INJECTION: forcing a failure.
[ 1161.137844] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1161.138934] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1161.143740] CPU: 0 PID: 7415 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1161.145112] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1161.146776] Call Trace:
[ 1161.147316]  dump_stack+0x107/0x167
[ 1161.148069]  should_fail.cold+0x5/0xa
[ 1161.148850]  _copy_from_user+0x2e/0x1b0
[ 1161.149659]  __copy_msghdr_from_user+0x91/0x4b0
[ 1161.150627]  ? __ia32_sys_shutdown+0x80/0x80
[ 1161.151533]  ? __lock_acquire+0x1657/0x5b00
[ 1161.152419]  ___sys_recvmsg+0xd5/0x200
[ 1161.153200]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1161.154193]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1161.155098]  ? lock_acquire+0x197/0x470
[ 1161.155895]  ? find_held_lock+0x2c/0x110
[ 1161.156716]  ? __might_fault+0xd3/0x180
[ 1161.157531]  ? lock_downgrade+0x6d0/0x6d0
[ 1161.158383]  ? io_schedule_timeout+0x140/0x140
[ 1161.159313]  do_recvmmsg+0x24c/0x6d0
[ 1161.160070]  ? ___sys_recvmsg+0x200/0x200
[ 1161.160900]  ? lock_downgrade+0x6d0/0x6d0
[ 1161.161741]  ? ksys_write+0x12d/0x260
[ 1161.162528]  ? wait_for_completion_io+0x270/0x270
[ 1161.163507]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1161.164441]  ? vfs_write+0x354/0xa70
[ 1161.165191]  __x64_sys_recvmmsg+0x20f/0x260
[ 1161.166060]  ? ksys_write+0x1a9/0x260
[ 1161.166823]  ? __do_sys_socketcall+0x600/0x600
[ 1161.167738]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1161.168780]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1161.169814]  do_syscall_64+0x33/0x40
[ 1161.170576]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1161.171604] RIP: 0033:0x7f13d67b3b19
[ 1161.172360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1161.176121] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1161.177652] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1161.179101] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1161.180527] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1161.181973] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1161.183401] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:27:45 executing program 4:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x40000, 0x8b)
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x9361, 0x1)
fcntl$getflags(r1, 0x408)
close(r1)
fcntl$getflags(r0, 0x408)

18:28:00 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 33)

18:28:00 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 23)

18:28:00 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 40)

18:28:00 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000719a095e227ef95138c2f713cd3f4c0503eaa7ea273358a6dbd1795c6fe5c0f97ec14127e6a4bca10e8142ffd4ad9ec95da6fef6afa46d70e7c61dc71ff6778615ebac199cddc91ac464333ec80a71aa092ae9349556e25dd84e9c2ca12d540aa23f4c884c0cf723032f562819cfe31fcd900f71954c3f8d0219bfa5d0828b4d2b26ce61a89ff1d3bbb99f2432f040b3ffc897ae2800e43ae27e291aab1cfb1d0f3e5f8c877d47c7e0f5956c0f4cdb801c817d1a9cc9d02b2ebe5be0af7c3717fe0557570c46f60ff8156c1e0bfae6e8f0d253bd2836aab832", @ANYRES32=r1, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, r1, &(0x7f0000000000)={0xffffffffffffffff, r1, 0x9c})
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x3302, 0x0)
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r2, 0x408)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000280)={0x100, 0x9, 0x6, 0x101, 0x0, 0x0, {0x2}, [@IPSET_ATTR_ADT={0x84, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x7}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x1}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x1}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x11}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x8}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x7fffffff}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xfffffff7}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x6}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_ADT={0x30, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast1}}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x100}, 0x1, 0x0, 0x0, 0x8905}, 0x4000001)

18:28:00 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 8)

18:28:00 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}}], 0x35f, 0x10062, 0x0)

18:28:00 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:00 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1176.536200] FAULT_INJECTION: forcing a failure.
[ 1176.536200] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1176.538693] CPU: 1 PID: 7444 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1176.539629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1176.540787] Call Trace:
[ 1176.541150]  dump_stack+0x107/0x167
[ 1176.541660]  should_fail.cold+0x5/0xa
[ 1176.542214]  _copy_from_user+0x2e/0x1b0
[ 1176.542781]  __copy_msghdr_from_user+0x91/0x4b0
[ 1176.542959] FAULT_INJECTION: forcing a failure.
[ 1176.542959] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1176.543413]  ? __ia32_sys_shutdown+0x80/0x80
[ 1176.543431]  ? __lock_acquire+0x1657/0x5b00
[ 1176.543455]  ___sys_recvmsg+0xd5/0x200
[ 1176.543469]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1176.543483]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.543499]  ? lock_acquire+0x197/0x470
[ 1176.543511]  ? find_held_lock+0x2c/0x110
[ 1176.543528]  ? __might_fault+0xd3/0x180
[ 1176.543541]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.543567]  do_recvmmsg+0x24c/0x6d0
[ 1176.543584]  ? ___sys_recvmsg+0x200/0x200
[ 1176.543596]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.543614]  ? ksys_write+0x12d/0x260
[ 1176.543637]  ? wait_for_completion_io+0x270/0x270
[ 1176.543652]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1176.543663]  ? vfs_write+0x354/0xa70
[ 1176.543679]  __x64_sys_recvmmsg+0x20f/0x260
[ 1176.543701]  ? ksys_write+0x1a9/0x260
[ 1176.556156]  ? __do_sys_socketcall+0x600/0x600
[ 1176.556799]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1176.557503]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1176.558243]  do_syscall_64+0x33/0x40
[ 1176.558771]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1176.559480] RIP: 0033:0x7f13d67b3b19
[ 1176.559996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1176.562553] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1176.563605] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1176.564592] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1176.565576] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1176.566584] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1176.567534] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1176.568568] CPU: 0 PID: 7434 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1176.569997] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1176.571713] Call Trace:
[ 1176.572253]  dump_stack+0x107/0x167
[ 1176.573006]  should_fail.cold+0x5/0xa
[ 1176.573798]  _copy_from_user+0x2e/0x1b0
[ 1176.574635]  __copy_msghdr_from_user+0x91/0x4b0
[ 1176.575578]  ? __ia32_sys_shutdown+0x80/0x80
[ 1176.576475]  ? __lock_acquire+0x1657/0x5b00
[ 1176.576865] FAULT_INJECTION: forcing a failure.
[ 1176.576865] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1176.577370]  ___sys_recvmsg+0xd5/0x200
[ 1176.577391]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1176.577412]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.577437]  ? lock_acquire+0x197/0x470
[ 1176.582356]  ? find_held_lock+0x2c/0x110
[ 1176.583188]  ? __might_fault+0xd3/0x180
[ 1176.583998]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.584860]  do_recvmmsg+0x24c/0x6d0
[ 1176.585623]  ? ___sys_recvmsg+0x200/0x200
[ 1176.586470]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.587315]  ? ksys_write+0x12d/0x260
[ 1176.588112]  ? wait_for_completion_io+0x270/0x270
[ 1176.589102]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1176.590053]  ? vfs_write+0x354/0xa70
[ 1176.590837]  __x64_sys_recvmmsg+0x20f/0x260
[ 1176.591714]  ? ksys_write+0x1a9/0x260
[ 1176.592489]  ? __do_sys_socketcall+0x600/0x600
[ 1176.593429]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1176.594504]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1176.595562]  do_syscall_64+0x33/0x40
[ 1176.596326]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1176.597349] RIP: 0033:0x7f301b410b19
[ 1176.598101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1176.601754] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1176.603297] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1176.604727] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1176.606178] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1176.607631] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1176.609077] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1176.610577] CPU: 1 PID: 7445 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1176.611543] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1176.612682] Call Trace:
[ 1176.613054]  dump_stack+0x107/0x167
[ 1176.613566]  should_fail.cold+0x5/0xa
[ 1176.614111]  _copy_from_user+0x2e/0x1b0
[ 1176.614655]  __copy_msghdr_from_user+0x91/0x4b0
[ 1176.615299]  ? __ia32_sys_shutdown+0x80/0x80
[ 1176.615913]  ? __lock_acquire+0x1657/0x5b00
[ 1176.616524]  ___sys_recvmsg+0xd5/0x200
[ 1176.617068]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1176.617746]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.618333]  ? lock_acquire+0x197/0x470
[ 1176.618880]  ? find_held_lock+0x2c/0x110
[ 1176.619444]  ? __might_fault+0xd3/0x180
[ 1176.619997]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.620582]  do_recvmmsg+0x24c/0x6d0
[ 1176.621082]  ? ___sys_recvmsg+0x200/0x200
[ 1176.621640]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.622208]  ? ksys_write+0x12d/0x260
[ 1176.622733]  ? wait_for_completion_io+0x270/0x270
[ 1176.623384]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1176.624000]  ? vfs_write+0x354/0xa70
[ 1176.624514]  __x64_sys_recvmmsg+0x20f/0x260
[ 1176.625111]  ? ksys_write+0x1a9/0x260
[ 1176.625625]  ? __do_sys_socketcall+0x600/0x600
[ 1176.626273]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1176.626995]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1176.627713]  do_syscall_64+0x33/0x40
[ 1176.628227]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1176.628936] RIP: 0033:0x7f65a52bbb19
[ 1176.629455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1176.631975] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1176.633006] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1176.633961] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1176.634935] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1176.635906] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1176.636862] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1176.642162] FAULT_INJECTION: forcing a failure.
[ 1176.642162] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1176.643996] CPU: 1 PID: 7443 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1176.644909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1176.646025] Call Trace:
[ 1176.646401]  dump_stack+0x107/0x167
[ 1176.646892]  should_fail.cold+0x5/0xa
[ 1176.647416]  _copy_from_user+0x2e/0x1b0
[ 1176.647946]  __copy_msghdr_from_user+0x91/0x4b0
[ 1176.648572]  ? __ia32_sys_shutdown+0x80/0x80
[ 1176.649172]  ? __lock_acquire+0x1657/0x5b00
[ 1176.649769]  ___sys_recvmsg+0xd5/0x200
[ 1176.650314]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1176.650966]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.651522]  ? lock_acquire+0x197/0x470
[ 1176.652058]  ? find_held_lock+0x2c/0x110
[ 1176.652606]  ? __might_fault+0xd3/0x180
[ 1176.653140]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.653724]  do_recvmmsg+0x24c/0x6d0
[ 1176.654252]  ? ___sys_recvmsg+0x200/0x200
[ 1176.654818]  ? lock_downgrade+0x6d0/0x6d0
[ 1176.655385]  ? ksys_write+0x12d/0x260
[ 1176.655916]  ? wait_for_completion_io+0x270/0x270
[ 1176.656583]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1176.657230]  ? vfs_write+0x354/0xa70
[ 1176.657746]  __x64_sys_recvmmsg+0x20f/0x260
[ 1176.658333]  ? ksys_write+0x1a9/0x260
[ 1176.658846]  ? __do_sys_socketcall+0x600/0x600
[ 1176.659460]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1176.660159]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1176.660853]  do_syscall_64+0x33/0x40
[ 1176.661362]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1176.662058] RIP: 0033:0x7fd50191ab19
[ 1176.662581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1176.665055] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1176.666084] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1176.667046] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1176.667956] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1176.668917] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1176.669818] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:28:13 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 9)

18:28:13 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000080)=0x90, 0x4)
lseek(r0, 0x2, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x6, 0x4)
r1 = perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x31, &(0x7f0000000540)=[{&(0x7f0000000100)=':\x00', 0xfffffdef}], 0x1}, 0x10044001)
r2 = socket$packet(0x11, 0x2, 0x300)
sendfile(r1, r2, &(0x7f00000001c0)=0x6c51, 0x3b83)

18:28:13 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:28:13 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 34)

18:28:13 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:13 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}], 0x35f, 0x10062, 0x0)

18:28:13 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 41)

18:28:13 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 24)

[ 1188.998898] FAULT_INJECTION: forcing a failure.
[ 1188.998898] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.000333] CPU: 1 PID: 7469 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1189.001080] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1189.001995] Call Trace:
[ 1189.002312]  dump_stack+0x107/0x167
[ 1189.002725]  should_fail.cold+0x5/0xa
[ 1189.003149]  _copy_from_user+0x2e/0x1b0
[ 1189.003595]  __copy_msghdr_from_user+0x91/0x4b0
[ 1189.004104]  ? __ia32_sys_shutdown+0x80/0x80
[ 1189.004585]  ? __lock_acquire+0x1657/0x5b00
[ 1189.005064]  ___sys_recvmsg+0xd5/0x200
[ 1189.005487]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1189.006044]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.006517]  ? lock_acquire+0x197/0x470
[ 1189.006961]  ? find_held_lock+0x2c/0x110
[ 1189.007416]  ? __might_fault+0xd3/0x180
[ 1189.007858]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.008350]  do_recvmmsg+0x24c/0x6d0
[ 1189.008787]  ? ___sys_recvmsg+0x200/0x200
[ 1189.009254]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.009728]  ? ksys_write+0x12d/0x260
[ 1189.010169]  ? wait_for_completion_io+0x270/0x270
[ 1189.010733]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1189.011017] FAULT_INJECTION: forcing a failure.
[ 1189.011017] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.011245]  ? vfs_write+0x354/0xa70
[ 1189.011260]  __x64_sys_recvmmsg+0x20f/0x260
[ 1189.011270]  ? ksys_write+0x1a9/0x260
[ 1189.011280]  ? __do_sys_socketcall+0x600/0x600
[ 1189.011293]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1189.011303]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1189.011317]  do_syscall_64+0x33/0x40
[ 1189.011338]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1189.017613] RIP: 0033:0x7f13d67b3b19
[ 1189.018032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1189.020063] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1189.020932] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1189.021735] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1189.022536] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1189.023308] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1189.024122] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1189.024934] CPU: 0 PID: 7465 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1189.026344] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1189.027905] FAULT_INJECTION: forcing a failure.
[ 1189.027905] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.028023] Call Trace:
[ 1189.029806]  dump_stack+0x107/0x167
[ 1189.030569]  should_fail.cold+0x5/0xa
[ 1189.031335]  _copy_from_user+0x2e/0x1b0
[ 1189.032143]  __copy_msghdr_from_user+0x91/0x4b0
[ 1189.033079]  ? __ia32_sys_shutdown+0x80/0x80
[ 1189.033961]  ? __lock_acquire+0x1657/0x5b00
[ 1189.034860]  ___sys_recvmsg+0xd5/0x200
[ 1189.035643]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1189.036634]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.037465]  ? lock_acquire+0x197/0x470
[ 1189.038285]  ? find_held_lock+0x2c/0x110
[ 1189.039111]  ? __might_fault+0xd3/0x180
[ 1189.039916]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.040765]  do_recvmmsg+0x24c/0x6d0
[ 1189.041523]  ? ___sys_recvmsg+0x200/0x200
[ 1189.042364]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.043209]  ? ksys_write+0x12d/0x260
[ 1189.043989]  ? wait_for_completion_io+0x270/0x270
[ 1189.044972]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1189.045897]  ? vfs_write+0x354/0xa70
[ 1189.046671]  __x64_sys_recvmmsg+0x20f/0x260
[ 1189.047530]  ? ksys_write+0x1a9/0x260
[ 1189.048297]  ? __do_sys_socketcall+0x600/0x600
[ 1189.049213]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1189.050275]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1189.051307]  do_syscall_64+0x33/0x40
[ 1189.052061]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1189.053096] RIP: 0033:0x7f301b410b19
[ 1189.053855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1189.057559] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1189.059102] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1189.060541] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1189.061974] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1189.063418] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000001
[ 1189.064856] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1189.066334] CPU: 1 PID: 7463 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1189.067099] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1189.067973] Call Trace:
[ 1189.068261]  dump_stack+0x107/0x167
[ 1189.068662]  should_fail.cold+0x5/0xa
[ 1189.069069]  _copy_from_user+0x2e/0x1b0
[ 1189.069491]  __copy_msghdr_from_user+0x91/0x4b0
[ 1189.070007]  ? __ia32_sys_shutdown+0x80/0x80
[ 1189.070489]  ? __lock_acquire+0x1657/0x5b00
[ 1189.070962]  ___sys_recvmsg+0xd5/0x200
[ 1189.071374]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1189.071924]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.072374]  ? lock_acquire+0x197/0x470
[ 1189.072793]  ? find_held_lock+0x2c/0x110
[ 1189.073233]  ? __might_fault+0xd3/0x180
[ 1189.073664]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.074140]  do_recvmmsg+0x24c/0x6d0
[ 1189.074565]  ? ___sys_recvmsg+0x200/0x200
[ 1189.075015]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.075461]  ? ksys_write+0x12d/0x260
[ 1189.075870]  ? wait_for_completion_io+0x270/0x270
[ 1189.076390]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1189.076885]  ? vfs_write+0x354/0xa70
[ 1189.077293]  __x64_sys_recvmmsg+0x20f/0x260
[ 1189.077785]  ? ksys_write+0x1a9/0x260
[ 1189.078209]  ? __do_sys_socketcall+0x600/0x600
[ 1189.078730]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1189.079282]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1189.079828]  do_syscall_64+0x33/0x40
[ 1189.080237]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1189.080806] RIP: 0033:0x7fd50191ab19
[ 1189.080935] FAULT_INJECTION: forcing a failure.
[ 1189.080935] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.081198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1189.081204] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1189.081216] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1189.081222] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1189.081237] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1189.088615] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1189.089371] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1189.090171] CPU: 0 PID: 7471 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1189.091559] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1189.093224] Call Trace:
[ 1189.093753]  dump_stack+0x107/0x167
[ 1189.094502]  should_fail.cold+0x5/0xa
[ 1189.095275]  _copy_from_user+0x2e/0x1b0
[ 1189.096081]  __copy_msghdr_from_user+0x91/0x4b0
[ 1189.097018]  ? __ia32_sys_shutdown+0x80/0x80
[ 1189.097900]  ? __lock_acquire+0x1657/0x5b00
[ 1189.098800]  ___sys_recvmsg+0xd5/0x200
[ 1189.099589]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1189.100574]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.101412]  ? lock_acquire+0x197/0x470
[ 1189.102209]  ? find_held_lock+0x2c/0x110
[ 1189.103054]  ? __might_fault+0xd3/0x180
[ 1189.103854]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.104713]  do_recvmmsg+0x24c/0x6d0
[ 1189.105473]  ? ___sys_recvmsg+0x200/0x200
[ 1189.106319]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.107157]  ? ksys_write+0x12d/0x260
[ 1189.107937]  ? wait_for_completion_io+0x270/0x270
[ 1189.108920]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1189.109858]  ? vfs_write+0x354/0xa70
[ 1189.110621]  __x64_sys_recvmmsg+0x20f/0x260
[ 1189.111491]  ? ksys_write+0x1a9/0x260
[ 1189.112258]  ? __do_sys_socketcall+0x600/0x600
[ 1189.113181]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1189.114250]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1189.115292]  do_syscall_64+0x33/0x40
[ 1189.116043]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1189.117069] RIP: 0033:0x7f65a52bbb19
[ 1189.117818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1189.121526] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1189.123073] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1189.124237] FAULT_INJECTION: forcing a failure.
[ 1189.124237] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.124515] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1189.124526] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1189.124537] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1189.124553] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1189.131501] CPU: 1 PID: 7476 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1189.132260] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1189.133141] Call Trace:
[ 1189.133422]  dump_stack+0x107/0x167
[ 1189.133807]  should_fail.cold+0x5/0xa
[ 1189.134210]  _copy_from_user+0x2e/0x1b0
[ 1189.134655]  __copy_msghdr_from_user+0x91/0x4b0
[ 1189.135149]  ? __ia32_sys_shutdown+0x80/0x80
[ 1189.135615]  ? __lock_acquire+0x1657/0x5b00
[ 1189.136093]  ___sys_recvmsg+0xd5/0x200
[ 1189.136505]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1189.137028]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1189.137581]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1189.138069]  ? trace_hardirqs_on+0x5b/0x180
[ 1189.138536]  ? lock_acquire+0x197/0x470
[ 1189.138956]  ? find_held_lock+0x2c/0x110
[ 1189.139401]  ? __might_fault+0xd3/0x180
[ 1189.139820]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.140260]  ? io_schedule_timeout+0x140/0x140
[ 1189.140752]  do_recvmmsg+0x24c/0x6d0
[ 1189.141149]  ? ___sys_recvmsg+0x200/0x200
[ 1189.141584]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.142036]  ? ksys_write+0x12d/0x260
[ 1189.142469]  ? wait_for_completion_io+0x270/0x270
[ 1189.142979]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1189.143536]  __x64_sys_recvmmsg+0x20f/0x260
[ 1189.143998]  ? __do_sys_socketcall+0x600/0x600
[ 1189.144492]  do_syscall_64+0x33/0x40
[ 1189.144891]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1189.145428] RIP: 0033:0x7f13d67b3b19
[ 1189.145829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1189.147775] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1189.148589] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1189.149356] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1189.150118] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1189.150890] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1189.151634] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:28:13 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 42)

18:28:13 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:13 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 10)

18:28:13 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 35)

18:28:13 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1189.233079] FAULT_INJECTION: forcing a failure.
[ 1189.233079] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.234780] CPU: 1 PID: 7482 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1189.235504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1189.236382] Call Trace:
[ 1189.236664]  dump_stack+0x107/0x167
[ 1189.237062]  should_fail.cold+0x5/0xa
[ 1189.237474]  _copy_from_user+0x2e/0x1b0
[ 1189.237908]  __copy_msghdr_from_user+0x91/0x4b0
[ 1189.238491]  ? __ia32_sys_shutdown+0x80/0x80
[ 1189.238968]  ? __lock_acquire+0x1657/0x5b00
[ 1189.239433]  ___sys_recvmsg+0xd5/0x200
[ 1189.239846]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1189.240367]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.240806]  ? lock_acquire+0x197/0x470
[ 1189.241223]  ? find_held_lock+0x2c/0x110
[ 1189.241702]  ? __might_fault+0xd3/0x180
[ 1189.242137]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.242626]  do_recvmmsg+0x24c/0x6d0
[ 1189.243034]  ? ___sys_recvmsg+0x200/0x200
[ 1189.243478]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.243930]  ? ksys_write+0x12d/0x260
[ 1189.244346]  ? wait_for_completion_io+0x270/0x270
[ 1189.244860]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1189.245346]  ? vfs_write+0x354/0xa70
[ 1189.245753]  __x64_sys_recvmmsg+0x20f/0x260
[ 1189.246229]  ? ksys_write+0x1a9/0x260
[ 1189.246654]  ? __do_sys_socketcall+0x600/0x600
[ 1189.247145]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1189.247698]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1189.248270]  do_syscall_64+0x33/0x40
[ 1189.248666]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1189.249213] RIP: 0033:0x7f301b410b19
[ 1189.249613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1189.251560] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1189.252369] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1189.253111] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1189.253882] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1189.254637] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1189.255412] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:28:13 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x35f, 0x10062, 0x0)

18:28:13 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 43)

18:28:13 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1189.311116] FAULT_INJECTION: forcing a failure.
[ 1189.311116] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.313766] CPU: 0 PID: 7484 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1189.314890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1189.316231] Call Trace:
[ 1189.316657]  dump_stack+0x107/0x167
[ 1189.317243]  should_fail.cold+0x5/0xa
[ 1189.317871]  _copy_from_user+0x2e/0x1b0
[ 1189.318542]  __copy_msghdr_from_user+0x91/0x4b0
[ 1189.319315]  ? __ia32_sys_shutdown+0x80/0x80
[ 1189.320022]  ? __lock_acquire+0x1657/0x5b00
[ 1189.320737]  ___sys_recvmsg+0xd5/0x200
18:28:13 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 11)

[ 1189.321371]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1189.322249]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.322954]  ? lock_acquire+0x197/0x470
[ 1189.323594]  ? find_held_lock+0x2c/0x110
[ 1189.324253]  ? __might_fault+0xd3/0x180
[ 1189.324931]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.325636]  do_recvmmsg+0x24c/0x6d0
[ 1189.326266]  ? ___sys_recvmsg+0x200/0x200
[ 1189.326960]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.327649]  ? ksys_write+0x12d/0x260
[ 1189.328294]  ? wait_for_completion_io+0x270/0x270
[ 1189.329101]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1189.329842]  ? vfs_write+0x354/0xa70
[ 1189.330473]  __x64_sys_recvmmsg+0x20f/0x260
[ 1189.331008] FAULT_INJECTION: forcing a failure.
[ 1189.331008] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.331178]  ? ksys_write+0x1a9/0x260
[ 1189.331194]  ? __do_sys_socketcall+0x600/0x600
[ 1189.331215]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1189.334690]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1189.335537]  do_syscall_64+0x33/0x40
[ 1189.336142]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1189.336980] RIP: 0033:0x7fd50191ab19
[ 1189.337603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1189.340593] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1189.341863] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1189.343030] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1189.344219] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1189.345403] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1189.346600] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1189.347797] CPU: 1 PID: 7491 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1189.348621] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1189.349539] Call Trace:
[ 1189.349831]  dump_stack+0x107/0x167
[ 1189.350249]  should_fail.cold+0x5/0xa
[ 1189.350678]  _copy_from_user+0x2e/0x1b0
[ 1189.351120]  __copy_msghdr_from_user+0x91/0x4b0
[ 1189.351639]  ? __ia32_sys_shutdown+0x80/0x80
[ 1189.352128]  ? __lock_acquire+0x1657/0x5b00
[ 1189.352623]  ___sys_recvmsg+0xd5/0x200
[ 1189.353049]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1189.353587]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.354066]  ? lock_acquire+0x197/0x470
[ 1189.354526]  ? find_held_lock+0x2c/0x110
[ 1189.354995]  ? __might_fault+0xd3/0x180
[ 1189.355428]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.355890]  do_recvmmsg+0x24c/0x6d0
[ 1189.356301]  ? ___sys_recvmsg+0x200/0x200
[ 1189.356752]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.357221]  ? ksys_write+0x12d/0x260
[ 1189.357664]  ? wait_for_completion_io+0x270/0x270
[ 1189.358189]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1189.358698]  ? vfs_write+0x354/0xa70
[ 1189.359113]  __x64_sys_recvmmsg+0x20f/0x260
[ 1189.359586]  ? ksys_write+0x1a9/0x260
[ 1189.360001]  ? __do_sys_socketcall+0x600/0x600
[ 1189.360508]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1189.361091]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1189.361664]  do_syscall_64+0x33/0x40
[ 1189.362078]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1189.362644] RIP: 0033:0x7f13d67b3b19
[ 1189.363075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1189.365082] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1189.365906] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1189.366729] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1189.367485] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1189.368259] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1189.369037] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1189.419928] FAULT_INJECTION: forcing a failure.
[ 1189.419928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.422752] CPU: 0 PID: 7495 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1189.423864] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1189.425221] Call Trace:
[ 1189.425663]  dump_stack+0x107/0x167
[ 1189.426283]  should_fail.cold+0x5/0xa
[ 1189.426914]  _copy_from_user+0x2e/0x1b0
[ 1189.427587]  __copy_msghdr_from_user+0x91/0x4b0
[ 1189.428361]  ? __ia32_sys_shutdown+0x80/0x80
[ 1189.429090]  ? __lock_acquire+0x1657/0x5b00
[ 1189.429815]  ___sys_recvmsg+0xd5/0x200
[ 1189.430468]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1189.431278]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.431977]  ? lock_acquire+0x197/0x470
[ 1189.432634]  ? find_held_lock+0x2c/0x110
[ 1189.433279]  ? __might_fault+0xd3/0x180
[ 1189.433925]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.434639]  do_recvmmsg+0x24c/0x6d0
[ 1189.435246]  ? ___sys_recvmsg+0x200/0x200
[ 1189.435932]  ? lock_downgrade+0x6d0/0x6d0
[ 1189.436610]  ? ksys_write+0x12d/0x260
[ 1189.437240]  ? wait_for_completion_io+0x270/0x270
[ 1189.438046]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1189.438810]  ? vfs_write+0x354/0xa70
[ 1189.439411]  __x64_sys_recvmmsg+0x20f/0x260
[ 1189.440107]  ? ksys_write+0x1a9/0x260
[ 1189.440711]  ? __do_sys_socketcall+0x600/0x600
[ 1189.441443]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1189.442294]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1189.443126]  do_syscall_64+0x33/0x40
[ 1189.443725]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1189.444542] RIP: 0033:0x7f301b410b19
[ 1189.445162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1189.448141] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1189.449377] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1189.450571] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1189.451747] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1189.452943] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1189.454159] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:28:28 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 36)

18:28:28 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}}], 0x35f, 0x10062, 0x0)

18:28:28 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 44)

18:28:28 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:28 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 12)

18:28:28 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:28 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 25)

18:28:28 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1204.015770] FAULT_INJECTION: forcing a failure.
[ 1204.015770] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.018708] CPU: 0 PID: 7513 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1204.020106] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.021785] Call Trace:
[ 1204.022330]  dump_stack+0x107/0x167
[ 1204.023085]  should_fail.cold+0x5/0xa
[ 1204.023870]  _copy_from_user+0x2e/0x1b0
[ 1204.024679]  __copy_msghdr_from_user+0x91/0x4b0
[ 1204.025618]  ? __ia32_sys_shutdown+0x80/0x80
[ 1204.026526]  ? __lock_acquire+0x1657/0x5b00
[ 1204.027413]  ___sys_recvmsg+0xd5/0x200
[ 1204.028199]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.029188]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.030028]  ? lock_acquire+0x197/0x470
[ 1204.030851]  ? find_held_lock+0x2c/0x110
[ 1204.031678]  ? __might_fault+0xd3/0x180
[ 1204.032478]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.033331]  do_recvmmsg+0x24c/0x6d0
[ 1204.034088]  ? ___sys_recvmsg+0x200/0x200
[ 1204.034943]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.035787]  ? ksys_write+0x12d/0x260
[ 1204.036570]  ? wait_for_completion_io+0x270/0x270
[ 1204.037543]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.038484]  ? vfs_write+0x354/0xa70
[ 1204.039248]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.040137]  ? ksys_write+0x1a9/0x260
[ 1204.040924]  ? __do_sys_socketcall+0x600/0x600
[ 1204.041869]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.042950]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.044025]  do_syscall_64+0x33/0x40
[ 1204.044128] FAULT_INJECTION: forcing a failure.
[ 1204.044128] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.044796]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.044809] RIP: 0033:0x7f65a52bbb19
[ 1204.044829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.044838] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.044858] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1204.044869] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.044880] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.044891] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1204.044901] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1204.063559] CPU: 1 PID: 7516 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1204.064996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.066695] Call Trace:
[ 1204.067228]  dump_stack+0x107/0x167
[ 1204.067999]  should_fail.cold+0x5/0xa
[ 1204.068801]  _copy_from_user+0x2e/0x1b0
[ 1204.069637]  __copy_msghdr_from_user+0x91/0x4b0
[ 1204.069997] FAULT_INJECTION: forcing a failure.
[ 1204.069997] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.070622]  ? __ia32_sys_shutdown+0x80/0x80
[ 1204.070641]  ? __lock_acquire+0x1657/0x5b00
[ 1204.070679]  ___sys_recvmsg+0xd5/0x200
[ 1204.075642]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.076661]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.077527]  ? lock_acquire+0x197/0x470
[ 1204.078350]  ? find_held_lock+0x2c/0x110
[ 1204.079213]  ? __might_fault+0xd3/0x180
[ 1204.080038]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.080918]  do_recvmmsg+0x24c/0x6d0
[ 1204.081697]  ? ___sys_recvmsg+0x200/0x200
[ 1204.082565]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.083433]  ? ksys_write+0x12d/0x260
[ 1204.084239]  ? wait_for_completion_io+0x270/0x270
[ 1204.085241]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.086201]  ? vfs_write+0x354/0xa70
[ 1204.086993]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.087892]  ? ksys_write+0x1a9/0x260
[ 1204.088684]  ? __do_sys_socketcall+0x600/0x600
[ 1204.089638]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.090754]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.091833]  do_syscall_64+0x33/0x40
[ 1204.092605]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.093668] RIP: 0033:0x7f301b410b19
[ 1204.094448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.098268] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.099868] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1204.101343] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.102830] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.104304] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1204.105787] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1204.107371] CPU: 0 PID: 7521 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1204.108877] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.110694] Call Trace:
[ 1204.111287]  dump_stack+0x107/0x167
[ 1204.112099]  should_fail.cold+0x5/0xa
[ 1204.112945]  _copy_from_user+0x2e/0x1b0
[ 1204.113824]  __copy_msghdr_from_user+0x91/0x4b0
[ 1204.114856]  ? __ia32_sys_shutdown+0x80/0x80
[ 1204.115121] FAULT_INJECTION: forcing a failure.
[ 1204.115121] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.115823]  ? __lock_acquire+0x1657/0x5b00
[ 1204.115863]  ___sys_recvmsg+0xd5/0x200
[ 1204.115886]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.115908]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.115934]  ? lock_acquire+0x197/0x470
[ 1204.115952]  ? find_held_lock+0x2c/0x110
[ 1204.115980]  ? __might_fault+0xd3/0x180
[ 1204.116000]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.116042]  do_recvmmsg+0x24c/0x6d0
[ 1204.116070]  ? ___sys_recvmsg+0x200/0x200
[ 1204.127421]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.128360]  ? ksys_write+0x12d/0x260
[ 1204.129235]  ? wait_for_completion_io+0x270/0x270
[ 1204.130321]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.131394]  ? vfs_write+0x354/0xa70
[ 1204.132246]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.133224]  ? ksys_write+0x1a9/0x260
[ 1204.134090]  ? __do_sys_socketcall+0x600/0x600
[ 1204.135138]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.136322]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.137496]  do_syscall_64+0x33/0x40
[ 1204.138342]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.139524] RIP: 0033:0x7fd50191ab19
[ 1204.140368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.144531] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.146252] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1204.147873] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.149484] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.151115] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1204.152730] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1204.154511] CPU: 1 PID: 7520 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1204.155952] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.157845] Call Trace:
[ 1204.158376]  dump_stack+0x107/0x167
[ 1204.159145]  should_fail.cold+0x5/0xa
[ 1204.159941]  _copy_from_user+0x2e/0x1b0
[ 1204.160802]  __copy_msghdr_from_user+0x91/0x4b0
[ 1204.161771]  ? __ia32_sys_shutdown+0x80/0x80
[ 1204.162685]  ? __lock_acquire+0x1657/0x5b00
[ 1204.163582]  ___sys_recvmsg+0xd5/0x200
[ 1204.164380]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.165405]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1204.166338]  ? lock_acquire+0x197/0x470
[ 1204.167148]  ? find_held_lock+0x2c/0x110
[ 1204.167981]  ? __might_fault+0xd3/0x180
[ 1204.168825]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.169692]  ? io_schedule_timeout+0x140/0x140
[ 1204.170660]  do_recvmmsg+0x24c/0x6d0
[ 1204.171441]  ? ___sys_recvmsg+0x200/0x200
[ 1204.172308]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.173160]  ? ksys_write+0x12d/0x260
[ 1204.173968]  ? wait_for_completion_io+0x270/0x270
[ 1204.174983]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.175954]  ? vfs_write+0x354/0xa70
[ 1204.176728]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.177607]  ? ksys_write+0x1a9/0x260
[ 1204.178422]  ? __do_sys_socketcall+0x600/0x600
[ 1204.179378]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.180458]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.181536]  do_syscall_64+0x33/0x40
[ 1204.182307]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.183360] RIP: 0033:0x7f13d67b3b19
[ 1204.184115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.187896] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.189443] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1204.190927] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.192399] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.193863] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1204.195333] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:28:28 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 45)

18:28:28 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 26)

18:28:28 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 37)

18:28:28 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 13)

18:28:28 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:28 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:28:28 executing program 4:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0xff, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x2, 0x2, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="ff0000001400010000000000000000000a000000180000800f00010000000000000000000000000000000001"], 0x2c}}, 0x0)
open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a0000000200000048360000000000"], 0x0)

[ 1204.372728] FAULT_INJECTION: forcing a failure.
[ 1204.372728] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.375729] CPU: 1 PID: 7527 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1204.377123] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.378846] Call Trace:
[ 1204.379381]  dump_stack+0x107/0x167
[ 1204.380131]  should_fail.cold+0x5/0xa
[ 1204.380917]  _copy_from_user+0x2e/0x1b0
[ 1204.381740]  __copy_msghdr_from_user+0x91/0x4b0
[ 1204.382681]  ? __ia32_sys_shutdown+0x80/0x80
[ 1204.383557]  ? __lock_acquire+0x1657/0x5b00
[ 1204.384433]  ___sys_recvmsg+0xd5/0x200
[ 1204.385223]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.386223]  ? lock_acquire+0x374/0x470
[ 1204.387053]  ? lock_acquire+0x197/0x470
[ 1204.387850]  ? find_held_lock+0x2c/0x110
[ 1204.388665]  ? __might_fault+0xd3/0x180
[ 1204.389485]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.390502]  ? io_schedule_timeout+0x140/0x140
[ 1204.391436]  do_recvmmsg+0x24c/0x6d0
[ 1204.392183]  ? ___sys_recvmsg+0x200/0x200
[ 1204.393005]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.393835]  ? ksys_write+0x12d/0x260
[ 1204.394611]  ? wait_for_completion_io+0x270/0x270
[ 1204.395572]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.396510]  ? vfs_write+0x354/0xa70
[ 1204.397269]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.398134]  ? ksys_write+0x1a9/0x260
[ 1204.398908]  ? __do_sys_socketcall+0x600/0x600
[ 1204.399918]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.400964]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.402075]  do_syscall_64+0x33/0x40
[ 1204.402841]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.403875] RIP: 0033:0x7f13d67b3b19
[ 1204.404633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.408384] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.409888] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1204.411324] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.412860] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.414291] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1204.415705] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:28:28 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x3665c4}}], 0x35f, 0x10062, 0x0)

[ 1204.460200] FAULT_INJECTION: forcing a failure.
[ 1204.460200] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1204.463073] CPU: 1 PID: 7538 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1204.464450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.466119] Call Trace:
[ 1204.466670]  dump_stack+0x107/0x167
[ 1204.467405]  should_fail.cold+0x5/0xa
[ 1204.468180]  __alloc_pages_nodemask+0x182/0x600
[ 1204.469110]  ? lock_chain_count+0x20/0x20
[ 1204.469936]  ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130
[ 1204.471131]  alloc_pages_vma+0xbb/0x410
[ 1204.471901]  wp_page_copy+0xee7/0x1f00
[ 1204.472661]  ? print_bad_pte+0x5a0/0x5a0
[ 1204.473442]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.474241]  ? vm_normal_page+0x162/0x2e0
[ 1204.475062]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1204.476081]  do_wp_page+0x27b/0x1390
[ 1204.476811]  handle_mm_fault+0x1cc7/0x3500
[ 1204.477645]  ? ip6_datagram_recv_common_ctl+0x3f0/0x3f0
[ 1204.478697]  ? ip6_datagram_recv_common_ctl+0x2c2/0x3f0
[ 1204.479725]  ? __skb_datagram_iter+0x1aa/0x880
[ 1204.480609]  ? __pmd_alloc+0x5e0/0x5e0
[ 1204.481371]  ? vmacache_find+0x55/0x2a0
[ 1204.482146]  do_user_addr_fault+0x56e/0xc60
[ 1204.483002]  exc_page_fault+0xa2/0x1a0
[ 1204.483768]  asm_exc_page_fault+0x1e/0x30
[ 1204.484569] RIP: 0010:__put_user_nocheck_4+0x3/0x11
[ 1204.485535] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca e9 f1 2c 1e 02 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca e9 d2 2c 1e 02 66 90 48 bb f9 ef ff ff ff 7f
[ 1204.489093] RSP: 0018:ffff88800cc079c8 EFLAGS: 00050206
[ 1204.490124] RAX: 0000000000000028 RBX: ffffffff830fc720 RCX: 0000000020002030
[ 1204.491509] RDX: 1ffff11001980fc3 RSI: ffffffff830f236a RDI: 0000000000000005
[ 1204.492900] RBP: ffff88800cc07dc8 R08: 0000000000000001 R09: ffff88804660c5df
[ 1204.494292] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000020002030
[ 1204.495673] R13: 0000000020002000 R14: 0000000000000062 R15: 0000000000000004
[ 1204.497048]  ? sock_common_getsockopt+0xb0/0xb0
[ 1204.497954]  ? ____sys_recvmsg+0x2aa/0x590
[ 1204.498797]  ____sys_recvmsg+0x2dd/0x590
[ 1204.499581]  ? kernel_recvmsg+0x80/0x80
[ 1204.500350]  ? __import_iovec+0x458/0x590
[ 1204.501155]  ? import_iovec+0x83/0xb0
[ 1204.501891]  ___sys_recvmsg+0x127/0x200
[ 1204.502659]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.503609]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.504412]  ? lock_acquire+0x197/0x470
[ 1204.505171]  ? find_held_lock+0x2c/0x110
[ 1204.505953]  ? __might_fault+0xd3/0x180
[ 1204.506723]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.507541]  do_recvmmsg+0x24c/0x6d0
[ 1204.508261]  ? ___sys_recvmsg+0x200/0x200
[ 1204.509066]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.509865]  ? ksys_write+0x12d/0x260
[ 1204.510625]  ? wait_for_completion_io+0x270/0x270
[ 1204.511555]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.512445]  ? vfs_write+0x354/0xa70
[ 1204.513160]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.513993]  ? ksys_write+0x1a9/0x260
[ 1204.514740]  ? __do_sys_socketcall+0x600/0x600
[ 1204.515632]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.516633]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.517628]  do_syscall_64+0x33/0x40
[ 1204.518341]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.519328] RIP: 0033:0x7f65a52bbb19
[ 1204.520042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.523569] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.525029] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
18:28:28 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:28 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x4000)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000000)={0x6, 0x7f, 0x5, 0x18, 0x0, "67f007f96281cc12c5d1f23e21dad3eedb8adb", 0x1, 0x62})
fcntl$getflags(r1, 0x408)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xff)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x12)

[ 1204.526554] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.526566] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.526576] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1204.526586] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1204.548223] FAULT_INJECTION: forcing a failure.
[ 1204.548223] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.555970] CPU: 1 PID: 7540 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1204.555980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.555985] Call Trace:
[ 1204.556003]  dump_stack+0x107/0x167
[ 1204.556024]  should_fail.cold+0x5/0xa
[ 1204.556045]  _copy_from_user+0x2e/0x1b0
[ 1204.556066]  __copy_msghdr_from_user+0x91/0x4b0
[ 1204.556084]  ? __ia32_sys_shutdown+0x80/0x80
[ 1204.556100]  ? __lock_acquire+0x1657/0x5b00
[ 1204.556133]  ___sys_recvmsg+0xd5/0x200
18:28:28 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}}], 0x35f, 0x10062, 0x0)

[ 1204.556151]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.556170]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.556192]  ? lock_acquire+0x197/0x470
[ 1204.556208]  ? find_held_lock+0x2c/0x110
[ 1204.556229]  ? __might_fault+0xd3/0x180
[ 1204.556247]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.556282]  do_recvmmsg+0x24c/0x6d0
[ 1204.556304]  ? ___sys_recvmsg+0x200/0x200
[ 1204.556321]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.556344]  ? ksys_write+0x12d/0x260
[ 1204.556374]  ? wait_for_completion_io+0x270/0x270
[ 1204.556393]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.556408]  ? vfs_write+0x354/0xa70
[ 1204.556429]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.556445]  ? ksys_write+0x1a9/0x260
[ 1204.556462]  ? __do_sys_socketcall+0x600/0x600
[ 1204.556484]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.556500]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.556522]  do_syscall_64+0x33/0x40
[ 1204.556542]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.556553] RIP: 0033:0x7f301b410b19
[ 1204.556570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.556579] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.556598] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1204.556608] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.556619] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.556629] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1204.556639] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1204.651880] FAULT_INJECTION: forcing a failure.
[ 1204.651880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.651905] CPU: 1 PID: 7549 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1204.651914] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.651920] Call Trace:
[ 1204.651939]  dump_stack+0x107/0x167
[ 1204.651965]  should_fail.cold+0x5/0xa
[ 1204.680801]  _copy_from_user+0x2e/0x1b0
[ 1204.680825]  __copy_msghdr_from_user+0x91/0x4b0
[ 1204.680844]  ? __ia32_sys_shutdown+0x80/0x80
[ 1204.680861]  ? __lock_acquire+0x1657/0x5b00
[ 1204.680894]  ___sys_recvmsg+0xd5/0x200
[ 1204.684658]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.684677]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1204.684698]  ? lock_acquire+0x197/0x470
[ 1204.684721]  ? find_held_lock+0x2c/0x110
[ 1204.687914]  ? __might_fault+0xd3/0x180
[ 1204.687930]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.687949]  ? io_schedule_timeout+0x140/0x140
[ 1204.687978]  do_recvmmsg+0x24c/0x6d0
[ 1204.690927]  ? ___sys_recvmsg+0x200/0x200
[ 1204.690943]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.690966]  ? ksys_write+0x12d/0x260
[ 1204.690994]  ? wait_for_completion_io+0x270/0x270
[ 1204.691013]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.691038]  ? vfs_write+0x354/0xa70
[ 1204.691058]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.696386]  ? ksys_write+0x1a9/0x260
[ 1204.696403]  ? __do_sys_socketcall+0x600/0x600
[ 1204.696430]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.699001]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.699023]  do_syscall_64+0x33/0x40
[ 1204.699050]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.701615] RIP: 0033:0x7fd50191ab19
[ 1204.701632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.701641] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.701658] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1204.701667] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.701677] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
18:28:28 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 14)

18:28:28 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 46)

18:28:28 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, 0x0, 0x0)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1204.701686] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
18:28:28 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(0xffffffffffffffff, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)
write$binfmt_aout(r3, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1204.701695] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
18:28:28 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 27)

[ 1204.790929] FAULT_INJECTION: forcing a failure.
[ 1204.790929] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.793920] CPU: 0 PID: 7556 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1204.795345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.797024] FAULT_INJECTION: forcing a failure.
[ 1204.797024] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.797045] Call Trace:
[ 1204.797073]  dump_stack+0x107/0x167
[ 1204.800152]  should_fail.cold+0x5/0xa
[ 1204.800943]  _copy_from_user+0x2e/0x1b0
[ 1204.801776]  __copy_msghdr_from_user+0x91/0x4b0
[ 1204.802756]  ? __ia32_sys_shutdown+0x80/0x80
[ 1204.803654]  ? __lock_acquire+0x1657/0x5b00
[ 1204.804565]  ___sys_recvmsg+0xd5/0x200
[ 1204.805353]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.806360]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.807214]  ? lock_acquire+0x197/0x470
[ 1204.808035]  ? find_held_lock+0x2c/0x110
[ 1204.808865]  ? __might_fault+0xd3/0x180
[ 1204.809684]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.810542]  do_recvmmsg+0x24c/0x6d0
[ 1204.811318]  ? ___sys_recvmsg+0x200/0x200
[ 1204.812153]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.812995]  ? ksys_write+0x12d/0x260
[ 1204.813775]  ? wait_for_completion_io+0x270/0x270
[ 1204.814772]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.815698]  ? vfs_write+0x354/0xa70
[ 1204.816467]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.817345]  ? ksys_write+0x1a9/0x260
[ 1204.818102]  ? __do_sys_socketcall+0x600/0x600
[ 1204.819055]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.820128]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.821196]  do_syscall_64+0x33/0x40
[ 1204.821958]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.823022] RIP: 0033:0x7f301b410b19
[ 1204.823791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.827536] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.829077] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1204.830538] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.831984] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.833440] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1204.834901] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1204.836663] CPU: 1 PID: 7560 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1204.837790] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.839218] Call Trace:
[ 1204.839685]  dump_stack+0x107/0x167
[ 1204.840309]  should_fail.cold+0x5/0xa
[ 1204.840974]  _copy_from_user+0x2e/0x1b0
[ 1204.841651]  __copy_msghdr_from_user+0x91/0x4b0
[ 1204.842443]  ? __ia32_sys_shutdown+0x80/0x80
[ 1204.843178]  ? __lock_acquire+0x1657/0x5b00
[ 1204.843914]  ___sys_recvmsg+0xd5/0x200
[ 1204.844574]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.845401]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.846095]  ? lock_acquire+0x197/0x470
[ 1204.846770]  ? find_held_lock+0x2c/0x110
[ 1204.847442]  ? __might_fault+0xd3/0x180
[ 1204.848059]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.848743]  do_recvmmsg+0x24c/0x6d0
[ 1204.849341]  ? ___sys_recvmsg+0x200/0x200
[ 1204.850039]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.850758]  ? ksys_write+0x12d/0x260
[ 1204.851412]  ? wait_for_completion_io+0x270/0x270
[ 1204.852183]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.852892]  ? vfs_write+0x354/0xa70
[ 1204.853508]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.854168]  ? ksys_write+0x1a9/0x260
[ 1204.854826]  ? __do_sys_socketcall+0x600/0x600
[ 1204.855603]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.856428]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.857259]  do_syscall_64+0x33/0x40
[ 1204.857872]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.858678] RIP: 0033:0x7f13d67b3b19
[ 1204.859292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.862310] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.863488] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1204.864582] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.865680] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.866793] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1204.867880] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:28:29 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e66617407020801000470000000f8", 0x16}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000580))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x0, 0xee01}}, './file0\x00'})
sendto(r1, &(0x7f0000000240)="795eb095f2385160781f16b9ae257ac3f492d5c01ad687554de3bc3a6ae6dc8526fdb4bd5c1efa1e684d876c5fab3a6be4dfdaee696f372186ab923466fabd93756c60e9b97bd64d3ad9862d86fc85d0b91005a833e15aeb953c379dd648ea5898708e9164ad7792122b1b2865a34e7352f82afb13e7c8485faa84f66420b5d56ebb73b12b6ff404c3b38fdb0bfe20039a25ef22c982a8f5289f00a05a7e76a6c942446f64a81bf0ccf0d85a0f4dafdeefaadbec1e6093405f2e4835be4ccf7176ef9f43a4589d1c73761b4554d6196e401cca3ba2700599b11631ffcc67a3aea841bd85320eb0ee786edf39d4d3de209bf478a93cf568a26201622b43", 0xfd, 0x8000, &(0x7f0000000180)=@ethernet={0x6}, 0x80)

18:28:29 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, 0x0, 0x0)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1204.929344] FAT-fs (loop4): bogus logical sector size 519
[ 1204.930201] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1204.945530] FAT-fs (loop4): bogus logical sector size 519
[ 1204.946383] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1204.949041] FAULT_INJECTION: forcing a failure.
[ 1204.949041] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.951903] CPU: 0 PID: 7563 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1204.953279] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1204.954982] Call Trace:
[ 1204.955524]  dump_stack+0x107/0x167
[ 1204.956269]  should_fail.cold+0x5/0xa
[ 1204.957049]  _copy_from_user+0x2e/0x1b0
[ 1204.957857]  __copy_msghdr_from_user+0x91/0x4b0
[ 1204.958800]  ? __ia32_sys_shutdown+0x80/0x80
[ 1204.959679]  ? __lock_acquire+0x1657/0x5b00
[ 1204.960567]  ___sys_recvmsg+0xd5/0x200
[ 1204.961338]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1204.962311]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.963132]  ? lock_acquire+0x197/0x470
[ 1204.963921]  ? find_held_lock+0x2c/0x110
[ 1204.964718]  ? __might_fault+0xd3/0x180
[ 1204.965506]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.966330]  do_recvmmsg+0x24c/0x6d0
[ 1204.967094]  ? ___sys_recvmsg+0x200/0x200
[ 1204.967936]  ? lock_downgrade+0x6d0/0x6d0
[ 1204.968766]  ? ksys_write+0x12d/0x260
[ 1204.969532]  ? wait_for_completion_io+0x270/0x270
[ 1204.970496]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1204.971400]  ? vfs_write+0x354/0xa70
[ 1204.972134]  __x64_sys_recvmmsg+0x20f/0x260
[ 1204.972992]  ? ksys_write+0x1a9/0x260
[ 1204.973750]  ? __do_sys_socketcall+0x600/0x600
[ 1204.974669]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1204.975703]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1204.976746]  do_syscall_64+0x33/0x40
[ 1204.977491]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1204.978525] RIP: 0033:0x7f65a52bbb19
[ 1204.979259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1204.982904] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1204.984409] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1204.985797] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1204.987213] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.988617] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1204.990037] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:28:43 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 38)

18:28:43 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 15)

18:28:43 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 28)

18:28:43 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, 0x0, 0x0)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:28:43 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(0xffffffffffffffff, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)
write$binfmt_aout(r3, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:43 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 47)

18:28:43 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}}], 0x35f, 0x10062, 0x0)

18:28:43 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0)
r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x20, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f00000001c0)=0x1df)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x98a)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000001840)=ANY=[@ANYBLOB="00000000fffffdfd010000000000000000000000000000000000000000000000000000000000000080000000000000003f40185d9e5adb01ec0000000000000000000000000000000003000000000000000000fc1300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000fdff00feffabe0dd258affff3b4e5ccfd12e06aa8dc7457501000080000008000000322dd8fe6f49e6b1df0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017d7a6258ba56c75d1e95a5538c93e59db035a626153664a6036ecdfa290eee9866bd122047a2328b14ce99a3cf38daf9f3ddb73219a2abcec000000000000000000000014457a2c55296e1658dca5161a425c4d2fbad862fd5256f0e736ef319d6edda04a447cdac10eda8fb60ed1de4e66a55712ed643a07000000000000007660a5dc5377a5f097db2061fae83172baf90c8d668cbf0103a4c2831f668b03d412e128390d116f08feab5d6d93cab2dc53c251db92012f31834796d0079359670244d70c05008ba14742714519af40f32a0f94df2ff0c8439554148ecf6ca0b7e4b1dfbdd5eae268fba2ef96823554372e6dc73183afa671ed684c3e32a25af48926a454981425f80ea5590147a4612bc497b86abf16214aab5c0a27a20c9fdd3f2475c96c0adf320b3cf0efca33a6b045ed405db9388354bb777be170eb975d360f37669625a2f933e2a5878f6aff8dcf8ffbae9b08ca08ee5aa995e891954763587b76b800f8d646a5dae357b3dffa75e5036cc1ab76ffd86fec711e733a9ad8ff010000f188de851028a3e5a893c4239b1d9554247e4378"])
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
flock(r3, 0x6)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x4, 0x0, 0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x14e6}, 0x40002, 0x0, 0x0, 0x4, 0x5, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY(r1, 0x5000940f, &(0x7f0000000300)={{}, "12852ee246b149ec4e0bc7bacf27cc444919aed26cef0ed88e61066a2602f8b898227884075400e6ab7a433f83d5130151c8dfae7fda7925d882d1bd49a816dbab08b93bc75cce1eda46d097976f4cc5f7cfe4dd50fbe285d8a564d752c42884c08f575250fcab04f62046484c523856295705a3047913d8c70f81ebe9a44583b3145d4883b5d8f4519f7bd1adba5a5fdf31732e2a606019faeb23344939796b3e16ccb29260de78997bc36cf68b66466bd25729dd0b7cde53f76be436e6bdc3bd6a575438acd24472bd98686376edad168e5c9a521d13390910b5093adc504ab0a0c63a5eda15bb29a3b805a6ddd7090f667725c83dd9bb290c2eabd26ca0a95bcd0770bbaeae50ae9dc5ec60a2db6e7d8ccf0cf11d86ab92e95c9859e57b7d6c77e4e80a4f5de84c49423d82065a91198987d5b28a2cf937a12ad1d16e21eba16e6f570b26c2fca9096f252b4ca6d594817141de6bc9ee612f89425037ee314296f7aaa6aa2eabcc3e3739ba934a7ed2f42651f9a3ad30a26b8bd96cac538d080741fafcfd3f384ed555e4b8690f92714a60526787b61756be8f7012d5fb6684b0176ec30eea403c5dde29a01465404a49f63fa29348bf2b125c5ae83e5c71eca9e1517a03c7a624702069d26e08ad61cbbe1098198eef3dbe0f4ab9b5fab5e80940054a62cfdcf624225fa414fbe9e13f5346fbdf9c289888d6e1b9d0dd2a6af4a58c9a466b8e1f3c394950ab04513e8e70bfbbecd5ca92eb58e5ca96c61817bdf3865fd87851da4bb522903939c2e667168cc4f45499db14e4400f984ebf141fbb324f0b1f79b10c352b870bb5230b5762f57562bdcc7e54e6ecbd0fa2b95ac263b7f3275717f928e958691d7c384bf169649ab482bd0dd2a85e3bb34ce3a04a782da6fa8a58abe6aa0fae7faea555e7b6c1d4762217bb1f929f8dcf45bb9b2a8627ae35a6905d275526df5e9bf336688d6769a594c3e6a13531edc89826d0a19c473c4e973fe0725ba9ac219586c8f24ce5cb8ddb8fb5a65c090e17f1bbc2bf1442c5710ee08eb88fbc041415dae75b376a66ab7ccac819596c991d7f39ffaef1e6a6d95735a35bf4cc6d201649fcc11e82981624be868a216f2f0e6fc1bc95e3a96b8e3148872b54bb5bb743dda6735846a3731282628f55effee084ea63aca27466d9af7e3c931a8b1de6a15e268c45846f28c74986e0b8089827b411f112c71da323b26c694441478f997d1f452ace55d47ad2e90156c1433ee49ae9af2fda73b3f89dce074f102a649545656c28202ab7d2f3c1fad6b77c7dd06b4f13c53ec2e79772cb212a45bdeb33a5d93d0c6c6493782407bfe669a55ece90dd8a2e133312985161011ddaf0c537476a1af6f396ebea7f39aa6b4bc75600ae9d8e09ed49e30ac62a640b8b15721eaa620622117bca7b89649e1e29a192ff7b998bffcafb7950ebb928a743fa80fe5eca83f6ee9479ef99834800b6dd0bca9103f2de13998560bd492fa6f4f4de37bcd18d7aa67bc3fa7d6f0696750e71566d2be7e779a2a9734f08a784eff904faca662ab7f39d53030247061375d35bfb110c52cb19dfcadab7e685bf2909b39c79f3a061d2820a79ed4557c2290bdd56b194dd38b02e2e4dcbad35b779517d77a78051c5bb9e68089178e2ec9020c2b3555985285b6f36d74ca5ce30013e8732f376a775bab324a463f020071703cc8eedff9ca0c45f8cea901e30a93fd3c2db06dbcef392aee894565f34aa7b15a3111ae8b59324999075432b1f557af94704a5048444cac1bf0622824af6ab18e4b8d9468d8d4abfb1700ce68bf34509002df3b101186734a00e14d15a5dd830c319242e6b1f3d2be2102e7af5a3a962ffa0505af53ec3de2761ef72f08baf030cd0f37f90a2bc6bedd1da0b2895537922863054871f51df4d253d182200f088178434c9141c9d9977ab39a5a3fadfe3f471440dcd714eb1f6ef993d71a72f5818225e3589830b3e113bc17570ab7d85c321335708357f54a140d02d3c8aa7783201610a2df33a22781786ce0cfd77ad0664117be6caaccb98fd20d285873899663c44e4896e935ed7d710cd35614fa79c4aad322a6af698d95ed49174f1ec7db75dc5b60ba86746a685625daf44d4e0abe8778711d5bedb6c84373e01d7d1f7cab254b8c9c306b25932d143ad90b4964c89911652f9f2dd38d577cbcdf599a4d8900b7ddf154c79ccf26f15ef344e9d680a843f255eb52815614ad9e5406b0062ad3ede64e287a7e8ee8b547e7ba12221b632f9a2a11e86e77635782a5136e6799d1fbb54511acb3039de65bf65fa7187754eb7bf02b01688112e81a559d8eaad867536ebe00bd411b339c9e3659b0d8fd5f3ecaf2fffce388eabc70ce6b9efdc304d1a3f81d828c7f14977b22c84ab72fc678cc120918e267a5f8de182d1d2a818706447ffaa77a650e4a692ae91eb36df2fe4465bf19ed7c41d688f5e6d2dfd4edf8b6adb9924e6a50c0a48ee4369f55edd167cc647cf4f37fe454a3f6497940042fdb06c45f4b3b929066e0315592abd29fb2e84772b56bc23f24bc493812439892db716597ec8c8f3a8750dc85b7fdf6cd97072c3350d2351a3bf6a4af1af83f339d349f8469e588c692f603ab20408b2c3222fa447ad0a70d54b299386dafafcc087ec61cff7f35dc16c6f5a37146c4f21d4bb85bad9440a38c39796be8baca4bad6fd2e9327b68b24254fbcd78bfde06a75afbf3235012529559369a7dd8354848e6c9aeca0139ad35c605fdc750d85d4399061264d05096b78a3b49b2fa6c67ca85eb908395f1f0288c165c544ed253ed696b0a0673f8d554dc206a90e9414b867519902da983a8e140de4314e31a6e8c0e92f3a64b6d34895ef66756b57690a0ab6e9c0e7d5050a43c1ec6bfca67c28c75c37ddf2d48baf8ea69d7c956fa1b36ac2e34e03678a58539a6c30cbd26bb498adaf33dd9c596899618b80b844957782d7b86abb708101e8944bf5da260b040f912564cad6968e410057046558c07c8629e1fd7a7f4e1d66ffc0e0106c104fb979c999a56fbf2bb6051332c71fe92e37213452ad485af96c1135ffc80febca188c2643f471907065904f1f85c9dc454dfd57a720c156a4a5f6b58a5e107df625acf38162d58cc4249346d97a95c9d926545c915f2c6bc8d173153c117e5d857f5975421968e1c55c60ac124cb923111fe16ac253a00971bbe9d0967e0281c4e76720d29185604774cefcc0619b4ce5699912f72bad2e8674199bd972d2e32a2a9b44103a4763e78c149495836c0ac42771d4dd2dd67a1e5d1f92d35cc553e80f5b60ba1320cf19b7c1c76a7faa5ed68f31d195d8e9a7a257ddcb81df965b113ec9a707a1b9b6cb404d2cdff61c23bb715485d81df4dc0491575a82c28e53ef01fe5438ba9e7199e2f981e5199a9ac86513f79261991734387e61931133f85aa1fa574275feec1a64b703e582bc48be1410d2c49c81dbbfd09f435327378cff74f24404b29097a1cd397c90845ad104e2867cea75c097f8347fca5a45c9b79e95ac0e35d56a642e606731a0e8b6383483adec9df9a58c0714183737102c2498c1de139fc479ca5e042490ae19d3860f318253c0e62c58bca7d4aa71cde7708676cbbf5ffc3519a72929b4ca7f384f8c89e4a37e6f5a4aeba8f2d9d982a9abe05ad8123b1dbb2bc8e064c9a068717ebb39a95e3b534eaee3269cf2169b25921ec0bf6c364cab323c92be5237d848a165c828898edda7c4f98d2db928857245eb18a93278ada9a36aab2fd3f0f16441bdb2e44c57a044f7c5344e2a4cb7854e32751546d52ebb02b196c4ff1ad8a7ab7b315a6512b3f7ffd4afb0acdd0c8ec0585039759d9a33101cc028a4a8ace8b4132955efbf8400aefda18d198cfc95aa8b7dac20215934eb4dfd47b1927a2ff8eebfc9ffbc7e2f63d1409666faafd48050c1a9f0e10e8915f2986337bc01ec727295198634611a1d6f55baaeeebf96c9acbc2404b69672f07d50eead240796c197dad25c1e8b67feea1a3f65c549ddbecee5ff26bde65120a64b54042693a6bbcbc1c49b65dc262de7b1b1fb47a3e93566225a7bf0c0b39523b1235d54b2e80afcb8d2b798e47a32a7552d97c50abc73cc000c38c4d5418f510d21c23d9590366d5ded87604e27c801893d022fb5454c5019129e60786f5eae86fbb8a9f7155bde6447aa1ebed65e598e6245deb033b8e945d96106cc6ac24021db90a2fa304a31add61293927738a2731aab673700d7b5117d8eaa5df59a90f622723326975d0f9e753e82bb716824cc5edbc3c6728999e9170c75ba6a4ac888447ce9b6f8929461946e8c63ea49e691dbb75ef48eece664da1e39c4f8bceaa8d14a3349909bab33380e79762d6a25fc1b49f3eebe345644e9073288f0965f524bdf4e7b8112417bd29c1f62735834be838c1553b73e7da9d5645fdea685320b415f151a29f966e8761a621c18703cf75c952a3c226f80c77732b4cdfd215bd00af717fd5948fdb0a48ba71f1f2c3743e7fa45e6407190466f28a41c7aefa96652de6ba0330085f9784df2ae2753854b791254ce89341c9ed07df7caf012f017e1991e2651998011cf673fae9064506dda031615401b63dbdf4ebf3d36e2e3d1470a9ccb78bd89995ed52eef55bbcedf216e2ab875cad325e44b6d3ebd22ffe8cb79b36a71eebbf34e29c06cba3ef978342288777651e3ced73109c073060a0f36846347a8a1153c549aa23a73f55d78c15e47c8f31b1958535a68ad617a686daeadc322e6adf42043a58562ecc1d7f5b9468f22fcd2d3eb6cb4aba97865f098f6408d02c52ad4963009c57afb16daedba301eace4d6b58bec2cb0d40d96c12aa4819cc1fdba49522495be1ccbe83c9a36cf40f5bc272efcd76172f83fc5788b480e8deba20c3355e1d405cb4961a05a619a8255d69923e075690ea6434a05a8a8cdc43dd986ecee55686172fd97671dafa6a3da991d998d49933d803de17271301798a64bad795062409ce705376b21d477c0e117c9d79c38bf4e9e4d0442ca98cb654014532e1acf0309439c16b1612ea929e6235b33945555f52b2ffb5fd409d71cb8c2a8feb9e16bc480f8157a24ba9dbb631e5db393cafef897d404ec7feaf585de2603b98f96d515d9168547c748717436ac7f970b2db860f0acb44a1b72a2fc88b590346759f91795f25ff7cb4f55341beeab8eafb469cebd36e5beac37ed79ae479009ee9965a2de3f3292dc73976f5bf653fe335a561daeb22a3a887a844bc207fea30198f6c4e5507484fb185d61452a20b508b941b2ac517c6ce2b977b5ac4e3d8299fad78527168041623ed30ae7ac594e642109365f9458687115c6a4fc2396ce3e19f1b35cad7525596c75fed918dcf3e879065c16d7ae9ebeff4018f4e29cc350ea2a6d75f2d34fbbdced9aef7530f1ff97c7cefa558c2e92fa4cd07b7fa46c02fc9504868f7f683ad81fec5dd42584de07a1a8fa62dbe7c22f57683421a8f71269f9ed4d52a3e30dee15adfaa9f9289eda0414d3fc156e1340fbdce5246773e535ed241b2ea52d7f3dfa1a73d9985f0b9962b98b9cfc6e2e50b39cddbd04e7e24a56a341b2935e800b7fb66dc960e85c4902130459a89f408a36ba5509eb7341d8e0b80a708a20f3ce09a64794dbe90fb5439f3c4b410c7a3ca55f266fffb6e6127fbcaec22b692712d723998204c86fc5abac93bdd8aae6e3da9507a1f5ac72f9df250247d0f39f4156bb61245193a59f8beaf2222501"})
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000200)={0x0, @aes128, 0x0, @desc4})
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000240)=0x67bb, 0x4)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000100)={0x101, 0x0, 0x0, 'queue0\x00'})
r5 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8)
unshare(0x48020200)
write$binfmt_elf64(r5, &(0x7f0000001e00)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x5c, 0xff, 0x1, 0x2, 0x2, 0x6, 0xab, 0x11f, 0x40, 0x2fc, 0x401, 0x0, 0x38, 0x2, 0x6861, 0x3, 0x1ff}, [{0x6474e551, 0x5, 0x5, 0x0, 0x5, 0xff, 0x4, 0x2}, {0x0, 0x4, 0x7fffffff, 0xf59, 0x70000, 0x1000, 0x200, 0x2}], "99c20942fc3c021ddfb8f4a0079fe4b6d1c653fe0f0adbc35977f7300ef766c01fd4b795fda7576f324670c8ce733ffa28454830fb99d47907dbe072bb5fc069411647d59aae9ef252f677028f18294863cd53b010602839a7f74dedce8a44be809d3e4f8c7dad08d5999cd7e74374a92ebba31f9039e0b9d08b602b37d7a1a036485e708e3f4b9ee7e6", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x93a)

[ 1219.333232] FAULT_INJECTION: forcing a failure.
[ 1219.333232] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1219.335131] FAULT_INJECTION: forcing a failure.
[ 1219.335131] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1219.335689] CPU: 0 PID: 7584 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1219.335701] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1219.335707] Call Trace:
[ 1219.335730]  dump_stack+0x107/0x167
[ 1219.335754]  should_fail.cold+0x5/0xa
[ 1219.335780]  _copy_from_user+0x2e/0x1b0
[ 1219.335804]  __copy_msghdr_from_user+0x91/0x4b0
[ 1219.335824]  ? __ia32_sys_shutdown+0x80/0x80
[ 1219.335843]  ? __lock_acquire+0x1657/0x5b00
[ 1219.335879]  ___sys_recvmsg+0xd5/0x200
[ 1219.335899]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1219.335920]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.335943]  ? lock_acquire+0x197/0x470
[ 1219.335960]  ? find_held_lock+0x2c/0x110
[ 1219.335984]  ? __might_fault+0xd3/0x180
[ 1219.336002]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.336040]  do_recvmmsg+0x24c/0x6d0
[ 1219.336065]  ? ___sys_recvmsg+0x200/0x200
[ 1219.336091]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.355018]  ? ksys_write+0x12d/0x260
[ 1219.355808]  ? wait_for_completion_io+0x270/0x270
[ 1219.356780]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1219.357712]  ? vfs_write+0x354/0xa70
[ 1219.358467]  __x64_sys_recvmmsg+0x20f/0x260
[ 1219.359345]  ? ksys_write+0x1a9/0x260
[ 1219.360111]  ? __do_sys_socketcall+0x600/0x600
[ 1219.361040]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1219.362092]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1219.363151]  do_syscall_64+0x33/0x40
[ 1219.363905]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1219.364934] RIP: 0033:0x7f301b410b19
[ 1219.365687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1219.369399] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1219.370976] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1219.372458] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1219.373965] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1219.375450] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1219.376893] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1219.378726] CPU: 1 PID: 7593 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1219.380146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1219.381861] Call Trace:
[ 1219.382416]  dump_stack+0x107/0x167
[ 1219.383186]  should_fail.cold+0x5/0xa
[ 1219.383986]  _copy_from_user+0x2e/0x1b0
[ 1219.384830]  __copy_msghdr_from_user+0x91/0x4b0
[ 1219.385797]  ? __ia32_sys_shutdown+0x80/0x80
[ 1219.386714]  ? __lock_acquire+0x1657/0x5b00
[ 1219.387632]  ___sys_recvmsg+0xd5/0x200
[ 1219.388432]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1219.389441]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.390303]  ? lock_acquire+0x197/0x470
[ 1219.391137]  ? find_held_lock+0x2c/0x110
[ 1219.391973]  ? __might_fault+0xd3/0x180
[ 1219.392773]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.393609]  do_recvmmsg+0x24c/0x6d0
[ 1219.394370]  ? ___sys_recvmsg+0x200/0x200
[ 1219.395215]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.396083]  ? ksys_write+0x12d/0x260
[ 1219.396895]  ? wait_for_completion_io+0x270/0x270
[ 1219.397893]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1219.398847] FAULT_INJECTION: forcing a failure.
[ 1219.398847] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1219.398876]  ? vfs_write+0x354/0xa70
[ 1219.398903]  __x64_sys_recvmmsg+0x20f/0x260
[ 1219.402858]  ? ksys_write+0x1a9/0x260
[ 1219.403646]  ? __do_sys_socketcall+0x600/0x600
[ 1219.404590]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1219.405666]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1219.406748]  do_syscall_64+0x33/0x40
[ 1219.407514]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1219.408569] RIP: 0033:0x7f65a52bbb19
[ 1219.409331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1219.413139] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1219.414718] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1219.416188] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1219.417666] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1219.419152] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1219.420635] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1219.422133] CPU: 0 PID: 7591 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1219.423555] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1219.425245] Call Trace:
[ 1219.425685] FAULT_INJECTION: forcing a failure.
[ 1219.425685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1219.425796]  dump_stack+0x107/0x167
[ 1219.428870]  should_fail.cold+0x5/0xa
[ 1219.429664]  _copy_from_user+0x2e/0x1b0
[ 1219.430483]  __copy_msghdr_from_user+0x91/0x4b0
[ 1219.431445]  ? __ia32_sys_shutdown+0x80/0x80
[ 1219.432348]  ? __lock_acquire+0x1657/0x5b00
[ 1219.433247]  ___sys_recvmsg+0xd5/0x200
[ 1219.434050]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1219.435073]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1219.435999]  ? lock_acquire+0x197/0x470
[ 1219.436815]  ? find_held_lock+0x2c/0x110
[ 1219.437656]  ? __might_fault+0xd3/0x180
[ 1219.438467]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.439319]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1219.440446]  do_recvmmsg+0x24c/0x6d0
[ 1219.441219]  ? ___sys_recvmsg+0x200/0x200
[ 1219.442073]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.442934]  ? ksys_write+0x12d/0x260
[ 1219.443737]  ? wait_for_completion_io+0x270/0x270
[ 1219.444732]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1219.445684]  ? vfs_write+0x354/0xa70
[ 1219.446450]  __x64_sys_recvmmsg+0x20f/0x260
[ 1219.447348]  ? ksys_write+0x1a9/0x260
[ 1219.448131]  ? __do_sys_socketcall+0x600/0x600
[ 1219.449079]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1219.450146]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1219.451213]  do_syscall_64+0x33/0x40
[ 1219.451982]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1219.453030] RIP: 0033:0x7fd50191ab19
[ 1219.453797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1219.457581] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1219.459148] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1219.460617] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1219.462075] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1219.463547] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1219.465021] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1219.466639] CPU: 1 PID: 7592 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1219.468067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1219.469780] Call Trace:
[ 1219.470317]  dump_stack+0x107/0x167
[ 1219.471092]  should_fail.cold+0x5/0xa
[ 1219.471890]  _copy_from_user+0x2e/0x1b0
[ 1219.472729]  __copy_msghdr_from_user+0x91/0x4b0
[ 1219.473690]  ? __ia32_sys_shutdown+0x80/0x80
[ 1219.474632]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1219.475703]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1219.476821]  ? trace_hardirqs_on+0x5b/0x180
[ 1219.477719]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1219.478840]  ___sys_recvmsg+0xd5/0x200
[ 1219.479647]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1219.480656]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1219.481597]  ? finish_task_switch+0x126/0x5d0
[ 1219.482509]  ? finish_task_switch+0xef/0x5d0
[ 1219.483416]  ? __switch_to+0x572/0xf70
[ 1219.484210]  ? __switch_to_asm+0x3a/0x60
[ 1219.485046]  ? __switch_to_asm+0x34/0x60
[ 1219.485880]  ? __schedule+0x82c/0x1ea0
[ 1219.486700]  ? io_schedule_timeout+0x140/0x140
[ 1219.487672]  do_recvmmsg+0x24c/0x6d0
[ 1219.488440]  ? ___sys_recvmsg+0x200/0x200
[ 1219.489305]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.490172]  ? ksys_write+0x12d/0x260
[ 1219.490984]  ? wait_for_completion_io+0x270/0x270
[ 1219.491994]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1219.492957]  ? vfs_write+0x354/0xa70
[ 1219.493732]  __x64_sys_recvmmsg+0x20f/0x260
[ 1219.494638]  ? ksys_write+0x1a9/0x260
[ 1219.495428]  ? __do_sys_socketcall+0x600/0x600
[ 1219.496370]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1219.497436]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1219.498500]  do_syscall_64+0x33/0x40
[ 1219.499278]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1219.500333] RIP: 0033:0x7f13d67b3b19
[ 1219.501095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1219.504845] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1219.506397] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1219.507852] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1219.509316] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1219.510799] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1219.512243] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:28:43 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 48)

18:28:43 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 29)

18:28:43 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(0xffffffffffffffff, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)
write$binfmt_aout(r3, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:43 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000), 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:28:43 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 16)

[ 1219.685886] FAULT_INJECTION: forcing a failure.
[ 1219.685886] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1219.688815] CPU: 1 PID: 7599 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1219.690226] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1219.691949] Call Trace:
[ 1219.692490]  dump_stack+0x107/0x167
[ 1219.693241]  should_fail.cold+0x5/0xa
[ 1219.694034]  _copy_from_user+0x2e/0x1b0
[ 1219.694876]  __copy_msghdr_from_user+0x91/0x4b0
[ 1219.695836]  ? __ia32_sys_shutdown+0x80/0x80
[ 1219.696727]  ? __lock_acquire+0x1657/0x5b00
[ 1219.697624]  ___sys_recvmsg+0xd5/0x200
[ 1219.698423]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1219.699449]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1219.700536]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1219.701449]  ? trace_hardirqs_on+0x5b/0x180
[ 1219.702331]  ? lock_acquire+0x197/0x470
[ 1219.703154]  ? find_held_lock+0x2c/0x110
[ 1219.703998]  ? __might_fault+0xd3/0x180
[ 1219.704817]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.705672]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1219.706804]  do_recvmmsg+0x24c/0x6d0
[ 1219.707576]  ? ___sys_recvmsg+0x200/0x200
[ 1219.708428]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.709286]  ? ksys_write+0x12d/0x260
[ 1219.710075]  ? wait_for_completion_io+0x270/0x270
[ 1219.711080]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1219.712030]  ? vfs_write+0x354/0xa70
[ 1219.712795]  __x64_sys_recvmmsg+0x20f/0x260
[ 1219.713679]  ? ksys_write+0x1a9/0x260
[ 1219.714460]  ? __do_sys_socketcall+0x600/0x600
[ 1219.715409]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1219.716483]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1219.717545]  do_syscall_64+0x33/0x40
[ 1219.718302]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1219.719346] RIP: 0033:0x7f13d67b3b19
[ 1219.720104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1219.723880] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1219.725435] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1219.726914] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1219.728364] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1219.729824] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1219.731293] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:28:43 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xc4653600}}], 0x35f, 0x10062, 0x0)

[ 1219.750100] FAULT_INJECTION: forcing a failure.
[ 1219.750100] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1219.753079] CPU: 1 PID: 7602 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1219.754515] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1219.756236] Call Trace:
[ 1219.756786]  dump_stack+0x107/0x167
[ 1219.757550]  should_fail.cold+0x5/0xa
[ 1219.758352]  _copy_from_user+0x2e/0x1b0
[ 1219.759184]  __copy_msghdr_from_user+0x91/0x4b0
[ 1219.760151]  ? __ia32_sys_shutdown+0x80/0x80
[ 1219.761042]  ? __lock_acquire+0x1657/0x5b00
[ 1219.761935]  ___sys_recvmsg+0xd5/0x200
[ 1219.762796]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1219.763790]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1219.764852]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1219.765764]  ? trace_hardirqs_on+0x5b/0x180
[ 1219.766659]  ? lock_acquire+0x197/0x470
[ 1219.767471]  ? find_held_lock+0x2c/0x110
[ 1219.768301]  ? __might_fault+0xd3/0x180
[ 1219.769108]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.769950]  ? io_schedule_timeout+0x140/0x140
[ 1219.770921]  do_recvmmsg+0x24c/0x6d0
[ 1219.771684]  ? ___sys_recvmsg+0x200/0x200
[ 1219.772524]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.773371]  ? ksys_write+0x12d/0x260
[ 1219.774159]  ? wait_for_completion_io+0x270/0x270
[ 1219.775147]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1219.776134]  ? vfs_write+0x354/0xa70
[ 1219.776904]  __x64_sys_recvmmsg+0x20f/0x260
[ 1219.777790]  ? ksys_write+0x1a9/0x260
[ 1219.778570]  ? __do_sys_socketcall+0x600/0x600
[ 1219.779537]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1219.780623]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1219.781683]  do_syscall_64+0x33/0x40
[ 1219.782460]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1219.783577] RIP: 0033:0x7f65a52bbb19
[ 1219.784342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1219.788069] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1219.789605] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1219.791061] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1219.792520] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1219.793957] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1219.795413] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1219.809867] FAULT_INJECTION: forcing a failure.
[ 1219.809867] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1219.812755] CPU: 1 PID: 7607 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1219.814135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1219.815838] Call Trace:
[ 1219.816380]  dump_stack+0x107/0x167
[ 1219.817139]  should_fail.cold+0x5/0xa
[ 1219.817930]  _copy_from_user+0x2e/0x1b0
[ 1219.818769]  __copy_msghdr_from_user+0x91/0x4b0
[ 1219.819738]  ? __ia32_sys_shutdown+0x80/0x80
[ 1219.820631]  ? __lock_acquire+0x1657/0x5b00
[ 1219.821531]  ___sys_recvmsg+0xd5/0x200
[ 1219.822328]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1219.823341]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.824177]  ? lock_acquire+0x197/0x470
[ 1219.824980]  ? find_held_lock+0x2c/0x110
[ 1219.825806]  ? __might_fault+0xd3/0x180
[ 1219.826630]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.827495]  do_recvmmsg+0x24c/0x6d0
[ 1219.828254]  ? ___sys_recvmsg+0x200/0x200
[ 1219.829095]  ? lock_downgrade+0x6d0/0x6d0
[ 1219.829941]  ? ksys_write+0x12d/0x260
[ 1219.830736]  ? wait_for_completion_io+0x270/0x270
[ 1219.831711]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1219.832648]  ? vfs_write+0x354/0xa70
[ 1219.833406]  __x64_sys_recvmmsg+0x20f/0x260
[ 1219.834287]  ? ksys_write+0x1a9/0x260
[ 1219.835083]  ? __do_sys_socketcall+0x600/0x600
[ 1219.836016]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1219.837075]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1219.838122]  do_syscall_64+0x33/0x40
[ 1219.838898]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1219.839928] RIP: 0033:0x7f301b410b19
[ 1219.840681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1219.844430] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1219.845972] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1219.847438] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1219.848883] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1219.850325] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1219.851793] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:28:44 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, 0x0, 0x0)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:44 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000), 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:28:56 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 39)

18:28:56 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 30)

18:28:56 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 49)

18:28:56 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x4000)
ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f00000000c0)=0x6)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0, {0x80000000}}, './file0\x00'})
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000180))
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000100)={0x53, 0x0, 0xa, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000000)="a168e33939bae8bf12ca", 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x406e2, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="280000001000010000000000000000000000000005000000000000000c000080080010", @ANYRES32=r3, @ANYBLOB="5dc07f58a3256c4d5f3dd27206f04fe9295d791481adc131040127d140d0e99c9353d6f4044c4f9ed3f18bfe7dc5bab1eb8b71f8845681cda47f106f612bf95996681ee509008d38775905f2f2ac599c42eaf951bbb06302663b6ba2fdef0e3fdd78be061c65b9a2a5f1ab4e3d7acee0f0c546c885cf76a3d05522f43b1db09bae2403038039ca9a453c21d171dd7ebb6661ae6042bd6c9bd410c636832f7278accf6d1d50678c7779b1376500e9b018c81882cbb3dc7ffb6cc642d54d1e555c42686356cfbe0dd390a76f41cdff63eb7ee121700334"], 0x28}}, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8914, &(0x7f0000000140)={'lo\x00', <r5=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r3, 0x89f9, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'sit0\x00', r5, 0x4, 0x85, 0x52, 0x0, 0x24, @empty, @mcast2, 0x0, 0x80, 0x402, 0xa273}})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000300)={r5, 0x1, 0x6, @remote}, 0x10)

18:28:56 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000), 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:28:56 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 17)

18:28:56 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}}], 0x35f, 0x10062, 0x0)

18:28:56 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, 0x0, 0x0)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1232.653981] FAULT_INJECTION: forcing a failure.
[ 1232.653981] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1232.656895] CPU: 1 PID: 7627 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1232.658304] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1232.660047] Call Trace:
[ 1232.660601]  dump_stack+0x107/0x167
[ 1232.661358]  should_fail.cold+0x5/0xa
[ 1232.662170]  _copy_from_user+0x2e/0x1b0
[ 1232.663029]  __copy_msghdr_from_user+0x91/0x4b0
[ 1232.663994]  ? __ia32_sys_shutdown+0x80/0x80
[ 1232.664899]  ? __lock_acquire+0x1657/0x5b00
[ 1232.665804]  ___sys_recvmsg+0xd5/0x200
[ 1232.666609]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1232.667644]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1232.668572]  ? lock_acquire+0x197/0x470
[ 1232.669388]  ? find_held_lock+0x2c/0x110
[ 1232.670235]  ? __might_fault+0xd3/0x180
[ 1232.671071]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.671936]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1232.673071]  do_recvmmsg+0x24c/0x6d0
[ 1232.673859]  ? ___sys_recvmsg+0x200/0x200
[ 1232.674711]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.675609]  ? ksys_write+0x12d/0x260
[ 1232.676415]  ? wait_for_completion_io+0x270/0x270
[ 1232.677415]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1232.678373]  ? vfs_write+0x354/0xa70
[ 1232.679153]  __x64_sys_recvmmsg+0x20f/0x260
[ 1232.680038]  ? ksys_write+0x1a9/0x260
[ 1232.680814]  ? __do_sys_socketcall+0x600/0x600
[ 1232.681768]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1232.682872]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1232.683933]  do_syscall_64+0x33/0x40
[ 1232.684709]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1232.685140] FAULT_INJECTION: forcing a failure.
[ 1232.685140] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1232.685759] RIP: 0033:0x7f13d67b3b19
[ 1232.685781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1232.685792] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1232.685812] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1232.685823] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1232.685834] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1232.685844] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1232.685855] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1232.703769] CPU: 0 PID: 7629 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1232.705158] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1232.706870] Call Trace:
[ 1232.707415]  dump_stack+0x107/0x167
[ 1232.708171]  should_fail.cold+0x5/0xa
[ 1232.708960]  _copy_from_user+0x2e/0x1b0
[ 1232.709783]  __copy_msghdr_from_user+0x91/0x4b0
[ 1232.709836] FAULT_INJECTION: forcing a failure.
[ 1232.709836] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1232.710725]  ? __ia32_sys_shutdown+0x80/0x80
[ 1232.710746]  ? __lock_acquire+0x1657/0x5b00
[ 1232.710791]  ___sys_recvmsg+0xd5/0x200
[ 1232.710811]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1232.710832]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.710859]  ? lock_acquire+0x197/0x470
[ 1232.718256]  ? find_held_lock+0x2c/0x110
[ 1232.719098]  ? __might_fault+0xd3/0x180
[ 1232.719912]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.720767]  do_recvmmsg+0x24c/0x6d0
[ 1232.721527]  ? ___sys_recvmsg+0x200/0x200
[ 1232.722383]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.723231]  ? ksys_write+0x12d/0x260
[ 1232.724020]  ? wait_for_completion_io+0x270/0x270
[ 1232.725003]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1232.725947]  ? vfs_write+0x354/0xa70
[ 1232.726711]  __x64_sys_recvmmsg+0x20f/0x260
[ 1232.727599]  ? ksys_write+0x1a9/0x260
[ 1232.728374]  ? __do_sys_socketcall+0x600/0x600
[ 1232.729305]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1232.730365]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1232.731421]  do_syscall_64+0x33/0x40
[ 1232.732180]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1232.733218] RIP: 0033:0x7fd50191ab19
[ 1232.733977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1232.737713] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1232.739268] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1232.740718] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1232.742157] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1232.743614] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1232.745059] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1232.746627] CPU: 1 PID: 7638 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1232.748042] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1232.749720] Call Trace:
[ 1232.750256]  dump_stack+0x107/0x167
[ 1232.751013]  should_fail.cold+0x5/0xa
[ 1232.751791]  _copy_from_user+0x2e/0x1b0
[ 1232.752602]  __copy_msghdr_from_user+0x91/0x4b0
[ 1232.753549]  ? __ia32_sys_shutdown+0x80/0x80
[ 1232.754442]  ? __lock_acquire+0x1657/0x5b00
[ 1232.755353]  ___sys_recvmsg+0xd5/0x200
[ 1232.756143]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1232.757137]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1232.758055]  ? lock_acquire+0x197/0x470
[ 1232.758881]  ? find_held_lock+0x2c/0x110
[ 1232.759714]  ? __might_fault+0xd3/0x180
[ 1232.760534]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.761381]  ? io_schedule_timeout+0x140/0x140
[ 1232.762335]  do_recvmmsg+0x24c/0x6d0
[ 1232.763119]  ? ___sys_recvmsg+0x200/0x200
[ 1232.763955]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.764800]  ? ksys_write+0x12d/0x260
[ 1232.765585]  ? wait_for_completion_io+0x270/0x270
[ 1232.766563]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1232.767510]  ? vfs_write+0x354/0xa70
[ 1232.768266]  __x64_sys_recvmmsg+0x20f/0x260
[ 1232.769136]  ? ksys_write+0x1a9/0x260
[ 1232.769906]  ? __do_sys_socketcall+0x600/0x600
[ 1232.770854]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1232.771909]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1232.772955]  do_syscall_64+0x33/0x40
[ 1232.773726]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1232.774756] RIP: 0033:0x7f65a52bbb19
[ 1232.775530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1232.779264] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1232.780815] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1232.782277] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1232.783739] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1232.785177] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1232.786621] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1232.795278] FAULT_INJECTION: forcing a failure.
[ 1232.795278] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1232.798302] CPU: 1 PID: 7637 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1232.799709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1232.801391] Call Trace:
[ 1232.801925]  dump_stack+0x107/0x167
[ 1232.802688]  should_fail.cold+0x5/0xa
[ 1232.803492]  _copy_from_user+0x2e/0x1b0
[ 1232.804306]  __copy_msghdr_from_user+0x91/0x4b0
[ 1232.805260]  ? __ia32_sys_shutdown+0x80/0x80
[ 1232.806152]  ? __lock_acquire+0x1657/0x5b00
[ 1232.807039]  ___sys_recvmsg+0xd5/0x200
[ 1232.807809]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1232.808820]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.809674]  ? lock_acquire+0x197/0x470
[ 1232.810496]  ? find_held_lock+0x2c/0x110
[ 1232.811346]  ? __might_fault+0xd3/0x180
[ 1232.812150]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.813007]  do_recvmmsg+0x24c/0x6d0
[ 1232.813764]  ? ___sys_recvmsg+0x200/0x200
[ 1232.814600]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.815455]  ? ksys_write+0x12d/0x260
[ 1232.816239]  ? wait_for_completion_io+0x270/0x270
[ 1232.817216]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1232.818153]  ? vfs_write+0x354/0xa70
[ 1232.818927]  __x64_sys_recvmmsg+0x20f/0x260
[ 1232.819797]  ? ksys_write+0x1a9/0x260
[ 1232.820565]  ? __do_sys_socketcall+0x600/0x600
[ 1232.821490]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1232.822546]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1232.823603]  do_syscall_64+0x33/0x40
[ 1232.824372]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1232.825403] RIP: 0033:0x7f301b410b19
[ 1232.826156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1232.829888] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1232.831430] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1232.832865] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1232.834300] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1232.835740] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1232.837178] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:28:57 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, 0x0, 0x0)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:57 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, 0x0, 0x0)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:57 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 50)

18:28:57 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(0xffffffffffffffff, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1232.963212] FAULT_INJECTION: forcing a failure.
[ 1232.963212] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1232.965750] CPU: 0 PID: 7648 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1232.966824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1232.968085] Call Trace:
[ 1232.968496]  dump_stack+0x107/0x167
[ 1232.969055]  should_fail.cold+0x5/0xa
[ 1232.969655]  _copy_from_user+0x2e/0x1b0
[ 1232.970298]  __copy_msghdr_from_user+0x91/0x4b0
[ 1232.971043]  ? __ia32_sys_shutdown+0x80/0x80
[ 1232.971704]  ? __lock_acquire+0x1657/0x5b00
[ 1232.972382]  ___sys_recvmsg+0xd5/0x200
[ 1232.972984]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1232.973727]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1232.974555]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1232.975275]  ? trace_hardirqs_on+0x5b/0x180
[ 1232.975962]  ? lock_acquire+0x197/0x470
[ 1232.976583]  ? find_held_lock+0x2c/0x110
[ 1232.977225]  ? __might_fault+0xd3/0x180
[ 1232.977859]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.978515]  ? io_schedule_timeout+0x140/0x140
[ 1232.979247]  do_recvmmsg+0x24c/0x6d0
[ 1232.979835]  ? ___sys_recvmsg+0x200/0x200
[ 1232.980487]  ? lock_downgrade+0x6d0/0x6d0
[ 1232.981140]  ? ksys_write+0x12d/0x260
[ 1232.981737]  ? wait_for_completion_io+0x270/0x270
[ 1232.982454]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1232.983161]  ? vfs_write+0x354/0xa70
[ 1232.983728]  __x64_sys_recvmmsg+0x20f/0x260
[ 1232.984370]  ? ksys_write+0x1a9/0x260
[ 1232.984937]  ? __do_sys_socketcall+0x600/0x600
[ 1232.985631]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1232.986412]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1232.987224]  do_syscall_64+0x33/0x40
[ 1232.987777]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1232.988543] RIP: 0033:0x7f13d67b3b19
[ 1232.989099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1232.991869] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1232.993020] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1232.994079] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1232.995152] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1232.996217] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1232.997291] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:28:57 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000}}], 0x35f, 0x10062, 0x0)

18:28:57 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 18)

18:28:57 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}], 0x8)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:28:57 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, 0x0, 0x0)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1233.142188] FAULT_INJECTION: forcing a failure.
[ 1233.142188] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1233.145077] CPU: 1 PID: 7659 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1233.146478] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1233.148162] Call Trace:
[ 1233.148714]  dump_stack+0x107/0x167
[ 1233.149464]  should_fail.cold+0x5/0xa
[ 1233.150238]  _copy_from_user+0x2e/0x1b0
[ 1233.151059]  __copy_msghdr_from_user+0x91/0x4b0
[ 1233.152004]  ? __ia32_sys_shutdown+0x80/0x80
[ 1233.152901]  ? __lock_acquire+0x1657/0x5b00
[ 1233.153795]  ___sys_recvmsg+0xd5/0x200
[ 1233.154592]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1233.155610]  ? lock_downgrade+0x6d0/0x6d0
[ 1233.156465]  ? lock_acquire+0x197/0x470
[ 1233.157282]  ? find_held_lock+0x2c/0x110
[ 1233.158114]  ? __might_fault+0xd3/0x180
[ 1233.158932]  ? lock_downgrade+0x6d0/0x6d0
[ 1233.159794]  do_recvmmsg+0x24c/0x6d0
[ 1233.160554]  ? ___sys_recvmsg+0x200/0x200
[ 1233.161394]  ? lock_downgrade+0x6d0/0x6d0
[ 1233.162243]  ? ksys_write+0x12d/0x260
[ 1233.163049]  ? wait_for_completion_io+0x270/0x270
[ 1233.164033]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1233.164977]  ? vfs_write+0x354/0xa70
[ 1233.165741]  __x64_sys_recvmmsg+0x20f/0x260
[ 1233.166633]  ? ksys_write+0x1a9/0x260
[ 1233.167417]  ? __do_sys_socketcall+0x600/0x600
[ 1233.168344]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1233.169405]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1233.170460]  do_syscall_64+0x33/0x40
[ 1233.171242]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1233.172286] RIP: 0033:0x7f301b410b19
[ 1233.173043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1233.176790] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1233.178332] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1233.179797] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1233.181252] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1233.182696] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1233.184157] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:29:10 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 40)

18:29:10 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(0xffffffffffffffff, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:29:10 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 31)

[ 1246.284204] FAULT_INJECTION: forcing a failure.
[ 1246.284204] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1246.286169] CPU: 0 PID: 7672 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1246.287058] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1246.288116] Call Trace:
[ 1246.288453]  dump_stack+0x107/0x167
[ 1246.288925]  should_fail.cold+0x5/0xa
[ 1246.289424]  _copy_from_user+0x2e/0x1b0
[ 1246.289947]  __copy_msghdr_from_user+0x91/0x4b0
[ 1246.290549]  ? __ia32_sys_shutdown+0x80/0x80
[ 1246.291133]  ? __lock_acquire+0x1657/0x5b00
[ 1246.291686]  ___sys_recvmsg+0xd5/0x200
[ 1246.292180]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1246.292795]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.293323]  ? lock_acquire+0x197/0x470
[ 1246.293837]  ? find_held_lock+0x2c/0x110
[ 1246.294375]  ? __might_fault+0xd3/0x180
[ 1246.295054]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.295613]  do_recvmmsg+0x24c/0x6d0
[ 1246.296097]  ? ___sys_recvmsg+0x200/0x200
[ 1246.296643]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.297192]  ? ksys_write+0x12d/0x260
[ 1246.297704]  ? wait_for_completion_io+0x270/0x270
[ 1246.298335]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1246.298955]  ? vfs_write+0x354/0xa70
[ 1246.299447]  __x64_sys_recvmmsg+0x20f/0x260
[ 1246.300012]  ? ksys_write+0x1a9/0x260
[ 1246.300513]  ? __do_sys_socketcall+0x600/0x600
[ 1246.301125]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1246.301817]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1246.302502]  do_syscall_64+0x33/0x40
[ 1246.303011]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1246.303682] RIP: 0033:0x7f13d67b3b19
[ 1246.304179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1246.306599] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1246.307600] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1246.308542] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1246.309480] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1246.310427] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1246.311381] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:29:10 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 19)

18:29:10 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000}}], 0x35f, 0x10062, 0x0)

18:29:10 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 51)

18:29:10 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}], 0x8)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:29:10 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, 0x0, 0x0)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1246.326086] FAULT_INJECTION: forcing a failure.
[ 1246.326086] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1246.328957] CPU: 1 PID: 7671 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1246.330363] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1246.331207] FAULT_INJECTION: forcing a failure.
[ 1246.331207] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1246.332044] Call Trace:
[ 1246.332070]  dump_stack+0x107/0x167
[ 1246.332094]  should_fail.cold+0x5/0xa
[ 1246.332122]  _copy_from_user+0x2e/0x1b0
[ 1246.336407]  __copy_msghdr_from_user+0x91/0x4b0
[ 1246.337348]  ? __ia32_sys_shutdown+0x80/0x80
[ 1246.338243]  ? __lock_acquire+0x1657/0x5b00
[ 1246.339143]  ___sys_recvmsg+0xd5/0x200
[ 1246.339942]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1246.340940]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.341786]  ? lock_acquire+0x197/0x470
[ 1246.342590]  ? find_held_lock+0x2c/0x110
[ 1246.343441]  ? __might_fault+0xd3/0x180
[ 1246.344241]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.345104]  do_recvmmsg+0x24c/0x6d0
[ 1246.345872]  ? ___sys_recvmsg+0x200/0x200
[ 1246.346718]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.347578]  ? ksys_write+0x12d/0x260
[ 1246.348362]  ? wait_for_completion_io+0x270/0x270
[ 1246.349343]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1246.350282]  ? vfs_write+0x354/0xa70
[ 1246.351050]  __x64_sys_recvmmsg+0x20f/0x260
[ 1246.351921]  ? ksys_write+0x1a9/0x260
[ 1246.352700]  ? __do_sys_socketcall+0x600/0x600
[ 1246.353628]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1246.354685]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1246.355749]  do_syscall_64+0x33/0x40
[ 1246.356507]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1246.357542] RIP: 0033:0x7f65a52bbb19
[ 1246.358291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1246.362002] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1246.363561] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1246.364999] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1246.366443] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1246.367898] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1246.369334] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1246.370797] CPU: 0 PID: 7677 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1246.371690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1246.372754] Call Trace:
[ 1246.373092]  dump_stack+0x107/0x167
[ 1246.373568]  should_fail.cold+0x5/0xa
[ 1246.374041]  _copy_from_user+0x2e/0x1b0
[ 1246.374565]  __copy_msghdr_from_user+0x91/0x4b0
[ 1246.375147]  ? __ia32_sys_shutdown+0x80/0x80
[ 1246.375719]  ? __lock_acquire+0x1657/0x5b00
[ 1246.376249]  ___sys_recvmsg+0xd5/0x200
[ 1246.376751]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1246.377361]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.377896]  ? lock_acquire+0x197/0x470
[ 1246.378383]  ? find_held_lock+0x2c/0x110
[ 1246.378905]  ? __might_fault+0xd3/0x180
[ 1246.379390]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.379515] FAULT_INJECTION: forcing a failure.
[ 1246.379515] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1246.379935]  do_recvmmsg+0x24c/0x6d0
[ 1246.379952]  ? ___sys_recvmsg+0x200/0x200
[ 1246.379964]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.379980]  ? ksys_write+0x12d/0x260
[ 1246.380001]  ? wait_for_completion_io+0x270/0x270
[ 1246.380014]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1246.380025]  ? vfs_write+0x354/0xa70
[ 1246.380040]  __x64_sys_recvmmsg+0x20f/0x260
[ 1246.380050]  ? ksys_write+0x1a9/0x260
[ 1246.380063]  ? __do_sys_socketcall+0x600/0x600
[ 1246.380077]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1246.380088]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1246.380104]  do_syscall_64+0x33/0x40
[ 1246.380117]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1246.380124] RIP: 0033:0x7fd50191ab19
[ 1246.380135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1246.380142] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1246.380155] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1246.380172] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1246.395439] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1246.396340] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1246.397233] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1246.398167] CPU: 1 PID: 7679 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1246.399569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1246.401241] Call Trace:
[ 1246.401796]  dump_stack+0x107/0x167
[ 1246.402547]  should_fail.cold+0x5/0xa
[ 1246.403339]  _copy_from_user+0x2e/0x1b0
[ 1246.404146]  __copy_msghdr_from_user+0x91/0x4b0
[ 1246.405099]  ? __ia32_sys_shutdown+0x80/0x80
[ 1246.406006]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1246.407093]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1246.408178]  ? trace_hardirqs_on+0x5b/0x180
[ 1246.409124]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1246.410210]  ___sys_recvmsg+0xd5/0x200
[ 1246.411005]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1246.411990]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1246.412886]  ? finish_task_switch+0x126/0x5d0
[ 1246.413786]  ? finish_task_switch+0xef/0x5d0
[ 1246.414667]  ? __switch_to+0x572/0xf70
[ 1246.415461]  ? __switch_to_asm+0x3a/0x60
[ 1246.416272]  ? __switch_to_asm+0x34/0x60
[ 1246.417084]  ? __schedule+0x82c/0x1ea0
[ 1246.417877]  ? io_schedule_timeout+0x140/0x140
[ 1246.418807]  do_recvmmsg+0x24c/0x6d0
[ 1246.419578]  ? ___sys_recvmsg+0x200/0x200
[ 1246.420411]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.421252]  ? ksys_write+0x12d/0x260
[ 1246.422028]  ? wait_for_completion_io+0x270/0x270
[ 1246.423007]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1246.423938]  ? vfs_write+0x354/0xa70
[ 1246.424703]  __x64_sys_recvmmsg+0x20f/0x260
[ 1246.425576]  ? ksys_write+0x1a9/0x260
[ 1246.426341]  ? __do_sys_socketcall+0x600/0x600
[ 1246.427276]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1246.428321]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1246.429357]  do_syscall_64+0x33/0x40
[ 1246.430103]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1246.431136] RIP: 0033:0x7f301b410b19
[ 1246.431888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1246.435571] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1246.437090] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1246.438521] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1246.439958] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1246.441385] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1246.442807] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:29:10 executing program 4:
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2040, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x20ff, &(0x7f0000000080)={0x0, 0x0, 0x4}, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
io_uring_enter(r1, 0x1d99, 0xd4e7, 0x3, &(0x7f0000000140)={[0x3]}, 0x8)
pread64(0xffffffffffffffff, &(0x7f00000001c0)=""/122, 0x7a, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x2)
io_setup(0x3e3, &(0x7f0000000580)=<r3=>0x0)
io_submit(r3, 0x3, &(0x7f0000000540)=[&(0x7f0000000080)={0x4004800, 0x500, 0x0, 0x0, 0x0, r2, 0x0}, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000340)}])
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
io_cancel(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x3f, r2, &(0x7f0000000240)="b8e709bc5747bf1652538e214761fc002f4d6efc58382827e4efee759be16b02d561689c8aa097688dad82939e6bd8411330c4e6d433194a2abcb0b2300917c9aa09335adf1d4fdd32e9b74db302", 0x4e, 0xeef4, 0x0, 0x3, r4}, &(0x7f0000000100))
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

18:29:10 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 52)

18:29:10 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}], 0x8)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:29:10 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 41)

[ 1246.485871] FAULT_INJECTION: forcing a failure.
[ 1246.485871] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1246.487517] CPU: 0 PID: 7688 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1246.488366] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1246.489406] Call Trace:
[ 1246.489730]  dump_stack+0x107/0x167
[ 1246.490190]  should_fail.cold+0x5/0xa
[ 1246.490661]  _copy_from_user+0x2e/0x1b0
[ 1246.491164]  __copy_msghdr_from_user+0x91/0x4b0
[ 1246.491730]  ? __ia32_sys_shutdown+0x80/0x80
[ 1246.492255]  ? __lock_acquire+0x1657/0x5b00
[ 1246.492802]  ___sys_recvmsg+0xd5/0x200
[ 1246.493276]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1246.493871]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.494385]  ? lock_acquire+0x197/0x470
[ 1246.494863]  ? find_held_lock+0x2c/0x110
[ 1246.495382]  ? __might_fault+0xd3/0x180
[ 1246.495867]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.496386]  do_recvmmsg+0x24c/0x6d0
[ 1246.496841]  ? ___sys_recvmsg+0x200/0x200
[ 1246.497347]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.497851]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1246.498492]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1246.499142]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1246.499807]  ? wait_for_completion_io+0x270/0x270
[ 1246.500378]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1246.500945]  ? vfs_write+0x354/0xa70
[ 1246.501397]  __x64_sys_recvmmsg+0x20f/0x260
[ 1246.501921]  ? ksys_write+0x1a9/0x260
[ 1246.502373]  ? __do_sys_socketcall+0x600/0x600
[ 1246.502922]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1246.503558]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1246.504195]  do_syscall_64+0x33/0x40
[ 1246.504633]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1246.505252] RIP: 0033:0x7f13d67b3b19
[ 1246.505695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1246.507931] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1246.508859] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1246.509737] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1246.510597] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1246.511462] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1246.512317] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1246.542928] FAULT_INJECTION: forcing a failure.
[ 1246.542928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1246.544457] CPU: 0 PID: 7692 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1246.545289] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1246.546283] Call Trace:
[ 1246.546602]  dump_stack+0x107/0x167
[ 1246.547046]  should_fail.cold+0x5/0xa
[ 1246.547351] serio: Serial port tty29
[ 1246.547499]  _copy_from_user+0x2e/0x1b0
[ 1246.547516]  __copy_msghdr_from_user+0x91/0x4b0
[ 1246.547535]  ? __ia32_sys_shutdown+0x80/0x80
[ 1246.547547]  ? __lock_acquire+0x1657/0x5b00
[ 1246.550380]  ___sys_recvmsg+0xd5/0x200
[ 1246.550841]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1246.551395]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.551900]  ? lock_acquire+0x197/0x470
[ 1246.552347]  ? find_held_lock+0x2c/0x110
[ 1246.552835]  ? __might_fault+0xd3/0x180
[ 1246.553281]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.553786]  do_recvmmsg+0x24c/0x6d0
[ 1246.554208]  ? ___sys_recvmsg+0x200/0x200
[ 1246.554704]  ? lock_downgrade+0x6d0/0x6d0
[ 1246.555185]  ? ksys_write+0x12d/0x260
[ 1246.555645]  ? wait_for_completion_io+0x270/0x270
[ 1246.556184]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1246.556730]  ? vfs_write+0x354/0xa70
[ 1246.557160]  __x64_sys_recvmmsg+0x20f/0x260
[ 1246.557673]  ? ksys_write+0x1a9/0x260
[ 1246.558104]  ? __do_sys_socketcall+0x600/0x600
[ 1246.558646]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1246.559239]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1246.559857]  do_syscall_64+0x33/0x40
[ 1246.560282]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1246.560893] RIP: 0033:0x7fd50191ab19
[ 1246.561315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1246.563492] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1246.564348] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1246.565184] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1246.566028] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1246.566867] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1246.567716] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1246.648245] serio: Serial port tty29
18:29:23 executing program 4:
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2040, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x20ff, &(0x7f0000000080)={0x0, 0x0, 0x4}, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
io_uring_enter(r1, 0x1d99, 0xd4e7, 0x3, &(0x7f0000000140)={[0x3]}, 0x8)
pread64(0xffffffffffffffff, &(0x7f00000001c0)=""/122, 0x7a, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x2)
io_setup(0x3e3, &(0x7f0000000580)=<r3=>0x0)
io_submit(r3, 0x3, &(0x7f0000000540)=[&(0x7f0000000080)={0x4004800, 0x500, 0x0, 0x0, 0x0, r2, 0x0}, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000340)}])
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
io_cancel(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x3f, r2, &(0x7f0000000240)="b8e709bc5747bf1652538e214761fc002f4d6efc58382827e4efee759be16b02d561689c8aa097688dad82939e6bd8411330c4e6d433194a2abcb0b2300917c9aa09335adf1d4fdd32e9b74db302", 0x4e, 0xeef4, 0x0, 0x3, r4}, &(0x7f0000000100))
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

18:29:23 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(0xffffffffffffffff, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:29:23 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 20)

18:29:23 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 42)

18:29:23 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {0x0}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:29:23 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 32)

18:29:23 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 53)

18:29:23 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x3665c4ffffffff}}], 0x35f, 0x10062, 0x0)

[ 1259.698024] FAULT_INJECTION: forcing a failure.
[ 1259.698024] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1259.699544] CPU: 0 PID: 7703 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1259.700324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1259.701289] Call Trace:
[ 1259.701602]  dump_stack+0x107/0x167
[ 1259.702035]  should_fail.cold+0x5/0xa
[ 1259.702478]  _copy_from_user+0x2e/0x1b0
[ 1259.702940]  __copy_msghdr_from_user+0x91/0x4b0
[ 1259.703483]  ? __ia32_sys_shutdown+0x80/0x80
[ 1259.703990]  ? __lock_acquire+0x1657/0x5b00
[ 1259.704499]  ___sys_recvmsg+0xd5/0x200
[ 1259.704948]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1259.705538]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.706020]  ? lock_acquire+0x197/0x470
[ 1259.706476]  ? find_held_lock+0x2c/0x110
[ 1259.706950]  ? __might_fault+0xd3/0x180
[ 1259.707423]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.707925]  do_recvmmsg+0x24c/0x6d0
[ 1259.708369]  ? ___sys_recvmsg+0x200/0x200
[ 1259.708857]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.709353]  ? ksys_write+0x12d/0x260
[ 1259.709816]  ? wait_for_completion_io+0x270/0x270
[ 1259.710390]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1259.710934]  ? vfs_write+0x354/0xa70
[ 1259.711383]  __x64_sys_recvmmsg+0x20f/0x260
[ 1259.711893]  ? ksys_write+0x1a9/0x260
[ 1259.712344]  ? __do_sys_socketcall+0x600/0x600
[ 1259.712877]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1259.713490]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1259.714097]  do_syscall_64+0x33/0x40
[ 1259.714543]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1259.715142] RIP: 0033:0x7fd50191ab19
[ 1259.715590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1259.717754] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1259.718651] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1259.719493] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1259.720332] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1259.721160] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1259.721995] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1259.744072] FAULT_INJECTION: forcing a failure.
[ 1259.744072] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1259.745454] CPU: 0 PID: 7714 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1259.746237] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1259.747193] Call Trace:
[ 1259.747497]  dump_stack+0x107/0x167
[ 1259.747919]  should_fail.cold+0x5/0xa
[ 1259.748368]  _copy_from_user+0x2e/0x1b0
[ 1259.748836]  __copy_msghdr_from_user+0x91/0x4b0
[ 1259.749373]  ? __ia32_sys_shutdown+0x80/0x80
[ 1259.749874]  ? __lock_acquire+0x1657/0x5b00
[ 1259.750381]  ___sys_recvmsg+0xd5/0x200
[ 1259.750825]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1259.751421]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.751905]  ? lock_acquire+0x197/0x470
[ 1259.752375]  ? find_held_lock+0x2c/0x110
[ 1259.752852]  ? __might_fault+0xd3/0x180
[ 1259.753314]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.753817]  do_recvmmsg+0x24c/0x6d0
[ 1259.754258]  ? ___sys_recvmsg+0x200/0x200
[ 1259.754750]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.755249]  ? ksys_write+0x12d/0x260
[ 1259.755702]  ? wait_for_completion_io+0x270/0x270
[ 1259.756268]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1259.756803]  ? vfs_write+0x354/0xa70
[ 1259.757238]  __x64_sys_recvmmsg+0x20f/0x260
[ 1259.757765]  ? ksys_write+0x1a9/0x260
[ 1259.758210]  ? __do_sys_socketcall+0x600/0x600
[ 1259.758767]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1259.759387]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1259.759994]  do_syscall_64+0x33/0x40
[ 1259.760432]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1259.761035] RIP: 0033:0x7f13d67b3b19
[ 1259.761480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1259.763667] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1259.764550] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1259.765384] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1259.766231] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1259.767056] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1259.767905] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1259.770740] FAULT_INJECTION: forcing a failure.
[ 1259.770740] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1259.772154] CPU: 0 PID: 7713 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1259.772950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1259.773922] Call Trace:
[ 1259.774229]  dump_stack+0x107/0x167
[ 1259.774645]  should_fail.cold+0x5/0xa
[ 1259.775094]  _copy_from_user+0x2e/0x1b0
[ 1259.775580]  __copy_msghdr_from_user+0x91/0x4b0
[ 1259.776137]  ? __ia32_sys_shutdown+0x80/0x80
[ 1259.776650]  ? __lock_acquire+0x1657/0x5b00
[ 1259.777159]  ___sys_recvmsg+0xd5/0x200
[ 1259.777608]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1259.778179]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.778671]  ? lock_acquire+0x197/0x470
[ 1259.779134]  ? find_held_lock+0x2c/0x110
[ 1259.779616]  ? __might_fault+0xd3/0x180
[ 1259.780080]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.780581]  do_recvmmsg+0x24c/0x6d0
[ 1259.781016]  ? ___sys_recvmsg+0x200/0x200
[ 1259.781509]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.781989]  ? ksys_write+0x12d/0x260
[ 1259.782449]  ? wait_for_completion_io+0x270/0x270
[ 1259.783006]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1259.783578]  ? vfs_write+0x354/0xa70
[ 1259.783783] FAULT_INJECTION: forcing a failure.
[ 1259.783783] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1259.784023]  __x64_sys_recvmmsg+0x20f/0x260
[ 1259.786853]  ? ksys_write+0x1a9/0x260
[ 1259.787287]  ? __do_sys_socketcall+0x600/0x600
[ 1259.787817]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1259.788416]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1259.789015]  do_syscall_64+0x33/0x40
[ 1259.789442]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1259.790037] RIP: 0033:0x7f65a52bbb19
[ 1259.790464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1259.792583] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1259.793460] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1259.794269] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1259.795090] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1259.795920] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1259.796743] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1259.797709] CPU: 1 PID: 7715 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1259.799115] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1259.800789] serio: Serial port tty29
[ 1259.801534] Call Trace:
[ 1259.802069]  dump_stack+0x107/0x167
[ 1259.802823]  should_fail.cold+0x5/0xa
[ 1259.803616]  _copy_from_user+0x2e/0x1b0
[ 1259.804433]  __copy_msghdr_from_user+0x91/0x4b0
[ 1259.805366]  ? __ia32_sys_shutdown+0x80/0x80
[ 1259.806263]  ? __lock_acquire+0x1657/0x5b00
[ 1259.807147]  ___sys_recvmsg+0xd5/0x200
[ 1259.807941]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1259.808922]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1259.809841]  ? lock_acquire+0x197/0x470
[ 1259.810636]  ? find_held_lock+0x2c/0x110
[ 1259.811478]  ? __might_fault+0xd3/0x180
[ 1259.812288]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.813127]  ? io_schedule_timeout+0x140/0x140
[ 1259.814070]  do_recvmmsg+0x24c/0x6d0
[ 1259.814829]  ? ___sys_recvmsg+0x200/0x200
[ 1259.815680]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.816531]  ? ksys_write+0x12d/0x260
[ 1259.817320]  ? wait_for_completion_io+0x270/0x270
[ 1259.818322]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1259.819282]  ? vfs_write+0x354/0xa70
[ 1259.820043]  __x64_sys_recvmmsg+0x20f/0x260
[ 1259.820918]  ? ksys_write+0x1a9/0x260
[ 1259.821693]  ? __do_sys_socketcall+0x600/0x600
[ 1259.822619]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1259.823685]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1259.824730]  do_syscall_64+0x33/0x40
[ 1259.825485]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1259.826516] RIP: 0033:0x7f301b410b19
[ 1259.827296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1259.830998] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1259.832539] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1259.833974] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1259.835417] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1259.836853] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1259.838285] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:29:24 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 43)

18:29:24 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:29:24 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 33)

18:29:24 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 54)

[ 1259.904411] FAULT_INJECTION: forcing a failure.
[ 1259.904411] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1259.905827] CPU: 0 PID: 7721 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1259.906573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1259.907487] Call Trace:
[ 1259.907779]  dump_stack+0x107/0x167
[ 1259.908179]  should_fail.cold+0x5/0xa
[ 1259.908598]  _copy_from_user+0x2e/0x1b0
[ 1259.909046]  __copy_msghdr_from_user+0x91/0x4b0
[ 1259.909548]  ? __ia32_sys_shutdown+0x80/0x80
[ 1259.910043]  ? find_held_lock+0x2c/0x110
[ 1259.910493]  ? finish_task_switch+0x126/0x5d0
[ 1259.910984]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.911453]  ___sys_recvmsg+0xd5/0x200
[ 1259.911877]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1259.912423]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1259.912989]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1259.913476]  ? trace_hardirqs_on+0x5b/0x180
[ 1259.913947]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1259.914434]  ? finish_task_switch+0x126/0x5d0
[ 1259.914925]  ? finish_task_switch+0xef/0x5d0
[ 1259.915432]  ? __switch_to+0x572/0xf70
[ 1259.915860]  ? __switch_to_asm+0x3a/0x60
[ 1259.916322]  ? __switch_to_asm+0x34/0x60
[ 1259.916781]  ? __schedule+0x82c/0x1ea0
[ 1259.917214]  ? io_schedule_timeout+0x140/0x140
[ 1259.917721]  do_recvmmsg+0x24c/0x6d0
[ 1259.918134]  ? ___sys_recvmsg+0x200/0x200
[ 1259.918592]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.919046]  ? ksys_write+0x12d/0x260
[ 1259.919483]  ? wait_for_completion_io+0x270/0x270
[ 1259.920023]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1259.920529]  ? vfs_write+0x354/0xa70
[ 1259.920943]  __x64_sys_recvmmsg+0x20f/0x260
[ 1259.921410]  ? ksys_write+0x1a9/0x260
[ 1259.921831]  ? __do_sys_socketcall+0x600/0x600
[ 1259.922329]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1259.922914]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1259.923509]  do_syscall_64+0x33/0x40
[ 1259.923921]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1259.924481] RIP: 0033:0x7fd50191ab19
[ 1259.924895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1259.926931] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1259.927776] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1259.928552] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1259.929332] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1259.930127] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1259.930921] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1259.944915] FAULT_INJECTION: forcing a failure.
[ 1259.944915] name fail_usercopy, interval 1, probability 0, space 0, times 0
18:29:24 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 21)

18:29:24 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}], 0x8)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1259.946222] CPU: 0 PID: 7724 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1259.947153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1259.948065] Call Trace:
[ 1259.948357]  dump_stack+0x107/0x167
[ 1259.948756]  should_fail.cold+0x5/0xa
[ 1259.949175]  _copy_from_user+0x2e/0x1b0
[ 1259.949611]  __copy_msghdr_from_user+0x91/0x4b0
[ 1259.950129]  ? __ia32_sys_shutdown+0x80/0x80
[ 1259.950605]  ? __lock_acquire+0x1657/0x5b00
[ 1259.951092]  ___sys_recvmsg+0xd5/0x200
[ 1259.951520]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1259.952055]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1259.952550]  ? lock_acquire+0x197/0x470
[ 1259.952979]  ? find_held_lock+0x2c/0x110
[ 1259.953428]  ? __might_fault+0xd3/0x180
[ 1259.953856]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.954318]  ? io_schedule_timeout+0x140/0x140
[ 1259.954820]  do_recvmmsg+0x24c/0x6d0
[ 1259.955246]  ? ___sys_recvmsg+0x200/0x200
[ 1259.955698]  ? lock_downgrade+0x6d0/0x6d0
[ 1259.956155]  ? ksys_write+0x12d/0x260
[ 1259.956580]  ? wait_for_completion_io+0x270/0x270
[ 1259.957107]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1259.957609]  ? vfs_write+0x354/0xa70
[ 1259.958020]  __x64_sys_recvmmsg+0x20f/0x260
[ 1259.958492]  ? ksys_write+0x1a9/0x260
[ 1259.958905]  ? __do_sys_socketcall+0x600/0x600
[ 1259.959439]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1259.960015]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1259.960589]  do_syscall_64+0x33/0x40
[ 1259.961007]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1259.961571] RIP: 0033:0x7f65a52bbb19
[ 1259.961988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1259.963957] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1259.964800] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1259.965583] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1259.966367] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1259.967168] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1259.967970] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1259.983095] FAULT_INJECTION: forcing a failure.
[ 1259.983095] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1259.986088] CPU: 1 PID: 7727 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1259.987486] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1259.989182] Call Trace:
[ 1259.989734]  dump_stack+0x107/0x167
[ 1259.990496]  should_fail.cold+0x5/0xa
[ 1259.990900] FAULT_INJECTION: forcing a failure.
[ 1259.990900] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1259.991294]  _copy_from_user+0x2e/0x1b0
[ 1259.991322]  __copy_msghdr_from_user+0x91/0x4b0
[ 1259.994297]  ? __ia32_sys_shutdown+0x80/0x80
[ 1259.995220]  ? __lock_acquire+0x1657/0x5b00
[ 1259.996120]  ___sys_recvmsg+0xd5/0x200
[ 1259.996919]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1259.997923]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1259.998844]  ? lock_acquire+0x197/0x470
[ 1259.999661]  ? find_held_lock+0x2c/0x110
[ 1260.000496]  ? __might_fault+0xd3/0x180
[ 1260.001300]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.002145]  ? io_schedule_timeout+0x140/0x140
[ 1260.003090]  do_recvmmsg+0x24c/0x6d0
[ 1260.003869]  ? ___sys_recvmsg+0x200/0x200
[ 1260.004721]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.005578]  ? ksys_write+0x12d/0x260
[ 1260.006362]  ? wait_for_completion_io+0x270/0x270
[ 1260.007357]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1260.008303]  ? vfs_write+0x354/0xa70
[ 1260.009060]  __x64_sys_recvmmsg+0x20f/0x260
[ 1260.009938]  ? ksys_write+0x1a9/0x260
[ 1260.010714]  ? __do_sys_socketcall+0x600/0x600
[ 1260.011658]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1260.012714]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1260.013769]  do_syscall_64+0x33/0x40
[ 1260.014541]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1260.015602] RIP: 0033:0x7f13d67b3b19
[ 1260.016357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1260.020105] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1260.021650] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1260.023092] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1260.024545] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1260.025990] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1260.027448] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1260.028921] CPU: 0 PID: 7731 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1260.029686] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1260.030590] Call Trace:
[ 1260.030880]  dump_stack+0x107/0x167
[ 1260.031295]  should_fail.cold+0x5/0xa
[ 1260.031717]  _copy_from_user+0x2e/0x1b0
[ 1260.032159]  __copy_msghdr_from_user+0x91/0x4b0
[ 1260.032672]  ? __ia32_sys_shutdown+0x80/0x80
[ 1260.033152]  ? __lock_acquire+0x1657/0x5b00
[ 1260.033656]  ___sys_recvmsg+0xd5/0x200
[ 1260.034093]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1260.034631]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.035076]  ? lock_acquire+0x197/0x470
[ 1260.035512]  ? find_held_lock+0x2c/0x110
[ 1260.035954]  ? __might_fault+0xd3/0x180
[ 1260.036396]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.036864]  do_recvmmsg+0x24c/0x6d0
[ 1260.037274]  ? ___sys_recvmsg+0x200/0x200
[ 1260.037726]  ? lock_downgrade+0x6d0/0x6d0
[ 1260.038187]  ? ksys_write+0x12d/0x260
[ 1260.038601]  ? wait_for_completion_io+0x270/0x270
[ 1260.039138]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1260.039638]  ? vfs_write+0x354/0xa70
[ 1260.040049]  __x64_sys_recvmmsg+0x20f/0x260
[ 1260.040526]  ? ksys_write+0x1a9/0x260
[ 1260.040942]  ? __do_sys_socketcall+0x600/0x600
[ 1260.041439]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1260.042014]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1260.042584]  do_syscall_64+0x33/0x40
[ 1260.042995]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1260.043569] RIP: 0033:0x7f301b410b19
[ 1260.043976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1260.045919] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1260.046756] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1260.047537] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1260.048320] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1260.049098] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1260.049878] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:29:38 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 55)

18:29:38 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 22)

18:29:38 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 34)

[ 1274.393070] FAULT_INJECTION: forcing a failure.
[ 1274.393070] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1274.394570] CPU: 0 PID: 7745 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1274.395362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1274.396308] Call Trace:
[ 1274.396617]  dump_stack+0x107/0x167
[ 1274.397044]  should_fail.cold+0x5/0xa
[ 1274.397496]  _copy_from_user+0x2e/0x1b0
[ 1274.397956]  __copy_msghdr_from_user+0x91/0x4b0
[ 1274.398504]  ? __ia32_sys_shutdown+0x80/0x80
[ 1274.399015]  ? __lock_acquire+0x1657/0x5b00
[ 1274.399545]  ___sys_recvmsg+0xd5/0x200
[ 1274.399999]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1274.400568]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.401048]  ? lock_acquire+0x197/0x470
[ 1274.401538]  ? find_held_lock+0x2c/0x110
[ 1274.402013]  ? __might_fault+0xd3/0x180
[ 1274.402490]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.402980]  do_recvmmsg+0x24c/0x6d0
[ 1274.403445]  ? ___sys_recvmsg+0x200/0x200
[ 1274.403920]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.404435]  ? ksys_write+0x12d/0x260
[ 1274.404880]  ? wait_for_completion_io+0x270/0x270
[ 1274.405461]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1274.406021]  ? vfs_write+0x354/0xa70
[ 1274.406455]  __x64_sys_recvmmsg+0x20f/0x260
[ 1274.406971]  ? ksys_write+0x1a9/0x260
[ 1274.407413]  ? __do_sys_socketcall+0x600/0x600
[ 1274.407956]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1274.408561]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1274.409183]  do_syscall_64+0x33/0x40
[ 1274.409614]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1274.410224] RIP: 0033:0x7f65a52bbb19
[ 1274.410656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1274.412869] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1274.413758] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1274.414602] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1274.415431] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1274.416251] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1274.417228] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:29:38 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {0x0}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:29:38 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:29:38 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}}], 0x35f, 0x10062, 0x0)

18:29:38 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 44)

18:29:38 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
dup(0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, 0x0, 0x4000)
ftruncate(r0, 0x1000003)
dup2(r0, r1)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000))
fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2, 0x14, 0x0)
r3 = open(&(0x7f00000000c0)='./file0\x00', 0x2e142, 0x0)
r4 = syz_open_dev$vcsa(&(0x7f0000000140), 0x80000001, 0x0)
r5 = syz_io_uring_setup(0x21, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180), &(0x7f0000002a40))
r6 = eventfd(0x0)
io_uring_register$IORING_REGISTER_EVENTFD(r5, 0x4, &(0x7f0000000140)=r6, 0x1)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r6, @out_args}, './file0\x00'})
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES32, @ANYRESDEC=r0, @ANYRESHEX, @ANYRESDEC=r3])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x44a02, 0x0, 0x0, 0x7, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f0000000340))
write$binfmt_script(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="2321202e2f66696c65300df3cc33cc13e26332e383d4d218038f639f510660568b74a0cad2657041fa6f1c46d54a1680ca271b693979f79f45dbc3d3"], 0xb)

[ 1274.431053] FAULT_INJECTION: forcing a failure.
[ 1274.431053] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1274.432817] CPU: 0 PID: 7752 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1274.433642] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1274.434636] Call Trace:
[ 1274.434948]  dump_stack+0x107/0x167
[ 1274.435394]  should_fail.cold+0x5/0xa
[ 1274.435848]  _copy_from_user+0x2e/0x1b0
[ 1274.436326]  __copy_msghdr_from_user+0x91/0x4b0
[ 1274.436896]  ? __ia32_sys_shutdown+0x80/0x80
[ 1274.437402]  ? __lock_acquire+0x1657/0x5b00
[ 1274.437939]  ___sys_recvmsg+0xd5/0x200
[ 1274.438388]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1274.438988]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1274.439632]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1274.440173]  ? trace_hardirqs_on+0x5b/0x180
[ 1274.440711]  ? lock_acquire+0x197/0x470
[ 1274.441167]  ? find_held_lock+0x2c/0x110
[ 1274.441673]  ? __might_fault+0xd3/0x180
[ 1274.442156]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.442664]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1274.443353]  do_recvmmsg+0x24c/0x6d0
[ 1274.443824]  ? ___sys_recvmsg+0x200/0x200
[ 1274.444326]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.444837]  ? ksys_write+0x12d/0x260
[ 1274.445303]  ? wait_for_completion_io+0x270/0x270
[ 1274.445873]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1274.446436]  ? vfs_write+0x354/0xa70
[ 1274.446893]  __x64_sys_recvmmsg+0x20f/0x260
[ 1274.447428]  ? ksys_write+0x1a9/0x260
[ 1274.447885]  ? __do_sys_socketcall+0x600/0x600
[ 1274.448429]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1274.449048]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1274.449662]  do_syscall_64+0x33/0x40
[ 1274.450104]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1274.450714] RIP: 0033:0x7fd50191ab19
[ 1274.451153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1274.453340] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1274.454263] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1274.455106] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1274.455948] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1274.456805] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1274.457639] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1274.462234] FAULT_INJECTION: forcing a failure.
[ 1274.462234] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1274.464768] CPU: 1 PID: 7741 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1274.466136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1274.467804] Call Trace:
[ 1274.468337]  dump_stack+0x107/0x167
[ 1274.469074]  should_fail.cold+0x5/0xa
[ 1274.469847]  _copy_from_user+0x2e/0x1b0
[ 1274.470651]  __copy_msghdr_from_user+0x91/0x4b0
[ 1274.471591]  ? __ia32_sys_shutdown+0x80/0x80
[ 1274.472478]  ? __lock_acquire+0x1657/0x5b00
[ 1274.473358]  ___sys_recvmsg+0xd5/0x200
[ 1274.474138]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1274.475124]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.475986]  ? lock_acquire+0x197/0x470
[ 1274.476794]  ? find_held_lock+0x2c/0x110
[ 1274.477619]  ? __might_fault+0xd3/0x180
[ 1274.478420]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.479277]  do_recvmmsg+0x24c/0x6d0
[ 1274.480040]  ? ___sys_recvmsg+0x200/0x200
[ 1274.480874]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.481712]  ? ksys_write+0x12d/0x260
[ 1274.482491]  ? wait_for_completion_io+0x270/0x270
[ 1274.483473]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1274.484403]  ? vfs_write+0x354/0xa70
[ 1274.485155]  __x64_sys_recvmmsg+0x20f/0x260
[ 1274.486023]  ? ksys_write+0x1a9/0x260
[ 1274.486791]  ? __do_sys_socketcall+0x600/0x600
[ 1274.487737]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1274.487787] FAULT_INJECTION: forcing a failure.
[ 1274.487787] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1274.488783]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1274.488810]  do_syscall_64+0x33/0x40
[ 1274.491908]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1274.492977] RIP: 0033:0x7f301b410b19
[ 1274.493764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1274.497555] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1274.499100] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1274.500555] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1274.502001] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1274.503451] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1274.504906] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1274.506381] CPU: 0 PID: 7755 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1274.507149] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1274.508066] Call Trace:
[ 1274.508365]  dump_stack+0x107/0x167
[ 1274.508783]  should_fail.cold+0x5/0xa
[ 1274.509201]  _copy_from_user+0x2e/0x1b0
[ 1274.509640]  __copy_msghdr_from_user+0x91/0x4b0
[ 1274.510158]  ? __ia32_sys_shutdown+0x80/0x80
18:29:38 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 35)

[ 1274.510649]  ? __lock_acquire+0x1657/0x5b00
[ 1274.511224]  ___sys_recvmsg+0xd5/0x200
[ 1274.511691]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1274.512246]  ? lock_acquire+0x197/0x470
[ 1274.512692]  ? find_held_lock+0x2c/0x110
[ 1274.513145]  ? __might_fault+0xd3/0x180
[ 1274.513598]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.514057]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1274.514661]  do_recvmmsg+0x24c/0x6d0
[ 1274.515082]  ? ___sys_recvmsg+0x200/0x200
[ 1274.515560]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.516024]  ? ksys_write+0x12d/0x260
[ 1274.516452]  ? wait_for_completion_io+0x270/0x270
[ 1274.516996]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1274.517505]  ? vfs_write+0x354/0xa70
[ 1274.517923]  __x64_sys_recvmmsg+0x20f/0x260
[ 1274.518408]  ? ksys_write+0x1a9/0x260
[ 1274.518837]  ? __do_sys_socketcall+0x600/0x600
[ 1274.519365]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1274.519958]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1274.520538]  do_syscall_64+0x33/0x40
[ 1274.520957]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1274.521521] RIP: 0033:0x7f13d67b3b19
[ 1274.521940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1274.523976] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1274.524812] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1274.525589] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1274.526371] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1274.527152] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1274.527947] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1274.560689] FAULT_INJECTION: forcing a failure.
[ 1274.560689] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1274.561967] CPU: 0 PID: 7758 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1274.562692] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1274.563583] Call Trace:
[ 1274.563866]  dump_stack+0x107/0x167
[ 1274.564255]  should_fail.cold+0x5/0xa
[ 1274.564674]  _copy_from_user+0x2e/0x1b0
[ 1274.565105]  __copy_msghdr_from_user+0x91/0x4b0
[ 1274.565611]  ? __ia32_sys_shutdown+0x80/0x80
[ 1274.566089]  ? __lock_acquire+0x1657/0x5b00
[ 1274.566564]  ___sys_recvmsg+0xd5/0x200
[ 1274.566986]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1274.567542]  ? lock_acquire+0x197/0x470
[ 1274.567968]  ? find_held_lock+0x2c/0x110
[ 1274.568404]  ? __might_fault+0xd3/0x180
[ 1274.568829]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.569287]  do_recvmmsg+0x24c/0x6d0
[ 1274.569689]  ? ___sys_recvmsg+0x200/0x200
[ 1274.570144]  ? lock_downgrade+0x6d0/0x6d0
[ 1274.570603]  ? ksys_write+0x12d/0x260
[ 1274.571021]  ? wait_for_completion_io+0x270/0x270
[ 1274.571556]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1274.572054]  ? vfs_write+0x354/0xa70
[ 1274.572454]  __x64_sys_recvmmsg+0x20f/0x260
[ 1274.572919]  ? ksys_write+0x1a9/0x260
[ 1274.573327]  ? __do_sys_socketcall+0x600/0x600
[ 1274.573821]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1274.574378]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1274.574932]  do_syscall_64+0x33/0x40
[ 1274.575339]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1274.575890] RIP: 0033:0x7f65a52bbb19
[ 1274.576291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1274.578241] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1274.579053] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1274.579836] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1274.580593] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1274.581354] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1274.582109] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:29:51 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 45)

18:29:51 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 56)

18:29:51 executing program 4:
syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff86dd60abd9e3000c1100fe8000000000000000000000000000bbfe80000000000000ab"], 0x0)
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x400040, 0x0)
write$tun(r0, &(0x7f0000000140)={@void, @void, @mpls={[{0x5}, {0x8001}], @llc={@llc={0xdc, 0x42, "26d2", "53500bbb638768443d0c750811033d62cb680bb9f53f2edfc66db46d44a40f8f255667251e36b6ec603cf6cb79ed0881d9065cbbe91d08d0f2ec3c07db48dddc5a9d1cb46f18da52bf3b24fde82751fb278f6f1ac36a08238ad91dcdc13828782aa82d1dd80c22bb99abc582240c8537f6c682500534e0645023732aba1e1c41f4c7ba0773d01c8bdf9cb2"}}}}, 0x97)
r1 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$tun(r1, &(0x7f0000000000)={@val={0x0, 0x8808}, @val={0x3, 0x3, 0x2, 0x9, 0x59, 0x9}, @ipv4=@icmp={{0x1d, 0x4, 0x1, 0x0, 0x7c, 0x66, 0x0, 0x3f, 0x1, 0x0, @loopback, @broadcast, {[@ssrr={0x89, 0x1f, 0x26, [@multicast2, @rand_addr=0x640100fd, @broadcast, @loopback, @multicast1, @multicast2, @dev={0xac, 0x14, 0x14, 0xd}]}, @lsrr={0x83, 0x1b, 0xd2, [@remote, @local, @dev={0xac, 0x14, 0x14, 0x12}, @multicast1, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @cipso={0x86, 0x11, 0x3, [{0x2, 0x7, "72ea3b555f"}, {0x5, 0x4, "d338"}]}, @noop, @cipso={0x86, 0x12, 0xffffffffffffffff, [{0x6, 0xc, "542797e127bdfd90b235"}]}, @end]}}, @info_request={0xf, 0x0, 0x0, 0x8, 0x7fff}}}, 0x8a)

18:29:51 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 23)

18:29:51 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:29:51 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000003c0)=""/65, 0x41}, {0x0}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:29:51 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 36)

18:29:51 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}}], 0x35f, 0x10062, 0x0)

[ 1286.845947] FAULT_INJECTION: forcing a failure.
[ 1286.845947] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1286.848012] CPU: 0 PID: 7774 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1286.848836] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1286.849857] Call Trace:
[ 1286.850177]  dump_stack+0x107/0x167
[ 1286.850601]  should_fail.cold+0x5/0xa
[ 1286.851053]  _copy_from_user+0x2e/0x1b0
[ 1286.851528]  __copy_msghdr_from_user+0x91/0x4b0
[ 1286.852065]  ? __ia32_sys_shutdown+0x80/0x80
[ 1286.852584]  ? __lock_acquire+0x1657/0x5b00
[ 1286.853095]  ___sys_recvmsg+0xd5/0x200
[ 1286.853549]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1286.854123]  ? lock_acquire+0x197/0x470
[ 1286.854612]  ? find_held_lock+0x2c/0x110
[ 1286.855113]  ? __might_fault+0xd3/0x180
[ 1286.855599]  ? lock_downgrade+0x6d0/0x6d0
[ 1286.856117]  do_recvmmsg+0x24c/0x6d0
[ 1286.856577]  ? ___sys_recvmsg+0x200/0x200
[ 1286.857093]  ? recalibrate_cpu_khz+0x10/0x10
[ 1286.857632]  ? lapic_next_deadline+0x1/0x50
[ 1286.858158]  ? tick_program_event+0xa8/0x140
[ 1286.858709]  __x64_sys_recvmmsg+0x20f/0x260
[ 1286.859248]  ? __do_sys_socketcall+0x600/0x600
[ 1286.859828]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1286.860463]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1286.861101]  do_syscall_64+0x33/0x40
[ 1286.861559]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1286.862183] RIP: 0033:0x7f13d67b3b19
[ 1286.862640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1286.864878] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1286.865809] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1286.866671] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1286.867551] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1286.868417] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1286.869271] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1286.891906] FAULT_INJECTION: forcing a failure.
[ 1286.891906] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1286.893375] CPU: 0 PID: 7779 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1286.894211] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1286.895215] Call Trace:
[ 1286.895537]  dump_stack+0x107/0x167
[ 1286.895982]  should_fail.cold+0x5/0xa
[ 1286.896449]  _copy_from_user+0x2e/0x1b0
[ 1286.896941]  __copy_msghdr_from_user+0x91/0x4b0
[ 1286.897507]  ? __ia32_sys_shutdown+0x80/0x80
[ 1286.898043]  ? __lock_acquire+0x1657/0x5b00
[ 1286.898576]  ___sys_recvmsg+0xd5/0x200
[ 1286.899061]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1286.899671]  ? lock_acquire+0x197/0x470
[ 1286.900147]  ? find_held_lock+0x2c/0x110
[ 1286.900644]  ? __might_fault+0xd3/0x180
[ 1286.901125]  ? lock_downgrade+0x6d0/0x6d0
[ 1286.901645]  do_recvmmsg+0x24c/0x6d0
[ 1286.902106]  ? ___sys_recvmsg+0x200/0x200
[ 1286.902606]  ? lock_downgrade+0x6d0/0x6d0
[ 1286.903118]  ? ksys_write+0x12d/0x260
[ 1286.903605]  ? wait_for_completion_io+0x270/0x270
[ 1286.903794] FAULT_INJECTION: forcing a failure.
[ 1286.903794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1286.904187]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1286.904208]  ? vfs_write+0x354/0xa70
[ 1286.907579]  __x64_sys_recvmmsg+0x20f/0x260
[ 1286.908100]  ? ksys_write+0x1a9/0x260
[ 1286.908563]  ? __do_sys_socketcall+0x600/0x600
[ 1286.909113]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1286.909744]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1286.910368]  do_syscall_64+0x33/0x40
[ 1286.910822]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1286.911441] RIP: 0033:0x7f301b410b19
[ 1286.911905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1286.914114] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1286.915035] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1286.915909] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1286.916781] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1286.917638] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1286.918501] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1286.919487] CPU: 1 PID: 7771 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1286.920895] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1286.922600] Call Trace:
[ 1286.923153]  dump_stack+0x107/0x167
[ 1286.923925]  should_fail.cold+0x5/0xa
[ 1286.924723]  _copy_from_user+0x2e/0x1b0
[ 1286.925551]  __copy_msghdr_from_user+0x91/0x4b0
[ 1286.926507]  ? __ia32_sys_shutdown+0x80/0x80
[ 1286.927418]  ? __lock_acquire+0x1657/0x5b00
[ 1286.928325]  ___sys_recvmsg+0xd5/0x200
[ 1286.929120]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1286.930135]  ? lock_acquire+0x197/0x470
[ 1286.930947]  ? find_held_lock+0x2c/0x110
[ 1286.931789]  ? __might_fault+0xd3/0x180
[ 1286.932600]  ? lock_downgrade+0x6d0/0x6d0
[ 1286.933451]  ? io_schedule_timeout+0x140/0x140
[ 1286.934396]  do_recvmmsg+0x24c/0x6d0
[ 1286.935164]  ? ___sys_recvmsg+0x200/0x200
[ 1286.936030]  ? lock_downgrade+0x6d0/0x6d0
[ 1286.936883]  ? ksys_write+0x12d/0x260
[ 1286.937674]  ? wait_for_completion_io+0x270/0x270
[ 1286.938662]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1286.939615]  ? vfs_write+0x354/0xa70
[ 1286.940377]  __x64_sys_recvmmsg+0x20f/0x260
[ 1286.941254]  ? ksys_write+0x1a9/0x260
[ 1286.942032]  ? __do_sys_socketcall+0x600/0x600
[ 1286.942965]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1286.944052]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1286.945109]  do_syscall_64+0x33/0x40
[ 1286.945877]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1286.946926] RIP: 0033:0x7f65a52bbb19
[ 1286.947696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1286.951468] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1286.953017] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1286.954468] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1286.955940] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1286.957390] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1286.958838] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:29:51 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x8)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1286.968590] FAULT_INJECTION: forcing a failure.
[ 1286.968590] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1286.971183] CPU: 1 PID: 7786 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1286.972586] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1286.974274] Call Trace:
[ 1286.974806]  dump_stack+0x107/0x167
[ 1286.975563]  should_fail.cold+0x5/0xa
[ 1286.976344]  _copy_from_user+0x2e/0x1b0
[ 1286.977159]  __copy_msghdr_from_user+0x91/0x4b0
[ 1286.978107]  ? __ia32_sys_shutdown+0x80/0x80
[ 1286.979002]  ? __lock_acquire+0x1657/0x5b00
[ 1286.979900]  ___sys_recvmsg+0xd5/0x200
[ 1286.980697]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1286.981694]  ? lock_downgrade+0x6d0/0x6d0
[ 1286.982549]  ? lock_acquire+0x197/0x470
[ 1286.983361]  ? find_held_lock+0x2c/0x110
[ 1286.984205]  ? __might_fault+0xd3/0x180
[ 1286.985020]  ? lock_downgrade+0x6d0/0x6d0
[ 1286.985885]  do_recvmmsg+0x24c/0x6d0
18:29:51 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 57)

[ 1286.986650]  ? ___sys_recvmsg+0x200/0x200
[ 1286.987627]  ? lock_downgrade+0x6d0/0x6d0
[ 1286.988504]  ? ksys_write+0x12d/0x260
[ 1286.989281]  ? wait_for_completion_io+0x270/0x270
[ 1286.990264]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1286.991193]  ? vfs_write+0x354/0xa70
[ 1286.991980]  __x64_sys_recvmmsg+0x20f/0x260
[ 1286.992847]  ? ksys_write+0x1a9/0x260
[ 1286.993625]  ? __do_sys_socketcall+0x600/0x600
[ 1286.994549]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1286.995621]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1286.996665]  do_syscall_64+0x33/0x40
[ 1286.997435]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1286.998468] RIP: 0033:0x7fd50191ab19
18:29:51 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000180)={0x4, [0x0, 0x0, 0x0, 0x0]})
creat(&(0x7f0000000100)='./file0\x00', 0x60)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000011c0)=ANY=[])
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
r1 = creat(0x0, 0xa2)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
setresuid(0xffffffffffffffff, r2, 0x0)
r3 = syz_mount_image$tmpfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0xff, 0x8, &(0x7f0000000800)=[{&(0x7f0000000240)="be5687501368a93218152f899c3c1cc0f3b2b47ee6f647587d0ee1cfa125f8b24dd9187e5c6627af541cde54b82a44cd5e462725bc85ca77abe10f746b8878f2948d33f258", 0x45, 0x81}, {&(0x7f00000002c0)="0aa821e31e7f399a0cd6214e60b3b231f3e581d92baef811ee9c29068075c7bcbc47895d61", 0x25, 0x9}, {&(0x7f0000000300)="4eaa3a4c46a5ef1116bd73b1ab22ab6cd5cd18172677fba28fc3f56ced850a57a8971218127da415ad7046987f922ad46920b56e39870be9fda579ca3cce4c93ed20d530429517e538e3845fd480d763f7c2686b979439e403bf9c6aa7736c582ae0bfaae52c7470710f70617de8787383ebd76dea14934d02babd7cdf5bf43a869d1422bec1e50631e2004bc6dbac2e8c60850fdea662c6f19393763b366197b3bf3882bc160c6bb269", 0xaa, 0xafc9}, {&(0x7f00000003c0)="1e50", 0x2}, {&(0x7f0000000400)="920fcc742bfd0d145e5e9b4ebc9ead87753b94444f45bf24ed34aa1f2df4ec8e4f8e3009ea1374292cb5b70e93368b718e5d02c1561cf56c1a2e6e8775485c12433c127dba018885d3652959d305a958c10d4894f2305978e3d5e49e6db2e0c9a7e0ddce40445c4c4afd2de2140027500c729be5a487212481e17878d9515274d159b3308d69dc7e2b1b7823fce1f05a04027f4d5ccbfbbb83206711e9e11bbe9ee034ea", 0xa4, 0x3f}, {&(0x7f00000004c0)="b81e168b46abea1be3a7ce54c56c989ee07c405281970dc5f43aac4dbbc52d63eb99b86717f51f49daa4e3ce6b3d27a9839ccc0f8d92dc84f93a98c57f07e65a4e7dae077d22935beab9c3ba7e1471b1e6815899be6b4d3b07f2865b", 0x5c, 0x1}, {&(0x7f0000000740)="e99ac9", 0x3, 0x7fffffff}, {&(0x7f0000000780)="7199983cdd834d2c3dee2de951fb01b0146ad8f4abcd719787f96ff5ff00c7ad094d914be47b3f6b30972d3d64aa71840c1a334f5339f941d39a71466c9ed5b466fad6e5ae9ef59672ca68693b2703e08b3532d78a3ff1bb174edfcbebfb0cf12b38ec3dc651c037d139cb0012a152515a", 0x71, 0x100000000}], 0x6008f, &(0x7f0000000600)={[{@mode={'mode', 0x3d, 0x8}}, {@mode={'mode', 0x3d, 0x5}}, {@nr_inodes}], [{@smackfsdef}, {@fowner_lt={'fowner<', r2}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@smackfsfloor}]})
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x0, @desc2})
r4 = open_tree(r3, &(0x7f00000006c0)='./file0\x00', 0x8100)
faccessat(r4, &(0x7f0000000700)='./file1\x00', 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x92024, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x93f, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x7, 0x80, 0x0, 0x0, 0x0, 0x85, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[ 1286.999231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1287.003048] RSP: 002b:00007fd4fee6f188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1287.004613] RAX: ffffffffffffffda RBX: 00007fd501a2e020 RCX: 00007fd50191ab19
[ 1287.006066] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1287.007545] RBP: 00007fd4fee6f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1287.009000] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1287.010454] R13: 00007ffcb71c4b0f R14: 00007fd4fee6f300 R15: 0000000000022000
18:29:51 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 24)

[ 1287.041572] FAULT_INJECTION: forcing a failure.
[ 1287.041572] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1287.042969] CPU: 0 PID: 7792 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1287.043746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1287.044649] Call Trace:
[ 1287.044950]  dump_stack+0x107/0x167
[ 1287.045352]  should_fail.cold+0x5/0xa
[ 1287.045781]  _copy_from_user+0x2e/0x1b0
[ 1287.046221]  __copy_msghdr_from_user+0x91/0x4b0
[ 1287.046730]  ? __ia32_sys_shutdown+0x80/0x80
[ 1287.047216]  ? __lock_acquire+0x1657/0x5b00
[ 1287.047719]  ___sys_recvmsg+0xd5/0x200
[ 1287.048142]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1287.048670]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1287.049287]  ? lock_acquire+0x197/0x470
[ 1287.049713]  ? find_held_lock+0x2c/0x110
[ 1287.050158]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1287.050742]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1287.051341]  ? trace_hardirqs_on+0x5b/0x180
[ 1287.051844]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1287.052460]  do_recvmmsg+0x24c/0x6d0
[ 1287.052882]  ? ___sys_recvmsg+0x200/0x200
[ 1287.053343]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.053814]  ? ksys_write+0x12d/0x260
[ 1287.054247]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1287.054825]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1287.055424]  __x64_sys_recvmmsg+0x20f/0x260
[ 1287.055925]  ? __do_sys_socketcall+0x600/0x600
[ 1287.056443]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1287.057028]  do_syscall_64+0x33/0x40
[ 1287.057445]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1287.058027] RIP: 0033:0x7f13d67b3b19
[ 1287.058452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1287.060548] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1287.061419] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1287.062198] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1287.062987] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1287.063783] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1287.064577] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:29:51 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1287.095255] FAULT_INJECTION: forcing a failure.
[ 1287.095255] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1287.096675] CPU: 0 PID: 7798 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1287.097435] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1287.098352] Call Trace:
[ 1287.098648]  dump_stack+0x107/0x167
[ 1287.099064]  should_fail.cold+0x5/0xa
[ 1287.099501]  _copy_from_user+0x2e/0x1b0
[ 1287.099962]  __copy_msghdr_from_user+0x91/0x4b0
[ 1287.100496]  ? __ia32_sys_shutdown+0x80/0x80
[ 1287.100991]  ? __lock_acquire+0x1657/0x5b00
[ 1287.101486]  ___sys_recvmsg+0xd5/0x200
[ 1287.101924]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1287.102486]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.102959]  ? lock_acquire+0x197/0x470
[ 1287.103400]  ? find_held_lock+0x2c/0x110
[ 1287.103878]  ? __might_fault+0xd3/0x180
[ 1287.104339]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.104821]  do_recvmmsg+0x24c/0x6d0
[ 1287.105251]  ? ___sys_recvmsg+0x200/0x200
[ 1287.105729]  ? recalibrate_cpu_khz+0x10/0x10
[ 1287.106236]  ? lapic_next_deadline+0x1/0x50
[ 1287.106727]  ? tick_program_event+0xa8/0x140
[ 1287.107231]  __x64_sys_recvmmsg+0x20f/0x260
[ 1287.107740]  ? __do_sys_socketcall+0x600/0x600
[ 1287.108264]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1287.108852]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1287.109435]  do_syscall_64+0x33/0x40
[ 1287.109862]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1287.110436] RIP: 0033:0x7f301b410b19
[ 1287.110854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1287.112918] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1287.113768] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1287.114562] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1287.115353] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1287.116167] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1287.116967] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:29:51 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x8)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:29:51 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
write$binfmt_elf64(r1, &(0x7f00000008c0)=ANY=[], 0x629)
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r2, 0x408)
sendmsg$nl_generic(r2, &(0x7f0000000500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x18}, 0xc, &(0x7f00000004c0)={&(0x7f0000000100)={0x3a4, 0x16, 0x100, 0x70bd2d, 0x25dfdbfb, {0x11}, [@nested={0x390, 0x7b, 0x0, 0x1, [@typed={0xc, 0x49, 0x0, 0x0, @u64=0xfffffffffffffffe}, @generic="33e5f498e7c631045dbf54f35455836ed4229af90eec44f9515a7f38ea13f1ed3c09046367c2583484c6d8b43d15bd568f66a7fdf18a5171151fa476d880bc8085dab1ce0ec6a6421065d15f6fdfe6f520478f76dd8236b4cf21ab9d178656bb97068898bb0785cc65afd91100e19222b0588e9190d39b325b638213c4c09c2e0b992bccc2440659d6faa957403d77110b66b6f079b561c75bd3588796adc2ecd098b0e017f6ea2f3ad633320b3d0549721c011c90c3b55bdee9dea653540ee272f165c148fa4a26f81387bfd1b6f0fa0106c8fde6ad2854240b2763a3bb3e75ab7142a67331fddd87b0", @typed={0x8, 0x66, 0x0, 0x0, @uid=0xee00}, @generic="e219c7bd820072332f2cc80159f4e9721a6378d2784371b29c95f61580fd41110becd3f65df5e143bbe9d094428fefb4ba99dde9e85a026ba35992206af93e731d17148c1c27c60aa7dde4c829af289c9cb8e13fc8ccf34f468a5362bcb4c5303d721341b28329d9606df25f0c950862ba12649c8665f872a96452160c33fc37ceb7b565a025d2dcf45f11039c0fdd0ebeb2334a4875f309ca7f7ae561abb1152f038ee860672ece1944d5b79c8020f78c55dd6f95355731c83d1be1c4645f4c0ad843941936033d3de7ebe32ce524bcea0658564b54394daa4ad9d828015eb73bec348cb319b62df05ddd50c454e1030645", @generic="d3222b485901a6125025c8645f806c584d85489f29c7a4f70b2b880ac576345fca041461ab459411bf1764e821d32d5db0a093b47c1ceaae656ccd036cad082fd5d0cbe244c28d45239e5f2c147efa00f34f5fb98b16391bdddab9beb02e6d2d38b7d4412773a0ed7433f2b287ebc73360b3ba804ae713b6af091ab3ab4635dbab91", @typed={0x58, 0x27, 0x0, 0x0, @binary="a74f6ea1e9cdbbcadde819eec07112f524461b0d9d175d2e657530a713e75ecb3e370efc1784b9af0d90e0b6c11a90fb2423d578d744b104ce14f7633997a64e48ede4f82df05eb795a2cbbad66441de2c899c23"}, @generic="4e653fa9e5591812f28218167e530420d38180429b2e4df79a42a3936b8eb8b9b0a94cea8ec5f215c6e963eb18157894d7da455b62cdadd29c6e74de48fdfb07b183", @generic="96ec3867992112ff5f88a4581bd190ce55e323d9f55a974ebb09a027111209270c79181f4ad64801c8c0cc73d4157f8bf7bc8a53fdad652df6705cbf29e7d0bcd3856eb16d9f6be7010929cc94d6e64d552b59630aa512504f765f6710f7c1150787a1a42abdef4cffeeee01dccdf93ab6329038c8a35570155dfe52122c348e"]}]}, 0x3a4}}, 0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
pwrite64(r3, &(0x7f00000000c0)="04", 0x1, 0x3ff03)
sendfile(r1, r0, 0x0, 0xffffffff000)

18:29:51 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}}], 0x35f, 0x10062, 0x0)

18:29:51 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 46)

18:29:51 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:29:51 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 58)

18:29:51 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 25)

[ 1287.244905] FAULT_INJECTION: forcing a failure.
[ 1287.244905] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1287.246329] CPU: 0 PID: 7813 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1287.247070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1287.247969] Call Trace:
[ 1287.248259]  dump_stack+0x107/0x167
[ 1287.248664]  should_fail.cold+0x5/0xa
[ 1287.249074]  _copy_from_user+0x2e/0x1b0
[ 1287.249508]  __copy_msghdr_from_user+0x91/0x4b0
[ 1287.250009]  ? __ia32_sys_shutdown+0x80/0x80
[ 1287.250486]  ? __lock_acquire+0x1657/0x5b00
[ 1287.250969]  ___sys_recvmsg+0xd5/0x200
[ 1287.251519]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1287.252146]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.252599]  ? lock_acquire+0x197/0x470
[ 1287.253033]  ? find_held_lock+0x2c/0x110
[ 1287.253482]  ? __might_fault+0xd3/0x180
[ 1287.253924]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.254400]  do_recvmmsg+0x24c/0x6d0
[ 1287.254814]  ? ___sys_recvmsg+0x200/0x200
[ 1287.255268]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.255737]  ? ksys_write+0x12d/0x260
[ 1287.256170]  ? wait_for_completion_io+0x270/0x270
[ 1287.256701]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1287.257219]  ? vfs_write+0x354/0xa70
[ 1287.257633]  __x64_sys_recvmmsg+0x20f/0x260
[ 1287.258103]  ? ksys_write+0x1a9/0x260
[ 1287.258522]  ? __do_sys_socketcall+0x600/0x600
[ 1287.259022]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1287.259606]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1287.260174]  do_syscall_64+0x33/0x40
[ 1287.260584]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1287.261150] RIP: 0033:0x7f13d67b3b19
[ 1287.261563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1287.263595] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1287.264423] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1287.265214] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1287.265995] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1287.266783] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1287.267563] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
[ 1287.312969] FAULT_INJECTION: forcing a failure.
[ 1287.312969] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1287.313273] FAULT_INJECTION: forcing a failure.
[ 1287.313273] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1287.315554] CPU: 1 PID: 7819 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1287.318154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1287.319883] Call Trace:
[ 1287.320429]  dump_stack+0x107/0x167
[ 1287.321183]  should_fail.cold+0x5/0xa
[ 1287.321975]  _copy_from_user+0x2e/0x1b0
[ 1287.322801]  __copy_msghdr_from_user+0x91/0x4b0
[ 1287.323769]  ? __ia32_sys_shutdown+0x80/0x80
[ 1287.324676]  ? __lock_acquire+0x1657/0x5b00
[ 1287.325578]  ___sys_recvmsg+0xd5/0x200
[ 1287.326377]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1287.327382]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.328264]  ? lock_acquire+0x197/0x470
[ 1287.329086]  ? find_held_lock+0x2c/0x110
[ 1287.329928]  ? __might_fault+0xd3/0x180
[ 1287.330753]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.331631]  do_recvmmsg+0x24c/0x6d0
[ 1287.332398]  ? ___sys_recvmsg+0x200/0x200
[ 1287.333247]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.334110]  ? ksys_write+0x12d/0x260
[ 1287.334914]  ? wait_for_completion_io+0x270/0x270
[ 1287.335916]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1287.336871]  ? vfs_write+0x354/0xa70
[ 1287.337646]  __x64_sys_recvmmsg+0x20f/0x260
[ 1287.338528]  ? ksys_write+0x1a9/0x260
[ 1287.339316]  ? __do_sys_socketcall+0x600/0x600
[ 1287.340279]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1287.341360]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1287.342422]  do_syscall_64+0x33/0x40
[ 1287.343193]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1287.344254] RIP: 0033:0x7fd50191ab19
[ 1287.345030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1287.348826] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1287.350389] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1287.351860] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1287.353316] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1287.354784] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1287.356251] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1287.357767] CPU: 0 PID: 7820 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1287.358531] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1287.359438] Call Trace:
[ 1287.359753]  dump_stack+0x107/0x167
[ 1287.360162]  should_fail.cold+0x5/0xa
[ 1287.360595]  _copy_from_user+0x2e/0x1b0
[ 1287.361036]  __copy_msghdr_from_user+0x91/0x4b0
[ 1287.361543]  ? __ia32_sys_shutdown+0x80/0x80
[ 1287.362029]  ? __lock_acquire+0x1657/0x5b00
[ 1287.362512]  ___sys_recvmsg+0xd5/0x200
[ 1287.362929]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1287.363470]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1287.364041]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1287.364542]  ? trace_hardirqs_on+0x5b/0x180
[ 1287.365018]  ? lock_acquire+0x197/0x470
[ 1287.365463]  ? find_held_lock+0x2c/0x110
[ 1287.365921]  ? __might_fault+0xd3/0x180
[ 1287.366366]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.366828]  do_recvmmsg+0x24c/0x6d0
[ 1287.367244]  ? ___sys_recvmsg+0x200/0x200
[ 1287.367708]  ? lock_downgrade+0x6d0/0x6d0
[ 1287.368155]  ? ksys_write+0x12d/0x260
[ 1287.368592]  ? wait_for_completion_io+0x270/0x270
[ 1287.369111]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1287.369631]  ? vfs_write+0x354/0xa70
[ 1287.370031]  __x64_sys_recvmmsg+0x20f/0x260
[ 1287.370518]  ? ksys_write+0x1a9/0x260
[ 1287.370922]  ? __do_sys_socketcall+0x600/0x600
[ 1287.371444]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1287.372012]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1287.372592]  do_syscall_64+0x33/0x40
[ 1287.372985]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1287.373565] RIP: 0033:0x7f301b410b19
[ 1287.373963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1287.376029] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1287.376840] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1287.377642] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1287.378427] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1287.379224] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1287.380043] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
18:30:05 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 47)

18:30:05 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x8)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:30:05 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 26)

18:30:05 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 37)

18:30:05 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:30:05 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000}}], 0x35f, 0x10062, 0x0)

18:30:05 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r1, 0x408)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
sendfile(r1, r2, &(0x7f0000000100), 0x1)
ftruncate(r0, 0x4)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r3, 0x408)
mq_notify(r3, &(0x7f0000000280)={0x0, 0x3, 0x4, @thr={&(0x7f0000000140)="cc1926b007448b2a0ab71b50dd6ef922f36d2800bd09dacb35050874f0abf06e5411cf28ff7a6edab024e30e7333346f77eda8ac7f8c963b563454919988c12b01e86a9e60aacb7bf3bd84a46347b816a1773b39bbc4057a65f928e9d882b7b5131dd39d30c3af015ceec845dab0f8d35315a383ca2287b192f4881c890d51859052", &(0x7f0000000200)="bae867c8bec7825cd06a28552a0cc82520ea7721fdf117db88c196a42bd89825448ad2b5bb392e826f8e0589a789ceba6b8cd8dd32a29d609d619424436c8770cbcf43cdcdadad347af6a32dc18ee47bfd213850e333811339af810e7f8e861c1c56"}})
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000004900)={0x8})
splice(r0, &(0x7f0000000000)=0x5, r0, &(0x7f0000000080), 0x8, 0x2)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
syz_io_uring_complete(r4)

18:30:05 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 59)

[ 1301.084184] FAULT_INJECTION: forcing a failure.
[ 1301.084184] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1301.087934] CPU: 0 PID: 7828 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1301.089544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1301.091483] Call Trace:
[ 1301.092128]  dump_stack+0x107/0x167
[ 1301.092992]  should_fail.cold+0x5/0xa
[ 1301.093901]  __alloc_pages_nodemask+0x182/0x600
[ 1301.094996]  ? lock_chain_count+0x20/0x20
[ 1301.095987]  ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130
[ 1301.097421]  alloc_pages_vma+0xbb/0x410
[ 1301.098363]  wp_page_copy+0xee7/0x1f00
[ 1301.099287]  ? print_bad_pte+0x5a0/0x5a0
[ 1301.100248]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.101216]  ? vm_normal_page+0x162/0x2e0
[ 1301.102218]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1301.103477]  do_wp_page+0x27b/0x1390
[ 1301.104383]  handle_mm_fault+0x1cc7/0x3500
[ 1301.105392]  ? ip6_datagram_recv_common_ctl+0x3f0/0x3f0
[ 1301.106645]  ? ip6_datagram_recv_common_ctl+0x2c2/0x3f0
[ 1301.107062] FAULT_INJECTION: forcing a failure.
[ 1301.107062] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1301.107914]  ? __skb_datagram_iter+0x1aa/0x880
[ 1301.107937]  ? __pmd_alloc+0x5e0/0x5e0
[ 1301.107970]  ? vmacache_find+0x55/0x2a0
[ 1301.108006]  do_user_addr_fault+0x56e/0xc60
[ 1301.108039]  exc_page_fault+0xa2/0x1a0
[ 1301.108064]  asm_exc_page_fault+0x1e/0x30
[ 1301.108088] RIP: 0010:__put_user_nocheck_4+0x3/0x11
[ 1301.108111] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca e9 f1 2c 1e 02 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca e9 d2 2c 1e 02 66 90 48 bb f9 ef ff ff ff 7f
[ 1301.108123] RSP: 0018:ffff888048caf9c8 EFLAGS: 00050206
[ 1301.108144] RAX: 0000000000000028 RBX: ffffffff830fc720 RCX: 0000000020002030
[ 1301.108159] RDX: 1ffff11009195fc3 RSI: ffffffff830f236a RDI: 0000000000000005
[ 1301.108172] RBP: ffff888048cafdc8 R08: 0000000000000001 R09: ffff8880479b3e9f
[ 1301.108185] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000020002030
[ 1301.108198] R13: 0000000020002000 R14: 0000000000000062 R15: 0000000000000004
[ 1301.108226]  ? sock_common_getsockopt+0xb0/0xb0
[ 1301.108253]  ? ____sys_recvmsg+0x2aa/0x590
[ 1301.108281]  ____sys_recvmsg+0x2dd/0x590
[ 1301.108312]  ? kernel_recvmsg+0x80/0x80
[ 1301.108338]  ? __import_iovec+0x458/0x590
[ 1301.108374]  ? import_iovec+0x83/0xb0
[ 1301.108404]  ___sys_recvmsg+0x127/0x200
[ 1301.108428]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1301.108454]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1301.108485]  ? lock_acquire+0x197/0x470
[ 1301.108505]  ? find_held_lock+0x2c/0x110
[ 1301.108534]  ? __might_fault+0xd3/0x180
[ 1301.108556]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.108580]  ? io_schedule_timeout+0x140/0x140
[ 1301.108622]  do_recvmmsg+0x24c/0x6d0
[ 1301.108652]  ? ___sys_recvmsg+0x200/0x200
[ 1301.108674]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.108716]  ? ksys_write+0x12d/0x260
[ 1301.148818]  ? wait_for_completion_io+0x270/0x270
[ 1301.149949]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1301.151033]  ? vfs_write+0x354/0xa70
[ 1301.151921]  __x64_sys_recvmmsg+0x20f/0x260
[ 1301.152929]  ? ksys_write+0x1a9/0x260
[ 1301.153819]  ? __do_sys_socketcall+0x600/0x600
[ 1301.154892]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1301.156135]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1301.157343]  do_syscall_64+0x33/0x40
[ 1301.158216]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1301.159409] RIP: 0033:0x7f301b410b19
[ 1301.160284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1301.164782] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1301.166655] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1301.168420] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1301.170175] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1301.171951] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1301.173683] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1301.175720] CPU: 1 PID: 7841 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1301.177098] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1301.178722] Call Trace:
[ 1301.179048] FAULT_INJECTION: forcing a failure.
[ 1301.179048] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1301.179248]  dump_stack+0x107/0x167
[ 1301.182311]  should_fail.cold+0x5/0xa
[ 1301.183071]  _copy_from_user+0x2e/0x1b0
[ 1301.183889]  __copy_msghdr_from_user+0x91/0x4b0
[ 1301.184826]  ? __ia32_sys_shutdown+0x80/0x80
[ 1301.185700]  ? __lock_acquire+0x1657/0x5b00
[ 1301.186571]  ___sys_recvmsg+0xd5/0x200
[ 1301.187346]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1301.188331]  ? lock_acquire+0x197/0x470
[ 1301.189120]  ? find_held_lock+0x2c/0x110
[ 1301.189932]  ? __might_fault+0xd3/0x180
[ 1301.190717]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.191551]  do_recvmmsg+0x24c/0x6d0
[ 1301.192311]  ? ___sys_recvmsg+0x200/0x200
[ 1301.193133]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.193964]  ? ksys_write+0x12d/0x260
[ 1301.194735]  ? wait_for_completion_io+0x270/0x270
[ 1301.195698]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1301.196616]  ? vfs_write+0x354/0xa70
[ 1301.197357]  __x64_sys_recvmmsg+0x20f/0x260
[ 1301.198196]  ? ksys_write+0x1a9/0x260
[ 1301.198964]  ? __do_sys_socketcall+0x600/0x600
[ 1301.199879]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1301.200922]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1301.201933]  do_syscall_64+0x33/0x40
[ 1301.202665]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1301.203688] RIP: 0033:0x7fd50191ab19
[ 1301.204413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1301.208091] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1301.209597] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1301.211007] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1301.212422] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1301.213827] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1301.215234] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1301.216701] CPU: 0 PID: 7839 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1301.218381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1301.220470] Call Trace:
[ 1301.221144]  dump_stack+0x107/0x167
[ 1301.222066]  should_fail.cold+0x5/0xa
[ 1301.223001]  _copy_from_user+0x2e/0x1b0
[ 1301.223982]  __copy_msghdr_from_user+0x91/0x4b0
[ 1301.225008]  ? __ia32_sys_shutdown+0x80/0x80
[ 1301.225939]  ? __lock_acquire+0x1657/0x5b00
[ 1301.226853]  ___sys_recvmsg+0xd5/0x200
[ 1301.227670]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1301.228673]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1301.229614]  ? lock_acquire+0x197/0x470
[ 1301.230423]  ? find_held_lock+0x2c/0x110
[ 1301.231280]  ? __might_fault+0xd3/0x180
[ 1301.232103]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.232977]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1301.234095]  do_recvmmsg+0x24c/0x6d0
[ 1301.234871]  ? ___sys_recvmsg+0x200/0x200
[ 1301.235735]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.236590]  ? ksys_write+0x12d/0x260
[ 1301.237391]  ? wait_for_completion_io+0x270/0x270
[ 1301.238395]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1301.239337]  ? vfs_write+0x354/0xa70
[ 1301.240144]  __x64_sys_recvmmsg+0x20f/0x260
[ 1301.241040]  ? ksys_write+0x1a9/0x260
[ 1301.241832]  ? __do_sys_socketcall+0x600/0x600
[ 1301.242786]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1301.243892]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1301.244945]  do_syscall_64+0x33/0x40
[ 1301.245702]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1301.246751] RIP: 0033:0x7f65a52bbb19
[ 1301.247527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1301.251297] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1301.252880] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1301.254331] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1301.255787] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1301.257235] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1301.258659] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
18:30:05 executing program 4:
setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000040)={@private0}, 0x14)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x28}}, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
fstat(r0, &(0x7f0000000200))
ioctl$sock_SIOCGIFINDEX(r0, 0x8914, &(0x7f0000000140)={'lo\x00'})
ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f00000000c0)={0x100000000, {0x3, 0x6, 0x9, 0x3ff, 0x2}})
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00'})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
request_key(0x0, 0x0, 0x0, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
write$rfkill(r3, &(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1}, 0x8)
accept$inet6(r2, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000340), 0x9, 0x40)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000380)={{{@in=@loopback, @in=@multicast1}}, {{@in=@local}, 0x0, @in=@broadcast}}, &(0x7f0000000100)=0xe8)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8914, &(0x7f0000000140)={'lo\x00'})
ftruncate(0xffffffffffffffff, 0x0)

18:30:05 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea1", 0x2, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

[ 1301.307228] FAULT_INJECTION: forcing a failure.
[ 1301.307228] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1301.309837] CPU: 1 PID: 7833 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1301.311158] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1301.312749] Call Trace:
[ 1301.313257]  dump_stack+0x107/0x167
[ 1301.313940]  should_fail.cold+0x5/0xa
[ 1301.314682]  _copy_from_user+0x2e/0x1b0
[ 1301.315446]  __copy_msghdr_from_user+0x91/0x4b0
[ 1301.316343]  ? __ia32_sys_shutdown+0x80/0x80
[ 1301.317167]  ? __lock_acquire+0x1657/0x5b00
[ 1301.317988]  ___sys_recvmsg+0xd5/0x200
[ 1301.318713]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1301.319645]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1301.320645]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1301.321478]  ? trace_hardirqs_on+0x5b/0x180
[ 1301.322287]  ? lock_acquire+0x197/0x470
[ 1301.323011]  ? find_held_lock+0x2c/0x110
[ 1301.323788]  ? __might_fault+0xd3/0x180
[ 1301.324514]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.325281]  ? io_schedule_timeout+0x140/0x140
[ 1301.326151]  do_recvmmsg+0x24c/0x6d0
[ 1301.326853]  ? ___sys_recvmsg+0x200/0x200
[ 1301.327618]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.328401]  ? ksys_write+0x12d/0x260
[ 1301.329117]  ? wait_for_completion_io+0x270/0x270
[ 1301.330008]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1301.330863]  ? vfs_write+0x354/0xa70
[ 1301.331557]  __x64_sys_recvmmsg+0x20f/0x260
[ 1301.332372]  ? ksys_write+0x1a9/0x260
[ 1301.333076]  ? __do_sys_socketcall+0x600/0x600
[ 1301.333919]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1301.334899]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1301.335859]  do_syscall_64+0x33/0x40
[ 1301.336558]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1301.337497] RIP: 0033:0x7f13d67b3b19
[ 1301.338190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1301.341618] RSP: 002b:00007f13d3d29188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1301.343070] RAX: ffffffffffffffda RBX: 00007f13d68c6f60 RCX: 00007f13d67b3b19
[ 1301.344445] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1301.345780] RBP: 00007f13d3d291d0 R08: 0000000000000000 R09: 0000000000000000
[ 1301.347141] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1301.348483] R13: 00007ffe26e173ff R14: 00007f13d3d29300 R15: 0000000000022000
18:30:05 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {0x0}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1301.365709] device lo entered promiscuous mode
18:30:05 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 48)

[ 1301.400063] 
[ 1301.400389] ======================================================
[ 1301.401483] WARNING: possible circular locking dependency detected
[ 1301.402584] 5.10.199 #1 Not tainted
[ 1301.403243] ------------------------------------------------------
[ 1301.404435] syz-executor.4/7848 is trying to acquire lock:
[ 1301.405497] ffff88800eee4ae8 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xa90
[ 1301.407369] 
[ 1301.407369] but task is already holding lock:
[ 1301.408478] ffff88800eee4f40 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0xef/0x1240
[ 1301.413530] 
[ 1301.413530] which lock already depends on the new lock.
[ 1301.413530] 
[ 1301.414946] 
[ 1301.414946] the existing dependency chain (in reverse order) is:
[ 1301.416278] 
[ 1301.416278] -> #3 (&hdev->req_lock){+.+.}-{3:3}:
[ 1301.417391]        __mutex_lock+0x13d/0x10b0
[ 1301.418155]        hci_dev_do_close+0xef/0x1240
[ 1301.418977]        hci_rfkill_set_block+0x166/0x1a0
[ 1301.419837]        rfkill_set_block+0x1fd/0x540
[ 1301.420664]        rfkill_fop_write+0x253/0x4b0
[ 1301.421492]        vfs_write+0x29a/0xa70
[ 1301.422210]        ksys_write+0x1f6/0x260
[ 1301.422935]        do_syscall_64+0x33/0x40
[ 1301.423692]        entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1301.424668] 
[ 1301.424668] -> #2 (rfkill_global_mutex){+.+.}-{3:3}:
[ 1301.425869]        __mutex_lock+0x13d/0x10b0
[ 1301.426659]        rfkill_register+0x36/0xa10
[ 1301.427493]        hci_register_dev+0x42e/0xc00
[ 1301.428357]        __vhci_create_device+0x2c8/0x5c0
[ 1301.429267]        vhci_open_timeout+0x38/0x50
[ 1301.430073]        process_one_work+0x9a9/0x14b0
[ 1301.430912]        worker_thread+0x61d/0x1310
[ 1301.431748]        kthread+0x38f/0x470
[ 1301.432473]        ret_from_fork+0x22/0x30
[ 1301.433248] 
[ 1301.433248] -> #1 (&data->open_mutex){+.+.}-{3:3}:
[ 1301.434393]        __mutex_lock+0x13d/0x10b0
[ 1301.435192]        vhci_send_frame+0x63/0xa0
[ 1301.435982]        hci_send_frame+0x1b9/0x320
[ 1301.436749]        hci_tx_work+0x10af/0x1660
[ 1301.437503]        process_one_work+0x9a9/0x14b0
[ 1301.438320]        worker_thread+0x61d/0x1310
[ 1301.439100]        kthread+0x38f/0x470
[ 1301.439812]        ret_from_fork+0x22/0x30
[ 1301.440549] 
[ 1301.440549] -> #0 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[ 1301.441902]        __lock_acquire+0x29e7/0x5b00
[ 1301.442700]        lock_acquire+0x197/0x470
[ 1301.443442]        __flush_work+0x105/0xa90
[ 1301.444205]        hci_dev_do_close+0x131/0x1240
[ 1301.445022]        hci_rfkill_set_block+0x166/0x1a0
[ 1301.445879]        rfkill_set_block+0x1fd/0x540
[ 1301.446673]        rfkill_fop_write+0x253/0x4b0
[ 1301.447486]        vfs_write+0x29a/0xa70
[ 1301.448187]        ksys_write+0x1f6/0x260
[ 1301.448932]        do_syscall_64+0x33/0x40
[ 1301.449676]        entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1301.450650] 
[ 1301.450650] other info that might help us debug this:
[ 1301.450650] 
[ 1301.451989] Chain exists of:
[ 1301.451989]   (work_completion)(&hdev->tx_work) --> rfkill_global_mutex --> &hdev->req_lock
[ 1301.451989] 
[ 1301.454096]  Possible unsafe locking scenario:
[ 1301.454096] 
[ 1301.455091]        CPU0                    CPU1
[ 1301.455866]        ----                    ----
[ 1301.456622]   lock(&hdev->req_lock);
[ 1301.457234]                                lock(rfkill_global_mutex);
[ 1301.458323]                                lock(&hdev->req_lock);
[ 1301.459353]   lock((work_completion)(&hdev->tx_work));
[ 1301.460249] 
[ 1301.460249]  *** DEADLOCK ***
[ 1301.460249] 
[ 1301.461279] 2 locks held by syz-executor.4/7848:
[ 1301.462077]  #0: ffffffff85619468 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0xff/0x4b0
[ 1301.463669]  #1: ffff88800eee4f40 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0xef/0x1240
[ 1301.465216] 
[ 1301.465216] stack backtrace:
[ 1301.465958] CPU: 1 PID: 7848 Comm: syz-executor.4 Not tainted 5.10.199 #1
[ 1301.467074] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1301.468455] Call Trace:
[ 1301.468884]  dump_stack+0x107/0x167
[ 1301.469488]  check_noncircular+0x263/0x2e0
[ 1301.470220]  ? register_lock_class+0xbb/0x17b0
[ 1301.471003]  ? print_circular_bug+0x470/0x470
[ 1301.471799]  ? alloc_chain_hlocks+0x1ec/0x5a0
[ 1301.472594]  __lock_acquire+0x29e7/0x5b00
[ 1301.473326]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1301.474229]  ? SOFTIRQ_verbose+0x10/0x10
[ 1301.474934]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1301.475891]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1301.476819]  lock_acquire+0x197/0x470
[ 1301.477468]  ? __flush_work+0xdd/0xa90
[ 1301.478147]  ? lock_release+0x680/0x680
[ 1301.478865]  ? lock_release+0x680/0x680
[ 1301.479552]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1301.480457]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1301.481401]  ? trace_hardirqs_on+0x5b/0x180
[ 1301.482163]  __flush_work+0x105/0xa90
[ 1301.482810]  ? __flush_work+0xdd/0xa90
[ 1301.483497]  ? queue_delayed_work_on+0xe0/0xe0
[ 1301.484281]  ? hci_dev_do_close+0xef/0x1240
[ 1301.485003]  ? __cancel_work_timer+0x2a9/0x4c0
[ 1301.485793]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1301.486695]  ? mutex_lock_io_nested+0xf30/0xf30
[ 1301.487500]  ? __cancel_work_timer+0x2a9/0x4c0
[ 1301.488297]  hci_dev_do_close+0x131/0x1240
[ 1301.489010]  ? rfkill_set_block+0x18f/0x540
[ 1301.489761]  ? hci_dev_open+0x350/0x350
[ 1301.490446]  ? mark_held_locks+0x9e/0xe0
[ 1301.491142]  hci_rfkill_set_block+0x166/0x1a0
[ 1301.491930]  ? hci_power_off+0x20/0x20
[ 1301.492605]  rfkill_set_block+0x1fd/0x540
[ 1301.493318]  rfkill_fop_write+0x253/0x4b0
[ 1301.494031]  ? rfkill_sync_work+0xa0/0xa0
[ 1301.494740]  ? rfkill_fop_write+0x6/0x4b0
[ 1301.495443]  ? rfkill_sync_work+0xa0/0xa0
[ 1301.496156]  vfs_write+0x29a/0xa70
[ 1301.496781]  ksys_write+0x1f6/0x260
[ 1301.497408]  ? __ia32_sys_read+0xb0/0xb0
[ 1301.498115]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1301.499016]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1301.499918]  do_syscall_64+0x33/0x40
[ 1301.500543]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1301.501448] RIP: 0033:0x7f387a313b19
[ 1301.502080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1301.505230] RSP: 002b:00007f3877889188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1301.506580] RAX: ffffffffffffffda RBX: 00007f387a426f60 RCX: 00007f387a313b19
[ 1301.507804] RDX: 0000000000000008 RSI: 00000000200000c0 RDI: 0000000000000007
[ 1301.509057] RBP: 00007f387a36df6d R08: 0000000000000000 R09: 0000000000000000
[ 1301.510276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1301.511492] R13: 00007ffdd46bd64f R14: 00007f3877889300 R15: 0000000000022000
[ 1301.577707] FAULT_INJECTION: forcing a failure.
[ 1301.577707] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1301.580823] CPU: 0 PID: 7853 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1301.582202] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1301.582221] device lo left promiscuous mode
[ 1301.583876] Call Trace:
[ 1301.583901]  dump_stack+0x107/0x167
[ 1301.583923]  should_fail.cold+0x5/0xa
[ 1301.583951]  _copy_from_user+0x2e/0x1b0
[ 1301.587427]  __copy_msghdr_from_user+0x91/0x4b0
[ 1301.588380]  ? __ia32_sys_shutdown+0x80/0x80
[ 1301.589280]  ? perf_trace_lock_acquire+0xbc/0x590
[ 1301.590241]  ? import_iovec+0x83/0xb0
[ 1301.591009]  ___sys_recvmsg+0xd5/0x200
[ 1301.591802]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1301.592780]  ? trace_hardirqs_on+0x51/0x180
[ 1301.593649]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1301.594551]  ? lock_acquire+0x3ef/0x470
[ 1301.595357]  ? lock_release+0x4d1/0x680
[ 1301.596175]  ? __might_fault+0xd3/0x180
[ 1301.596981]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.597815]  ? __might_fault+0x4f/0x180
[ 1301.598615]  do_recvmmsg+0x24c/0x6d0
[ 1301.599362]  ? ___sys_recvmsg+0x200/0x200
[ 1301.600196]  ? lock_downgrade+0x6d0/0x6d0
[ 1301.601027]  ? lock_release+0x4d1/0x680
[ 1301.601824]  ? fsnotify+0xf50/0xf50
[ 1301.602560]  ? ksys_write+0x12d/0x260
[ 1301.603329]  ? wait_for_completion_io+0x270/0x270
[ 1301.604327]  ? vfs_write+0x354/0xa70
[ 1301.605068]  __x64_sys_recvmmsg+0x20f/0x260
[ 1301.605929]  ? ksys_write+0x1a9/0x260
[ 1301.606684]  ? __do_sys_socketcall+0x600/0x600
[ 1301.607600]  ? fpregs_assert_state_consistent+0xb9/0xe0
[ 1301.608666]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1301.609691]  do_syscall_64+0x33/0x40
[ 1301.610429]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1301.611442] RIP: 0033:0x7fd50191ab19
[ 1301.612202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1301.615841] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1301.617373] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1301.618819] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1301.620268] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1301.621705] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1301.623133] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1302.082091] device lo entered promiscuous mode
[ 1311.256790] FAULT_INJECTION: forcing a failure.
[ 1311.256790] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1311.258069] CPU: 1 PID: 7871 Comm: syz-executor.1 Not tainted 5.10.199 #1
[ 1311.258744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1311.259624] Call Trace:
[ 1311.259933]  dump_stack+0x107/0x167
[ 1311.260328]  should_fail.cold+0x5/0xa
[ 1311.260734]  _copy_from_user+0x2e/0x1b0
[ 1311.261154]  __copy_msghdr_from_user+0x91/0x4b0
[ 1311.261643]  ? __ia32_sys_shutdown+0x80/0x80
[ 1311.262109]  ? SOFTIRQ_verbose+0x10/0x10
[ 1311.262547]  ? perf_trace_lock_acquire+0xbc/0x590
[ 1311.263052]  ? import_iovec+0x83/0xb0
[ 1311.263451]  ___sys_recvmsg+0xd5/0x200
[ 1311.263866]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1311.264383]  ? lock_downgrade+0x6d0/0x6d0
[ 1311.264819]  ? lock_acquire+0x3ef/0x470
[ 1311.265245]  ? lock_acquire+0x3ef/0x470
[ 1311.265668]  ? lock_release+0x4d1/0x680
[ 1311.266093]  ? __might_fault+0xd3/0x180
[ 1311.266522]  ? lock_downgrade+0x6d0/0x6d0
[ 1311.266947]  do_recvmmsg+0x24c/0x6d0
[ 1311.267320]  ? ___sys_recvmsg+0x200/0x200
[ 1311.267730]  ? lock_downgrade+0x6d0/0x6d0
[ 1311.268156]  ? lock_release+0x4d1/0x680
[ 1311.268555]  ? fsnotify+0xf50/0xf50
[ 1311.268926]  ? ksys_write+0x12d/0x260
[ 1311.269309]  ? wait_for_completion_io+0x270/0x270
[ 1311.269787]  ? vfs_write+0x354/0xa70
[ 1311.270197]  __x64_sys_recvmmsg+0x20f/0x260
[ 1311.270656]  ? ksys_write+0x1a9/0x260
[ 1311.271066]  ? __do_sys_socketcall+0x600/0x600
[ 1311.271553]  ? fpregs_assert_state_consistent+0xb9/0xe0
[ 1311.272126]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1311.272674]  do_syscall_64+0x33/0x40
[ 1311.273072]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1311.273618] RIP: 0033:0x7f65a52bbb19
[ 1311.274013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1311.275970] RSP: 002b:00007f65a2831188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1311.276766] RAX: ffffffffffffffda RBX: 00007f65a53cef60 RCX: 00007f65a52bbb19
[ 1311.277526] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1311.278241] RBP: 00007f65a28311d0 R08: 0000000000000000 R09: 0000000000000000
[ 1311.278949] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1311.279657] R13: 00007ffc95f579af R14: 00007f65a2831300 R15: 0000000000022000
[ 1311.298496] FAULT_INJECTION: forcing a failure.
[ 1311.298496] name fail_usercopy, interval 1, probability 0, space 0, times 0
18:30:15 executing program 4:
setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000040)={@private0}, 0x14)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x28}}, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
fstat(r0, &(0x7f0000000200))
ioctl$sock_SIOCGIFINDEX(r0, 0x8914, &(0x7f0000000140)={'lo\x00'})
ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f00000000c0)={0x100000000, {0x3, 0x6, 0x9, 0x3ff, 0x2}})
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00'})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
request_key(0x0, 0x0, 0x0, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
write$rfkill(r3, &(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1}, 0x8)
accept$inet6(r2, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000340), 0x9, 0x40)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000380)={{{@in=@loopback, @in=@multicast1}}, {{@in=@local}, 0x0, @in=@broadcast}}, &(0x7f0000000100)=0xe8)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8914, &(0x7f0000000140)={'lo\x00'})
ftruncate(0xffffffffffffffff, 0x0)

18:30:15 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="070070c9c93759c79f9402c22092000000000000010000000000000009"])
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea1", 0x2, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0)

18:30:15 executing program 3:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}}], 0x35f, 0x10062, 0x0)

18:30:15 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 38)

18:30:15 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 27)

18:30:15 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
perf_event_open(&(0x7f0000000980)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
write$bt_hci(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0138787a5073562e48540000000012dbe6b4d1d76368674a19f38585ef9d0ed8c978d5c300"/59], 0x27)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000000040)="ae19e9710b", 0x5, r1}, 0x68)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
readv(r3, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/60, 0x3c}, {&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000004c0)=""/191, 0xbf}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f00000001c0)=""/98, 0x62}, {0x0}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x9)
add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000000000000102030405060708090a0b0c0d0e0ffd29439a06000000000000001c1d1e1f202122232425262728292a2b2c2d2e2f2025fbb53435363738393a3b3c3d3e3f405c60c24d33c53ec7d97c570cc7eb7e9f3821450041b7f279bdf1acd68d1df22325ec445a3cdebc035a95229bf276942391fa3344dd65335dd235b80917862cd1fcad7832e67fc52fabbbee2622a731831ada03f46396b75240987af3b5e286eafddeae6cc506333fa310b3652f177e40f3e1a285e07e81098b46950fb39d9cd8ad2fde00008819f2bc2042f22c06b9a4b2f7adecde9510cdf7e1d2bd314f4108386a6e5d67b3e5a49ae8522bf4fc3bf98d061a73a592ff8a057555f802ee0b6c9147954229171a76b6bad0088f370cbe52b44572fd9f91676d2ae50784e3f9f53f7720480752cf6572d98827b1a4e7ffce781983f929b419ebbee0681f07"], 0x48, r2)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r2)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
fcntl$getflags(r4, 0x408)
write$binfmt_aout(r4, &(0x7f0000000b40)={{0x0, 0x8, 0x32, 0xf0, 0x365, 0x6, 0x35d, 0x80000000}, "c45c392dad81fa8695e234cf6bc5088f3d820fee526046c2d63ecbb447e49928058508270e3ee1952a640cef1c17ce55f17776b82707", ['\x00', '\x00', '\x00']}, 0x356)
fcntl$getflags(0xffffffffffffffff, 0x408)
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000a40)={0x17412c500, 0x0, 0x0, 0x0, {0x84000002}, 0x0, 0x0, 0x0, 0x0}, 0x58)

18:30:15 executing program 0:
gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 60)

18:30:15 executing program 7:
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
gettid()
ptrace$setopts(0x4206, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 49)

[ 1311.299905] CPU: 1 PID: 7885 Comm: syz-executor.6 Not tainted 5.10.199 #1
[ 1311.300674] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1311.301682] Call Trace:
[ 1311.301977]  dump_stack+0x107/0x167
[ 1311.302371]  should_fail.cold+0x5/0xa
[ 1311.302795]  _copy_from_user+0x2e/0x1b0
[ 1311.303229]  __copy_msghdr_from_user+0x91/0x4b0
[ 1311.303740]  ? __ia32_sys_shutdown+0x80/0x80
[ 1311.304225]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1311.304826]  ? perf_trace_lock_acquire+0xbc/0x590
[ 1311.305368]  ? import_iovec+0x83/0xb0
[ 1311.305797]  ___sys_recvmsg+0xd5/0x200
[ 1311.306236]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1311.306777]  ? trace_hardirqs_on+0x51/0x180
[ 1311.307288]  ? _raw_spin_unlock_irq+0x27/0x30
[ 1311.307813]  ? lock_acquire+0x3ef/0x470
[ 1311.308278]  ? lock_release+0x4d1/0x680
[ 1311.308737]  ? __might_fault+0xd3/0x180
[ 1311.309192]  ? lock_downgrade+0x6d0/0x6d0
[ 1311.309676]  ? io_schedule_timeout+0x140/0x140
[ 1311.310200]  do_recvmmsg+0x24c/0x6d0
[ 1311.310637]  ? ___sys_recvmsg+0x200/0x200
[ 1311.311114]  ? lock_downgrade+0x6d0/0x6d0
[ 1311.311572]  ? lock_release+0x4d1/0x680
[ 1311.312020]  ? fsnotify+0xf50/0xf50
[ 1311.312422]  ? ksys_write+0x12d/0x260
[ 1311.312868]  ? wait_for_completion_io+0x270/0x270
[ 1311.313409]  ? vfs_write+0x354/0xa70
[ 1311.313838]  __x64_sys_recvmmsg+0x20f/0x260
[ 1311.314324]  ? ksys_write+0x1a9/0x260
[ 1311.314766]  ? __do_sys_socketcall+0x600/0x600
[ 1311.315293]  ? fpregs_assert_state_consistent+0xb9/0xe0
[ 1311.315917]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1311.316522]  do_syscall_64+0x33/0x40
[ 1311.316956]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1311.317549] RIP: 0033:0x7f301b410b19
[ 1311.317960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1311.320057] RSP: 002b:00007f3018986188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1311.320922] RAX: ffffffffffffffda RBX: 00007f301b523f60 RCX: 00007f301b410b19
[ 1311.321727] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1311.322516] RBP: 00007f30189861d0 R08: 0000000000000000 R09: 0000000000000000
[ 1311.323319] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1311.324150] R13: 00007ffcb222f7cf R14: 00007f3018986300 R15: 0000000000022000
[ 1311.327886] FAULT_INJECTION: forcing a failure.
[ 1311.327886] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1311.329223] CPU: 1 PID: 7877 Comm: syz-executor.7 Not tainted 5.10.199 #1
[ 1311.330004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1311.330954] Call Trace:
[ 1311.331239]  dump_stack+0x107/0x167
[ 1311.331658]  should_fail.cold+0x5/0xa
[ 1311.332106]  _copy_from_user+0x2e/0x1b0
[ 1311.332543]  __copy_msghdr_from_user+0x91/0x4b0
[ 1311.333072]  ? __ia32_sys_shutdown+0x80/0x80
[ 1311.333566]  ? SOFTIRQ_verbose+0x10/0x10
[ 1311.334029]  ? perf_trace_lock_acquire+0xbc/0x590
[ 1311.334580]  ? import_iovec+0x83/0xb0
[ 1311.335009]  ___sys_recvmsg+0xd5/0x200
[ 1311.335464]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1311.336017]  ? lock_downgrade+0x6d0/0x6d0
[ 1311.336502]  ? lock_acquire+0x3ef/0x470
[ 1311.336963]  ? lock_acquire+0x3ef/0x470
[ 1311.337425]  ? lock_release+0x4d1/0x680
[ 1311.337872]  ? __might_fault+0xd3/0x180
[ 1311.338314]  ? lock_downgrade+0x6d0/0x6d0
[ 1311.338802]  do_recvmmsg+0x24c/0x6d0
[ 1311.339232]  ? ___sys_recvmsg+0x200/0x200
[ 1311.339708]  ? lock_downgrade+0x6d0/0x6d0
[ 1311.340194]  ? lock_release+0x4d1/0x680
[ 1311.340657]  ? fsnotify+0xf50/0xf50
[ 1311.341064]  ? ksys_write+0x12d/0x260
[ 1311.341508]  ? wait_for_completion_io+0x270/0x270
[ 1311.342037]  ? vfs_write+0x354/0xa70
[ 1311.342457]  __x64_sys_recvmmsg+0x20f/0x260
[ 1311.342950]  ? ksys_write+0x1a9/0x260
[ 1311.343390]  ? __do_sys_socketcall+0x600/0x600
[ 1311.343927]  ? fpregs_assert_state_consistent+0xb9/0xe0
[ 1311.344525]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1311.345119]  do_syscall_64+0x33/0x40
[ 1311.345556]  entry_SYSCALL_64_after_hwframe+0x62/0xc7
[ 1311.346125] RIP: 0033:0x7fd50191ab19
[ 1311.346538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1311.348569] RSP: 002b:00007fd4fee90188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1311.349416] RAX: ffffffffffffffda RBX: 00007fd501a2df60 RCX: 00007fd50191ab19
[ 1311.350209] RDX: 000000000000035f RSI: 0000000020001a00 RDI: 0000000000000004
[ 1311.351003] RBP: 00007fd4fee901d0 R08: 0000000000000000 R09: 0000000000000000
[ 1311.351793] R10: 0000000000010062 R11: 0000000000000246 R12: 0000000000000002
[ 1311.352577] R13: 00007ffcb71c4b0f R14: 00007fd4fee90300 R15: 0000000000022000
[ 1311.364235] device lo left promiscuous mode
18:30:15 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r0, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 39)

18:30:15 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000000)=0x74000000, 0x4)
sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) (fail_nth: 28)

[ 1311.385104] FAULT_INJECTION: forcing a failure.
[ 1311.385104] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1311.387948] CPU: 0 PID: 7884 Comm: syz-executor.0 Not tainted 5.10.199 #1
[ 1311.389309] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1311.390959] Call Trace:
[ 1311.391490]  dump_stack+0x107/0x167
[ 1311.392225]  should_fail.cold+0x5/0xa
[ 1311.392989]  _copy_from_user+0x2e/0x1b0
[ 1311.393784]  __copy_msghdr_from_user+0x91/0x4b0
[ 1311.394709]  ? __ia32_sys_shutdown+0x80/0x80
[ 1311.395594]  ? perf_trace_lock_acquire+0xbc/0x590
[ 1311.396550]  ? import_iovec+0x83/0xb0
[ 1311.397303]  ___sys_recvmsg+0xd5/0x200
[ 1311.397605] FAULT_INJECTION: forcing a failure.
[ 1311.397605] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1311.398071]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 1311.398097]  ? put_task_struct_rcu_user+0x5e/0xb0
[ 1311.401256]  ? lock_acquire+0x3ef/0x470
[ 1311.402044]  ? lock_release+0x4d1/0x680
[ 1311.402830]  ? __might_fault+0xd3/0x180
[ 1311.403629]  ? lock_downgrade+0x6d0/0x6d0
[ 1311.404639]  ? io_schedule_timeout+0x140/0x140
[ 1311.405727]  do_recvmmsg+0x24c/0x6d0
[ 1311.406609]  ? ___sys_recvmsg+0x200/0x200
[ 1311.407589]  ? lock_downgrade+0x6d0/0x6d0
[ 1311.408586]  ? irqentry_enter+0x26/0x60
[ 1311.409528]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1311.410807]  ? trace_hardirqs_on+0x5b/0x180
[ 1311.411835]  ? __x64_sys_recvmmsg+0x117/0x260

VM DIAGNOSIS:
18:30:05  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff8135ba26 RDX=ffff8880205f8000
RSI=ffffffff8135ba14 RDI=0000000000000005 RBP=ffff888046e77b78 RSP=ffff888046e77aa0
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=0000000000000200 R14=1ffff11008dcef58 R15=ffff888046e77c90
RIP=ffffffff8135ba16 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555556141400 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2cd25000 CR3=000000000eba0000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000ff000000000000000000000000ff XMM01=657200353278246d6f72667663657200
XMM02=00000000000000000000000000000000 XMM03=00007f6a9e9467c800007f6a9e9467c0
XMM04=ffffffffffffff00ffffffff00000000 XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000078 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822ca1d1 RDI=ffffffff879e81e0 RBP=ffffffff879e81a0 RSP=ffff888017c8f2e8
R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000001
R12=0000000000000078 R13=0000000000000078 R14=ffffffff879e81a0 R15=dffffc0000000000
RIP=ffffffff822ca228 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f3877889700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9b471aa0f0 CR3=0000000015bc8000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000