{0x8, 0xef, 0x2}, @NL80211_ATTR_BANDS={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8040}, 0x814) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) preadv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000040)=""/39, 0x27}], 0x1, 0xffff57e9, 0x4) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 1365.665097] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1365.681484] FAULT_INJECTION: forcing a failure. [ 1365.681484] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1365.684040] CPU: 1 PID: 8434 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1365.685487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1365.687248] Call Trace: [ 1365.687809] dump_stack+0x107/0x167 [ 1365.688581] should_fail.cold+0x5/0xa [ 1365.689393] _copy_from_user+0x2e/0x1b0 [ 1365.690238] __copy_msghdr_from_user+0x91/0x4b0 [ 1365.691230] ? __ia32_sys_shutdown+0x80/0x80 [ 1365.692156] ? __lock_acquire+0x1657/0x5b00 [ 1365.693077] ___sys_recvmsg+0xd5/0x200 [ 1365.693918] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1365.694963] ? __fget_files+0x2cf/0x520 [ 1365.695816] ? lock_acquire+0x197/0x470 [ 1365.696654] ? find_held_lock+0x2c/0x110 [ 1365.697530] ? __might_fault+0xd3/0x180 [ 1365.698363] ? lock_downgrade+0x6d0/0x6d0 [ 1365.699272] do_recvmmsg+0x24c/0x6d0 [ 1365.700067] ? ___sys_recvmsg+0x200/0x200 [ 1365.700945] ? lock_downgrade+0x6d0/0x6d0 [ 1365.701829] ? ksys_write+0x12d/0x260 [ 1365.702640] ? wait_for_completion_io+0x270/0x270 [ 1365.703678] ? rcu_read_lock_any_held+0x75/0xa0 [ 1365.704659] ? vfs_write+0x354/0xb10 [ 1365.705447] __x64_sys_recvmmsg+0x20f/0x260 [ 1365.706359] ? ksys_write+0x1a9/0x260 [ 1365.707175] ? __do_sys_socketcall+0x600/0x600 [ 1365.708141] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1365.708313] FAULT_INJECTION: forcing a failure. [ 1365.708313] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1365.709250] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1365.709273] do_syscall_64+0x33/0x40 [ 1365.709299] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1365.714595] RIP: 0033:0x7fcf11593b19 [ 1365.715391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1365.719279] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1365.720886] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1365.722385] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1365.723893] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1365.725396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1365.726917] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1365.728918] CPU: 0 PID: 8438 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1365.730381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1365.732133] Call Trace: [ 1365.732703] dump_stack+0x107/0x167 [ 1365.733468] should_fail.cold+0x5/0xa [ 1365.733696] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8439 comm=syz-executor.5 [ 1365.734280] _copy_from_user+0x2e/0x1b0 [ 1365.734311] __copy_msghdr_from_user+0x91/0x4b0 [ 1365.738576] ? __ia32_sys_shutdown+0x80/0x80 [ 1365.739523] ? __lock_acquire+0x1657/0x5b00 [ 1365.740449] ___sys_recvmsg+0xd5/0x200 [ 1365.741276] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1365.742314] ? __fget_files+0x2cf/0x520 [ 1365.743159] ? lock_acquire+0x197/0x470 [ 1365.743995] ? find_held_lock+0x2c/0x110 [ 1365.744856] ? __might_fault+0xd3/0x180 [ 1365.745694] ? lock_downgrade+0x6d0/0x6d0 [ 1365.746584] do_recvmmsg+0x24c/0x6d0 [ 1365.747382] ? ___sys_recvmsg+0x200/0x200 [ 1365.748255] ? lock_downgrade+0x6d0/0x6d0 [ 1365.749136] ? ksys_write+0x12d/0x260 [ 1365.749954] ? wait_for_completion_io+0x270/0x270 [ 1365.750984] ? rcu_read_lock_any_held+0x75/0xa0 [ 1365.751961] ? vfs_write+0x354/0xb10 [ 1365.752752] __x64_sys_recvmmsg+0x20f/0x260 [ 1365.753659] ? ksys_write+0x1a9/0x260 [ 1365.754463] ? __do_sys_socketcall+0x600/0x600 [ 1365.755431] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1365.756536] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1365.757621] do_syscall_64+0x33/0x40 [ 1365.758405] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1365.759491] RIP: 0033:0x7f97e8de2b19 [ 1365.760280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1365.764157] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1365.765757] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1365.767276] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1365.768779] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1365.770277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1365.771786] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1365.776123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1365.777666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1365.779471] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1365.799206] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1365.801775] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8440 comm=syz-executor.5 [ 1377.983179] FAULT_INJECTION: forcing a failure. [ 1377.983179] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1377.984700] CPU: 1 PID: 8448 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1377.985558] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1377.986121] FAULT_INJECTION: forcing a failure. [ 1377.986121] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1377.986593] Call Trace: [ 1377.986612] dump_stack+0x107/0x167 [ 1377.986632] should_fail.cold+0x5/0xa [ 1377.990313] _copy_from_user+0x2e/0x1b0 [ 1377.990815] __copy_msghdr_from_user+0x91/0x4b0 [ 1377.991400] ? __ia32_sys_shutdown+0x80/0x80 [ 1377.991947] ? __lock_acquire+0x1657/0x5b00 [ 1377.992495] ___sys_recvmsg+0xd5/0x200 [ 1377.992985] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1377.993594] ? trace_hardirqs_on+0x5b/0x180 [ 1377.994129] ? lock_acquire+0x197/0x470 [ 1377.994617] ? find_held_lock+0x2c/0x110 [ 1377.995126] ? __might_fault+0xd3/0x180 [ 1377.995616] ? lock_downgrade+0x6d0/0x6d0 [ 1377.996141] do_recvmmsg+0x24c/0x6d0 [ 1377.996604] ? ___sys_recvmsg+0x200/0x200 [ 1377.997117] ? lock_downgrade+0x6d0/0x6d0 [ 1377.997639] ? ksys_write+0x12d/0x260 [ 1377.998113] ? wait_for_completion_io+0x270/0x270 [ 1377.998707] ? rcu_read_lock_any_held+0x75/0xa0 [ 1377.999288] ? vfs_write+0x354/0xb10 [ 1377.999753] __x64_sys_recvmmsg+0x20f/0x260 [ 1378.000285] ? ksys_write+0x1a9/0x260 [ 1378.000753] ? __do_sys_socketcall+0x600/0x600 [ 1378.001318] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1378.001962] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1378.002601] do_syscall_64+0x33/0x40 [ 1378.003071] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1378.003703] RIP: 0033:0x7fedaa47eb19 [ 1378.004161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1378.006427] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1378.007374] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1378.008256] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1378.009137] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1378.010018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1378.010900] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1378.011810] CPU: 0 PID: 8449 Comm: syz-executor.2 Not tainted 5.10.236 #1 23:06:20 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 77) 23:06:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 79) 23:06:20 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x74, 0x0, 0x0) [ 1378.013259] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1378.015213] Call Trace: [ 1378.015781] dump_stack+0x107/0x167 [ 1378.016555] should_fail.cold+0x5/0xa [ 1378.017359] _copy_from_user+0x2e/0x1b0 [ 1378.018189] __copy_msghdr_from_user+0x91/0x4b0 [ 1378.019172] ? __ia32_sys_shutdown+0x80/0x80 23:06:20 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x7b, 0x0, 0x0) 23:06:20 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f00000001c0)={0x0, 0x0, 0xff00}) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x7b19, 0x4) dup2(r1, r2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000000)) 23:06:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x8, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:06:20 executing program 5: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000280)={0x5df4bfe3, 0x7, 0x4, 0x7fff, 0x7}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_delete(0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800, 0x101}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000009c0)={0x0, 0x0}) setpgid(0x0, r1) r2 = signalfd(r0, &(0x7f0000000100)={[0x2]}, 0x8) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x3, 0x9, 0x7, 0x0, 0x4000002, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x20, 0x0, @perf_config_ext={0x2, 0x100}, 0x0, 0x3598b8b3, 0x9, 0x3, 0x40ab666d, 0x4, 0x1, 0x0, 0x560, 0x0, 0x5}, r1, 0x2, r2, 0x8) capset(&(0x7f0000000000)={0xc92bfb053a14a5a}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=0x0) timer_create(0x7, &(0x7f0000000180)={0x0, 0xe, 0x1, @tid=r3}, &(0x7f0000000340)) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='setgroups\x00') pread64(r4, &(0x7f00000001c0)=""/133, 0x85, 0x57f) read(r4, &(0x7f00000002c0)=""/122, 0x7a) timer_create(0x0, &(0x7f0000000000)={0x0, 0x1c, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000480)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)) timer_create(0x4, &(0x7f0000000400)={0x0, 0x3d, 0x0, @tid=r1}, &(0x7f0000000440)) clone3(&(0x7f00000001c0)={0x40182300, 0x0, 0x0, 0x0, {0x34}, 0x0, 0x0, 0x0, 0x0}, 0x58) 23:06:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 57) [ 1378.020090] ? __lock_acquire+0x1657/0x5b00 [ 1378.021063] ___sys_recvmsg+0xd5/0x200 [ 1378.021876] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1378.022910] ? __fget_files+0x2cf/0x520 [ 1378.023754] ? lock_acquire+0x197/0x470 [ 1378.024583] ? find_held_lock+0x2c/0x110 [ 1378.025446] ? __might_fault+0xd3/0x180 [ 1378.026285] ? lock_downgrade+0x6d0/0x6d0 [ 1378.027187] do_recvmmsg+0x24c/0x6d0 [ 1378.027964] ? ___sys_recvmsg+0x200/0x200 [ 1378.028840] ? lock_downgrade+0x6d0/0x6d0 [ 1378.029704] ? ksys_write+0x12d/0x260 [ 1378.030510] ? wait_for_completion_io+0x270/0x270 [ 1378.031521] ? rcu_read_lock_any_held+0x75/0xa0 [ 1378.032489] ? vfs_write+0x354/0xb10 [ 1378.033270] __x64_sys_recvmmsg+0x20f/0x260 [ 1378.034164] ? ksys_write+0x1a9/0x260 [ 1378.034989] ? __do_sys_socketcall+0x600/0x600 [ 1378.035951] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1378.037058] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1378.038144] do_syscall_64+0x33/0x40 [ 1378.038925] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1378.040006] RIP: 0033:0x7f97e8de2b19 [ 1378.040771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1378.044610] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1378.046180] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1378.047673] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1378.049150] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1378.050635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1378.052112] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1378.090281] validate_nla: 4 callbacks suppressed [ 1378.090289] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1378.091967] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:06:20 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 78) [ 1378.095967] FAULT_INJECTION: forcing a failure. [ 1378.095967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1378.097436] CPU: 1 PID: 8459 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1378.098274] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1378.099274] Call Trace: [ 1378.099599] dump_stack+0x107/0x167 [ 1378.100035] should_fail.cold+0x5/0xa [ 1378.100491] _copy_from_user+0x2e/0x1b0 [ 1378.100976] __copy_msghdr_from_user+0x91/0x4b0 [ 1378.101538] ? __ia32_sys_shutdown+0x80/0x80 [ 1378.102071] ? __lock_acquire+0x1657/0x5b00 [ 1378.102598] ___sys_recvmsg+0xd5/0x200 [ 1378.103074] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1378.103453] FAULT_INJECTION: forcing a failure. [ 1378.103453] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1378.103662] ? __fget_files+0x2cf/0x520 [ 1378.103677] ? lock_acquire+0x197/0x470 [ 1378.103695] ? find_held_lock+0x2c/0x110 [ 1378.107516] ? __might_fault+0xd3/0x180 [ 1378.107988] ? lock_downgrade+0x6d0/0x6d0 [ 1378.108494] do_recvmmsg+0x24c/0x6d0 [ 1378.108942] ? ___sys_recvmsg+0x200/0x200 [ 1378.109436] ? lock_downgrade+0x6d0/0x6d0 [ 1378.109935] ? ksys_write+0x12d/0x260 [ 1378.110403] ? wait_for_completion_io+0x270/0x270 [ 1378.110990] ? rcu_read_lock_any_held+0x75/0xa0 [ 1378.111541] ? vfs_write+0x354/0xb10 [ 1378.111989] __x64_sys_recvmmsg+0x20f/0x260 [ 1378.112502] ? ksys_write+0x1a9/0x260 [ 1378.112956] ? __do_sys_socketcall+0x600/0x600 [ 1378.113502] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1378.114124] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1378.114733] do_syscall_64+0x33/0x40 [ 1378.115184] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1378.115791] RIP: 0033:0x7fedaa47eb19 [ 1378.116230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1378.118401] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1378.119313] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1378.120154] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1378.120996] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1378.121837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1378.122685] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1378.123562] CPU: 0 PID: 8464 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1378.125022] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1378.126779] Call Trace: [ 1378.127354] dump_stack+0x107/0x167 [ 1378.128129] should_fail.cold+0x5/0xa [ 1378.128942] _copy_from_user+0x2e/0x1b0 [ 1378.129797] __copy_msghdr_from_user+0x91/0x4b0 [ 1378.130786] ? __ia32_sys_shutdown+0x80/0x80 [ 1378.131729] ? __lock_acquire+0x1657/0x5b00 [ 1378.132664] ___sys_recvmsg+0xd5/0x200 [ 1378.133496] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1378.134550] ? __fget_files+0x2cf/0x520 [ 1378.135409] ? lock_acquire+0x197/0x470 [ 1378.136252] ? find_held_lock+0x2c/0x110 [ 1378.137118] ? __might_fault+0xd3/0x180 [ 1378.137962] ? lock_downgrade+0x6d0/0x6d0 [ 1378.138862] do_recvmmsg+0x24c/0x6d0 [ 1378.139666] ? ___sys_recvmsg+0x200/0x200 [ 1378.140541] ? lock_downgrade+0x6d0/0x6d0 [ 1378.141423] ? ksys_write+0x12d/0x260 [ 1378.142246] ? wait_for_completion_io+0x270/0x270 [ 1378.143272] ? rcu_read_lock_any_held+0x75/0xa0 [ 1378.144256] ? vfs_write+0x354/0xb10 [ 1378.145051] __x64_sys_recvmmsg+0x20f/0x260 [ 1378.145972] ? ksys_write+0x1a9/0x260 [ 1378.146783] ? __do_sys_socketcall+0x600/0x600 [ 1378.147784] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1378.148898] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1378.149990] do_syscall_64+0x33/0x40 [ 1378.150782] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1378.151878] RIP: 0033:0x7fcf11593b19 [ 1378.152665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1378.156598] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1378.158211] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1378.159742] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1378.161257] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1378.162775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1378.164297] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1378.167097] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1378.168760] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:06:34 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x75, 0x0, 0x0) 23:06:34 executing program 3: mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) mbind(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, &(0x7f00000001c0)=0x40000000000f, 0x8, 0x2) mlock2(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xd21}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x3) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/fib_trie\x00') readv(r1, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/4089, 0xff9}], 0x1) mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) mlock2(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) mlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) syz_open_procfs(0x0, &(0x7f0000000040)='net/psched\x00') ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000080)=ANY=[@ANYBLOB="bb3fe286010000001200000018000000", @ANYRES32, @ANYBLOB="09000000000000000600000000000000", @ANYRES16=r1, @ANYRESHEX=r1, @ANYRESHEX=r0]) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) dup3(0xffffffffffffffff, r2, 0x0) flock(r2, 0x2) munlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x1000000000000002]}, 0x8, 0x0) 23:06:34 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) r1 = accept(0xffffffffffffffff, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000040)) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x2) r3 = perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x4, 0x1f, 0x3, 0x4, 0x0, 0x1, 0x20000, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x8, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x400, 0x3, 0x40, 0x4, 0x1, 0x101, 0x98, 0x0, 0xed, 0x0, 0x1c3}, 0xffffffffffffffff, 0x2, r2, 0x2) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000240)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) connect$unix(r4, &(0x7f0000000280)=@file={0x0, './file1\x00'}, 0x6e) flock(r3, 0x9) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000200), 0x20003, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r5, 0x2405, r3) r6 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r6, r7) close_range(r1, r6, 0x2) write(r3, &(0x7f0000000300)="c31f75b39a57b7092b5321104644e7e4a34c7c6fa4d9d2c02476dc1617f0598b4a0b3f5f7cf656b2205ea773fc", 0x2d) 23:06:34 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 80) 23:06:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x9, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:06:34 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x7c, 0x0, 0x0) 23:06:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 58) 23:06:34 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 79) [ 1392.256700] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1392.258777] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1392.273458] FAULT_INJECTION: forcing a failure. [ 1392.273458] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1392.276084] CPU: 0 PID: 8480 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1392.277539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1392.279293] Call Trace: [ 1392.279851] dump_stack+0x107/0x167 [ 1392.280624] should_fail.cold+0x5/0xa [ 1392.281433] _copy_from_user+0x2e/0x1b0 [ 1392.282275] __copy_msghdr_from_user+0x91/0x4b0 [ 1392.283272] ? __ia32_sys_shutdown+0x80/0x80 [ 1392.284206] ? __lock_acquire+0x1657/0x5b00 [ 1392.285128] ___sys_recvmsg+0xd5/0x200 [ 1392.285950] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1392.286994] ? __fget_files+0x2cf/0x520 [ 1392.287840] ? lock_acquire+0x197/0x470 [ 1392.288677] ? find_held_lock+0x2c/0x110 [ 1392.289537] ? __might_fault+0xd3/0x180 [ 1392.290375] ? lock_downgrade+0x6d0/0x6d0 [ 1392.291283] do_recvmmsg+0x24c/0x6d0 [ 1392.292077] ? ___sys_recvmsg+0x200/0x200 [ 1392.292956] ? lock_downgrade+0x6d0/0x6d0 [ 1392.293841] ? ksys_write+0x12d/0x260 [ 1392.294660] ? wait_for_completion_io+0x270/0x270 [ 1392.295692] ? rcu_read_lock_any_held+0x75/0xa0 [ 1392.296673] ? vfs_write+0x354/0xb10 [ 1392.297463] __x64_sys_recvmmsg+0x20f/0x260 [ 1392.298372] ? ksys_write+0x1a9/0x260 [ 1392.299175] ? __do_sys_socketcall+0x600/0x600 [ 1392.300141] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1392.301249] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1392.302340] do_syscall_64+0x33/0x40 [ 1392.303149] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1392.304229] RIP: 0033:0x7fedaa47eb19 [ 1392.305013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1392.308920] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1392.310528] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1392.312050] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1392.313569] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1392.315074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1392.316576] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1392.331005] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1392.332713] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:06:34 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x7d, 0x0, 0x0) [ 1392.339202] FAULT_INJECTION: forcing a failure. [ 1392.339202] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1392.341712] CPU: 1 PID: 8486 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1392.343168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1392.344940] Call Trace: [ 1392.345505] dump_stack+0x107/0x167 [ 1392.346284] should_fail.cold+0x5/0xa [ 1392.347096] _copy_from_user+0x2e/0x1b0 [ 1392.347958] __copy_msghdr_from_user+0x91/0x4b0 [ 1392.348949] ? __ia32_sys_shutdown+0x80/0x80 [ 1392.349886] ? __lock_acquire+0x1657/0x5b00 [ 1392.350815] ___sys_recvmsg+0xd5/0x200 [ 1392.351654] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1392.352696] ? trace_hardirqs_on+0x5b/0x180 [ 1392.353614] ? lock_acquire+0x197/0x470 [ 1392.354458] ? find_held_lock+0x2c/0x110 [ 1392.355337] ? __might_fault+0xd3/0x180 [ 1392.356184] ? lock_downgrade+0x6d0/0x6d0 [ 1392.357077] do_recvmmsg+0x24c/0x6d0 [ 1392.357878] ? ___sys_recvmsg+0x200/0x200 [ 1392.358753] ? lock_downgrade+0x6d0/0x6d0 [ 1392.359653] ? ksys_write+0x12d/0x260 [ 1392.360473] ? wait_for_completion_io+0x270/0x270 [ 1392.361493] ? rcu_read_lock_any_held+0x75/0xa0 [ 1392.362484] ? vfs_write+0x354/0xb10 [ 1392.363287] __x64_sys_recvmmsg+0x20f/0x260 [ 1392.364200] ? ksys_write+0x1a9/0x260 [ 1392.365006] ? __do_sys_socketcall+0x600/0x600 [ 1392.365982] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1392.367096] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1392.368199] do_syscall_64+0x33/0x40 [ 1392.368986] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1392.370072] RIP: 0033:0x7f97e8de2b19 [ 1392.370862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1392.374766] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1392.376400] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1392.377912] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1392.379422] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1392.380925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1392.382437] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1392.391350] FAULT_INJECTION: forcing a failure. [ 1392.391350] name fail_usercopy, interval 1, probability 0, space 0, times 0 23:06:34 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x76, 0x0, 0x0) [ 1392.394019] CPU: 1 PID: 8485 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1392.395587] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1392.397351] Call Trace: [ 1392.397910] dump_stack+0x107/0x167 [ 1392.398684] should_fail.cold+0x5/0xa [ 1392.399500] _copy_from_user+0x2e/0x1b0 [ 1392.400354] __copy_msghdr_from_user+0x91/0x4b0 [ 1392.401352] ? __ia32_sys_shutdown+0x80/0x80 [ 1392.402278] ? __lock_acquire+0x1657/0x5b00 [ 1392.403220] ___sys_recvmsg+0xd5/0x200 [ 1392.404049] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1392.405089] ? trace_hardirqs_on+0x5b/0x180 23:06:34 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x7e, 0x0, 0x0) [ 1392.406002] ? lock_acquire+0x197/0x470 [ 1392.407001] ? find_held_lock+0x2c/0x110 [ 1392.407884] ? __might_fault+0xd3/0x180 [ 1392.408729] ? lock_downgrade+0x6d0/0x6d0 [ 1392.409630] do_recvmmsg+0x24c/0x6d0 [ 1392.410430] ? ___sys_recvmsg+0x200/0x200 [ 1392.411316] ? lock_downgrade+0x6d0/0x6d0 [ 1392.412196] ? ksys_write+0x12d/0x260 [ 1392.413016] ? wait_for_completion_io+0x270/0x270 [ 1392.414038] ? rcu_read_lock_any_held+0x75/0xa0 [ 1392.415026] ? vfs_write+0x354/0xb10 [ 1392.415826] __x64_sys_recvmmsg+0x20f/0x260 [ 1392.416746] ? ksys_write+0x1a9/0x260 [ 1392.417556] ? __do_sys_socketcall+0x600/0x600 [ 1392.418549] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1392.419680] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1392.420786] do_syscall_64+0x33/0x40 [ 1392.421577] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1392.422677] RIP: 0033:0x7fcf11593b19 [ 1392.423471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1392.427387] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1392.428999] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1392.430514] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1392.432035] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1392.433545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1392.435060] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:06:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xa, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1392.565418] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1392.567208] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1392.587095] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1392.588749] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1392.607273] audit: type=1326 audit(1745017595.031:33): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8481 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1392.612017] audit: type=1326 audit(1745017595.031:34): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8481 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1392.622290] audit: type=1326 audit(1745017595.034:35): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8481 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1392.631343] audit: type=1326 audit(1745017595.048:36): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8481 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1392.649712] audit: type=1326 audit(1745017595.048:37): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8481 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1392.663722] audit: type=1326 audit(1745017595.048:38): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8481 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1392.670012] audit: type=1326 audit(1745017595.048:39): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8481 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1392.674707] audit: type=1326 audit(1745017595.052:40): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8481 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1392.679464] audit: type=1326 audit(1745017595.052:41): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8481 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1392.684810] audit: type=1326 audit(1745017595.052:42): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8481 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 23:06:47 executing program 5: syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000000)='./file0\x00', 0x11d) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000280)="c8", 0x1}], 0x1) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) futimesat(r1, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={{0x77359400}}) creat(&(0x7f0000000080)='./file0\x00', 0x0) 23:06:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xf, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:06:47 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x77, 0x0, 0x0) 23:06:47 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@mpol={'mpol', 0x3d, {'local', '', @void}}}]}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffff7}, 0x0, 0x2000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000001680)='./file0/file0\x00', 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0/file0\x00'}) pwrite64(r1, &(0x7f0000000140)="b2", 0x20000141, 0x8001) r2 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r2, 0x2285, 0x0) write$binfmt_elf64(r2, &(0x7f0000001e00)=ANY=[@ANYBLOB="7f454c464f600500000400000000000002003e0003000000b50200000000000040000000000000009b02000000000000faffffffff0038000100f3ff0101a3bb51e57464090000004000000000000000ff7f000000000000060000000000000006000000000000000500000000000000050000000000000000000060ff7f000002000000000000000700000000000000db180000000000006f00000000000000ffffff7f0000000007000000000000001e564753e51459f42377a4a4892f4e4c53db77962d0049a65842530b7b76d3b3c0325a6c989cb25066463867a2b230ef2e3722ed1dcddcf81ee8b3dd15149def3ef45f7fd4538a00300072177ccab771398fa89067c484d56653f2dcb2eef7dc8717ddc0b75500c64d40538f0e2c12342ebb38acd2d2c8c48cf5babebf44066a2bb82af1394b5018835588971d35cac0a6eef437919e673c5f7e8d4392c70d55d2fc6fb48429229eab8c17b6fff0bcbc063d4cda7155799e8b2cf4e6500f26cbdc8dae7f26b94c3a3238941458c1b5766b3b6cbedb5e3550c7cad7f36fd2d3a4a327000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006711e42acb3971cef4814ee80d0ea62cb3346420a1c87f280a557b81e94125b679ffdc38b3b879de22866ffd35bcc7a7b7d736dd653b6b80edb5044de38eb7d928a630d6d2726ede4f7524335422fbf833c46dd23cd927"], 0xb92) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000580)=ANY=[@ANYBLOB="0100000001008000180085005529311faa54defc329cff6528a1dc43571e3dd2c9f134687a3df19fc9d00ed24583a6dd53af76065d0501806f3c6bec4f964ae0eb4782dfb0e8ec848e698c448873d20023d7da32bb73078e4efeae1e12c8dad9d1d9b1ee7f35cf3d47ee845be981af99410b14497346b9e437fcfc996c1f35f946e1363b386fc5d68722f42acb14bba358a8c5d1e6274d501786af8bf6432957afb1a0f313fe8df3917d57b11215b8adae52af90905d6b069862d0ff96087f05fb932700771070f4a5f84a4df5e8a7537e5229a705b15ae857c6f68eaff0bd9dc6c17112d16312b8070120ccb52367208e0ec65f214ce4a5026dd4c61c4e52ba94d7add24d5b0105000000000000008926035cdacf25e0eadcdd5c9c73ab5cbd1f42078e4494f4e44d5af7a11600f193ce3696a89a8e01838bec8d947567c89b8ae4e0a4a14aa89a62ef911459e989dc990bb160d0afab06189c90598cc88a210afa81d57984cc1188c94ad2faed807c72125e968058856c68982afce3c2c1b1682570e95b82f0462cad725da33578016e70d831035fc49af323076d68090cbe2620bd9ae24abe102ccb4811550eaab206d9b9adbeb9e9fe1a285e5447770b921e95e71c0fe9168357ffdd3cec31a2d400"/479, @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file1\x00']) kcmp(r3, 0x0, 0x0, 0xffffffffffffffff, r4) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x5, 0x8, 0x2, 0xe1, 0x0, 0x8, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x9, 0x4, @perf_config_ext={0x3, 0x1}, 0x108, 0x1000, 0x1, 0x8, 0x7fff, 0x7f, 0x3, 0x0, 0x1000, 0x0, 0x40}, r3, 0x10, r0, 0x1) 23:06:47 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 80) 23:06:47 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 81) 23:06:47 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 59) 23:06:47 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x82, 0x0, 0x0) [ 1405.155884] FAULT_INJECTION: forcing a failure. [ 1405.155884] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1405.157418] CPU: 1 PID: 8521 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1405.158267] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1405.159292] Call Trace: [ 1405.159622] dump_stack+0x107/0x167 [ 1405.160070] should_fail.cold+0x5/0xa [ 1405.160547] _copy_from_user+0x2e/0x1b0 [ 1405.161038] __copy_msghdr_from_user+0x91/0x4b0 [ 1405.161620] ? __ia32_sys_shutdown+0x80/0x80 [ 1405.162161] ? __lock_acquire+0x1657/0x5b00 [ 1405.162700] ___sys_recvmsg+0xd5/0x200 [ 1405.163181] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1405.163803] ? trace_hardirqs_on+0x5b/0x180 [ 1405.164336] ? lock_acquire+0x197/0x470 [ 1405.164832] ? find_held_lock+0x2c/0x110 [ 1405.165333] ? __might_fault+0xd3/0x180 [ 1405.165822] ? lock_downgrade+0x6d0/0x6d0 [ 1405.166348] do_recvmmsg+0x24c/0x6d0 [ 1405.166812] ? ___sys_recvmsg+0x200/0x200 [ 1405.167327] ? lock_downgrade+0x6d0/0x6d0 [ 1405.167841] ? ksys_write+0x12d/0x260 [ 1405.168323] ? wait_for_completion_io+0x270/0x270 [ 1405.168918] ? rcu_read_lock_any_held+0x75/0xa0 [ 1405.169485] ? vfs_write+0x354/0xb10 [ 1405.169946] __x64_sys_recvmmsg+0x20f/0x260 [ 1405.170483] ? ksys_write+0x1a9/0x260 [ 1405.170950] ? __do_sys_socketcall+0x600/0x600 [ 1405.171350] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1405.171525] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1405.173156] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1405.173755] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1405.173772] do_syscall_64+0x33/0x40 [ 1405.173784] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1405.173792] RIP: 0033:0x7fedaa47eb19 [ 1405.173803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.173810] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1405.180868] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1405.181882] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1405.182818] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.183904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1405.185010] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1405.188453] FAT-fs (loop5): Unrecognized mount option "vfat" or missing value [ 1405.198473] FAULT_INJECTION: forcing a failure. [ 1405.198473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1405.198853] FAULT_INJECTION: forcing a failure. [ 1405.198853] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1405.200957] CPU: 0 PID: 8520 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1405.203782] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1405.205525] Call Trace: [ 1405.206087] dump_stack+0x107/0x167 [ 1405.206861] should_fail.cold+0x5/0xa [ 1405.207683] _copy_from_user+0x2e/0x1b0 [ 1405.208532] __copy_msghdr_from_user+0x91/0x4b0 [ 1405.209516] ? __ia32_sys_shutdown+0x80/0x80 [ 1405.210449] ? __lock_acquire+0x1657/0x5b00 [ 1405.211387] ___sys_recvmsg+0xd5/0x200 [ 1405.212225] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1405.213269] ? lock_acquire+0x197/0x470 [ 1405.214109] ? find_held_lock+0x2c/0x110 [ 1405.214976] ? __might_fault+0xd3/0x180 [ 1405.215828] ? lock_downgrade+0x6d0/0x6d0 [ 1405.216724] do_recvmmsg+0x24c/0x6d0 [ 1405.217514] ? ___sys_recvmsg+0x200/0x200 [ 1405.218389] ? lock_downgrade+0x6d0/0x6d0 [ 1405.219275] ? ksys_write+0x12d/0x260 [ 1405.220097] ? wait_for_completion_io+0x270/0x270 [ 1405.221118] ? rcu_read_lock_any_held+0x75/0xa0 [ 1405.222099] ? vfs_write+0x354/0xb10 [ 1405.222892] __x64_sys_recvmmsg+0x20f/0x260 [ 1405.223823] ? ksys_write+0x1a9/0x260 [ 1405.224626] ? __do_sys_socketcall+0x600/0x600 [ 1405.225595] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1405.226710] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1405.227813] do_syscall_64+0x33/0x40 [ 1405.228604] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1405.229690] RIP: 0033:0x7fcf11593b19 [ 1405.230473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.234362] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1405.235979] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1405.237487] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1405.238988] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.240504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1405.242014] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1405.243564] CPU: 1 PID: 8523 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1405.244383] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1405.245373] Call Trace: [ 1405.245694] dump_stack+0x107/0x167 [ 1405.246128] should_fail.cold+0x5/0xa [ 1405.246585] _copy_from_user+0x2e/0x1b0 [ 1405.247063] __copy_msghdr_from_user+0x91/0x4b0 [ 1405.247628] ? __ia32_sys_shutdown+0x80/0x80 [ 1405.248162] ? __lock_acquire+0x1657/0x5b00 [ 1405.248697] ___sys_recvmsg+0xd5/0x200 [ 1405.249162] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1405.249751] ? __fget_files+0x2cf/0x520 [ 1405.250226] ? lock_acquire+0x197/0x470 [ 1405.250701] ? find_held_lock+0x2c/0x110 [ 1405.251189] ? __might_fault+0xd3/0x180 [ 1405.251669] ? lock_downgrade+0x6d0/0x6d0 [ 1405.252174] do_recvmmsg+0x24c/0x6d0 [ 1405.252626] ? ___sys_recvmsg+0x200/0x200 [ 1405.253122] ? lock_downgrade+0x6d0/0x6d0 [ 1405.253618] ? ksys_write+0x12d/0x260 [ 1405.254088] ? wait_for_completion_io+0x270/0x270 [ 1405.254661] ? rcu_read_lock_any_held+0x75/0xa0 [ 1405.255213] ? vfs_write+0x354/0xb10 [ 1405.255676] __x64_sys_recvmmsg+0x20f/0x260 [ 1405.256188] ? ksys_write+0x1a9/0x260 [ 1405.256639] ? __do_sys_socketcall+0x600/0x600 [ 1405.257179] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1405.257799] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1405.258414] do_syscall_64+0x33/0x40 [ 1405.258865] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1405.259479] RIP: 0033:0x7f97e8de2b19 [ 1405.259920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.262097] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1405.262997] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1405.263846] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1405.264686] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.265529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1405.266367] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1405.273542] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1405.274481] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:06:47 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 81) [ 1405.297701] FAT-fs (loop5): Unrecognized mount option "vfat" or missing value 23:06:47 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x78, 0x0, 0x0) 23:06:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x48, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1405.343758] sg_write: data in/out 352299/2920 bytes for SCSI command 0x0-- guessing data in; [ 1405.343758] program syz-executor.3 not setting count and/or reply_len properly [ 1405.350517] FAULT_INJECTION: forcing a failure. [ 1405.350517] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1405.351912] CPU: 1 PID: 8537 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1405.352696] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1405.353648] Call Trace: [ 1405.353966] dump_stack+0x107/0x167 [ 1405.354384] should_fail.cold+0x5/0xa [ 1405.354828] _copy_from_user+0x2e/0x1b0 [ 1405.355302] __copy_msghdr_from_user+0x91/0x4b0 [ 1405.355837] ? __ia32_sys_shutdown+0x80/0x80 [ 1405.356345] ? __lock_acquire+0x1657/0x5b00 [ 1405.356849] ___sys_recvmsg+0xd5/0x200 [ 1405.357298] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1405.357864] ? __fget_files+0x2cf/0x520 [ 1405.358326] ? lock_acquire+0x197/0x470 [ 1405.358784] ? find_held_lock+0x2c/0x110 [ 1405.359256] ? __might_fault+0xd3/0x180 [ 1405.359726] ? lock_downgrade+0x6d0/0x6d0 [ 1405.360208] do_recvmmsg+0x24c/0x6d0 [ 1405.360639] ? ___sys_recvmsg+0x200/0x200 [ 1405.361111] ? lock_downgrade+0x6d0/0x6d0 [ 1405.361593] ? ksys_write+0x12d/0x260 [ 1405.362036] ? wait_for_completion_io+0x270/0x270 [ 1405.362588] ? rcu_read_lock_any_held+0x75/0xa0 [ 1405.363123] ? vfs_write+0x354/0xb10 [ 1405.363557] __x64_sys_recvmmsg+0x20f/0x260 [ 1405.364051] ? ksys_write+0x1a9/0x260 [ 1405.364491] ? __do_sys_socketcall+0x600/0x600 [ 1405.365016] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1405.365618] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1405.366206] do_syscall_64+0x33/0x40 [ 1405.366631] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1405.367218] RIP: 0033:0x7fedaa47eb19 [ 1405.367651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.369751] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1405.370628] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1405.371446] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1405.372261] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.373076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1405.373894] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1405.378054] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1405.378975] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1405.381847] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1405.382718] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:06:47 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 60) 23:06:47 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x83, 0x0, 0x0) 23:06:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x4c, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:06:47 executing program 5: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', r0, &(0x7f0000000080)='./file0\x00', 0x5) [ 1405.464683] FAULT_INJECTION: forcing a failure. [ 1405.464683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1405.466116] CPU: 1 PID: 8550 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1405.466905] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1405.467864] Call Trace: [ 1405.468180] dump_stack+0x107/0x167 [ 1405.468599] should_fail.cold+0x5/0xa [ 1405.469046] _copy_from_user+0x2e/0x1b0 [ 1405.469503] __copy_msghdr_from_user+0x91/0x4b0 [ 1405.470042] ? __ia32_sys_shutdown+0x80/0x80 [ 1405.470553] ? __lock_acquire+0x1657/0x5b00 [ 1405.471058] ___sys_recvmsg+0xd5/0x200 [ 1405.471517] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1405.472080] ? __fget_files+0x2cf/0x520 [ 1405.472541] ? lock_acquire+0x197/0x470 [ 1405.473000] ? find_held_lock+0x2c/0x110 [ 1405.473468] ? __might_fault+0xd3/0x180 [ 1405.473926] ? lock_downgrade+0x6d0/0x6d0 [ 1405.474416] do_recvmmsg+0x24c/0x6d0 [ 1405.474845] ? ___sys_recvmsg+0x200/0x200 [ 1405.475324] ? lock_downgrade+0x6d0/0x6d0 [ 1405.475802] ? ksys_write+0x12d/0x260 [ 1405.476249] ? wait_for_completion_io+0x270/0x270 [ 1405.476805] ? rcu_read_lock_any_held+0x75/0xa0 [ 1405.477343] ? vfs_write+0x354/0xb10 [ 1405.477773] __x64_sys_recvmmsg+0x20f/0x260 [ 1405.478267] ? ksys_write+0x1a9/0x260 [ 1405.478702] ? __do_sys_socketcall+0x600/0x600 [ 1405.479225] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1405.479838] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1405.480430] do_syscall_64+0x33/0x40 [ 1405.480857] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1405.481443] RIP: 0033:0x7fcf11593b19 [ 1405.481902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.484166] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1405.485046] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1405.485862] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1405.486677] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.487504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1405.488323] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:06:47 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x79, 0x0, 0x0) [ 1405.503366] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1405.505345] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:06:47 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x84, 0x0, 0x0) 23:06:47 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 82) 23:06:48 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 82) [ 1405.607496] sg_write: data in/out 352299/2920 bytes for SCSI command 0x0-- guessing data in; [ 1405.607496] program syz-executor.3 not setting count and/or reply_len properly [ 1405.651605] FAULT_INJECTION: forcing a failure. [ 1405.651605] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1405.654180] CPU: 0 PID: 8566 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1405.655637] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1405.655998] FAULT_INJECTION: forcing a failure. [ 1405.655998] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1405.657392] Call Trace: [ 1405.657418] dump_stack+0x107/0x167 [ 1405.657440] should_fail.cold+0x5/0xa [ 1405.660896] _copy_from_user+0x2e/0x1b0 [ 1405.661745] __copy_msghdr_from_user+0x91/0x4b0 [ 1405.662725] ? __ia32_sys_shutdown+0x80/0x80 [ 1405.663671] ? __lock_acquire+0x1657/0x5b00 [ 1405.664601] ___sys_recvmsg+0xd5/0x200 [ 1405.665418] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1405.666444] ? trace_hardirqs_on+0x5b/0x180 [ 1405.667365] ? lock_acquire+0x197/0x470 [ 1405.668203] ? find_held_lock+0x2c/0x110 [ 1405.669060] ? __might_fault+0xd3/0x180 [ 1405.669896] ? lock_downgrade+0x6d0/0x6d0 [ 1405.670787] do_recvmmsg+0x24c/0x6d0 [ 1405.671581] ? ___sys_recvmsg+0x200/0x200 [ 1405.672451] ? lock_downgrade+0x6d0/0x6d0 [ 1405.673338] ? ksys_write+0x12d/0x260 [ 1405.674154] ? wait_for_completion_io+0x270/0x270 [ 1405.675175] ? rcu_read_lock_any_held+0x75/0xa0 [ 1405.676161] ? vfs_write+0x354/0xb10 [ 1405.676949] __x64_sys_recvmmsg+0x20f/0x260 [ 1405.677858] ? ksys_write+0x1a9/0x260 [ 1405.678665] ? __do_sys_socketcall+0x600/0x600 [ 1405.679639] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1405.680744] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1405.681832] do_syscall_64+0x33/0x40 [ 1405.682616] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1405.683707] RIP: 0033:0x7f97e8de2b19 [ 1405.684489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.688387] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1405.690001] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1405.691513] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1405.693018] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.694514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1405.696016] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1405.697534] CPU: 1 PID: 8568 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1405.698328] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1405.699301] Call Trace: [ 1405.699627] dump_stack+0x107/0x167 [ 1405.700047] should_fail.cold+0x5/0xa [ 1405.700489] _copy_from_user+0x2e/0x1b0 [ 1405.700951] __copy_msghdr_from_user+0x91/0x4b0 [ 1405.701484] ? __ia32_sys_shutdown+0x80/0x80 [ 1405.701989] ? __lock_acquire+0x1657/0x5b00 [ 1405.702491] ___sys_recvmsg+0xd5/0x200 [ 1405.702947] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1405.703518] ? trace_hardirqs_on+0x5b/0x180 [ 1405.704027] ? lock_acquire+0x197/0x470 [ 1405.704490] ? find_held_lock+0x2c/0x110 [ 1405.704963] ? __might_fault+0xd3/0x180 [ 1405.705431] ? lock_downgrade+0x6d0/0x6d0 [ 1405.705942] do_recvmmsg+0x24c/0x6d0 [ 1405.706389] ? ___sys_recvmsg+0x200/0x200 [ 1405.706872] ? lock_downgrade+0x6d0/0x6d0 [ 1405.707365] ? ksys_write+0x12d/0x260 [ 1405.707810] ? wait_for_completion_io+0x270/0x270 [ 1405.708364] ? rcu_read_lock_any_held+0x75/0xa0 [ 1405.708895] ? vfs_write+0x354/0xb10 [ 1405.709323] __x64_sys_recvmmsg+0x20f/0x260 [ 1405.709823] ? ksys_write+0x1a9/0x260 [ 1405.710262] ? __do_sys_socketcall+0x600/0x600 [ 1405.710794] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1405.711405] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1405.712006] do_syscall_64+0x33/0x40 [ 1405.712438] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1405.713032] RIP: 0033:0x7fedaa47eb19 [ 1405.713472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.715596] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1405.716467] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1405.717283] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1405.718103] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.718921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1405.719748] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 23:07:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x68, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:07:03 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 83) 23:07:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 83) 23:07:03 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)) capset(&(0x7f0000000180)={0x20080522}, &(0x7f0000000040)={0x2, 0x2, 0xfffffaf2, 0x10006, 0x6a, 0x440}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='wlan1\x00', 0x10) sendfile(r0, r1, 0x0, 0x6) flock(0xffffffffffffffff, 0x4) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = signalfd(r0, &(0x7f0000000200)={[0x3]}, 0x8) connect$inet6(r3, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x4}, 0x0, 0x0, 0x145, 0xf}, 0x0, 0x3, 0xffffffffffffffff, 0x0) msgctl$IPC_RMID(0x0, 0x0) msgget(0x1, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000000c0)) move_pages(0x0, 0x2344, &(0x7f0000000080)=[&(0x7f0000ffe000/0x2000)=nil], 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0], 0x0) 23:07:03 executing program 5: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r0, &(0x7f0000000500), 0x0) 23:07:03 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x85, 0x0, 0x0) 23:07:03 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x7a, 0x0, 0x0) [ 1420.629826] validate_nla: 2 callbacks suppressed [ 1420.629841] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1420.633264] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:07:03 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 61) [ 1420.644161] FAULT_INJECTION: forcing a failure. [ 1420.644161] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1420.645882] CPU: 0 PID: 8578 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1420.646820] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1420.647961] Call Trace: [ 1420.648323] dump_stack+0x107/0x167 [ 1420.648817] should_fail.cold+0x5/0xa [ 1420.649337] _copy_from_user+0x2e/0x1b0 [ 1420.649894] __copy_msghdr_from_user+0x91/0x4b0 [ 1420.650532] ? __ia32_sys_shutdown+0x80/0x80 [ 1420.651135] ? __lock_acquire+0x1657/0x5b00 [ 1420.651746] ___sys_recvmsg+0xd5/0x200 [ 1420.652280] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1420.652943] ? __fget_files+0x2cf/0x520 [ 1420.653489] ? lock_acquire+0x197/0x470 [ 1420.654030] ? find_held_lock+0x2c/0x110 [ 1420.654594] ? __might_fault+0xd3/0x180 [ 1420.655131] ? lock_downgrade+0x6d0/0x6d0 [ 1420.655721] do_recvmmsg+0x24c/0x6d0 [ 1420.656231] ? ___sys_recvmsg+0x200/0x200 [ 1420.656808] ? lock_downgrade+0x6d0/0x6d0 [ 1420.657380] ? ksys_write+0x12d/0x260 [ 1420.657910] ? wait_for_completion_io+0x270/0x270 [ 1420.658571] ? rcu_read_lock_any_held+0x75/0xa0 [ 1420.659213] ? vfs_write+0x354/0xb10 [ 1420.659728] __x64_sys_recvmmsg+0x20f/0x260 [ 1420.660316] ? ksys_write+0x1a9/0x260 [ 1420.660833] ? __do_sys_socketcall+0x600/0x600 [ 1420.661452] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1420.662164] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1420.662881] do_syscall_64+0x33/0x40 [ 1420.663383] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1420.664083] RIP: 0033:0x7fcf11593b19 [ 1420.664585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1420.667071] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1420.668117] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1420.669088] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1420.670056] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1420.671025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1420.671996] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1420.683322] FAULT_INJECTION: forcing a failure. [ 1420.683322] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1420.686371] CPU: 1 PID: 8588 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1420.688121] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1420.690249] Call Trace: [ 1420.690833] dump_stack+0x107/0x167 [ 1420.691640] should_fail.cold+0x5/0xa [ 1420.692473] _copy_from_user+0x2e/0x1b0 [ 1420.693340] __copy_msghdr_from_user+0x91/0x4b0 [ 1420.694340] ? __ia32_sys_shutdown+0x80/0x80 [ 1420.695288] ? __lock_acquire+0x1657/0x5b00 [ 1420.696249] ___sys_recvmsg+0xd5/0x200 [ 1420.697091] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1420.698144] ? trace_hardirqs_on+0x5b/0x180 [ 1420.699078] ? lock_acquire+0x197/0x470 [ 1420.699936] ? find_held_lock+0x2c/0x110 [ 1420.700822] ? __might_fault+0xd3/0x180 [ 1420.701674] ? lock_downgrade+0x6d0/0x6d0 [ 1420.702587] do_recvmmsg+0x24c/0x6d0 [ 1420.703401] ? ___sys_recvmsg+0x200/0x200 [ 1420.704306] ? lock_downgrade+0x6d0/0x6d0 [ 1420.705213] ? ksys_write+0x12d/0x260 [ 1420.706154] ? wait_for_completion_io+0x270/0x270 [ 1420.707203] ? rcu_read_lock_any_held+0x75/0xa0 [ 1420.708208] ? vfs_write+0x354/0xb10 [ 1420.709019] __x64_sys_recvmmsg+0x20f/0x260 [ 1420.709942] ? ksys_write+0x1a9/0x260 [ 1420.710761] ? __do_sys_socketcall+0x600/0x600 [ 1420.711759] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1420.712881] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1420.714020] do_syscall_64+0x33/0x40 [ 1420.714890] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1420.716043] RIP: 0033:0x7fedaa47eb19 [ 1420.716835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1420.720765] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1420.722388] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1420.723913] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1420.725432] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1420.726948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1420.728475] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1420.737648] FAULT_INJECTION: forcing a failure. [ 1420.737648] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1420.740188] CPU: 1 PID: 8587 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1420.741654] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1420.743450] Call Trace: [ 1420.744025] dump_stack+0x107/0x167 [ 1420.744809] should_fail.cold+0x5/0xa [ 1420.745632] _copy_from_user+0x2e/0x1b0 [ 1420.746498] __copy_msghdr_from_user+0x91/0x4b0 [ 1420.747503] ? __ia32_sys_shutdown+0x80/0x80 [ 1420.748443] ? __lock_acquire+0x1657/0x5b00 [ 1420.749386] ___sys_recvmsg+0xd5/0x200 [ 1420.750221] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1420.751268] ? __fget_files+0x2cf/0x520 [ 1420.752135] ? lock_acquire+0x197/0x470 [ 1420.752987] ? find_held_lock+0x2c/0x110 [ 1420.753863] ? __might_fault+0xd3/0x180 [ 1420.754711] ? lock_downgrade+0x6d0/0x6d0 [ 1420.755622] do_recvmmsg+0x24c/0x6d0 [ 1420.756426] ? ___sys_recvmsg+0x200/0x200 [ 1420.757309] ? lock_downgrade+0x6d0/0x6d0 [ 1420.758203] ? ksys_write+0x12d/0x260 [ 1420.759032] ? wait_for_completion_io+0x270/0x270 [ 1420.760075] ? rcu_read_lock_any_held+0x75/0xa0 [ 1420.761067] ? vfs_write+0x354/0xb10 [ 1420.761868] __x64_sys_recvmmsg+0x20f/0x260 [ 1420.762797] ? ksys_write+0x1a9/0x260 [ 1420.763623] ? __do_sys_socketcall+0x600/0x600 [ 1420.764605] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1420.765728] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1420.766834] do_syscall_64+0x33/0x40 [ 1420.767635] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1420.768725] RIP: 0033:0x7f97e8de2b19 [ 1420.769517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1420.773481] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1420.775092] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1420.776617] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1420.778133] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1420.779658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1420.781176] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 23:07:03 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x20cc, &(0x7f0000000000)={0x0, 0x87cc, 0x8, 0x0, 0x2d1}) r1 = syz_io_uring_setup(0x353f, &(0x7f0000000080)={0x0, 0xaf45, 0x4, 0x2, 0x344, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_mount_image$msdos(0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000c, 0x10, r1, 0x8000000) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r3, r4) syz_io_uring_submit(r2, 0x0, &(0x7f0000000300)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x6000, @fd=r4, 0x92, &(0x7f0000000200)=""/234, 0xea, 0x9, 0x1}, 0x0) lremovexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@random={'os2.', '\x00'}) 23:07:03 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x7b, 0x0, 0x0) 23:07:03 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 62) 23:07:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x6c, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:07:03 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x86, 0x0, 0x0) 23:07:03 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x7c, 0x0, 0x0) 23:07:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 84) [ 1420.876194] FAULT_INJECTION: forcing a failure. [ 1420.876194] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1420.877754] CPU: 0 PID: 8600 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1420.878611] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1420.879669] Call Trace: [ 1420.880004] dump_stack+0x107/0x167 [ 1420.880456] should_fail.cold+0x5/0xa [ 1420.880944] _copy_from_user+0x2e/0x1b0 [ 1420.881443] __copy_msghdr_from_user+0x91/0x4b0 [ 1420.882038] ? __ia32_sys_shutdown+0x80/0x80 [ 1420.882585] ? __lock_acquire+0x1657/0x5b00 [ 1420.883132] ___sys_recvmsg+0xd5/0x200 [ 1420.883632] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1420.884240] ? trace_hardirqs_on+0x5b/0x180 [ 1420.884782] ? lock_acquire+0x197/0x470 [ 1420.885274] ? find_held_lock+0x2c/0x110 [ 1420.885793] ? __might_fault+0xd3/0x180 [ 1420.886285] ? lock_downgrade+0x6d0/0x6d0 [ 1420.886815] do_recvmmsg+0x24c/0x6d0 [ 1420.887283] ? ___sys_recvmsg+0x200/0x200 [ 1420.887799] ? lock_downgrade+0x6d0/0x6d0 [ 1420.888316] ? ksys_write+0x12d/0x260 [ 1420.888805] ? wait_for_completion_io+0x270/0x270 [ 1420.889409] ? rcu_read_lock_any_held+0x75/0xa0 [ 1420.889980] ? vfs_write+0x354/0xb10 [ 1420.890450] __x64_sys_recvmmsg+0x20f/0x260 [ 1420.890988] ? ksys_write+0x1a9/0x260 [ 1420.891476] ? __do_sys_socketcall+0x600/0x600 [ 1420.892041] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1420.892688] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1420.893329] do_syscall_64+0x33/0x40 [ 1420.893795] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1420.894432] RIP: 0033:0x7fcf11593b19 [ 1420.894900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1420.897171] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1420.898105] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1420.898992] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1420.899892] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1420.900793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1420.901674] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:07:03 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 84) [ 1420.909310] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1420.910262] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1420.917940] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1420.919864] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1420.928465] FAULT_INJECTION: forcing a failure. [ 1420.928465] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1420.929943] CPU: 0 PID: 8609 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1420.930795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1420.931833] Call Trace: [ 1420.932165] dump_stack+0x107/0x167 [ 1420.932621] should_fail.cold+0x5/0xa [ 1420.933094] _copy_from_user+0x2e/0x1b0 [ 1420.933586] __copy_msghdr_from_user+0x91/0x4b0 [ 1420.934160] ? __ia32_sys_shutdown+0x80/0x80 [ 1420.934703] ? __lock_acquire+0x1657/0x5b00 [ 1420.935249] ___sys_recvmsg+0xd5/0x200 [ 1420.935750] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1420.936358] ? __fget_files+0x2cf/0x520 [ 1420.936850] ? lock_acquire+0x197/0x470 [ 1420.937335] ? find_held_lock+0x2c/0x110 [ 1420.937839] ? __might_fault+0xd3/0x180 [ 1420.938324] ? lock_downgrade+0x6d0/0x6d0 [ 1420.938847] do_recvmmsg+0x24c/0x6d0 [ 1420.939322] ? ___sys_recvmsg+0x200/0x200 [ 1420.939834] ? lock_downgrade+0x6d0/0x6d0 [ 1420.940343] ? ksys_write+0x12d/0x260 [ 1420.940822] ? wait_for_completion_io+0x270/0x270 [ 1420.941421] ? rcu_read_lock_any_held+0x75/0xa0 [ 1420.941997] ? vfs_write+0x354/0xb10 [ 1420.942454] __x64_sys_recvmmsg+0x20f/0x260 [ 1420.942988] ? ksys_write+0x1a9/0x260 [ 1420.943462] ? __do_sys_socketcall+0x600/0x600 [ 1420.944029] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1420.944676] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1420.945316] do_syscall_64+0x33/0x40 [ 1420.945779] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1420.946412] RIP: 0033:0x7f97e8de2b19 [ 1420.946867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1420.949153] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1420.950082] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1420.950971] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1420.951858] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1420.952727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1420.953601] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1420.958974] FAULT_INJECTION: forcing a failure. [ 1420.958974] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1420.960411] CPU: 0 PID: 8617 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1420.961247] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1420.962259] Call Trace: [ 1420.962583] dump_stack+0x107/0x167 [ 1420.963035] should_fail.cold+0x5/0xa [ 1420.963513] _copy_from_user+0x2e/0x1b0 [ 1420.964012] __copy_msghdr_from_user+0x91/0x4b0 [ 1420.964579] ? __ia32_sys_shutdown+0x80/0x80 [ 1420.965118] ? __lock_acquire+0x1657/0x5b00 [ 1420.965657] ___sys_recvmsg+0xd5/0x200 [ 1420.966132] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1420.966726] ? __fget_files+0x2cf/0x520 [ 1420.967224] ? lock_acquire+0x197/0x470 [ 1420.967722] ? find_held_lock+0x2c/0x110 [ 1420.968219] ? __might_fault+0xd3/0x180 [ 1420.968690] ? lock_downgrade+0x6d0/0x6d0 [ 1420.969193] do_recvmmsg+0x24c/0x6d0 [ 1420.969639] ? ___sys_recvmsg+0x200/0x200 [ 1420.970130] ? lock_downgrade+0x6d0/0x6d0 [ 1420.970626] ? ksys_write+0x12d/0x260 [ 1420.971082] ? wait_for_completion_io+0x270/0x270 [ 1420.971661] ? rcu_read_lock_any_held+0x75/0xa0 [ 1420.972214] ? vfs_write+0x354/0xb10 [ 1420.972659] __x64_sys_recvmmsg+0x20f/0x260 [ 1420.973173] ? ksys_write+0x1a9/0x260 [ 1420.973627] ? __do_sys_socketcall+0x600/0x600 [ 1420.974176] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1420.974798] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1420.975414] do_syscall_64+0x33/0x40 [ 1420.975863] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1420.976477] RIP: 0033:0x7fedaa47eb19 [ 1420.976917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1420.979087] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1420.980003] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1420.980854] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1420.981704] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1420.982545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1420.983389] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1421.012252] syz-executor.3 (8585) used greatest stack depth: 22888 bytes left 23:07:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x74, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1421.033527] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1421.034469] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:07:03 executing program 3: set_mempolicy(0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) write$binfmt_elf64(r0, &(0x7f0000001e00)=ANY=[@ANYBLOB="7f454c464f600500000400000000000002003e0003000000b50200000000000040000000000000009b02000000000000faffffffff0038000100f3ff0101a3bb51e57464090000004000000000000000ff7f000000000000060000000000000006000000000000000500000000000000050000000000000000000060ff7f000002000000000000000700000000000000db180000000000006f00000000000000ffffff7f0000000007000000000000001e564753e51459f42377a4a4892f4e4c53db77962d0049a65842530b7b76d3b3c0325a6c989cb25066463867a2b230ef2e3722ed1dcddcf81ee8b3dd15149def3ef45f7fd4538a00300072177ccab771398fa89067c484d56653f2dcb2eef7dc8717ddc0b75500c64d40538f0e2c12342ebb38acd2d2c8c48cf5babebf44066a2bb82af1394b5018835588971d35cac0a6eef437919e673c5f7e8d4392c70d55d2fc6fb48429229eab8c17b6fff0bcbc063d4cda7155799e8b2cf4e6500f26cbdc8dae7f26b94c3a3238941458c1b5766b3b6cbedb5e3550c7cad7f36fd2d3a4a327000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006711e42acb3971cef4814ee80d0ea62cb3346420a1c87f280a557b81e94125b679ffdc38b3b879de22866ffd35bcc7a7b7d736dd653b6b80edb5044de38eb7d928a630d6d2726ede4f7524335422fbf833c46dd23cd927"], 0xb92) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000580)=ANY=[@ANYBLOB="0100000001008000180085005529311faa54defc329cff6528a1dc43571e3dd2c9f134687a3df19fc9d00ed24583a6dd53af76065d0501806f3c6bec4f964ae0eb4782dfb0e8ec848e698c448873d20023d7da32bb73078e4efeae1e12c8dad9d1d9b1ee7f35cf3d47ee845be981af99410b14497346b9e437fcfc996c1f35f946e1363b386fc5d68722f42acb14bba358a8c5d1e6274d501786af8bf6432957afb1a0f313fe8df3917d57b11215b8adae52af90905d6b069862d0ff96087f05fb932700771070f4a5f84a4df5e8a7f0bd9dc6c17112d16312b8070120ccb52367208e0ec65f214ce4a5026dd4c61c4e52ba94d7add24d5b0105000000000000008926035cdacf25e0eadcdd5c9c73ab5cbd1f42078e4494f4e44d5af7a11600f193ce3696a89a8e01838bec8d947567c89b8ae4e0a4a14aa89a62ef911459e989dc990bb160d0afab06189c90598cc88a210afa81d57984cc1188c94ad2faed807c72125e968058856c68982afce3c2c1b17d80ae935b82f0462cad725da33578016e70d831035fc49af323076d68090cbe2620bd9ae24abe102ccb4811551dcefd68683961714a31fa9c55da0f0eaab206d9b9adbeb9e9fe1a285e5447770b921e95e71c0fe9168357ffdd3cec31a2d42a3f02f2d8e5e38e9c937a3153c7", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file1\x00']) kcmp(r1, 0x0, 0x0, r2, r3) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000000)={0x1, 0x3, 0x4, 0x3, r1}) r4 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = gettid() syz_open_procfs(r5, &(0x7f0000000040)='net/snmp\x00') set_mempolicy(0x2, &(0x7f0000000080)=0x9, 0x81) preadv(r4, &(0x7f0000001400)=[{&(0x7f0000000d40)=""/244, 0x7ffff000}], 0x1, 0x0, 0x0) [ 1421.055417] sg_write: data in/out 352299/2920 bytes for SCSI command 0x0-- guessing data in; [ 1421.055417] program syz-executor.3 not setting count and/or reply_len properly 23:07:03 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x7d, 0x0, 0x0) 23:07:03 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x87, 0x0, 0x0) [ 1421.071663] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1421.072525] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:07:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 85) [ 1421.144317] FAULT_INJECTION: forcing a failure. [ 1421.144317] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1421.146889] CPU: 1 PID: 8635 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1421.148365] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1421.150134] Call Trace: [ 1421.150707] dump_stack+0x107/0x167 [ 1421.151493] should_fail.cold+0x5/0xa [ 1421.152314] _copy_from_user+0x2e/0x1b0 [ 1421.153162] __copy_msghdr_from_user+0x91/0x4b0 [ 1421.154153] ? __ia32_sys_shutdown+0x80/0x80 [ 1421.155085] ? __lock_acquire+0x1657/0x5b00 [ 1421.156026] ___sys_recvmsg+0xd5/0x200 [ 1421.156853] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1421.157886] ? trace_hardirqs_on+0x5b/0x180 [ 1421.158810] ? lock_acquire+0x197/0x470 [ 1421.159666] ? find_held_lock+0x2c/0x110 [ 1421.160535] ? __might_fault+0xd3/0x180 [ 1421.161380] ? lock_downgrade+0x6d0/0x6d0 [ 1421.162277] do_recvmmsg+0x24c/0x6d0 [ 1421.163077] ? ___sys_recvmsg+0x200/0x200 [ 1421.163967] ? lock_downgrade+0x6d0/0x6d0 [ 1421.164852] ? ksys_write+0x12d/0x260 [ 1421.165671] ? wait_for_completion_io+0x270/0x270 [ 1421.166698] ? rcu_read_lock_any_held+0x75/0xa0 [ 1421.167689] ? vfs_write+0x354/0xb10 [ 1421.168484] __x64_sys_recvmmsg+0x20f/0x260 [ 1421.169399] ? ksys_write+0x1a9/0x260 [ 1421.170213] ? __do_sys_socketcall+0x600/0x600 [ 1421.171185] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1421.172306] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1421.173403] do_syscall_64+0x33/0x40 [ 1421.174194] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1421.175285] RIP: 0033:0x7f97e8de2b19 [ 1421.176082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1421.180000] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1421.181619] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1421.183136] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1421.184663] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1421.186177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1421.187697] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1421.193742] sg_write: data in/out 352299/2920 bytes for SCSI command 0x0-- guessing data in; [ 1421.193742] program syz-executor.3 not setting count and/or reply_len properly 23:07:17 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 63) 23:07:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x7a, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:07:17 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 86) 23:07:17 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x7e, 0x0, 0x0) 23:07:17 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x88, 0x0, 0x0) 23:07:17 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 85) 23:07:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x7c, 0x0, 0x0) 23:07:17 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x101142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') write$P9_RREADLINK(r0, &(0x7f0000000100)=ANY=[], 0x10) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/diskstats\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x5) pwrite64(0xffffffffffffffff, &(0x7f0000000200)="1ab8ec59ef9ad6f09dbb72150088ccfdd922232f0039e14ab93fe3da1d6550eae6ad9ffce2ef62659a27cf83", 0x2c, 0x17) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000580)=ANY=[@ANYBLOB="0100000001008000180085005529311faa54defc329cff6528a1dc43571e3dd2c9f134687a3df19fc9d00ed24583a6dd53af76065d0501806f3c6bec4f964ae0eb4782dfb0e8ec848e698c448873d20023d7da32bb73078e4efeae1e12c8dad9d1d9b1ee7f35cf3d47ee845be981af99410b14497346b9e437fcfc996c1f35f946e1363b386fc5d68722f42acb14bba358a8c5d1e6274d501786af8bf6432957afb1a0f313fe8df3917d57b11215b8adae52af90905d6b069862d0ff96087f05fb932700771070f4a5f84a4df5e8a7f0bd9dc6c17112d16312b8070120ccb52367208e0ec65f214ce4a5026dd4c61c4e52ba94d7add24d5b0105000000000000008926035cdacf25e0eadcdd5c9c73ab5cbd1f42078e4494f4e44d5af7a11600f193ce3696a89a8e01838bec8d947567c89b8ae4e0a4a14aa89a62ef911459e989dc990bb160d0afab06189c90598cc88a210afa81d57984cc1188c94ad2faed807c72125e968058856c68982afce3c2c1b17d80ae935b82f0462cad725da33578016e70d831035fc49af323076d68090cbe2620bd9ae24abe102ccb4811551dcefd68683961714a31fa9c55da0f0eaab206d9b9adbeb9e9fe1a285e5447770b921e95e71c0fe9168357ffdd3cec31a2d42a3f02f2d8e5e38e9c937a3153c7", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file1\x00']) kcmp(0x0, 0x0, 0x0, r4, r5) syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xfdef) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', 0x8081, 0x4) sendfile(r0, r1, 0x0, 0x100000001) [ 1434.717914] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1434.719997] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1434.733478] FAULT_INJECTION: forcing a failure. [ 1434.733478] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1434.736045] CPU: 0 PID: 8649 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1434.737626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1434.739358] Call Trace: [ 1434.739931] dump_stack+0x107/0x167 [ 1434.740697] should_fail.cold+0x5/0xa [ 1434.741499] _copy_from_user+0x2e/0x1b0 [ 1434.742349] __copy_msghdr_from_user+0x91/0x4b0 [ 1434.743323] ? __ia32_sys_shutdown+0x80/0x80 [ 1434.744253] ? __lock_acquire+0x1657/0x5b00 [ 1434.745173] ___sys_recvmsg+0xd5/0x200 [ 1434.746006] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1434.747048] ? __fget_files+0x2cf/0x520 [ 1434.747901] ? lock_acquire+0x197/0x470 [ 1434.748740] ? find_held_lock+0x2c/0x110 [ 1434.749595] ? __might_fault+0xd3/0x180 [ 1434.750433] ? lock_downgrade+0x6d0/0x6d0 [ 1434.751319] do_recvmmsg+0x24c/0x6d0 [ 1434.752056] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1434.752129] ? ___sys_recvmsg+0x200/0x200 [ 1434.753698] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1434.754503] ? lock_downgrade+0x6d0/0x6d0 [ 1434.756881] ? ksys_write+0x12d/0x260 [ 1434.757691] ? wait_for_completion_io+0x270/0x270 [ 1434.758700] ? rcu_read_lock_any_held+0x75/0xa0 [ 1434.759684] ? vfs_write+0x354/0xb10 [ 1434.760476] __x64_sys_recvmmsg+0x20f/0x260 [ 1434.761379] ? ksys_write+0x1a9/0x260 [ 1434.762175] ? __do_sys_socketcall+0x600/0x600 [ 1434.763135] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1434.764244] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1434.765325] do_syscall_64+0x33/0x40 [ 1434.766110] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1434.767183] RIP: 0033:0x7fedaa47eb19 [ 1434.767971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1434.771844] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1434.773440] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1434.774932] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1434.776442] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1434.777942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1434.779443] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1434.806891] FAULT_INJECTION: forcing a failure. [ 1434.806891] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1434.809342] CPU: 1 PID: 8655 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1434.810748] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1434.812478] Call Trace: [ 1434.813043] dump_stack+0x107/0x167 [ 1434.813803] should_fail.cold+0x5/0xa [ 1434.814595] _copy_from_user+0x2e/0x1b0 [ 1434.815429] __copy_msghdr_from_user+0x91/0x4b0 [ 1434.816398] ? __ia32_sys_shutdown+0x80/0x80 [ 1434.817308] ? __lock_acquire+0x1657/0x5b00 [ 1434.818219] ___sys_recvmsg+0xd5/0x200 [ 1434.819027] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1434.820052] ? __fget_files+0x2cf/0x520 [ 1434.820876] ? lock_acquire+0x197/0x470 [ 1434.821693] ? find_held_lock+0x2c/0x110 [ 1434.822534] ? __might_fault+0xd3/0x180 [ 1434.823349] ? lock_downgrade+0x6d0/0x6d0 [ 1434.824213] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1434.825340] do_recvmmsg+0x24c/0x6d0 [ 1434.826120] ? ___sys_recvmsg+0x200/0x200 [ 1434.826977] ? lock_downgrade+0x6d0/0x6d0 [ 1434.827854] ? ksys_write+0x12d/0x260 [ 1434.828655] ? wait_for_completion_io+0x270/0x270 [ 1434.829645] ? rcu_read_lock_any_held+0x75/0xa0 [ 1434.830594] ? vfs_write+0x354/0xb10 [ 1434.831373] __x64_sys_recvmmsg+0x20f/0x260 [ 1434.832270] ? ksys_write+0x1a9/0x260 [ 1434.833056] ? __do_sys_socketcall+0x600/0x600 [ 1434.834012] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1434.835090] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1434.836162] do_syscall_64+0x33/0x40 [ 1434.836933] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1434.838253] RIP: 0033:0x7f97e8de2b19 [ 1434.839033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1434.842800] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1434.844381] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1434.845845] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1434.847301] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1434.848774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1434.850235] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1434.858313] FAULT_INJECTION: forcing a failure. [ 1434.858313] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1434.861018] CPU: 1 PID: 8656 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1434.862418] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1434.864126] Call Trace: [ 1434.864681] dump_stack+0x107/0x167 [ 1434.865441] should_fail.cold+0x5/0xa [ 1434.866228] _copy_from_user+0x2e/0x1b0 [ 1434.867055] __copy_msghdr_from_user+0x91/0x4b0 [ 1434.868036] ? __ia32_sys_shutdown+0x80/0x80 [ 1434.868934] ? __lock_acquire+0x1657/0x5b00 [ 1434.869835] ___sys_recvmsg+0xd5/0x200 [ 1434.870632] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1434.871644] ? __fget_files+0x2cf/0x520 [ 1434.872454] ? lock_acquire+0x197/0x470 [ 1434.873266] ? find_held_lock+0x2c/0x110 [ 1434.874092] ? __might_fault+0xd3/0x180 [ 1434.874900] ? lock_downgrade+0x6d0/0x6d0 [ 1434.875764] do_recvmmsg+0x24c/0x6d0 [ 1434.876523] ? ___sys_recvmsg+0x200/0x200 [ 1434.877374] ? lock_downgrade+0x6d0/0x6d0 [ 1434.878223] ? ksys_write+0x12d/0x260 [ 1434.879009] ? wait_for_completion_io+0x270/0x270 [ 1434.879989] ? rcu_read_lock_any_held+0x75/0xa0 [ 1434.880922] ? vfs_write+0x354/0xb10 [ 1434.881686] __x64_sys_recvmmsg+0x20f/0x260 [ 1434.882558] ? ksys_write+0x1a9/0x260 [ 1434.883327] ? __do_sys_socketcall+0x600/0x600 [ 1434.884265] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1434.885336] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1434.886394] do_syscall_64+0x33/0x40 [ 1434.887164] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1434.888222] RIP: 0033:0x7fcf11593b19 [ 1434.888980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1434.892740] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1434.894285] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1434.895745] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1434.897191] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1434.898628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1434.900086] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:07:32 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0xffffffffffff0001}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xd, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x80104592, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r0, &(0x7f0000000240)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="0090884a9800"}, 0x14) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r2) r3 = openat2(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x20000, 0x10, 0xe}, 0x18) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fadvise64(r4, 0x0, 0x0, 0x1) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {0x7ffffffd}}, './file0\x00'}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r5) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)={0x18, r6, 0x321, 0x0, 0x0, {0xb}, [@HEADER={0x4}]}, 0x18}}, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) 23:07:32 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x89, 0x0, 0x0) 23:07:32 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x7c, 0x0, 0x0) 23:07:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xed, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:07:32 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 86) 23:07:32 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x82, 0x0, 0x0) 23:07:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 87) 23:07:32 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 64) [ 1450.117335] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1450.119405] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1450.124785] FAULT_INJECTION: forcing a failure. [ 1450.124785] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1450.127420] CPU: 1 PID: 8683 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1450.129184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1450.129264] FAULT_INJECTION: forcing a failure. [ 1450.129264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1450.131148] Call Trace: [ 1450.131177] dump_stack+0x107/0x167 [ 1450.131205] should_fail.cold+0x5/0xa [ 1450.135678] _copy_from_user+0x2e/0x1b0 [ 1450.136514] __copy_msghdr_from_user+0x91/0x4b0 [ 1450.137462] ? __ia32_sys_shutdown+0x80/0x80 [ 1450.138355] ? __lock_acquire+0x1657/0x5b00 [ 1450.139241] ___sys_recvmsg+0xd5/0x200 [ 1450.140049] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1450.141069] ? __fget_files+0x2cf/0x520 [ 1450.141893] ? lock_acquire+0x197/0x470 [ 1450.142708] ? find_held_lock+0x2c/0x110 [ 1450.143544] ? __might_fault+0xd3/0x180 [ 1450.144403] ? lock_downgrade+0x6d0/0x6d0 [ 1450.145353] do_recvmmsg+0x24c/0x6d0 [ 1450.146125] ? ___sys_recvmsg+0x200/0x200 [ 1450.146974] ? lock_downgrade+0x6d0/0x6d0 [ 1450.147844] ? ksys_write+0x12d/0x260 [ 1450.148629] ? wait_for_completion_io+0x270/0x270 [ 1450.149625] ? rcu_read_lock_any_held+0x75/0xa0 [ 1450.150568] ? vfs_write+0x354/0xb10 [ 1450.151331] __x64_sys_recvmmsg+0x20f/0x260 [ 1450.152244] ? ksys_write+0x1a9/0x260 [ 1450.153029] ? __do_sys_socketcall+0x600/0x600 [ 1450.153958] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1450.155020] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1450.156079] do_syscall_64+0x33/0x40 [ 1450.156834] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1450.157877] RIP: 0033:0x7fcf11593b19 [ 1450.158638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1450.162395] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1450.163947] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1450.165392] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1450.166841] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1450.168291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1450.169732] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1450.171209] CPU: 0 PID: 8674 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1450.172682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1450.174429] Call Trace: [ 1450.174989] dump_stack+0x107/0x167 [ 1450.175775] should_fail.cold+0x5/0xa [ 1450.176589] _copy_from_user+0x2e/0x1b0 [ 1450.177434] __copy_msghdr_from_user+0x91/0x4b0 [ 1450.178415] ? __ia32_sys_shutdown+0x80/0x80 [ 1450.178434] FAULT_INJECTION: forcing a failure. [ 1450.178434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1450.181736] ? __lock_acquire+0x1657/0x5b00 [ 1450.182659] ___sys_recvmsg+0xd5/0x200 [ 1450.183480] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1450.184524] ? __fget_files+0x2cf/0x520 [ 1450.185364] ? lock_acquire+0x197/0x470 [ 1450.186199] ? find_held_lock+0x2c/0x110 [ 1450.187057] ? __might_fault+0xd3/0x180 [ 1450.187906] ? lock_downgrade+0x6d0/0x6d0 [ 1450.188796] do_recvmmsg+0x24c/0x6d0 [ 1450.189585] ? ___sys_recvmsg+0x200/0x200 [ 1450.190462] ? lock_downgrade+0x6d0/0x6d0 [ 1450.191343] ? ksys_write+0x12d/0x260 [ 1450.192163] ? wait_for_completion_io+0x270/0x270 [ 1450.193181] ? rcu_read_lock_any_held+0x75/0xa0 [ 1450.194160] ? vfs_write+0x354/0xb10 [ 1450.194949] __x64_sys_recvmmsg+0x20f/0x260 [ 1450.195864] ? ksys_write+0x1a9/0x260 [ 1450.196678] ? __do_sys_socketcall+0x600/0x600 [ 1450.197648] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1450.198754] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1450.199845] do_syscall_64+0x33/0x40 [ 1450.200630] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1450.201707] RIP: 0033:0x7f97e8de2b19 [ 1450.202490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1450.206406] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1450.208017] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1450.209523] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1450.211019] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1450.212528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1450.214038] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1450.215578] CPU: 1 PID: 8680 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1450.216995] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1450.218688] Call Trace: [ 1450.219230] dump_stack+0x107/0x167 [ 1450.219983] should_fail.cold+0x5/0xa [ 1450.220774] _copy_from_user+0x2e/0x1b0 [ 1450.221588] __copy_msghdr_from_user+0x91/0x4b0 [ 1450.222558] ? __ia32_sys_shutdown+0x80/0x80 [ 1450.223481] ? __lock_acquire+0x1657/0x5b00 [ 1450.224386] ___sys_recvmsg+0xd5/0x200 [ 1450.225183] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1450.226280] ? trace_hardirqs_on+0x5b/0x180 [ 1450.227171] ? lock_acquire+0x197/0x470 [ 1450.228006] ? find_held_lock+0x2c/0x110 [ 1450.228840] ? __might_fault+0xd3/0x180 [ 1450.229663] ? lock_downgrade+0x6d0/0x6d0 [ 1450.230527] do_recvmmsg+0x24c/0x6d0 [ 1450.231287] ? ___sys_recvmsg+0x200/0x200 [ 1450.232146] ? lock_downgrade+0x6d0/0x6d0 [ 1450.233000] ? ksys_write+0x12d/0x260 [ 1450.233790] ? wait_for_completion_io+0x270/0x270 [ 1450.234767] ? rcu_read_lock_any_held+0x75/0xa0 [ 1450.235724] ? vfs_write+0x354/0xb10 [ 1450.236488] __x64_sys_recvmmsg+0x20f/0x260 [ 1450.237364] ? ksys_write+0x1a9/0x260 [ 1450.238143] ? __do_sys_socketcall+0x600/0x600 [ 1450.239070] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1450.240139] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1450.241191] do_syscall_64+0x33/0x40 [ 1450.241950] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1450.242989] RIP: 0033:0x7fedaa47eb19 [ 1450.243737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1450.247480] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1450.249044] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1450.250499] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1450.252047] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1450.253572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1450.255205] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1450.262483] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1450.264130] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:07:32 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x8a, 0x0, 0x0) 23:07:32 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x83, 0x0, 0x0) 23:07:32 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 65) 23:07:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xf0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:07:32 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x84, 0x0, 0x0) 23:07:32 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x8b, 0x0, 0x0) 23:07:32 executing program 3: r0 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r1 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x0, 0x0, 0x399}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r1, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r3 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r3, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(r2, &(0x7f0000000240)='./file0\x00', 0x800, 0x90) fork() [ 1450.416160] FAULT_INJECTION: forcing a failure. [ 1450.416160] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1450.417156] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1450.418673] CPU: 0 PID: 8700 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1450.418686] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1450.418702] Call Trace: [ 1450.420355] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1450.421773] dump_stack+0x107/0x167 [ 1450.421795] should_fail.cold+0x5/0xa [ 1450.421823] _copy_from_user+0x2e/0x1b0 [ 1450.428015] __copy_msghdr_from_user+0x91/0x4b0 [ 1450.429004] ? __ia32_sys_shutdown+0x80/0x80 [ 1450.429934] ? __lock_acquire+0x1657/0x5b00 [ 1450.430864] ___sys_recvmsg+0xd5/0x200 [ 1450.431691] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1450.432096] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1450.432736] ? __fget_files+0x2cf/0x520 [ 1450.432761] ? lock_acquire+0x197/0x470 [ 1450.432786] ? find_held_lock+0x2c/0x110 [ 1450.434407] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1450.435182] ? __might_fault+0xd3/0x180 [ 1450.435201] ? lock_downgrade+0x6d0/0x6d0 [ 1450.435238] do_recvmmsg+0x24c/0x6d0 [ 1450.440914] ? ___sys_recvmsg+0x200/0x200 [ 1450.441786] ? lock_downgrade+0x6d0/0x6d0 [ 1450.442670] ? ksys_write+0x12d/0x260 [ 1450.443482] ? wait_for_completion_io+0x270/0x270 [ 1450.444512] ? rcu_read_lock_any_held+0x75/0xa0 [ 1450.445493] ? vfs_write+0x354/0xb10 [ 1450.446280] __x64_sys_recvmmsg+0x20f/0x260 [ 1450.447188] ? ksys_write+0x1a9/0x260 [ 1450.448002] ? __do_sys_socketcall+0x600/0x600 [ 1450.448965] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1450.450077] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1450.451176] do_syscall_64+0x33/0x40 [ 1450.451970] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1450.453050] RIP: 0033:0x7fcf11593b19 [ 1450.453834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1450.457733] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1450.459331] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1450.460841] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1450.462346] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1450.463860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1450.465361] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:07:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x300, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:07:32 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x85, 0x0, 0x0) 23:07:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 88) [ 1450.566122] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1450.567910] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1450.611219] FAULT_INJECTION: forcing a failure. [ 1450.611219] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1450.613907] CPU: 1 PID: 8722 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1450.615367] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1450.617131] Call Trace: [ 1450.617693] dump_stack+0x107/0x167 [ 1450.618465] should_fail.cold+0x5/0xa [ 1450.619277] _copy_from_user+0x2e/0x1b0 [ 1450.620144] __copy_msghdr_from_user+0x91/0x4b0 [ 1450.621132] ? __ia32_sys_shutdown+0x80/0x80 [ 1450.622059] ? __lock_acquire+0x1657/0x5b00 [ 1450.622981] ___sys_recvmsg+0xd5/0x200 [ 1450.623811] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1450.624848] ? trace_hardirqs_on+0x5b/0x180 [ 1450.625766] ? lock_acquire+0x197/0x470 [ 1450.626600] ? find_held_lock+0x2c/0x110 [ 1450.627469] ? __might_fault+0xd3/0x180 [ 1450.628315] ? lock_downgrade+0x6d0/0x6d0 [ 1450.629210] do_recvmmsg+0x24c/0x6d0 [ 1450.629999] ? ___sys_recvmsg+0x200/0x200 [ 1450.630873] ? lock_downgrade+0x6d0/0x6d0 [ 1450.631754] ? ksys_write+0x12d/0x260 [ 1450.632575] ? wait_for_completion_io+0x270/0x270 [ 1450.633597] ? rcu_read_lock_any_held+0x75/0xa0 [ 1450.634572] ? vfs_write+0x354/0xb10 [ 1450.635367] __x64_sys_recvmmsg+0x20f/0x260 [ 1450.636286] ? ksys_write+0x1a9/0x260 [ 1450.637090] ? __do_sys_socketcall+0x600/0x600 [ 1450.638060] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1450.639162] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1450.640257] do_syscall_64+0x33/0x40 [ 1450.641051] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1450.642128] RIP: 0033:0x7f97e8de2b19 [ 1450.642929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1450.646813] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1450.648428] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1450.649941] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1450.651443] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1450.652959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1450.654462] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 23:07:45 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 89) 23:07:45 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x7c, 0x0, 0x0) 23:07:45 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x8c, 0x0, 0x0) 23:07:45 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 87) [ 1463.577026] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use) 23:07:45 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0) timer_delete(0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) capget(&(0x7f0000000300)={0x19980330}, &(0x7f00000005c0)={0x7, 0xfffff000, 0x4, 0x0, 0x9, 0xf6}) timer_create(0x3, &(0x7f0000000000)={0x0, 0x1c, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000480)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x2) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x2, 0x6a4, 0x20, 0x5c94, 0x9, 0x7342}) sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="540000001600010d000000000000000000000000381434eda16dace3c1aa6f34fad1b642a30b0ba409a18c5dc205bb5e0700000000000000be4c18ae5cb8f8ffffffffffffff8635916223ade2badc9060b231198b107557303600f100"/107], 0x14}}, 0x0) timer_create(0x2, &(0x7f00000002c0)={0x0, 0x13, 0x2, @thr={&(0x7f0000000180)="5fd701", &(0x7f0000000240)="379106a29ffe87"}}, &(0x7f0000000340)=0x0) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000600)=0x0) timer_create(0x5, &(0x7f0000000640)={0x0, 0x30, 0x0, @tid=r4}, &(0x7f0000000680)) timer_gettime(r3, &(0x7f0000000400)) read(r2, &(0x7f0000000080)=""/65, 0x41) timer_gettime(r1, &(0x7f0000000080)) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000380)=ANY=[@ANYBLOB="01060000090000adf60ecc00758e99e8c58ac13a548deab865aecfe823e8d5545b6cf57aa85897db1b3350b8ed2547b4", @ANYRES32=r0, @ANYRES32, @ANYBLOB="f4ffffff0000000080000000"]) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f00000004c0)={{r5, r6+10000000}, {0x0, 0x3938700}}, &(0x7f0000000500)) clone3(&(0x7f00000001c0)={0x42182300, 0x0, 0x0, 0x0, {0x35}, 0x0, 0x0, 0x0, 0x0}, 0x58) 23:07:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x500, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1463.587218] FAULT_INJECTION: forcing a failure. [ 1463.587218] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1463.587452] FAULT_INJECTION: forcing a failure. [ 1463.587452] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1463.589729] CPU: 1 PID: 8727 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1463.592541] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1463.594290] Call Trace: [ 1463.594849] dump_stack+0x107/0x167 [ 1463.595618] should_fail.cold+0x5/0xa [ 1463.596437] _copy_from_user+0x2e/0x1b0 [ 1463.597283] __copy_msghdr_from_user+0x91/0x4b0 [ 1463.598262] ? __ia32_sys_shutdown+0x80/0x80 [ 1463.599188] ? __lock_acquire+0x1657/0x5b00 [ 1463.600122] ___sys_recvmsg+0xd5/0x200 [ 1463.600955] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1463.601987] ? __fget_files+0x2cf/0x520 [ 1463.602834] ? lock_acquire+0x197/0x470 [ 1463.603670] ? find_held_lock+0x2c/0x110 [ 1463.604539] ? __might_fault+0xd3/0x180 [ 1463.605383] ? lock_downgrade+0x6d0/0x6d0 [ 1463.606278] do_recvmmsg+0x24c/0x6d0 [ 1463.607070] ? ___sys_recvmsg+0x200/0x200 [ 1463.607951] ? lock_downgrade+0x6d0/0x6d0 [ 1463.608832] ? ksys_write+0x12d/0x260 [ 1463.609651] ? wait_for_completion_io+0x270/0x270 [ 1463.610667] ? rcu_read_lock_any_held+0x75/0xa0 [ 1463.611643] ? vfs_write+0x354/0xb10 [ 1463.612440] __x64_sys_recvmmsg+0x20f/0x260 [ 1463.613347] ? ksys_write+0x1a9/0x260 [ 1463.614155] ? __do_sys_socketcall+0x600/0x600 [ 1463.615125] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1463.616239] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1463.617327] do_syscall_64+0x33/0x40 [ 1463.618110] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1463.619184] RIP: 0033:0x7f97e8de2b19 [ 1463.619980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1463.623853] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1463.625461] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1463.626960] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1463.628472] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1463.629973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1463.631472] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1463.632997] CPU: 0 PID: 8736 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1463.633820] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1463.634804] Call Trace: [ 1463.635123] dump_stack+0x107/0x167 [ 1463.635558] should_fail.cold+0x5/0xa [ 1463.636020] _copy_from_user+0x2e/0x1b0 [ 1463.636496] __copy_msghdr_from_user+0x91/0x4b0 [ 1463.637048] ? __ia32_sys_shutdown+0x80/0x80 [ 1463.637572] ? __lock_acquire+0x1657/0x5b00 [ 1463.638090] ___sys_recvmsg+0xd5/0x200 [ 1463.638557] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1463.639141] ? __fget_files+0x2cf/0x520 [ 1463.639615] ? lock_acquire+0x197/0x470 [ 1463.640090] ? find_held_lock+0x2c/0x110 [ 1463.640574] ? __might_fault+0xd3/0x180 [ 1463.641044] ? lock_downgrade+0x6d0/0x6d0 [ 1463.641543] do_recvmmsg+0x24c/0x6d0 [ 1463.641994] ? ___sys_recvmsg+0x200/0x200 [ 1463.642492] ? lock_downgrade+0x6d0/0x6d0 [ 1463.642985] ? ksys_write+0x12d/0x260 [ 1463.643445] ? wait_for_completion_io+0x270/0x270 [ 1463.644026] ? rcu_read_lock_any_held+0x75/0xa0 [ 1463.644572] ? vfs_write+0x354/0xb10 [ 1463.645010] __x64_sys_recvmmsg+0x20f/0x260 [ 1463.645516] ? ksys_write+0x1a9/0x260 [ 1463.645961] ? __do_sys_socketcall+0x600/0x600 [ 1463.646500] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1463.647115] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1463.647723] do_syscall_64+0x33/0x40 [ 1463.648165] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1463.648768] RIP: 0033:0x7fcf11593b19 [ 1463.649205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1463.651364] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b 23:07:46 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 66) 23:07:46 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x86, 0x0, 0x0) [ 1463.651403] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1463.652257] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1463.652263] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1463.652270] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1463.652276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1463.652283] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1463.661885] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1463.674813] FAULT_INJECTION: forcing a failure. 23:07:46 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 90) [ 1463.674813] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1463.677519] CPU: 1 PID: 8738 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1463.678971] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1463.680742] Call Trace: [ 1463.681306] dump_stack+0x107/0x167 [ 1463.682081] should_fail.cold+0x5/0xa [ 1463.682903] _copy_from_user+0x2e/0x1b0 [ 1463.683745] __copy_msghdr_from_user+0x91/0x4b0 [ 1463.684741] ? __ia32_sys_shutdown+0x80/0x80 [ 1463.685677] ? __lock_acquire+0x1657/0x5b00 [ 1463.686601] ___sys_recvmsg+0xd5/0x200 [ 1463.687433] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1463.688472] ? __fget_files+0x2cf/0x520 [ 1463.689322] ? lock_acquire+0x197/0x470 [ 1463.690163] ? find_held_lock+0x2c/0x110 [ 1463.691030] ? __might_fault+0xd3/0x180 [ 1463.691875] ? lock_downgrade+0x6d0/0x6d0 [ 1463.692776] do_recvmmsg+0x24c/0x6d0 [ 1463.693564] ? ___sys_recvmsg+0x200/0x200 [ 1463.694434] ? lock_downgrade+0x6d0/0x6d0 [ 1463.695315] ? ksys_write+0x12d/0x260 [ 1463.696139] ? wait_for_completion_io+0x270/0x270 [ 1463.697155] ? rcu_read_lock_any_held+0x75/0xa0 [ 1463.698142] ? vfs_write+0x354/0xb10 [ 1463.698942] __x64_sys_recvmmsg+0x20f/0x260 [ 1463.699864] ? ksys_write+0x1a9/0x260 [ 1463.700510] FAULT_INJECTION: forcing a failure. [ 1463.700510] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1463.700671] ? __do_sys_socketcall+0x600/0x600 [ 1463.700696] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1463.704094] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1463.705202] do_syscall_64+0x33/0x40 [ 1463.705996] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1463.707081] RIP: 0033:0x7fedaa47eb19 [ 1463.707873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1463.711802] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1463.713436] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1463.714946] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1463.716470] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1463.717983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1463.719496] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1463.721048] CPU: 0 PID: 8746 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1463.721841] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1463.722803] Call Trace: [ 1463.723110] dump_stack+0x107/0x167 [ 1463.723533] should_fail.cold+0x5/0xa [ 1463.723989] _copy_from_user+0x2e/0x1b0 [ 1463.724448] __copy_msghdr_from_user+0x91/0x4b0 [ 1463.724976] ? __ia32_sys_shutdown+0x80/0x80 [ 1463.725498] ? __lock_acquire+0x1657/0x5b00 [ 1463.726003] ___sys_recvmsg+0xd5/0x200 [ 1463.726449] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1463.727015] ? __fget_files+0x2cf/0x520 [ 1463.727478] ? lock_acquire+0x197/0x470 [ 1463.727940] ? find_held_lock+0x2c/0x110 [ 1463.728420] ? __might_fault+0xd3/0x180 [ 1463.728876] ? lock_downgrade+0x6d0/0x6d0 [ 1463.729362] do_recvmmsg+0x24c/0x6d0 [ 1463.729800] ? ___sys_recvmsg+0x200/0x200 [ 1463.730280] ? lock_downgrade+0x6d0/0x6d0 [ 1463.730754] ? ksys_write+0x12d/0x260 [ 1463.731197] ? wait_for_completion_io+0x270/0x270 [ 1463.731742] ? rcu_read_lock_any_held+0x75/0xa0 [ 1463.732281] ? vfs_write+0x354/0xb10 [ 1463.732708] __x64_sys_recvmmsg+0x20f/0x260 [ 1463.733200] ? ksys_write+0x1a9/0x260 [ 1463.733635] ? __do_sys_socketcall+0x600/0x600 [ 1463.734167] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1463.734772] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1463.735365] do_syscall_64+0x33/0x40 [ 1463.735787] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1463.736389] RIP: 0033:0x7f97e8de2b19 [ 1463.736814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1463.738942] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1463.739808] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1463.740630] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1463.741447] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1463.742277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1463.743092] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 23:07:46 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 67) 23:07:46 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x87, 0x0, 0x0) 23:07:46 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x8d, 0x0, 0x0) [ 1463.789284] FAULT_INJECTION: forcing a failure. [ 1463.789284] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1463.790703] CPU: 0 PID: 8754 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1463.791485] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1463.792449] Call Trace: [ 1463.792755] dump_stack+0x107/0x167 [ 1463.793180] should_fail.cold+0x5/0xa [ 1463.793615] __alloc_pages_nodemask+0x182/0x600 [ 1463.794146] ? lock_chain_count+0x20/0x20 [ 1463.794620] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1463.795315] alloc_pages_vma+0xbb/0x410 [ 1463.795772] wp_page_copy+0xee7/0x1f00 [ 1463.796236] ? print_bad_pte+0x5a0/0x5a0 [ 1463.796700] ? lock_downgrade+0x6d0/0x6d0 [ 1463.797169] ? vm_normal_page+0x162/0x2e0 [ 1463.797647] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1463.798255] do_wp_page+0x27b/0x1390 [ 1463.798685] handle_mm_fault+0x1cc7/0x3500 [ 1463.799173] ? tcp_recvmsg+0x8bc/0x2930 [ 1463.799626] ? __pmd_alloc+0x5e0/0x5e0 [ 1463.800082] ? vmacache_find+0x55/0x2a0 [ 1463.800537] do_user_addr_fault+0x56e/0xc60 [ 1463.801042] exc_page_fault+0xa2/0x1a0 [ 1463.801488] asm_exc_page_fault+0x1e/0x30 [ 1463.801973] RIP: 0010:__put_user_nocheck_4+0x3/0x11 [ 1463.802538] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca e9 f1 e9 1c 02 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca e9 d2 e9 1c 02 66 90 48 bb f9 ef ff ff ff 7f [ 1463.804668] RSP: 0018:ffff8880494079c8 EFLAGS: 00050246 [ 1463.805275] RAX: 0000000000000000 RBX: ffffffff8366ed30 RCX: 0000000020001030 [ 1463.806097] RDX: 1ffff11009280fc3 RSI: ffffffff8310cf0a RDI: 0000000000000005 [ 1463.806908] RBP: ffff888049407dc8 R08: 0000000000000000 R09: ffff888017d870e7 [ 1463.807723] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000020001030 [ 1463.808566] R13: 0000000020001000 R14: 0000000000000000 R15: 0000000000000000 [ 1463.809391] ? inet6_bind+0x120/0x120 [ 1463.809829] ? ____sys_recvmsg+0x2aa/0x590 [ 1463.810328] ____sys_recvmsg+0x2dd/0x590 [ 1463.810794] ? kernel_recvmsg+0x80/0x80 [ 1463.811256] ? __import_iovec+0x458/0x590 [ 1463.811734] ? import_iovec+0x83/0xb0 [ 1463.812185] ___sys_recvmsg+0x127/0x200 [ 1463.812640] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1463.813206] ? __fget_files+0x2cf/0x520 [ 1463.813666] ? lock_acquire+0x197/0x470 [ 1463.814123] ? find_held_lock+0x2c/0x110 [ 1463.814586] ? __might_fault+0xd3/0x180 [ 1463.815037] ? lock_downgrade+0x6d0/0x6d0 [ 1463.815522] do_recvmmsg+0x24c/0x6d0 [ 1463.815955] ? ___sys_recvmsg+0x200/0x200 [ 1463.816425] ? lock_downgrade+0x6d0/0x6d0 [ 1463.816910] ? ksys_write+0x12d/0x260 [ 1463.817352] ? wait_for_completion_io+0x270/0x270 [ 1463.817916] ? rcu_read_lock_any_held+0x75/0xa0 [ 1463.818450] ? vfs_write+0x354/0xb10 [ 1463.818891] __x64_sys_recvmmsg+0x20f/0x260 [ 1463.819390] ? ksys_write+0x1a9/0x260 [ 1463.819828] ? __do_sys_socketcall+0x600/0x600 [ 1463.820361] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1463.820957] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1463.821546] do_syscall_64+0x33/0x40 [ 1463.821971] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1463.822550] RIP: 0033:0x7fcf11593b19 [ 1463.822973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1463.825090] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1463.825964] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1463.826775] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1463.827582] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1463.828398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1463.829217] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:07:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x600, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:07:46 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 88) [ 1463.855407] FAULT_INJECTION: forcing a failure. [ 1463.855407] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1463.858121] CPU: 1 PID: 8763 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1463.859567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1463.861330] Call Trace: [ 1463.861889] dump_stack+0x107/0x167 [ 1463.862657] should_fail.cold+0x5/0xa 23:07:46 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x88, 0x0, 0x0) [ 1463.863472] _copy_from_user+0x2e/0x1b0 [ 1463.864450] __copy_msghdr_from_user+0x91/0x4b0 [ 1463.865432] ? __ia32_sys_shutdown+0x80/0x80 [ 1463.866372] ? __lock_acquire+0x1657/0x5b00 [ 1463.867298] ___sys_recvmsg+0xd5/0x200 [ 1463.868131] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1463.869181] ? trace_hardirqs_on+0x5b/0x180 [ 1463.870101] ? lock_acquire+0x197/0x470 [ 1463.870939] ? find_held_lock+0x2c/0x110 [ 1463.871802] ? __might_fault+0xd3/0x180 [ 1463.872645] ? lock_downgrade+0x6d0/0x6d0 [ 1463.873535] do_recvmmsg+0x24c/0x6d0 [ 1463.874324] ? ___sys_recvmsg+0x200/0x200 [ 1463.875199] ? lock_downgrade+0x6d0/0x6d0 [ 1463.876085] ? ksys_write+0x12d/0x260 [ 1463.876898] ? wait_for_completion_io+0x270/0x270 [ 1463.877915] ? rcu_read_lock_any_held+0x75/0xa0 [ 1463.878891] ? vfs_write+0x354/0xb10 [ 1463.879681] __x64_sys_recvmmsg+0x20f/0x260 [ 1463.880596] ? ksys_write+0x1a9/0x260 [ 1463.881400] ? __do_sys_socketcall+0x600/0x600 [ 1463.882366] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1463.883470] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1463.884568] do_syscall_64+0x33/0x40 [ 1463.885353] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1463.886434] RIP: 0033:0x7fedaa47eb19 [ 1463.887214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1463.891100] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1463.892712] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1463.894209] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1463.895701] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1463.897213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1463.898712] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1463.901492] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1463.903090] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1463.910810] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1463.912577] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:08:00 executing program 5: ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x6d7cf708bc06516e}, 0x23a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) ioctl$SG_IO(r0, 0x127f, &(0x7f00000003c0)={0xe00, 0x0, 0x0, 0x0, @buffer={0x300, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) dup(r0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs2/custom1\x00', 0x0, 0x0) ioctl$BLKROGET(r0, 0x125e, &(0x7f00000000c0)) accept$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004d00), 0x400000000000070, 0x0) 23:08:00 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x8e, 0x0, 0x0) 23:08:00 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 89) 23:08:00 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x89, 0x0, 0x0) 23:08:00 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 91) 23:08:00 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 68) 23:08:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x700, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:08:00 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f00000002c0), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000640)=ANY=[@ANYBLOB="207a150f3828091f72f7f06ecab7bb606cd15a8dc665d050882f72f4aff039a65655c4da3871d6b5af5b78c5f65e97ffc871d0aaa430ebf919447ef07ef14761dcf4b4dc9618cd323549fe6b00e31bb032043c763589f4a7e8854d9fc2b631b4f1094c58de0d0ac530f1f71e1fdf2cbbcbde280deac5660921fd1aaf6da71af6d70bf9dfa1169ebc777e8fbfd79f3274ca4ea77420607253223e9b49a44d346d6516fd258ce85dc50d759a7007b2c954a6dd4e54d9bf1392ecd5d6ea79cb1c579a43b5b953e2facd8876e3e5236ad1eb003f1f0e4e87d357a9b9baea3885afdedd0255ad3f597a69f52b2a78dc883f1be2521b5cbd674f481db8cc52a5fad759148bc22926412e4b1f49f7e07fe6a2dba31eb07fb27c397f36fdf9200494b905c58e874cad0e5bc1ed6399367af51769b910021fb3a1cef30065b05774f71684f0fa3595c158c2f453fe434d42e5515fac902f065cb8ace9066561bf5547ad83b5", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f00000005c0)=ANY=[@ANYRES64, @ANYRES16=r2, @ANYRESHEX=r2, @ANYRESOCT, @ANYRESHEX, @ANYRES32=r2]) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="2400000010000100000004000000009600090005000000000005000000000000000000"], 0x24}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) r4 = creat(&(0x7f0000000000)='./file2\x00', 0x0) fcntl$setlease(r4, 0x400, 0x1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4305, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x400000000}, 0x8006, 0x0, 0x0, 0x2, 0x7}, 0x0, 0xffffffffffffffff, r4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = dup(r5) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) accept4$bt_l2cap(r6, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) ftruncate(r6, 0x0) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x80202, 0x100) openat(r7, &(0x7f0000000380)='./file0\x00', 0x24000, 0x20) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x18, 0xfffffffffffffffc, 0x3) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 1478.094297] FAULT_INJECTION: forcing a failure. [ 1478.094297] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1478.096629] CPU: 1 PID: 8776 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1478.097972] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1478.099619] Call Trace: [ 1478.100148] dump_stack+0x107/0x167 [ 1478.100875] should_fail.cold+0x5/0xa [ 1478.101639] _copy_from_user+0x2e/0x1b0 [ 1478.102423] __copy_msghdr_from_user+0x91/0x4b0 [ 1478.103353] ? __ia32_sys_shutdown+0x80/0x80 [ 1478.104236] ? __lock_acquire+0x1657/0x5b00 [ 1478.105112] ___sys_recvmsg+0xd5/0x200 [ 1478.105886] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1478.106861] ? trace_hardirqs_on+0x5b/0x180 [ 1478.107720] ? lock_acquire+0x197/0x470 [ 1478.108514] ? find_held_lock+0x2c/0x110 [ 1478.109323] ? __might_fault+0xd3/0x180 [ 1478.110104] ? lock_downgrade+0x6d0/0x6d0 [ 1478.110944] do_recvmmsg+0x24c/0x6d0 [ 1478.111691] ? ___sys_recvmsg+0x200/0x200 [ 1478.112512] ? lock_downgrade+0x6d0/0x6d0 [ 1478.113342] ? ksys_write+0x12d/0x260 [ 1478.114098] ? wait_for_completion_io+0x270/0x270 [ 1478.115065] ? rcu_read_lock_any_held+0x75/0xa0 [ 1478.115976] ? vfs_write+0x354/0xb10 [ 1478.116723] __x64_sys_recvmmsg+0x20f/0x260 [ 1478.117557] ? ksys_write+0x1a9/0x260 [ 1478.118288] ? __do_sys_socketcall+0x600/0x600 [ 1478.119184] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1478.120214] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1478.121226] do_syscall_64+0x33/0x40 [ 1478.121963] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1478.122104] FAULT_INJECTION: forcing a failure. [ 1478.122104] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1478.122967] RIP: 0033:0x7f97e8de2b19 [ 1478.122985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1478.122995] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1478.131148] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1478.132548] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1478.133938] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1478.135326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1478.136735] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1478.138129] CPU: 0 PID: 8778 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1478.139611] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1478.141398] Call Trace: [ 1478.141971] dump_stack+0x107/0x167 [ 1478.142767] should_fail.cold+0x5/0xa [ 1478.143597] _copy_from_user+0x2e/0x1b0 [ 1478.144464] __copy_msghdr_from_user+0x91/0x4b0 [ 1478.145461] ? __ia32_sys_shutdown+0x80/0x80 [ 1478.145695] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1478.146408] ? __lock_acquire+0x1657/0x5b00 [ 1478.147866] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1478.148766] ___sys_recvmsg+0xd5/0x200 [ 1478.148788] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1478.148811] ? trace_hardirqs_on+0x5b/0x180 [ 1478.153230] ? lock_acquire+0x197/0x470 [ 1478.154081] ? find_held_lock+0x2c/0x110 [ 1478.154437] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1478.154955] ? __might_fault+0xd3/0x180 [ 1478.154975] ? lock_downgrade+0x6d0/0x6d0 [ 1478.155012] do_recvmmsg+0x24c/0x6d0 [ 1478.156461] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1478.157268] ? ___sys_recvmsg+0x200/0x200 [ 1478.157287] ? lock_downgrade+0x6d0/0x6d0 [ 1478.157313] ? ksys_write+0x12d/0x260 [ 1478.162994] ? wait_for_completion_io+0x270/0x270 [ 1478.164031] ? rcu_read_lock_any_held+0x75/0xa0 [ 1478.165035] ? vfs_write+0x354/0xb10 [ 1478.165843] __x64_sys_recvmmsg+0x20f/0x260 [ 1478.166767] ? ksys_write+0x1a9/0x260 [ 1478.167584] ? __do_sys_socketcall+0x600/0x600 [ 1478.168483] FAULT_INJECTION: forcing a failure. [ 1478.168483] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1478.168574] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1478.168594] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1478.168617] do_syscall_64+0x33/0x40 [ 1478.173774] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1478.174854] RIP: 0033:0x7fcf11593b19 [ 1478.175629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1478.179477] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1478.181079] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1478.182575] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1478.184062] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1478.185556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1478.187052] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1478.188579] CPU: 1 PID: 8784 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1478.189833] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1478.191340] Call Trace: [ 1478.191832] dump_stack+0x107/0x167 [ 1478.192506] should_fail.cold+0x5/0xa [ 1478.193218] _copy_from_user+0x2e/0x1b0 [ 1478.193941] __copy_msghdr_from_user+0x91/0x4b0 [ 1478.194791] ? __ia32_sys_shutdown+0x80/0x80 [ 1478.195586] ? __lock_acquire+0x1657/0x5b00 [ 1478.196397] ___sys_recvmsg+0xd5/0x200 [ 1478.197113] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1478.197501] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1478.198030] ? __fget_files+0x2cf/0x520 [ 1478.198051] ? lock_acquire+0x197/0x470 [ 1478.198066] ? find_held_lock+0x2c/0x110 [ 1478.198086] ? __might_fault+0xd3/0x180 [ 1478.198102] ? lock_downgrade+0x6d0/0x6d0 [ 1478.198132] do_recvmmsg+0x24c/0x6d0 [ 1478.204315] ? ___sys_recvmsg+0x200/0x200 [ 1478.205090] ? lock_downgrade+0x6d0/0x6d0 [ 1478.205880] ? ksys_write+0x12d/0x260 [ 1478.206607] ? wait_for_completion_io+0x270/0x270 [ 1478.207497] ? rcu_read_lock_any_held+0x75/0xa0 [ 1478.208375] ? vfs_write+0x354/0xb10 [ 1478.209078] __x64_sys_recvmmsg+0x20f/0x260 [ 1478.209888] ? ksys_write+0x1a9/0x260 [ 1478.210611] ? __do_sys_socketcall+0x600/0x600 [ 1478.211471] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1478.212414] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1478.213319] do_syscall_64+0x33/0x40 [ 1478.213979] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1478.214898] RIP: 0033:0x7fedaa47eb19 [ 1478.215574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1478.218875] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1478.220235] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1478.221528] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1478.222804] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1478.224089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1478.225362] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 23:08:00 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x8a, 0x0, 0x0) [ 1478.258823] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 23:08:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x900, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:08:00 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x8f, 0x0, 0x0) 23:08:00 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x474002, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r2) write$binfmt_script(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="cc"], 0x1020) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x4022812, r0, 0x0) [ 1478.334399] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1478.336200] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:08:00 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 92) [ 1478.361856] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1478.363145] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:08:00 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x12501, 0x80) ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, 0x0) clone3(&(0x7f00000008c0)={0x3040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0) r2 = getpgrp(0x0) pidfd_open(r2, 0x0) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1/file0\x00'}) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f00000001c0)=0x2) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f00000003c0)={0x0, 0x80, 0x0, 0x1, 0x1d, 0x40, 0x0, 0xbfffffffffff8000, 0x90000, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x7fffffff, 0x1, @perf_config_ext={0xfff, 0xffffffff}, 0x0, 0x1, 0x2, 0x4, 0x81, 0x3f, 0x9, 0x0, 0x1f, 0x0, 0x40}, 0x0, 0x4, r4, 0x3) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x3f, 0x80, 0x80, 0x0, 0x0, 0x5, 0x301, 0x8, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x58d, 0x1, @perf_config_ext={0x8, 0x1}, 0x174a8, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x101, 0x1, 0x0, 0x7ff, 0x0, 0x81}, r2, 0x4, r3, 0x2) 23:08:00 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x8b, 0x0, 0x0) 23:08:00 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x90, 0x0, 0x0) 23:08:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xa00, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1478.438253] FAULT_INJECTION: forcing a failure. [ 1478.438253] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1478.440790] CPU: 0 PID: 8812 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1478.442267] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1478.444058] Call Trace: [ 1478.444638] dump_stack+0x107/0x167 [ 1478.445423] should_fail.cold+0x5/0xa [ 1478.446246] _copy_from_user+0x2e/0x1b0 [ 1478.447116] __copy_msghdr_from_user+0x91/0x4b0 [ 1478.448128] ? __ia32_sys_shutdown+0x80/0x80 [ 1478.449075] ? __lock_acquire+0x1657/0x5b00 [ 1478.450021] ___sys_recvmsg+0xd5/0x200 [ 1478.450862] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1478.451917] ? __fget_files+0x2cf/0x520 [ 1478.452786] ? lock_acquire+0x197/0x470 [ 1478.453640] ? find_held_lock+0x2c/0x110 [ 1478.454519] ? __might_fault+0xd3/0x180 [ 1478.455375] ? lock_downgrade+0x6d0/0x6d0 [ 1478.456298] do_recvmmsg+0x24c/0x6d0 [ 1478.457107] ? ___sys_recvmsg+0x200/0x200 [ 1478.457996] ? lock_downgrade+0x6d0/0x6d0 [ 1478.458892] ? ksys_write+0x12d/0x260 [ 1478.459721] ? wait_for_completion_io+0x270/0x270 [ 1478.460765] ? rcu_read_lock_any_held+0x75/0xa0 [ 1478.461761] ? vfs_write+0x354/0xb10 [ 1478.462565] __x64_sys_recvmmsg+0x20f/0x260 [ 1478.463487] ? ksys_write+0x1a9/0x260 [ 1478.464310] ? __do_sys_socketcall+0x600/0x600 [ 1478.465291] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1478.466413] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1478.467519] do_syscall_64+0x33/0x40 [ 1478.468328] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1478.469425] RIP: 0033:0x7f97e8de2b19 [ 1478.470221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1478.474188] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1478.475069] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1478.475817] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1478.475829] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1478.475840] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1478.475851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1478.475868] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1478.477046] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:08:00 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 69) 23:08:00 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 90) 23:08:00 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x91, 0x0, 0x0) 23:08:00 executing program 5: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r0, r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB="5c0073e2dec4520171fa1ea3e19d62757cb4fa1efdaa37460d9500d43a501e0ba37eb9ae8ebb7dd852db35dff72b0848721bf687c296d678b6a7d5ea7941d435d391b7d67b4ed1784dde6f93de3d37499fdce0cd8776c9ddd2275c90ee18e660acf68b90ad11dfc0ad9b1fa7261c16f791206c6d69fd97476eb6f5572accf28d19af5adf1ba1f700d9fdebb8b42e7529", @ANYRES16=r2, @ANYBLOB="000128bd7000fedbdf25430000000c00580054000000000000000c0058005d000000000000000c00580000000000000000000c0058006a000000000000000c0058007f000000000000000c0058003d00000000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r4, r5) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@local, @in6=@remote, 0x4e24, 0xfff7, 0x4e21, 0x4, 0xd43817e05afa7a13, 0x80, 0x80, 0x4, 0x0, 0xee00}, {0x100, 0x80000000, 0x3, 0x6, 0x2, 0x9032, 0xfff, 0xfffffffffffffffc}, {0x2, 0x6, 0x0, 0xfffffffffffffffb}, 0x8, 0x6e6bbf, 0x0, 0x0, 0x2, 0x2}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d4, 0x3c}, 0x2, @in=@broadcast, 0x3500, 0x0, 0x2, 0x80, 0x5be1, 0x1, 0x1}}, 0xe8) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000300)="9475aa49caeb8ec9ded61e4f005c2decafbd39a65088fc2f8483909c9297a07465d030bb82fbc8f13d562497df38ee193f0418c8221351cf2734f23a4f7636eb42c38936d34ad6bbe7d620b1c58c8e14b3853fe3a871241f6e4be0482efa6de5eb1b6aa452f495b83e6505121f6145b77af09bbae0187c9db129393797cb5012cf4bc54632a180899bc316b0d49f2581e1afc302b973f4803b749a99a5f8c451f4685b15b226e5cefdaa331f0d193b4e3a05e85ea048a87f97070547d22634a9100007dbb14756e5716458eea810e2a1b191aca75789a81ebc40", 0xda}, {&(0x7f0000000400)="a82c0c7d4ee35c96c5a3194df3e0dd9d5625a772102c018d80a3902a9feb7036b9bc4d12f35c872ab9dd5ac6432916048163009deca93ed5cd96f8c9760abd58b696fdcc1e2ad2a7ac9c89e2500a7f0a03f4e3a01da43360443c0c1997219c11cfaa0d640fab4dccda876a2340a047e2005f13f35d4ee1567391b1eab1821d18379bc68165fa964e6e18a59e8f486a7afef40b35d4964f6b3d0902cc", 0x9c}, {&(0x7f00000004c0)="d3c2d965df39ba68a29014313ba0c38e01f344e9bf543a288113", 0x1a}, {&(0x7f0000000500)="4dbbd1ba03eec26efb477b0f257d6dfbf381135e0c62e01366ee20b6fafea26486130947be32eea3d8831adf91044d0c205e55c24c9fb2923660a19078283225e76eb96e627f4d02e75061fa9a4bba8cfc5b9d256889174a78eb274e398555", 0x5f}], 0x4, &(0x7f00000005c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0x81}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1f}}, @ip_tos_int={{0x14}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xfa}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}}}}], 0x98}, 0x40084) syz_io_uring_setup(0x3875, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000, 0x1, {0x0, r8}}, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xf, 0x1}, 0x2) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6401000010000100000000000000000000000000010000000000ff7fac141400fe8000000000000000000000000000aa00"/64, @ANYRESHEX=r4, @ANYRES32, @ANYRES16], 0x164}, 0x1, 0x0, 0x0, 0x48004}, 0x8085) [ 1478.575756] FAULT_INJECTION: forcing a failure. [ 1478.575756] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1478.577488] CPU: 1 PID: 8827 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1478.578435] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1478.579568] Call Trace: [ 1478.579933] dump_stack+0x107/0x167 [ 1478.580440] should_fail.cold+0x5/0xa [ 1478.580985] _copy_from_user+0x2e/0x1b0 [ 1478.581528] __copy_msghdr_from_user+0x91/0x4b0 [ 1478.582166] ? __ia32_sys_shutdown+0x80/0x80 [ 1478.582776] ? __lock_acquire+0x1657/0x5b00 [ 1478.583390] ___sys_recvmsg+0xd5/0x200 [ 1478.584029] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1478.584713] ? trace_hardirqs_on+0x5b/0x180 [ 1478.585271] ? lock_acquire+0x197/0x470 [ 1478.585816] ? find_held_lock+0x2c/0x110 [ 1478.586341] ? __might_fault+0xd3/0x180 [ 1478.586887] ? lock_downgrade+0x6d0/0x6d0 [ 1478.587433] do_recvmmsg+0x24c/0x6d0 [ 1478.587945] ? ___sys_recvmsg+0x200/0x200 [ 1478.588528] ? lock_downgrade+0x6d0/0x6d0 [ 1478.589100] ? ksys_write+0x12d/0x260 [ 1478.589625] ? wait_for_completion_io+0x270/0x270 [ 1478.590272] ? rcu_read_lock_any_held+0x75/0xa0 [ 1478.590896] ? vfs_write+0x354/0xb10 [ 1478.591398] __x64_sys_recvmmsg+0x20f/0x260 [ 1478.591988] ? ksys_write+0x1a9/0x260 [ 1478.592480] ? __do_sys_socketcall+0x600/0x600 [ 1478.593110] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1478.593842] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1478.594552] do_syscall_64+0x33/0x40 [ 1478.595059] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1478.595756] RIP: 0033:0x7fcf11593b19 [ 1478.596262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1478.598748] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1478.599771] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1478.600749] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1478.601700] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1478.602672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1478.603580] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1478.633797] FAULT_INJECTION: forcing a failure. [ 1478.633797] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1478.635406] CPU: 1 PID: 8835 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1478.636321] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1478.637414] Call Trace: [ 1478.637766] dump_stack+0x107/0x167 [ 1478.638235] should_fail.cold+0x5/0xa [ 1478.638736] _copy_from_user+0x2e/0x1b0 [ 1478.639247] __copy_msghdr_from_user+0x91/0x4b0 [ 1478.639852] ? __ia32_sys_shutdown+0x80/0x80 [ 1478.640447] ? __lock_acquire+0x1657/0x5b00 [ 1478.641003] ___sys_recvmsg+0xd5/0x200 [ 1478.641515] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1478.642162] ? __fget_files+0x2cf/0x520 [ 1478.642685] ? lock_acquire+0x197/0x470 [ 1478.643202] ? find_held_lock+0x2c/0x110 [ 1478.643721] ? __might_fault+0xd3/0x180 [ 1478.644238] ? lock_downgrade+0x6d0/0x6d0 [ 1478.644786] do_recvmmsg+0x24c/0x6d0 [ 1478.645265] ? ___sys_recvmsg+0x200/0x200 [ 1478.645791] ? lock_downgrade+0x6d0/0x6d0 [ 1478.646326] ? ksys_write+0x12d/0x260 [ 1478.646803] ? wait_for_completion_io+0x270/0x270 [ 1478.647434] ? rcu_read_lock_any_held+0x75/0xa0 [ 1478.648034] ? vfs_write+0x354/0xb10 [ 1478.648526] __x64_sys_recvmmsg+0x20f/0x260 [ 1478.649098] ? ksys_write+0x1a9/0x260 [ 1478.649597] ? __do_sys_socketcall+0x600/0x600 [ 1478.650185] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1478.650885] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1478.651569] do_syscall_64+0x33/0x40 [ 1478.652025] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1478.652690] RIP: 0033:0x7fedaa47eb19 [ 1478.653184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1478.655554] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1478.656530] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1478.657435] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1478.658301] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1478.659227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1478.660154] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1492.526545] FAULT_INJECTION: forcing a failure. [ 1492.526545] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1492.529120] CPU: 1 PID: 8841 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1492.530573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1492.532345] Call Trace: [ 1492.532910] dump_stack+0x107/0x167 [ 1492.533682] should_fail.cold+0x5/0xa [ 1492.534493] _copy_from_user+0x2e/0x1b0 [ 1492.535345] __copy_msghdr_from_user+0x91/0x4b0 [ 1492.536340] ? __ia32_sys_shutdown+0x80/0x80 [ 1492.537273] ? __lock_acquire+0x1657/0x5b00 [ 1492.538206] ___sys_recvmsg+0xd5/0x200 [ 1492.539044] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1492.540086] ? __fget_files+0x2cf/0x520 [ 1492.540942] ? lock_acquire+0x197/0x470 [ 1492.541784] ? find_held_lock+0x2c/0x110 [ 1492.542648] ? __might_fault+0xd3/0x180 [ 1492.543492] ? lock_downgrade+0x6d0/0x6d0 [ 1492.544399] do_recvmmsg+0x24c/0x6d0 [ 1492.545195] ? ___sys_recvmsg+0x200/0x200 [ 1492.546070] ? lock_downgrade+0x6d0/0x6d0 [ 1492.546952] ? ksys_write+0x12d/0x260 [ 1492.547767] ? wait_for_completion_io+0x270/0x270 [ 1492.548797] ? rcu_read_lock_any_held+0x75/0xa0 [ 1492.549777] ? vfs_write+0x354/0xb10 [ 1492.550568] __x64_sys_recvmmsg+0x20f/0x260 [ 1492.551479] ? ksys_write+0x1a9/0x260 [ 1492.552293] ? __do_sys_socketcall+0x600/0x600 [ 1492.553260] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1492.554365] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1492.555454] do_syscall_64+0x33/0x40 [ 1492.556255] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1492.557344] RIP: 0033:0x7fedaa47eb19 [ 1492.558128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1492.562024] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1492.563629] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1492.565144] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1492.566653] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1492.568160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1492.569682] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1492.579414] validate_nla: 2 callbacks suppressed [ 1492.579425] netlink: 'syz-executor.5': attribute type 15 has an invalid length. [ 1492.580061] FAULT_INJECTION: forcing a failure. [ 1492.580061] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1492.580644] netlink: 'syz-executor.5': attribute type 15 has an invalid length. 23:08:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 93) 23:08:14 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x92, 0x0, 0x0) 23:08:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xebb, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:08:14 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 91) 23:08:14 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x8c, 0x0, 0x0) 23:08:14 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) ftruncate(r0, 0x1ff) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4000006}) 23:08:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 70) 23:08:14 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xa00, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1492.582104] CPU: 0 PID: 8847 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1492.587937] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1492.589810] Call Trace: [ 1492.590402] dump_stack+0x107/0x167 [ 1492.591224] should_fail.cold+0x5/0xa [ 1492.592091] _copy_from_user+0x2e/0x1b0 [ 1492.593008] __copy_msghdr_from_user+0x91/0x4b0 [ 1492.593555] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1492.594051] ? __ia32_sys_shutdown+0x80/0x80 [ 1492.594075] ? __lock_acquire+0x1657/0x5b00 [ 1492.595658] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1492.596635] ___sys_recvmsg+0xd5/0x200 [ 1492.596659] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1492.601137] ? __fget_files+0x2cf/0x520 [ 1492.602040] ? lock_acquire+0x197/0x470 [ 1492.602930] ? find_held_lock+0x2c/0x110 [ 1492.603857] ? __might_fault+0xd3/0x180 [ 1492.604760] ? lock_downgrade+0x6d0/0x6d0 [ 1492.605711] do_recvmmsg+0x24c/0x6d0 [ 1492.606564] ? ___sys_recvmsg+0x200/0x200 [ 1492.607500] ? lock_downgrade+0x6d0/0x6d0 [ 1492.608450] ? ksys_write+0x12d/0x260 [ 1492.609313] ? wait_for_completion_io+0x270/0x270 [ 1492.610409] ? rcu_read_lock_any_held+0x75/0xa0 [ 1492.610926] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1492.611451] ? vfs_write+0x354/0xb10 [ 1492.611485] __x64_sys_recvmmsg+0x20f/0x260 [ 1492.613082] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1492.613882] ? ksys_write+0x1a9/0x260 [ 1492.613906] ? __do_sys_socketcall+0x600/0x600 [ 1492.618278] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1492.619461] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1492.620630] do_syscall_64+0x33/0x40 [ 1492.621472] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1492.622620] RIP: 0033:0x7f97e8de2b19 [ 1492.623452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1492.627598] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1492.629317] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1492.630918] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1492.632530] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1492.634135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1492.635740] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1492.652792] FAULT_INJECTION: forcing a failure. [ 1492.652792] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1492.655338] CPU: 1 PID: 8856 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1492.656813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1492.658575] Call Trace: [ 1492.659129] dump_stack+0x107/0x167 [ 1492.659900] should_fail.cold+0x5/0xa [ 1492.660722] _copy_from_user+0x2e/0x1b0 [ 1492.661572] __copy_msghdr_from_user+0x91/0x4b0 [ 1492.662557] ? __ia32_sys_shutdown+0x80/0x80 [ 1492.663489] ? __lock_acquire+0x1657/0x5b00 [ 1492.664430] ___sys_recvmsg+0xd5/0x200 [ 1492.665261] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1492.666295] ? trace_hardirqs_on+0x5b/0x180 [ 1492.667218] ? lock_acquire+0x197/0x470 [ 1492.668061] ? find_held_lock+0x2c/0x110 [ 1492.668928] ? __might_fault+0xd3/0x180 [ 1492.669768] ? lock_downgrade+0x6d0/0x6d0 [ 1492.670661] do_recvmmsg+0x24c/0x6d0 [ 1492.671454] ? ___sys_recvmsg+0x200/0x200 [ 1492.672346] ? lock_downgrade+0x6d0/0x6d0 [ 1492.673228] ? ksys_write+0x12d/0x260 [ 1492.674045] ? wait_for_completion_io+0x270/0x270 [ 1492.675194] ? rcu_read_lock_any_held+0x75/0xa0 [ 1492.676373] ? vfs_write+0x354/0xb10 [ 1492.677162] __x64_sys_recvmmsg+0x20f/0x260 [ 1492.678071] ? ksys_write+0x1a9/0x260 [ 1492.678879] ? __do_sys_socketcall+0x600/0x600 [ 1492.679844] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1492.680959] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1492.682041] do_syscall_64+0x33/0x40 [ 1492.682824] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1492.683904] RIP: 0033:0x7fcf11593b19 [ 1492.684701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1492.688602] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1492.690210] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1492.691711] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1492.693226] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1492.694724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1492.696227] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:08:15 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x8d, 0x0, 0x0) 23:08:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xebc, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:08:15 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x93, 0x0, 0x0) [ 1492.764426] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1492.766188] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1492.781159] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1492.782840] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1505.168989] FAULT_INJECTION: forcing a failure. [ 1505.168989] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.170492] CPU: 0 PID: 8878 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1505.171321] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.172343] Call Trace: [ 1505.172959] dump_stack+0x107/0x167 [ 1505.173405] should_fail.cold+0x5/0xa [ 1505.173876] _copy_from_user+0x2e/0x1b0 [ 1505.174367] __copy_msghdr_from_user+0x91/0x4b0 [ 1505.174933] ? __ia32_sys_shutdown+0x80/0x80 [ 1505.175468] ? __lock_acquire+0x1657/0x5b00 [ 1505.176009] ___sys_recvmsg+0xd5/0x200 [ 1505.176489] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1505.177094] ? __fget_files+0x2cf/0x520 [ 1505.177581] ? lock_acquire+0x197/0x470 [ 1505.178060] ? find_held_lock+0x2c/0x110 [ 1505.178556] ? __might_fault+0xd3/0x180 [ 1505.179036] ? lock_downgrade+0x6d0/0x6d0 [ 1505.179554] do_recvmmsg+0x24c/0x6d0 [ 1505.180011] ? ___sys_recvmsg+0x200/0x200 [ 1505.180521] ? lock_downgrade+0x6d0/0x6d0 [ 1505.180894] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1505.181050] ? ksys_write+0x12d/0x260 [ 1505.182653] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1505.183060] ? wait_for_completion_io+0x270/0x270 [ 1505.185176] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.185740] ? vfs_write+0x354/0xb10 [ 1505.186198] __x64_sys_recvmmsg+0x20f/0x260 [ 1505.186721] ? ksys_write+0x1a9/0x260 [ 1505.187180] ? __do_sys_socketcall+0x600/0x600 [ 1505.187741] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.188381] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.189004] do_syscall_64+0x33/0x40 [ 1505.189452] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.190069] RIP: 0033:0x7fedaa47eb19 [ 1505.190516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.192723] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1505.193539] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1505.193641] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1505.193657] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1505.195244] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1505.196082] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 23:08:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xec0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:08:27 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x801, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x4, 0x0, 0x1, 0xc000000000000000, 0x3, 0x3, 0x18c, 0x109, 0x40, 0x3a7, 0x8000, 0x4, 0x38, 0x2, 0x7, 0x101, 0x5}, [{0x60000000, 0x0, 0x8, 0x9, 0x1, 0x1, 0x3d, 0x9}, {0x6474e551, 0x1, 0x6466, 0x0, 0x0, 0x3, 0x1, 0x6}], "4f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b", ['\x00']}, 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r3 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)) lseek(r3, 0xfffffffffffffff9, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f0000000680)=ANY=[@ANYBLOB="01afbb5ad2000200010000002f673210104e182fc2da8c28662c7ba0abc628ba198ffcc5f7a72310898a7bffe097a6a56a80e5e6f53bf7f9bb58b92b5f381a9fb32c1a50f54fa8fbc2c61a978f9130d581555b442fd73a852bee64dc15157c6b83ce147292b2c9d867db7ce1caebfbc57d106f03b19e4ebce9c63d34ff58025eacf516750adf18aea41471372c95406951844e0a46177476c2ad4f6c8be9b84e5d5b02b4ee427362df96ad9d", @ANYRES32=r3, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB='./file0\x00']) ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40086607, &(0x7f0000000080)=0xc0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) r8 = dup2(r7, r7) ioctl$HIDIOCINITREPORT(r8, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r8, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40082404, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB="0d6ddaa1bf8a4937cc1322a233b643faa2074d7c2c3105f924102810886212129a1db577f0d495d404bd7ab4c5c680a9ad02b0d5a2f220cc5425af0fc3e8e0005460595cbbfc89", @ANYRESHEX=r5, @ANYBLOB=',\x00']) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0x80, 0x3ebccf14}}, './file0/../file0\x00'}) 23:08:27 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 71) 23:08:27 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) fallocate(r0, 0x0, 0x0, 0x1000002) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000440), 0x8) openat(r0, &(0x7f0000000040)='./file1\x00', 0x44400, 0x8) r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x2) sendfile(r1, r2, 0x0, 0x100000001) mmap(&(0x7f0000266000/0x8000)=nil, 0x8000, 0x1000009, 0x1f012, r0, 0x0) 23:08:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x94, 0x0, 0x0) 23:08:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 94) 23:08:27 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 92) 23:08:27 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x8e, 0x0, 0x0) [ 1505.196090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.196096] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1505.212946] FAULT_INJECTION: forcing a failure. [ 1505.212946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.215423] CPU: 1 PID: 8875 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1505.216865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.218607] Call Trace: [ 1505.219170] dump_stack+0x107/0x167 [ 1505.219940] should_fail.cold+0x5/0xa [ 1505.220761] _copy_from_user+0x2e/0x1b0 [ 1505.221602] __copy_msghdr_from_user+0x91/0x4b0 [ 1505.222587] ? __ia32_sys_shutdown+0x80/0x80 [ 1505.223514] ? __lock_acquire+0x1657/0x5b00 [ 1505.224441] ___sys_recvmsg+0xd5/0x200 [ 1505.225274] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1505.226311] ? __fget_files+0x2cf/0x520 [ 1505.227154] ? lock_acquire+0x197/0x470 [ 1505.227997] ? find_held_lock+0x2c/0x110 [ 1505.228866] ? __might_fault+0xd3/0x180 [ 1505.229707] ? lock_downgrade+0x6d0/0x6d0 [ 1505.230594] do_recvmmsg+0x24c/0x6d0 [ 1505.231384] ? ___sys_recvmsg+0x200/0x200 [ 1505.232256] ? lock_downgrade+0x6d0/0x6d0 [ 1505.233141] ? ksys_write+0x12d/0x260 [ 1505.233954] ? wait_for_completion_io+0x270/0x270 [ 1505.234985] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.235957] ? vfs_write+0x354/0xb10 [ 1505.236754] __x64_sys_recvmmsg+0x20f/0x260 [ 1505.237670] ? ksys_write+0x1a9/0x260 [ 1505.238471] ? __do_sys_socketcall+0x600/0x600 [ 1505.239435] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.240545] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.241645] do_syscall_64+0x33/0x40 [ 1505.242426] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.243511] RIP: 0033:0x7f97e8de2b19 [ 1505.244293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.248166] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1505.249772] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1505.251266] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1505.252760] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.254253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.255742] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1505.258922] FAULT_INJECTION: forcing a failure. [ 1505.258922] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.260356] CPU: 0 PID: 8890 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1505.261184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.262145] Call Trace: [ 1505.262460] dump_stack+0x107/0x167 [ 1505.262902] should_fail.cold+0x5/0xa [ 1505.263361] _copy_from_user+0x2e/0x1b0 23:08:27 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 93) [ 1505.263836] __copy_msghdr_from_user+0x91/0x4b0 [ 1505.264542] ? __ia32_sys_shutdown+0x80/0x80 [ 1505.265071] ? __lock_acquire+0x1657/0x5b00 [ 1505.265591] ___sys_recvmsg+0xd5/0x200 [ 1505.266049] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1505.266630] ? __fget_files+0x2cf/0x520 [ 1505.267098] ? lock_acquire+0x197/0x470 [ 1505.267562] ? find_held_lock+0x2c/0x110 [ 1505.268033] ? __might_fault+0xd3/0x180 [ 1505.268234] FAULT_INJECTION: forcing a failure. [ 1505.268234] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.268503] ? lock_downgrade+0x6d0/0x6d0 [ 1505.268533] do_recvmmsg+0x24c/0x6d0 [ 1505.271857] ? ___sys_recvmsg+0x200/0x200 [ 1505.272348] ? lock_downgrade+0x6d0/0x6d0 [ 1505.272850] ? ksys_write+0x12d/0x260 [ 1505.273312] ? wait_for_completion_io+0x270/0x270 [ 1505.273877] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.274421] ? vfs_write+0x354/0xb10 [ 1505.274868] __x64_sys_recvmmsg+0x20f/0x260 [ 1505.275381] ? ksys_write+0x1a9/0x260 [ 1505.275824] ? __do_sys_socketcall+0x600/0x600 [ 1505.276361] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.276987] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.277582] do_syscall_64+0x33/0x40 [ 1505.278021] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.278613] RIP: 0033:0x7fcf11593b19 [ 1505.279046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.281169] RSP: 002b:00007fcf0eae8188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1505.282063] RAX: ffffffffffffffda RBX: 00007fcf116a7020 RCX: 00007fcf11593b19 [ 1505.282887] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1505.283708] RBP: 00007fcf0eae81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.284536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.285354] R13: 00007ffca39d7fcf R14: 00007fcf0eae8300 R15: 0000000000022000 [ 1505.286200] CPU: 1 PID: 8892 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1505.287747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.289531] Call Trace: [ 1505.290092] dump_stack+0x107/0x167 [ 1505.290864] should_fail.cold+0x5/0xa [ 1505.291678] _copy_from_user+0x2e/0x1b0 [ 1505.292534] __copy_msghdr_from_user+0x91/0x4b0 [ 1505.293518] ? __ia32_sys_shutdown+0x80/0x80 [ 1505.294455] ? __lock_acquire+0x1657/0x5b00 [ 1505.295386] ___sys_recvmsg+0xd5/0x200 [ 1505.296213] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1505.297261] ? __fget_files+0x2cf/0x520 [ 1505.298110] ? lock_acquire+0x197/0x470 [ 1505.298944] ? find_held_lock+0x2c/0x110 [ 1505.299806] ? __might_fault+0xd3/0x180 [ 1505.300652] ? lock_downgrade+0x6d0/0x6d0 [ 1505.301532] do_recvmmsg+0x24c/0x6d0 [ 1505.302327] ? ___sys_recvmsg+0x200/0x200 [ 1505.303200] ? lock_downgrade+0x6d0/0x6d0 [ 1505.304083] ? ksys_write+0x12d/0x260 [ 1505.304902] ? wait_for_completion_io+0x270/0x270 [ 1505.305920] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.306898] ? vfs_write+0x354/0xb10 [ 1505.307688] __x64_sys_recvmmsg+0x20f/0x260 [ 1505.308616] ? ksys_write+0x1a9/0x260 [ 1505.309422] ? __do_sys_socketcall+0x600/0x600 [ 1505.310376] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.311469] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.312553] do_syscall_64+0x33/0x40 [ 1505.313332] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.314408] RIP: 0033:0x7fedaa47eb19 [ 1505.315193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.319084] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1505.320690] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1505.322192] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1505.323688] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.325211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.326691] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1505.342826] 9pnet: Insufficient options for proto=fd 23:08:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 95) 23:08:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x95, 0x0, 0x0) 23:08:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xf00, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1505.399267] FAULT_INJECTION: forcing a failure. [ 1505.399267] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.400648] CPU: 0 PID: 8898 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1505.401418] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.402366] Call Trace: [ 1505.402678] dump_stack+0x107/0x167 [ 1505.403091] should_fail.cold+0x5/0xa [ 1505.403529] _copy_from_user+0x2e/0x1b0 [ 1505.403985] __copy_msghdr_from_user+0x91/0x4b0 [ 1505.404525] ? __ia32_sys_shutdown+0x80/0x80 [ 1505.405029] ? __lock_acquire+0x1657/0x5b00 [ 1505.405527] ___sys_recvmsg+0xd5/0x200 [ 1505.405968] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1505.406522] ? trace_hardirqs_on+0x5b/0x180 [ 1505.407021] ? lock_acquire+0x197/0x470 [ 1505.407474] ? find_held_lock+0x2c/0x110 [ 1505.407938] ? __might_fault+0xd3/0x180 [ 1505.408389] ? lock_downgrade+0x6d0/0x6d0 [ 1505.408872] do_recvmmsg+0x24c/0x6d0 [ 1505.409294] ? ___sys_recvmsg+0x200/0x200 [ 1505.409768] ? lock_downgrade+0x6d0/0x6d0 [ 1505.410242] ? ksys_write+0x12d/0x260 [ 1505.410695] ? wait_for_completion_io+0x270/0x270 [ 1505.411255] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.411799] ? vfs_write+0x354/0xb10 [ 1505.412225] __x64_sys_recvmmsg+0x20f/0x260 [ 1505.412724] ? ksys_write+0x1a9/0x260 [ 1505.413153] ? __do_sys_socketcall+0x600/0x600 [ 1505.413673] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.414265] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.414869] do_syscall_64+0x33/0x40 [ 1505.415288] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.415881] RIP: 0033:0x7f97e8de2b19 [ 1505.416306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.418470] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1505.419340] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1505.420144] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1505.420966] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.421779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.422587] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 23:08:27 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 72) 23:08:27 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x8f, 0x0, 0x0) [ 1505.441614] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1505.442478] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:08:27 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x8e, 0x0, 0x0) 23:08:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 96) [ 1505.480668] FAULT_INJECTION: forcing a failure. [ 1505.480668] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.482092] CPU: 0 PID: 8906 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1505.482873] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.483817] Call Trace: [ 1505.484118] dump_stack+0x107/0x167 [ 1505.484543] should_fail.cold+0x5/0xa [ 1505.484984] _copy_from_user+0x2e/0x1b0 [ 1505.485433] __copy_msghdr_from_user+0x91/0x4b0 [ 1505.485959] ? __ia32_sys_shutdown+0x80/0x80 [ 1505.486453] ? __lock_acquire+0x1657/0x5b00 [ 1505.486952] ___sys_recvmsg+0xd5/0x200 [ 1505.487393] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1505.487947] ? __fget_files+0x2cf/0x520 [ 1505.488404] ? lock_acquire+0x197/0x470 [ 1505.488855] ? find_held_lock+0x2c/0x110 [ 1505.489315] ? __might_fault+0xd3/0x180 [ 1505.489775] ? lock_downgrade+0x6d0/0x6d0 [ 1505.490251] do_recvmmsg+0x24c/0x6d0 [ 1505.490677] ? ___sys_recvmsg+0x200/0x200 [ 1505.491151] ? lock_downgrade+0x6d0/0x6d0 [ 1505.491624] ? ksys_write+0x12d/0x260 [ 1505.492057] ? wait_for_completion_io+0x270/0x270 [ 1505.492622] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.493153] ? vfs_write+0x354/0xb10 [ 1505.493579] __x64_sys_recvmmsg+0x20f/0x260 [ 1505.494067] ? ksys_write+0x1a9/0x260 [ 1505.494505] ? __do_sys_socketcall+0x600/0x600 [ 1505.495043] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.495649] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.496249] do_syscall_64+0x33/0x40 [ 1505.496678] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.497268] RIP: 0033:0x7f97e8de2b19 [ 1505.497685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.499801] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1505.500690] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1505.501511] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1505.502333] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.503165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.503988] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 23:08:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x96, 0x0, 0x0) 23:08:27 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 94) 23:08:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 97) [ 1505.558571] FAULT_INJECTION: forcing a failure. [ 1505.558571] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.559961] CPU: 0 PID: 8913 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1505.560765] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.561725] Call Trace: [ 1505.562032] dump_stack+0x107/0x167 [ 1505.562454] should_fail.cold+0x5/0xa [ 1505.562903] _copy_from_user+0x2e/0x1b0 [ 1505.563363] __copy_msghdr_from_user+0x91/0x4b0 [ 1505.563891] ? __ia32_sys_shutdown+0x80/0x80 [ 1505.564403] ? __lock_acquire+0x1657/0x5b00 [ 1505.564592] FAULT_INJECTION: forcing a failure. [ 1505.564592] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.564911] ___sys_recvmsg+0xd5/0x200 [ 1505.567790] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1505.568359] ? __fget_files+0x2cf/0x520 [ 1505.568827] ? lock_acquire+0x197/0x470 [ 1505.569287] ? find_held_lock+0x2c/0x110 [ 1505.569750] ? __might_fault+0xd3/0x180 [ 1505.570199] ? lock_downgrade+0x6d0/0x6d0 [ 1505.570684] do_recvmmsg+0x24c/0x6d0 [ 1505.571116] ? ___sys_recvmsg+0x200/0x200 [ 1505.571585] ? lock_downgrade+0x6d0/0x6d0 [ 1505.572079] ? ksys_write+0x12d/0x260 [ 1505.572529] ? wait_for_completion_io+0x270/0x270 [ 1505.573081] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.573613] ? vfs_write+0x354/0xb10 [ 1505.574045] __x64_sys_recvmmsg+0x20f/0x260 [ 1505.574536] ? ksys_write+0x1a9/0x260 [ 1505.574971] ? __do_sys_socketcall+0x600/0x600 [ 1505.575486] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.576074] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.576660] do_syscall_64+0x33/0x40 [ 1505.577077] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.577657] RIP: 0033:0x7fedaa47eb19 [ 1505.578077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.580150] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1505.581016] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1505.581821] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1505.582624] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.583427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.584230] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1505.585080] CPU: 1 PID: 8910 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1505.586538] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.588301] Call Trace: [ 1505.588884] dump_stack+0x107/0x167 [ 1505.589658] should_fail.cold+0x5/0xa [ 1505.590475] _copy_from_user+0x2e/0x1b0 [ 1505.591327] __copy_msghdr_from_user+0x91/0x4b0 [ 1505.592320] ? __ia32_sys_shutdown+0x80/0x80 [ 1505.593272] ? __lock_acquire+0x1657/0x5b00 [ 1505.594208] ___sys_recvmsg+0xd5/0x200 [ 1505.595034] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1505.596075] ? trace_hardirqs_on+0x5b/0x180 [ 1505.597001] ? lock_acquire+0x197/0x470 [ 1505.597851] ? find_held_lock+0x2c/0x110 [ 1505.598512] FAULT_INJECTION: forcing a failure. [ 1505.598512] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.598714] ? __might_fault+0xd3/0x180 [ 1505.598735] ? lock_downgrade+0x6d0/0x6d0 [ 1505.601710] do_recvmmsg+0x24c/0x6d0 [ 1505.602494] ? ___sys_recvmsg+0x200/0x200 [ 1505.603367] ? lock_downgrade+0x6d0/0x6d0 [ 1505.604242] ? ksys_write+0x12d/0x260 [ 1505.605051] ? wait_for_completion_io+0x270/0x270 [ 1505.606067] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.607041] ? vfs_write+0x354/0xb10 [ 1505.607824] __x64_sys_recvmmsg+0x20f/0x260 [ 1505.608738] ? ksys_write+0x1a9/0x260 [ 1505.609540] ? __do_sys_socketcall+0x600/0x600 [ 1505.610497] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.611587] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.612674] do_syscall_64+0x33/0x40 [ 1505.613457] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.614515] RIP: 0033:0x7fcf11593b19 [ 1505.615298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.619146] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1505.620762] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1505.622257] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1505.623737] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.625237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.626727] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1505.628235] CPU: 0 PID: 8915 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1505.629038] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.629982] Call Trace: [ 1505.630286] dump_stack+0x107/0x167 [ 1505.630698] should_fail.cold+0x5/0xa [ 1505.631140] _copy_from_user+0x2e/0x1b0 [ 1505.631606] __copy_msghdr_from_user+0x91/0x4b0 [ 1505.632139] ? __ia32_sys_shutdown+0x80/0x80 [ 1505.632656] ? __lock_acquire+0x1657/0x5b00 [ 1505.633160] ___sys_recvmsg+0xd5/0x200 [ 1505.633608] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1505.634185] ? trace_hardirqs_on+0x5b/0x180 [ 1505.634679] ? lock_acquire+0x197/0x470 [ 1505.635130] ? find_held_lock+0x2c/0x110 [ 1505.635599] ? __might_fault+0xd3/0x180 [ 1505.636062] ? lock_downgrade+0x6d0/0x6d0 [ 1505.636544] do_recvmmsg+0x24c/0x6d0 [ 1505.636984] ? ___sys_recvmsg+0x200/0x200 [ 1505.637453] ? lock_downgrade+0x6d0/0x6d0 [ 1505.637938] ? ksys_write+0x12d/0x260 [ 1505.638388] ? wait_for_completion_io+0x270/0x270 [ 1505.638945] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.639483] ? vfs_write+0x354/0xb10 [ 1505.639918] __x64_sys_recvmmsg+0x20f/0x260 [ 1505.640411] ? ksys_write+0x1a9/0x260 [ 1505.640851] ? __do_sys_socketcall+0x600/0x600 [ 1505.641369] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.641987] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.642574] do_syscall_64+0x33/0x40 [ 1505.642999] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.643585] RIP: 0033:0x7f97e8de2b19 [ 1505.644009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.646156] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1505.647040] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1505.647867] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1505.648698] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.649518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.650344] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1519.010034] FAULT_INJECTION: forcing a failure. [ 1519.010034] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.011488] CPU: 0 PID: 8933 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1519.012279] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1519.013307] Call Trace: [ 1519.013619] dump_stack+0x107/0x167 [ 1519.014042] should_fail.cold+0x5/0xa [ 1519.014518] _copy_from_user+0x2e/0x1b0 [ 1519.014985] __copy_msghdr_from_user+0x91/0x4b0 [ 1519.015523] ? __ia32_sys_shutdown+0x80/0x80 [ 1519.016034] ? __lock_acquire+0x1657/0x5b00 [ 1519.016544] ___sys_recvmsg+0xd5/0x200 [ 1519.017000] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1519.017564] ? trace_hardirqs_on+0x5b/0x180 [ 1519.018064] ? lock_acquire+0x197/0x470 [ 1519.018521] ? find_held_lock+0x2c/0x110 [ 1519.019029] ? __might_fault+0xd3/0x180 [ 1519.019491] ? lock_downgrade+0x6d0/0x6d0 [ 1519.020014] do_recvmmsg+0x24c/0x6d0 [ 1519.020451] ? ___sys_recvmsg+0x200/0x200 [ 1519.020965] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1519.021603] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1519.022146] ? trace_hardirqs_on+0x5b/0x180 [ 1519.022666] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1519.023211] ? finish_task_switch+0x126/0x5d0 [ 1519.023761] ? finish_task_switch+0xef/0x5d0 [ 1519.024306] __x64_sys_recvmmsg+0x20f/0x260 [ 1519.024847] ? ksys_write+0x1a9/0x260 [ 1519.025290] ? __do_sys_socketcall+0x600/0x600 [ 1519.025856] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1519.026465] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1519.027058] do_syscall_64+0x33/0x40 [ 1519.027486] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1519.028074] RIP: 0033:0x7f97e8de2b19 [ 1519.028532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1519.030855] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1519.031783] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1519.032611] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1519.033485] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1519.034306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1519.035174] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 23:08:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 73) 23:08:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x4800, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:08:41 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 95) 23:08:41 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x97, 0x0, 0x0) 23:08:41 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x90, 0x0, 0x0) 23:08:41 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x8e, 0x0, 0x0) 23:08:41 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x55d3, 0x0, 0x3, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r3, 0x0, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="6c42b34d541c8ba15a7548b966278e0b9527b9e3dfa1e5701dcfcb3d344d328cab54f4a08dfe30fe401de16db867c4119fc889aa07725abbb8e980de49edf6626062dcc6dc0f8277933bc5568a95935077007356f00db9c259e490ee32f527b30b34a3ea02ac8ac27d9706952a6f5a68a468f0c17edca465c9d679dcbc228ce9992d718915a562fec8ef1ee073efe4629b9b1be7fa5d4762b963569a77eb3454b520339ff88e04688f0fffcef11feac2417c8ab2380666cda07c2c1f0fdee154cf94"]) io_uring_enter(r6, 0x647c, 0xad9f, 0x2, &(0x7f0000000240)={[0x5]}, 0x8) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000001c0)={'syz_tun\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="0000600000005ec94c6016b0c8c4ba0963cfa0c8ce052a538d662bd95522ea50d0123a1468b0cc8417557ca5b7ada30f092c4114210500000000000000cc6e9daa3121cee7896e252bf8dcd81ec0ec849505445b57021bb19abb718921fdf8f5cf9da6316d4652995a726fef040ac40902657f55123073292f9187ddf0ee1cf8349c2f94e7c851b90542adddbfbe811376f69208ae210e3f36a4f5b41dab92ff5498dd7d96b47d782704b80c39b405ef156bcd8cb14c603291f27737b4c9c8eaa90a031a0c58ff6af5129a2a61a6aa718dea9a2d74289e950c6e3339a35ad751317be2f426105d1764b82e8e7e8fca5cf0a658ff9ca9ad57e1c850a303608cac71f3cca8e38e9de9af4f3d223df0c6382a31dad31894bfe44c9dba6df86137946a6de8f85a01f1d40858dd05db44ad50ee3cd2ac9d89d77929b5e4ddeb94f537d1744c18b320d9cdcf4bbc2d4577faef0598493772a76f3a2334669e80852cc50a8cf3afacb30ed75e7365fb30e889e40359376e91654416da8b63c70b4e3eedd3449225232dd42f137baded3a384d3a707b6b23ed7a48b2ef1832effbfd5e42b79ce900b8737ac8415673ee75265742597fd001e0df4c6866e8353e080ba73527b5e146d1c10576f603ec244151cf9646cd59ad1bf5966c10731a0dd2009880c2e658083f7a7c8b0305e18e2483be2636e8c69e5c4763f84b6feb47312001452089"]}) setsockopt$inet6_int(r5, 0x29, 0x3a, &(0x7f0000000080)=0x3ff, 0x4) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_MOD(r7, 0x3, r4, &(0x7f00000000c0)={0x80000000}) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}}, 0x0) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r8}}, 0x0) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f0000000100)) 23:08:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 98) [ 1519.047214] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1519.048114] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1519.053255] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1519.053418] FAULT_INJECTION: forcing a failure. [ 1519.053418] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.054306] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1519.058333] CPU: 1 PID: 8930 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1519.059793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1519.061508] Call Trace: [ 1519.062050] dump_stack+0x107/0x167 [ 1519.062802] should_fail.cold+0x5/0xa [ 1519.063616] _copy_from_user+0x2e/0x1b0 [ 1519.064443] __copy_msghdr_from_user+0x91/0x4b0 [ 1519.065417] ? __ia32_sys_shutdown+0x80/0x80 [ 1519.066320] ? __lock_acquire+0x1657/0x5b00 [ 1519.067231] ___sys_recvmsg+0xd5/0x200 [ 1519.068028] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1519.069035] ? trace_hardirqs_on+0x5b/0x180 [ 1519.069920] ? lock_acquire+0x197/0x470 [ 1519.070742] ? find_held_lock+0x2c/0x110 [ 1519.071574] ? __might_fault+0xd3/0x180 [ 1519.072395] ? lock_downgrade+0x6d0/0x6d0 [ 1519.073270] do_recvmmsg+0x24c/0x6d0 [ 1519.074040] ? ___sys_recvmsg+0x200/0x200 [ 1519.074890] ? lock_downgrade+0x6d0/0x6d0 [ 1519.075746] ? ksys_write+0x12d/0x260 [ 1519.076548] ? wait_for_completion_io+0x270/0x270 [ 1519.077533] ? rcu_read_lock_any_held+0x75/0xa0 [ 1519.078475] ? vfs_write+0x354/0xb10 [ 1519.079249] __x64_sys_recvmmsg+0x20f/0x260 [ 1519.080133] ? ksys_write+0x1a9/0x260 [ 1519.080912] ? __do_sys_socketcall+0x600/0x600 [ 1519.081849] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1519.082918] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1519.083970] do_syscall_64+0x33/0x40 [ 1519.084738] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1519.085780] RIP: 0033:0x7fedaa47eb19 [ 1519.086541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1519.089957] FAULT_INJECTION: forcing a failure. [ 1519.089957] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.090302] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1519.093234] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1519.094709] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1519.096182] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1519.097646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1519.099091] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1519.100575] CPU: 0 PID: 8944 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1519.101395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1519.102382] Call Trace: [ 1519.102698] dump_stack+0x107/0x167 [ 1519.103130] should_fail.cold+0x5/0xa [ 1519.103593] _copy_from_user+0x2e/0x1b0 [ 1519.104068] __copy_msghdr_from_user+0x91/0x4b0 23:08:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x4c00, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1519.104626] ? __ia32_sys_shutdown+0x80/0x80 [ 1519.105291] ? __lock_acquire+0x1657/0x5b00 [ 1519.105815] ___sys_recvmsg+0xd5/0x200 [ 1519.106280] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1519.106866] ? trace_hardirqs_on+0x5b/0x180 [ 1519.107383] ? lock_acquire+0x197/0x470 [ 1519.107860] ? find_held_lock+0x2c/0x110 [ 1519.108347] ? __might_fault+0xd3/0x180 [ 1519.108828] ? lock_downgrade+0x6d0/0x6d0 [ 1519.109333] do_recvmmsg+0x24c/0x6d0 [ 1519.109776] ? ___sys_recvmsg+0x200/0x200 [ 1519.110267] ? lock_downgrade+0x6d0/0x6d0 [ 1519.110765] ? ksys_write+0x12d/0x260 [ 1519.111220] ? wait_for_completion_io+0x270/0x270 [ 1519.111791] ? rcu_read_lock_any_held+0x75/0xa0 [ 1519.112338] ? vfs_write+0x354/0xb10 [ 1519.112786] __x64_sys_recvmmsg+0x20f/0x260 [ 1519.113300] ? ksys_write+0x1a9/0x260 [ 1519.113751] ? __do_sys_socketcall+0x600/0x600 [ 1519.114286] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1519.114899] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1519.115507] do_syscall_64+0x33/0x40 [ 1519.115951] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1519.116559] RIP: 0033:0x7fcf11593b19 [ 1519.116995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1519.119158] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1519.120046] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1519.120898] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1519.121735] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1519.122579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1519.123412] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:08:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 99) 23:08:41 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x91, 0x0, 0x0) [ 1519.147654] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1519.149290] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1519.163265] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1519.164937] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:08:41 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x98, 0x0, 0x0) [ 1519.187447] FAULT_INJECTION: forcing a failure. [ 1519.187447] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.190102] CPU: 1 PID: 8954 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1519.191540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1519.193299] Call Trace: [ 1519.193875] dump_stack+0x107/0x167 [ 1519.194647] should_fail.cold+0x5/0xa [ 1519.195465] _copy_from_user+0x2e/0x1b0 [ 1519.196314] __copy_msghdr_from_user+0x91/0x4b0 [ 1519.197315] ? __ia32_sys_shutdown+0x80/0x80 [ 1519.198248] ? __lock_acquire+0x1657/0x5b00 [ 1519.199184] ___sys_recvmsg+0xd5/0x200 [ 1519.200007] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1519.201050] ? trace_hardirqs_on+0x5b/0x180 [ 1519.201971] ? lock_acquire+0x197/0x470 [ 1519.202995] ? find_held_lock+0x2c/0x110 [ 1519.203869] ? __might_fault+0xd3/0x180 [ 1519.204724] ? lock_downgrade+0x6d0/0x6d0 [ 1519.205620] do_recvmmsg+0x24c/0x6d0 [ 1519.206412] ? ___sys_recvmsg+0x200/0x200 [ 1519.207294] ? lock_downgrade+0x6d0/0x6d0 [ 1519.208181] ? ksys_write+0x12d/0x260 [ 1519.209005] ? wait_for_completion_io+0x270/0x270 [ 1519.210024] ? rcu_read_lock_any_held+0x75/0xa0 [ 1519.210998] ? vfs_write+0x354/0xb10 [ 1519.211789] __x64_sys_recvmmsg+0x20f/0x260 [ 1519.212714] ? ksys_write+0x1a9/0x260 [ 1519.213701] ? __do_sys_socketcall+0x600/0x600 [ 1519.214677] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1519.216030] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1519.217212] do_syscall_64+0x33/0x40 [ 1519.218164] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1519.219244] RIP: 0033:0x7f97e8de2b19 [ 1519.220211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1519.224078] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1519.226044] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1519.227880] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1519.229717] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1519.231556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1519.233394] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 23:08:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 74) 23:08:41 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 96) [ 1519.259819] FAULT_INJECTION: forcing a failure. [ 1519.259819] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.261235] CPU: 0 PID: 8964 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1519.262026] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1519.262981] Call Trace: [ 1519.263292] dump_stack+0x107/0x167 [ 1519.263709] should_fail.cold+0x5/0xa [ 1519.264152] _copy_from_user+0x2e/0x1b0 [ 1519.264623] __copy_msghdr_from_user+0x91/0x4b0 [ 1519.265155] ? __ia32_sys_shutdown+0x80/0x80 [ 1519.265661] ? __lock_acquire+0x1657/0x5b00 [ 1519.266164] ___sys_recvmsg+0xd5/0x200 [ 1519.266610] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1519.267176] ? __fget_files+0x2cf/0x520 [ 1519.267642] ? lock_acquire+0x197/0x470 [ 1519.268094] ? find_held_lock+0x2c/0x110 [ 1519.268572] ? __might_fault+0xd3/0x180 [ 1519.269027] ? lock_downgrade+0x6d0/0x6d0 [ 1519.269516] do_recvmmsg+0x24c/0x6d0 [ 1519.269947] ? ___sys_recvmsg+0x200/0x200 [ 1519.270422] ? lock_downgrade+0x6d0/0x6d0 [ 1519.270900] ? ksys_write+0x12d/0x260 [ 1519.271339] ? wait_for_completion_io+0x270/0x270 [ 1519.271898] ? rcu_read_lock_any_held+0x75/0xa0 [ 1519.272605] ? vfs_write+0x354/0xb10 [ 1519.273042] __x64_sys_recvmmsg+0x20f/0x260 [ 1519.273537] ? ksys_write+0x1a9/0x260 [ 1519.273971] ? __do_sys_socketcall+0x600/0x600 [ 1519.274492] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1519.275094] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1519.275682] do_syscall_64+0x33/0x40 [ 1519.276105] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1519.276698] RIP: 0033:0x7fcf11593b19 [ 1519.277126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1519.279233] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1519.280104] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1519.280924] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1519.281745] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1519.282560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1519.283380] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1519.284762] FAULT_INJECTION: forcing a failure. [ 1519.284762] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.286133] CPU: 0 PID: 8963 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1519.286925] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1519.287876] Call Trace: [ 1519.288179] dump_stack+0x107/0x167 [ 1519.288606] should_fail.cold+0x5/0xa [ 1519.289040] _copy_from_user+0x2e/0x1b0 [ 1519.289496] __copy_msghdr_from_user+0x91/0x4b0 [ 1519.290028] ? __ia32_sys_shutdown+0x80/0x80 [ 1519.290526] ? __lock_acquire+0x1657/0x5b00 [ 1519.291029] ___sys_recvmsg+0xd5/0x200 [ 1519.291474] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1519.292036] ? __fget_files+0x2cf/0x520 [ 1519.292494] ? lock_acquire+0x197/0x470 [ 1519.292955] ? find_held_lock+0x2c/0x110 [ 1519.293417] ? __might_fault+0xd3/0x180 [ 1519.293870] ? lock_downgrade+0x6d0/0x6d0 [ 1519.294340] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1519.294965] do_recvmmsg+0x24c/0x6d0 [ 1519.295392] ? ___sys_recvmsg+0x200/0x200 [ 1519.295866] ? lock_downgrade+0x6d0/0x6d0 [ 1519.296345] ? ksys_write+0x12d/0x260 [ 1519.296799] ? wait_for_completion_io+0x270/0x270 [ 1519.297352] ? rcu_read_lock_any_held+0x75/0xa0 [ 1519.297881] ? vfs_write+0x354/0xb10 [ 1519.298305] __x64_sys_recvmmsg+0x20f/0x260 [ 1519.298799] ? ksys_write+0x1a9/0x260 [ 1519.299236] ? __do_sys_socketcall+0x600/0x600 [ 1519.299763] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1519.300362] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1519.300957] do_syscall_64+0x33/0x40 [ 1519.301382] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1519.301967] RIP: 0033:0x7fedaa47eb19 [ 1519.302395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1519.304513] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1519.305391] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1519.306213] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1519.307031] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1519.307845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1519.308662] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 23:08:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x6800, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:08:41 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f00000002c0)=@updsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}, {@in=@multicast1, 0x0, 0x2b}, @in=@remote, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r1, r2) sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@newspdinfo={0x34, 0x24, 0x100, 0x70bd25, 0x25dfdbfd, 0x3ff, [@XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x2880}, 0x4040) 23:08:41 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x92, 0x0, 0x0) [ 1519.343465] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1519.345132] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:08:41 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x99, 0x0, 0x0) 23:08:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 75) 23:08:41 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 97) 23:08:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x6c00, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1519.437089] FAULT_INJECTION: forcing a failure. [ 1519.437089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.438471] CPU: 0 PID: 8984 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1519.439257] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1519.440207] Call Trace: [ 1519.440516] dump_stack+0x107/0x167 [ 1519.440942] should_fail.cold+0x5/0xa [ 1519.441380] _copy_from_user+0x2e/0x1b0 [ 1519.441836] __copy_msghdr_from_user+0x91/0x4b0 [ 1519.442367] ? __ia32_sys_shutdown+0x80/0x80 [ 1519.442871] ? __lock_acquire+0x1657/0x5b00 [ 1519.443373] ___sys_recvmsg+0xd5/0x200 [ 1519.443816] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1519.444378] ? __fget_files+0x2cf/0x520 [ 1519.444838] ? lock_acquire+0x197/0x470 [ 1519.445300] ? find_held_lock+0x2c/0x110 [ 1519.445767] ? __might_fault+0xd3/0x180 [ 1519.446215] ? lock_downgrade+0x6d0/0x6d0 [ 1519.446693] do_recvmmsg+0x24c/0x6d0 [ 1519.447123] ? ___sys_recvmsg+0x200/0x200 [ 1519.447591] ? lock_downgrade+0x6d0/0x6d0 [ 1519.448073] ? ksys_write+0x12d/0x260 [ 1519.448512] ? wait_for_completion_io+0x270/0x270 [ 1519.449076] ? rcu_read_lock_any_held+0x75/0xa0 [ 1519.449605] ? vfs_write+0x354/0xb10 [ 1519.450033] __x64_sys_recvmmsg+0x20f/0x260 [ 1519.450521] ? ksys_write+0x1a9/0x260 [ 1519.450953] ? __do_sys_socketcall+0x600/0x600 [ 1519.451473] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1519.452069] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1519.452662] do_syscall_64+0x33/0x40 [ 1519.453089] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1519.453679] RIP: 0033:0x7fedaa47eb19 [ 1519.454102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1519.456198] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1519.457087] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1519.457900] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1519.458717] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1519.459535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1519.460344] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1519.463632] FAULT_INJECTION: forcing a failure. [ 1519.463632] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.465048] CPU: 0 PID: 8986 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1519.465845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1519.466799] Call Trace: [ 1519.467105] dump_stack+0x107/0x167 [ 1519.467522] should_fail.cold+0x5/0xa [ 1519.467959] _copy_from_user+0x2e/0x1b0 [ 1519.468414] __copy_msghdr_from_user+0x91/0x4b0 [ 1519.468953] ? __ia32_sys_shutdown+0x80/0x80 [ 1519.469458] ? __lock_acquire+0x1657/0x5b00 [ 1519.469959] ___sys_recvmsg+0xd5/0x200 [ 1519.470404] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1519.470963] ? __fget_files+0x2cf/0x520 [ 1519.471421] ? lock_acquire+0x197/0x470 [ 1519.471875] ? find_held_lock+0x2c/0x110 [ 1519.472355] ? __might_fault+0xd3/0x180 [ 1519.472824] ? lock_downgrade+0x6d0/0x6d0 [ 1519.473313] do_recvmmsg+0x24c/0x6d0 [ 1519.473741] ? ___sys_recvmsg+0x200/0x200 [ 1519.474216] ? lock_downgrade+0x6d0/0x6d0 [ 1519.474692] ? ksys_write+0x12d/0x260 [ 1519.475134] ? wait_for_completion_io+0x270/0x270 [ 1519.475687] ? rcu_read_lock_any_held+0x75/0xa0 [ 1519.476214] ? vfs_write+0x354/0xb10 [ 1519.476650] __x64_sys_recvmmsg+0x20f/0x260 [ 1519.477167] ? ksys_write+0x1a9/0x260 [ 1519.477619] ? __do_sys_socketcall+0x600/0x600 [ 1519.478162] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1519.478786] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1519.479396] do_syscall_64+0x33/0x40 [ 1519.479840] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1519.480441] RIP: 0033:0x7fcf11593b19 [ 1519.480889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1519.483070] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1519.483969] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1519.484818] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1519.485669] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1519.486517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1519.487361] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:08:54 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 100) 23:08:54 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x8e, 0x0, 0x0) 23:08:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x7400, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:08:54 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x9a, 0x0, 0x0) 23:08:54 executing program 3: pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x54, r1, 0x400, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x80}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7f}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x8001) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) poll(&(0x7f0000000300)=[{r2, 0x2200}], 0x1, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f00000003c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000300)=ANY=[], 0x190) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000000)={r6, 0x5, 0x6, @local}, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', r6, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}}) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7, r6}) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@local, @in6=@remote, 0x4e24, 0xfff7, 0x4e21, 0x4, 0xd43817e05afa7a13, 0x80, 0x80, 0x4, r6, 0xee00}, {0x100, 0x80000000, 0x3, 0x6, 0x2, 0x9032, 0xfff, 0xfffffffffffffffc}, {0x2, 0x6, 0x0, 0xfffffffffffffffb}, 0x8, 0x6e6bbf, 0x0, 0x0, 0x2, 0x2}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d4, 0x3c}, 0x2, @in=@broadcast, 0x3500, 0x0, 0x2, 0x80, 0x5be1, 0x1, 0x1}}, 0xe8) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, r1, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffffff7}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x7ac9deb9dc634008) syz_mount_image$vfat(0x0, &(0x7f0000000600)='./file0\x00', 0x0, 0x4, &(0x7f0000001880)=[{&(0x7f0000000640)='_v', 0x2, 0x6}, {&(0x7f0000000680)="898cdfb223b8f469d9cdec7ea2852c57fd38419b1f9e5173cae9ab59b1eb0083ee0cebdd085ac8d87cb72f0089fa6f3b43ad8278badcd581bef21bdd84", 0x3d, 0xb67}, {&(0x7f00000007c0)="6c044d6634a88efaebf905874ee2d0a996fb64ed5b313c39fa33882f9e4475190e324670285cdaceeee490b1e578a65f6c4725acd724f600fb077d58a4c5b1e74ace5f6faa71697cfc67c9edc24c9f5dfd5ea04c146ab96c839c30909761cab2f78e7cf37616eb0bb0aa6a7b22ff7f58c82b1d9d7a78003b99f794f563003c198aa62a5c4d1b7fcbd703f98cda8c836a22fccd54cd215dd09013ca54dba54d41666edfbb93a804730456855244274e0eafc97340580b3cac4c5a6ed74f6abc04953a78be2a80351f796a5831991e50e8d8fd4f26dbc6ea8e71af99d2329be1d68734cce71f92c7241f5eed992b3793e8c77df3b3be9b94791ab6adc32c9d7c1ff167358b18cefd4562459c5411ba172749bd8e1de4e77c2e2e35ccdd459c69b7871c77493d3263df793339b16d29a20fa31ad8ea52b69f45dce1e9f0288dc04e987cf19fa2df637f8ddabaa010992f8ab4364c02f4d7c966b43d03e98c13c06a47a9b8523714eda8796e7938ea603a4669268f05ede5512fb932222557f7803e4be308a10ea492477330c47f4627cab8dde70250e8f8381a5e1251b3059273efe614d52adf9adfef7a5b6168834d73d7d246dbe7a31674a92ba26870a87c17446bcc1dcc0ddbfb05247c9604d1f8d953a866c3bb4ba08ec6487622b9aeab86f85858a2d40ebc4553128ce09505e08a0c981de7b352ff3b05f54e2bfba6415b1b888ff641604d4455367fd7d2a1ad4c0c7ebf84d52fc19f0368211f93410bbfbdb2a6def1d77154151e9cdfd8a5f33748316163781690faff088eaff30e41020756d545d09a33a57e31e17a09d1636095c145736fc3cdcf6c39ea983c8eff289b8f019d80aa82d2b45fbac552cb5cbd5666ab971484734ee8dc019e187d5f794878b097b761c8b33f1349e4079efe56ed867090e0c604a58d4ff1886945f70e14863d57adc25174348227ff14ffa5ef714e8760e9959907628caaebf9ca4dff6a664e3951fd8f222554961d8a6f28d5e06f886a98440d1695fcb971fa050e1164fad2c311d6ca6b65ca4103fc453215a9f426ad70f66c8cd667dce1bb3a5322f07b77d87b5c56733f5c7ba07022f54f0ae4fbd04e4d9df990b0a457263c5eb1e246f67daf5565e1186dc053b8b192f498ba02ccbab7c1ffc5c5b86e117487cabf7cfd49820addb51a5ef528da2aa12ac9844a89036b2eadc034dea4a6a64d8352fdf7d08c3dc01332b1d63faaf6a62771581d1e826827b100ea2c970aee35144472def5d446e753c71b15b30c42206f1d63519ae96d010d9021fd390c945e4cef69770f32c02a843368099299027482c24bd33f4b848cb8297285108b28c010361b07da98fd834281d106e3d55905936991f55326374fbedb5876bc7582f06620c4772a783dd6558ac5c139b721cfc7ef4cfc23ac0a0fe5ca771cf4088eb921fcbdc9518c0ad65b0731c9456409ae2af437565f7c92d1009fe1c4eb49ec3a39bbd602c7dd2949a31e0c46a8291f16b259490ab2c84fe32c298f8f790264378b4cf05dd6db76fc151252a54d74f2fe9363dc63b19b8245e3aa688af0cf1b85bdb2597b8ce950af84e4400cb04653f359011181cc004eddc37b53d16981b6b663d917370ff5f3bd3ccf9cc9053dfe267d45a6d6560b6440e75b56cb08c14d4427c6f2a821351d137f3f719b060a70f5f40e34dce7d2009096bd1e014621992b1011c4e854eace564118e437d7dce8e51776e1b21b5e0b4c6b1e83701e6135d34d0c1929acb5eeea8fd1243d7e5a73d9dded905558f17de264a47c4e2a7eaf30e44e2ca3a9e6fe7f4467f17731f4ae7d2b70831eb3e6261239e8b21cc20fb20919914370a75c0bb4f75436ff4f5b71c21aa943409a0ceb40dfa0d77e41ae38317aac2c0c1c8893bb49f76a928cbf347ae180739dcecd4702d37dee346088c714ef0edbb5df0ef2f6843f2508fa12c46b90a1ae29cada874a4034889733eca405d5a0f78e3021662ff5313ba78a1a13aa4e1edce4f1c7b7f38302870bdb79c4c8e5f942ef5960e91a5a45507ea53363770eac117bac8d63cbd3b41d1641ac58f347f1050569259314c248935dab3cc8c09c692fe26bbd117f562b447b41c611fc2a8a54d78661455f138734367c6082a4f0b05eb4121ab6fc7bb0cf5e4a12b8c0c84764a088181b0115ccae0fe72df331f22f216bef2d72b6a8b6ed02035ab5beb446775db6b16968930bee95f21b154672ab879797deabc98f50cbf274d14bd8e2df216eb9d7e240cba4611135637dff20c7a84fb926987885c1145f9b1a7856769e4ac42ad9a3a30a044633996a37f20926643a3271dff29566041151e74dfe2667a47606f4232a694d7b31c15202575e1fabaa577f05935884c0b5a9ee529ef73e7cb2c067c4cd05d5a7d57fcd78572cc25df38adba6ccc5c3cf404ec1b9202a67289d65fc3ce7af13c0ce5c949fb2f45872d106b702568f1519fdde62f32c9ab4a03ed85e7a4e4ff3f549b93fec8e41d060abe3eba22dba6a523cf8caa5aa6be3597fe9302d363bec4bd569ba08accffd244c7388a8b1bf33cdf43081580343b7187556be84b3ce8cedc5deeb3fcd3496f992bcc2fdd586167b0df727ee62538cd4334d86c93b9bb48d494ce8aa29c57334795f36ba46e547f38b8fe593624d4c6b5136b7a5dce0763845544998a4c7fabdfdab50ebdc8bbc2008434b7350844d960c973d26d747cb65546cc3a968a76aa83e82f23402ca40cbbcdffa837d038b2cc732ea3a4e8ac3164d74de68331f6adc4a80076a974af40a085e47e2676607783d017cd12a0ceacbc953122c49c2d990f278ed477d1c37abf3bb01997552ece7a2f36ce6f787cbbda317f20d414b769992058f52fd50d7fed0c37d08d28883bfb90ccc05fd720be9f7705c42b3567c5f050c4dfb01ea59028c81c1ad4f9ed4038d71069d6afa53917931f841f56c73998432683edadf12082f8cf0e76a57896d80f40221115cba4df76d79ccdf13b140e74e048344eb6a13d85c05a973702a14bc917a38d0139457dbb9831785", 0x86e, 0xffffffffffffff06}, {&(0x7f00000017c0)='>', 0x1, 0x3}], 0x1400d2, 0x0) 23:08:54 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x93, 0x0, 0x0) 23:08:54 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 98) 23:08:54 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 76) [ 1532.000174] validate_nla: 6 callbacks suppressed [ 1532.000186] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1532.002226] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1532.004162] FAULT_INJECTION: forcing a failure. [ 1532.004162] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1532.005433] FAULT_INJECTION: forcing a failure. [ 1532.005433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1532.006961] CPU: 0 PID: 8996 Comm: syz-executor.2 Not tainted 5.10.236 #1 [ 1532.010224] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1532.012176] Call Trace: [ 1532.012811] dump_stack+0x107/0x167 [ 1532.013664] should_fail.cold+0x5/0xa [ 1532.014571] _copy_from_user+0x2e/0x1b0 [ 1532.015518] __copy_msghdr_from_user+0x91/0x4b0 [ 1532.016606] ? __ia32_sys_shutdown+0x80/0x80 [ 1532.017658] ? __lock_acquire+0x1657/0x5b00 [ 1532.018688] ___sys_recvmsg+0xd5/0x200 [ 1532.019611] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1532.020785] ? __fget_files+0x2cf/0x520 [ 1532.021724] ? lock_acquire+0x197/0x470 [ 1532.022660] ? find_held_lock+0x2c/0x110 [ 1532.023629] ? __might_fault+0xd3/0x180 [ 1532.024561] ? lock_downgrade+0x6d0/0x6d0 [ 1532.025549] ? asm_sysvec_call_function_single+0x12/0x20 [ 1532.026843] do_recvmmsg+0x24c/0x6d0 [ 1532.027724] ? ___sys_recvmsg+0x200/0x200 [ 1532.028715] ? lock_downgrade+0x6d0/0x6d0 [ 1532.029701] ? ksys_write+0x12d/0x260 [ 1532.030610] ? wait_for_completion_io+0x270/0x270 [ 1532.031746] ? rcu_read_lock_any_held+0x75/0xa0 [ 1532.032847] ? vfs_write+0x354/0xb10 [ 1532.033732] __x64_sys_recvmmsg+0x20f/0x260 [ 1532.034750] ? ksys_write+0x1a9/0x260 [ 1532.035648] ? __do_sys_socketcall+0x600/0x600 [ 1532.036743] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1532.037976] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1532.039194] do_syscall_64+0x33/0x40 [ 1532.040070] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1532.041284] RIP: 0033:0x7f97e8de2b19 [ 1532.042165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1532.046509] RSP: 002b:00007f97e6358188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1532.048308] RAX: ffffffffffffffda RBX: 00007f97e8ef5f60 RCX: 00007f97e8de2b19 [ 1532.049995] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1532.051677] RBP: 00007f97e63581d0 R08: 0000000000000000 R09: 0000000000000000 [ 1532.053374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1532.055059] R13: 00007ffc09107b8f R14: 00007f97e6358300 R15: 0000000000022000 [ 1532.056767] CPU: 1 PID: 9004 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1532.057783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1532.059016] Call Trace: [ 1532.059411] dump_stack+0x107/0x167 [ 1532.059947] should_fail.cold+0x5/0xa [ 1532.060509] _copy_from_user+0x2e/0x1b0 [ 1532.061101] __copy_msghdr_from_user+0x91/0x4b0 [ 1532.061777] ? __ia32_sys_shutdown+0x80/0x80 [ 1532.062426] ? __lock_acquire+0x1657/0x5b00 [ 1532.063075] ___sys_recvmsg+0xd5/0x200 [ 1532.063651] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1532.064369] ? __fget_files+0x2cf/0x520 [ 1532.064953] ? lock_acquire+0x197/0x470 [ 1532.065530] ? find_held_lock+0x2c/0x110 [ 1532.066127] ? __might_fault+0xd3/0x180 [ 1532.066696] ? lock_downgrade+0x6d0/0x6d0 [ 1532.067318] do_recvmmsg+0x24c/0x6d0 [ 1532.067867] ? ___sys_recvmsg+0x200/0x200 [ 1532.068474] ? lock_downgrade+0x6d0/0x6d0 [ 1532.069016] ? ksys_write+0x12d/0x260 [ 1532.069479] ? wait_for_completion_io+0x270/0x270 [ 1532.069523] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1532.070054] ? rcu_read_lock_any_held+0x75/0xa0 [ 1532.070064] ? vfs_write+0x354/0xb10 [ 1532.070078] __x64_sys_recvmmsg+0x20f/0x260 [ 1532.070098] ? ksys_write+0x1a9/0x260 [ 1532.071759] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1532.072241] ? __do_sys_socketcall+0x600/0x600 [ 1532.072260] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1532.076053] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1532.076641] do_syscall_64+0x33/0x40 [ 1532.077093] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1532.077677] RIP: 0033:0x7fedaa47eb19 [ 1532.078131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1532.080317] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1532.081186] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1532.082032] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1532.082843] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1532.083693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1532.084499] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 23:08:54 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x94, 0x0, 0x0) 23:08:54 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x9b, 0x0, 0x0) [ 1532.119216] FAULT_INJECTION: forcing a failure. [ 1532.119216] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1532.122080] CPU: 0 PID: 9007 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1532.123607] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1532.125503] Call Trace: [ 1532.126103] dump_stack+0x107/0x167 [ 1532.126922] should_fail.cold+0x5/0xa [ 1532.127788] _copy_from_user+0x2e/0x1b0 [ 1532.128717] __copy_msghdr_from_user+0x91/0x4b0 [ 1532.129777] ? __ia32_sys_shutdown+0x80/0x80 [ 1532.130774] ? __lock_acquire+0x1657/0x5b00 [ 1532.131762] ___sys_recvmsg+0xd5/0x200 [ 1532.132642] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1532.133741] ? trace_hardirqs_on+0x5b/0x180 [ 1532.134719] ? lock_acquire+0x197/0x470 [ 1532.135605] ? find_held_lock+0x2c/0x110 [ 1532.136522] ? __might_fault+0xd3/0x180 [ 1532.137437] ? lock_downgrade+0x6d0/0x6d0 [ 1532.138393] do_recvmmsg+0x24c/0x6d0 [ 1532.139229] ? ___sys_recvmsg+0x200/0x200 [ 1532.140160] ? lock_downgrade+0x6d0/0x6d0 [ 1532.141117] ? ksys_write+0x12d/0x260 [ 1532.141978] ? wait_for_completion_io+0x270/0x270 [ 1532.143069] ? rcu_read_lock_any_held+0x75/0xa0 [ 1532.144108] ? vfs_write+0x354/0xb10 [ 1532.144966] __x64_sys_recvmmsg+0x20f/0x260 [ 1532.145932] ? ksys_write+0x1a9/0x260 [ 1532.146788] ? __do_sys_socketcall+0x600/0x600 [ 1532.147816] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1532.149011] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1532.150176] do_syscall_64+0x33/0x40 [ 1532.151025] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1532.152173] RIP: 0033:0x7fcf11593b19 [ 1532.153011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1532.157123] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1532.158830] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1532.160427] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1532.162035] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1532.163631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1532.165239] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:08:54 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) 23:08:54 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x9c, 0x0, 0x0) 23:08:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x7a00, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1532.242267] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1532.243167] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1532.249869] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1532.250704] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:09:10 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x9d, 0x0, 0x0) 23:09:10 executing program 3: syz_emit_ethernet(0x3e6, &(0x7f0000000140)={@multicast, @local, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "9b0fd2", 0x3b0, 0x21, 0x0, @loopback, @mcast1, {[@routing={0x2e, 0x6, 0x1, 0x1, 0x0, [@dev={0xfe, 0x80, '\x00', 0x41}, @dev={0xfe, 0x80, '\x00', 0x24}, @loopback]}, @srh={0x87, 0xc, 0x4, 0x6, 0x9c, 0x28, 0x9, [@empty, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2, @local, @remote]}, @dstopts={0x2c, 0x35, '\x00', [@hao={0xc9, 0x10, @loopback}, @ra, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x41}, @generic={0x1, 0xea, "04bd99dd24423dab8935b2be549f52e00d4ef1175a3df29f93219f44b0e0e7d492690f9d56f1f6b3110da21a59cfd0721cbb911925cc41ff6ba143881b33fa11290a48904b52aeb3966ae90060400c5fea35f468e9fe4528aee9dd749700d86c1d4a64186f716c5077fd610d3be512109f89a233deb0d447a822ee43cd1eacd59c5b219b1ed8d1ac4d23660ca58b82dbb7634bc44e98fde1b22fff2e7895c0a90b91abe67674a87bb14dd27c0edd62514aea59db516c669bb2de8e93702d0debd1ff2cbf5fb4d382576618aefbca893327586158fe53f5391b4d6332e484b22c629d206a40d329f17c3b"}, @padn={0x1, 0x2, [0x0, 0x0]}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x3f}, @generic={0xb0, 0x90, "32e6ab1e69956f58fcf5c5e6c06d02b82d3c4263e57d122e498eebfaffdb79e35141306d229b6b1e4661c865779081e72188e4cd8ec99cd3156b46bfff64b8a9afad9e96a4c1231e67558ada5bbf28e636856f67448290b9a939e8e2f7396a350880013bf3c15ba18be5218e00fe6ca7fc08a7186312eede9440487fc45677727d78a6beec995a863835e74548ece41a"}]}, @fragment={0x2, 0x0, 0xe9, 0x1, 0x0, 0x8, 0x67}, @hopopts={0xff, 0xd, '\x00', [@hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0xf}}, @enc_lim={0x4, 0x1, 0x2}, @calipso={0x7, 0x50, {0x2, 0x12, 0x9, 0x2, [0x4, 0x3c380f4c, 0xfffffffffffff000, 0x80000000, 0x74, 0x2, 0x80000000080, 0x101, 0x0]}}, @pad1]}, @srh={0x2f, 0x6, 0x4, 0x3, 0x3, 0x68, 0x3, [@empty, @empty, @private2]}, @fragment={0x87, 0x0, 0x6, 0x1, 0x0, 0x1, 0x64}, @srh={0x3b, 0xe, 0x4, 0x7, 0x6, 0x40, 0x4, [@mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, @local, @mcast1, @remote, @ipv4={'\x00', '\xff\xff', @remote}]}, @hopopts={0x33, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x80}]}], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "524db8", 0x0, "fd2d90"}}}}}}}, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) syz_emit_ethernet(0x4c4, &(0x7f0000000640)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @void, {@ipv6={0x86dd, @gre_packet={0x8, 0x6, "2bfa20", 0x48e, 0x2f, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x19}}, @empty, {[@srh={0x6c, 0x6, 0x4, 0x3, 0xff, 0x48, 0x0, [@mcast1, @empty, @empty]}, @srh={0x29, 0x2, 0x4, 0x1, 0xfe, 0x0, 0x8, [@loopback]}, @dstopts={0x6, 0x2c, '\x00', [@enc_lim={0x4, 0x1, 0x9b}, @generic={0x0, 0xd0, "706193ab8d69e534024bc61b92df7bb76eeea83a65fb4fa6309be147cb36667b4c581195c584bc483f9bff83003c7de639ece7b72d7f3fe28261c441617f1f51a7e4220db2ebd4cafb4d0410f1f14abbd6af13e509f9c1b715ebb68324f3c076c0c74462834fa9dd3147209b200d27c4e054e55c7948fefc2d0a943d64793c2adaca59925d5147e6f2de9f269e3ca0f8582618346716376d0fdba11446ba938b65b151436b884619ad8d574fdc57eacab9e22a00b3559a10e0dceafda3a5d0f2ae6bf7af880e2b95d443ff2189bab8ab"}, @enc_lim={0x4, 0x1, 0x5}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @padn={0x1, 0x1, [0x0]}, @calipso={0x7, 0x10, {0x0, 0x2, 0x9, 0xf2, [0x5]}}, @generic={0x81, 0x51, "33ed14fe6f632a5b976c4e2b66c01237b1f7afd7faf3c668647e7e660cbcb4667a7f72d9368237f27e240a4f3271fd15aac6de5e38723550653a80db0a77ce87d3656d157eb9c61a5f4390756075c6fbe5"}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, @routing={0x0, 0x10, 0x2, 0x0, 0x0, [@private1={0xfc, 0x1, '\x00', 0x1}, @private0, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, @private1, @rand_addr=' \x01\x00', @local]}, @srh={0x29, 0x8, 0x4, 0x4, 0x14, 0x60, 0x3ff, [@mcast1, @remote, @private0={0xfc, 0x0, '\x00', 0xb5}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x6f, 0x1, [0x0], "d48fa4f0845cc98ffdb775082905e4bc9e4db9ee7f61dea56779e1e238dd97a04b6b40183b668e413f2e24645b512bd02fe63ca19dbd312d2b6770eb6bfd4383f48d25751adc634d6b756836b02f69c7bcf6e50a7213a04cf3486b604a476973ae738b9a1ed31cb94a4d5871923110"}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x800, [0x6, 0x87]}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x1], "0063d98f741e67e9048336a6969e52c67220361db436b45b1255049b3ed2e88275221aa73b837018f1be9e977f83e16bcb12c3507914a3391faba552f1be3cf9967f6426cc1e10b2b4a9173f74"}, {0x8, 0x88be, 0x4, {{0x3, 0x1, 0x1f, 0x3, 0x1, 0x2, 0x4, 0x40}, 0x1, {0xbb9}}}, {0x8, 0x22eb, 0x0, {{0x7, 0x2, 0x0, 0x2, 0x1, 0x1, 0x5, 0x1f}, 0x2, {0x6, 0x1b88, 0x2, 0x1c, 0x1, 0x0, 0x1}}}, {0x8, 0x6558, 0x2, "498c47ab8d72ed387fa9535f39da3b14aebdedeaa77cdfee27365c74787f26457c206e4fe42788b4995378d4a592e31b87363ffd8a9c20af1ee37a360cfec78d6d053db692a26bc70df3cfced7ff98117138f215497ec2540c41bbb0e5a28cdcd51d670de6c7cbf2b72cee233f3b9f96a80d49a1cd6a66681b5d332f76bf71ce69ba252ba1f0405b4ddf7c0cc5843397832d58276892a57f19c4826d922b571694cd6a390f1f911cf5a81b21af463a673c62f6843d798cda246394da34593a47361d1d311ce1a8713e458d7b350339aa8892a5b49a4b35891b14003a9233ba6353fffc16fa50ce53ccb5523ee0783cf015ef60ccf899"}}}}}}}, 0x0) dup2(r0, r1) syz_emit_ethernet(0xf5, &(0x7f0000000540)={@remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x31}, @void, {@generic={0x22f0, "02a22ae6499c202a1f3bc910ac53be99b495c958dbc724ea4fbf9a3b0548034c4feb39ef53ced756898ff5ce7097430f937a979765eeb750f66b26e2e53ed79fe1868778cf461e22008fa647a4844c6eae06899133bdd71598320a71ee4be7a0f722c7948fb71828bba802d61bcedf8f78e2eb1924bba0b5c493cbdbcf03d228ef2e44cdde6232c45092dd1302ba8486788cc4d249eeebdf5ece316289eb25e6235225a22835792357ae09beba86e6b0fcf6f25f7535fdf826704b1b7d766dd7543d6b01d10a3ad2f20603b421c0ff15920d2ad9bf331584529772528a36e16f200db38e8da05f"}}}, &(0x7f0000000080)={0x1, 0x2, [0xeee, 0x37a, 0x81f, 0xd76]}) write$tun(r0, &(0x7f0000000000)={@void, @val={0x1, 0x1, 0x9e7a, 0x9, 0xd6, 0x9}, @mpls={[{}, {0x9a}, {0x2}, {0xffc71, 0x0, 0x1}, {0x6, 0x0, 0x1}], @llc={@snap={0x0, 0xab, 'L', "a8b06f", 0x892f, "915215e2d92ca0b576fa6d9e9e6613da668f06327b6c2158be2c6e4a12c444bb2780da0b0d4b44352c98604e4f0e7799fa82e2bd2ca4be3721fc22f04d481a906ec8614db9f2cc0ed2e565fbd1cdfc17e615"}}}}, 0x78) 23:09:10 executing program 5: openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x20008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x222441, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x6) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000001c40)={0x0, 0x6}, 0x4) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r5, r6) sendmsg$inet6(r5, &(0x7f0000001540)={&(0x7f0000000080)={0xa, 0x4e22, 0xff, @local, 0x4}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000001c0)="207ca091cd5d009908cf897eacaaf6a6114aa4e3bc92627e2b3955f56a290260d080a6f2c3dcb4eb21a3beed57e158fd596e16b4c719712f98f878aa5aea027453598cb414d8ae0683665193573846cc8dfde19fce2d887fb7f418e67b2b2cf73397c3311716f62153", 0x69}], 0x1, &(0x7f0000001e00)=ANY=[@ANYBLOB="b80000000000000029000000390000001d14015400000000fe8000000000000000000000000000aafc02000000000000000000000000000000000000000000000000ffff0a01010120010000000000000000000000000002fe88000000000000000000000000010100000000000000000000ffff0a01010000000000000000000000ffffac1414aa20010000000000000000000000000002fe880000000000000000000000000101fc0000000000000000000000000000011400000000000000290000000b000088c2d315d25aad9100200000000000000029000000040000002100000000000000c204000000090000300000000000000029000000040000001102000000000000c204000000200401ff000100c2040000000305020002000078110000000000002900000036000000082b000000000000c91000000000000000000000000000000000c204000000051f7eebb8d7124c2ce7bfd1c166e246f44adc0037b58bc0fb2005184eb51addcee3de05767e868ea7a1947a16aab56bd3a4966f2fd0d35a5663afb41a17911c4a747c080d3420a90571afb465f8bf62e8a0a5d79f4cbfe76afbfee2c12c05464ac0b273cc87b36662e85ad3fab86cbc58c65ae839e6d9f20f3a635f8a412878d200bf5bb6c8c2f561d4372db0eede83d03e101e636a35c1d8355c905684ea55a1a3d775503fc9898bd46401b939b79a29d4b891de66e763d6e60ab7a68b59a1c3d0112c9e8d98c431ce5bfe769c14ed02bdf250f95da7b5d2d2a53b5c2b084905c57dbfebe22141d6162b9adcbed34f25cfad113f83b54bf163352e162428d3e6b9123c7edfd55048ddf99c77e332ec887c24b25aa264cbf0866d4af54ccbb09db1aa1328c150f8d7cb962d0cd1de29050be22d9898f2cc1e8b4f44273d8cd16d6300010004005fc49f969ed53fc7a51e8efb1f326846979a7b01aa090eb9eb39a384039fb8d7673ae5f9e2fe5b60042de5bbe010b2530efc1295e076758cf7b7c388f505cfda8324e1664cc753d74132f4eeec946bfa5ec705d4a424ee2018ab7616682e948d9891bb1a5aa93cfae4b474dddc93c77b1c38b98926a1964431036eddb7afb0f35a7ad8365e2794259e91b748898d4b4d5dc0f1891d2b86deefb496cdcc50de3ebeb2ca92f33e0a01ee998afeff65424db25a19702890ecd5295e91dd0ce69e0e387a96f802f1cd6f3832f705f1e99efe2102f52925fbbd394bbc5000ed471c61f817bb4c2f1ed078f1754638997cbab933ab3dbc621b2726e6f66fcd96e91a49aa2cb52b943e54bd6e0c6979de08ac7fd136d7ecc2859410880b00d5f06a0f697d4c263bfccb0e2708a1548053e77ebe4ee5c074a08493d577afe3508f85a72282dfcf6dec442529a60f49dfd26a82d8e7b7458b6cbe77083d3af256d68d39429aab87ed3fa022d0e145b1bc6028e0085a1f45217d42030ff59d203136a2eeb0b40312ab996004f6cf722ce6afb09306a73846e9961e824bee6086181cc1bafb3c3b43c2c82d49e94825766e0229e135c2a8086c35cbb45a41b82215d26367fc876af44345e021cb3c10c167c3179d459a921c5ac8141e6bfcd0f728d34de8159a36f0f7e7184cb697f37222d29383788c0161c011acddbc5b13b71d4ec516977707fb628c0f2c67aa9c426131cc17306ed2009be5a67ad29c435db256d7a5246203235f69e637efb3ecd7f15b5db405b549fdc3eda6de37e958992b4cea148b8f2d0ec67f82b12c6e697b02dbdfc9cf5f0eb03dd01232538a6b1d810d6683e19c874de360ab851c27cc3612893fd3d0dd15ac32f64e590e0a84cab55c1900474240182820d9a3083dda580142e8f5fcacc799f3210eecfbae92fb21ec7f8b162b889f93b1eaf5c47de24e73ad88bb19c34110e8e7b64d6295be3bde9d97b679c77ec3621571c5990eb595ffa99ade843540f41ae4dc2552ceabee7916740af7bf72c97b815d39bcfdb41980b51e9a45d58cc00d226ef63c6b2dc03f73b1d1412b579355ff1caecc55e511b6829112c9f1917823f279e456c53b794e47d0db4fab04cb028db216b30594484f9bf5d6c727582d495b272083ac03edc43877bead1d70952de1bd1fd0ac2f9133a707a44836cce970e1a7a89823de3712ebf62874fb143a447b25d0a060f3e4fc8abae6541874741069f4bc0e2828a1267c99a8511d0351a8fd057662af5e051d9cdbd84e2d03b4b8acb4af1ab7202ae786e90a78dc7c3485374737930bf872cd8b6e5772cd70130c5228f233fe70382500e6ca55c44a2f4f8809872fa7477b9c077d9f11990ca041a51880bb362fe7cba2974a938748ec8d7be8d3f4c5fa929d29a97bb130065c5f9904a8271c84cc3641701ad781184e883b6b583f61e19cc36854e693ea33c4c920b476ef8478fbe41aea8e9a33e5d4bd031444216687a23c65e51575e2c75f9416ab1e1384fcbd1b9c830a70fe174f1461a7ddb7761e25c057bbef4bae7e31a7d9bf7a7ae3644de0f8be9e1c50312f757f0e0e5234653f69de02279647fbb01febf5f86ce3bda63bd430de49573bd3def7a1e46ffbff19fc83309e5e9a1bc73e4fdc3c5fbb498a5208b166677b3bc9333b5ee11d83332206c750b96a868cb90498699ac2fe297980340f50f4fa1b5473b7d7451aff3482c164d4b7a86b707d259ee21892b471fcd8b507c5e251b134c01a4821be958f3129b49893f65a213b0e9b67e48187c01c7e1db4c0a63acf990d4a8fc8250a6bf779befd89de199100363e89cdedfd9cc0395b1fcead12ae96d93ae54d85a51a77a47ef86ec3db2700b89a296713cc5400b9b170dcd4e8ab43e0f150681bc79d7d733a37c9e0fcbe25718258e349e4375e987128fd1ba342d331c3888ccf60f51ad0710b878fadc85421ee6464d48eadb38639b952d29b12fe3dd101a9fd012b0c4131aaf706a185842f0518249072e8c4527442debbcf3048a9fc6eade98f4c7d3259acfa9d3464abaadbe4f704fbbb450efdefc4b47fc1d134296809fab5e225043a1a6368696e2cbd6873e56d42a05bfe5a0d25d5abbd197a2b1444c8f0ba8f98b38d55f2e5056ae175c962d9dec077b813be106f738ea67355d3fbf07af98ea7ed75278e174ddceb363cc2c7964290f86089534d2848e18940c6b975357838c7b7fb3067b9b2ef3bf2bba084b48ce6193bc98cf60cc7b47ba16d1d2d0e5ef229632c220cdb440bdde49978849f94d3bfe3550e4af94b4660ddda97452a81fac6ed58bce84e670bf3e63a7711485bd934ba00a5ba75828658353386ca5b30ea196b4e2f359afaa615e9f0142dfabf47a9c53b1af51df199e6d7e3d09aaf98a81c0e648e8d3a00d8226876e9904edd2c75f1f8c84ace63d92bb9e9372b693a24241124850bb02fe0bd2a21d4edb85b1efa341964bba33d4d245e4de3e06d5c9dde2ff96bc0f173fc69576874ff117b0c974a1af5d12eaf39a63f56e6e50c01c63e08cd2997fc2c933eddf095f919f479c2b63e6a22aa6bc193c37b57c1fc1804f5cc1831bfbea66e806b58586de63150eece7cdd8118ed73098413793614e6b69ab1cfc0e71747d550e386efa4ed2add10de23d35cdc7452556cadbf82ef970d92bd6c3327dcfa8185eaabc895e2eaba56e5bc05ce96e54146d934bf1c2bbfff582d28c381e2763b20819d47521f5bea9b8a482317e1ddda9865510cdcca773282e08e1c17b342631c3fbb2cb4d10d311a450b7f31d00e329baaf5464a8668ad9e81788876132385c8901dbdc5d81dc15dde64f6201daf6db2bfd31fd618c59d4fa42c1f0540286c523c82dd56c931ae11200db53af1391cf9d80452044c8fad664344b72a35d959148a375ae2a05210c32dcc81a858cd61bda6e7ea4bdc3ff8b4dc1aa6d391d6292a07a9e9996257165e02f1eedd7dd8219a95af20492876ca047c246fc38783cfe8d2e6ed58f68b9eca59c13f3376beba2b23df77699d7cd2cb8606b1eaaab86088922f7455c5808f6e1b10ba5c70be83c24ba320fd0d1ab271511523bf81852133017ab874a912d93b21ba1ed04896f2dd8e9eca55b112854dc8ac55fe5cecbbbf31ded5ab709e3716d7eed91500000000f7d7005636ccd31e7201f4ce99db0118d522068ea65f9d679e2733fdf8997bbbfb16e819f6c2372dac0d99911ac4c456a2d4011995606e628bbf223cf7da0f43350c1d8dee714dbc75ae9bef3bc95c8570c195a0e178049e5e0b8f868d0f0513fec262c41dc57621e8b3d832d7388b8cdf7bd4a3a7fb392dcd41d64a11defb8778ea8a56f5ff3545586db2df507a41780209ae32c5340d141e72f59d72c0290e3eb9ccf95abdcaa69783583b6009fc971bb9d8905e173e8909f0285b566c4c2304e9f0706dc9755b874cd07802de3eee1aa411062f5e0981ee2f973cadf48fa5467bb1cc5a5fad8a0ae1a136171de7d6647e43b8808e2263709b093173ae42276cf060c5437e30f4830b16b50fe57f8eebc06ce241f022b9db77d08ab4da21db4c953f314ea6b8cb9062a8157434bafc5842680874e05ec175d0257a6ff55c29a7aeb0cb91c7e24ef1a7d7d67f5af74eff61c1ef9a1f8b92c8f5e06bfd6d65077bb60c1c098e178617e682a2a913d79530bc873ae1de235585ded3f6e145eb4a60fe52ed68444ade59ec4617727d30370a56405388a31056530da8a3196d73197d540efac2739b5158d59c2b77ccd5b446999b6d4c6a81f773192bb109c1c7a37f0504b5cf56cb1ba4afc4b9327f9754cded8353c78328774d75294d502378d39e3bee3a7cf96285a55ef21ec07cdc618c33d3a858f829074c491518f4d2490ab5dbe8e1345359a86a2286b4ead436d556e0462546d2ed4b053d67867392a7cb320bbe7afdf36174cffe375110d50d23560509e84427e1d985af32f0ac6611489b22981a1af92e266ecbcf81672ab58e087d5a206ac8deba3dcbbc3ad0239aee25ffb8f7bc6e3efd94bcc37a46ff863b298145b27ba6f6b6ad4be47a3c24ced3ab19d57efd190ccf621e70eebba69b8d1e6118e74dd6a7d69e7c293df181c1664427e32fc5d5608605eefde36c75f3e3db13f5f073c711fa5de85b2a3a7cdfd376a85db832c38b6aab4c4b03e9944da61f53a9abb10884985c7af9d5982e060f3f57437852fdc980e4ff557ac8919c7bdd4c6eb36e8a0e80f79bfc64dfe98b1b1b582d2d66229fc18aa5847522f16a64c48d6b46f872dc6299927edc2137f83bbe4751b3eebb2e7498d5b66a65b281c26f4312edd9067450a3663be4469f7b549e07d26347f1b2ebbb27e54a0e933c75c7dfdb18a83c5d9fc278fd4330a951217f68439e9e9abc61c55480cc204fb186af92e2fae8df2819756547775468dbd3d068b3945834718618556159aef62126151421495e5bda82a08798dfe418d0423cce2da9af3025997d7552a998e9d0c0c706177e4f5068297ce55afb51d27d6e9ae72ffe7f8b4d29e1df8a043d1212108ffde33e97551810487f422d48d4deaea5714011f0fbe7de85a3916c53c866106680aacc1c63531d8e8da26fe83bab19cfec4730260adb665694c67331b49dd1b4b6c57998e81a13dab5578e36e994e96ac8433a9dc48d80125d4cb15bb98bc528429a183717337ceac223068edd851ffd5e7e8fe73b8c1aae9684fb602301088872af2a5b71f8ff34d03fd91c579ef150afc00f6b02e5c7c1482de717677ea802c58e89708be6c29e2ddaf45fc71ae3916d0ddfee4953f718adb7574d628c31d8d951f7bb390ef5354b460ebfc03fbd49aef32e3c438c82494d6f09ff0999a6d8c097ee97718dea63643ab022cc32d8f6c080fed3ed8d4efde6405fa1fad70da6efe099aba47541fa74c659c7290ce5bd29657be057a3257a2fb96dfed3e462fd0fbd598ee898d1855aaee183ee142eaa3849af6fa17dea580c8b700fe5db1f862dc5dcbbf73804384fb1be00f010881379116ff83d2352c55f26b940238490b43c1374f443215ce9fa0c33e4df62c9ca1c6cbaed150197187b403ceb982a58636c6c12ec19f5bc84b5aafb63e4ec3e1c60b5a0154dfb3382a5b94562ca86bb627fbcf5b98248657e5a40254e1f0fa23df054797d459f007e97549740a7e0898a27a45be6e6639af75d5391fdf7c9b72a39aa3d99e86e25c91f1b9554a1fb35069c24c6d778a12c44c24ab239a95bbb254003358d312eeeafb7e507d1727db88788a27ae6b215a7c4622db8b40ad6abde0fa374f2df16fc5a50d51f08bd4b32fbd14baeda3c3226c502c8985116a3279fcb3c6708be0e314ffbac58796dbed5f6b150c8fec00aa6663e6687c1e16249b96d5cc35b474562e517d9b6fc12022017115c50074d55349b44a2530215023236267d2465f02affe28d8c7886ad45732f4ac738d750691e26a51eaf24274344284fb49d39f7f45c12187b1e2c1882bdf2d3262f38fd670e0d38fc487c4c5f70262bc3f7927d0fc877dca7f28108aad4ca7f8b6cb194781beb40bb5b251d2c0087e9a5334221727d488de24ff220f9d13f9de8d5990ae06d599a5ff4b2ac40ed86b65c3432d95d69ed8def32caa12804beebcf8da61918f08ddc92da66988c614af595816830060cbf7119850517960783b7609a302bed0e32a596e4dec8fd097ca90087f267be7c73350bc8a1eabc7be736bad3d896a871968aaccf24ab45b49576af23b58c0f078ca69e088199ef09399a070768d1883fd6ab71a1e00000ddf633f3884634de5e1532f53efe22943e631313dfc1bf3868a36c42ab15b67a3edcc32eb23e51d94366f412644cd2461a9688e274d28147221788ee507b67cbcafd6a1303177ccfcec1402ef4f9829e50b72e4d3beb85dafe04a5a170d7009393033ebde84571fda6e2bceb6b4805078558297b917d"], 0x1298}, 0x44044) sendfile(r1, r0, 0x0, 0x500000001) 23:09:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2, 0x0, 0x0) 23:09:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x8100, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:09:10 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 99) 23:09:10 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 77) 23:09:10 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x95, 0x0, 0x0) [ 1547.837217] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1547.838459] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1547.844117] FAULT_INJECTION: forcing a failure. [ 1547.844117] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1547.845446] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1547.846627] CPU: 1 PID: 9039 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1547.846644] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1547.847802] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1547.849212] Call Trace: [ 1547.849243] dump_stack+0x107/0x167 [ 1547.849265] should_fail.cold+0x5/0xa [ 1547.854127] _copy_from_user+0x2e/0x1b0 [ 1547.854981] __copy_msghdr_from_user+0x91/0x4b0 [ 1547.855963] ? __ia32_sys_shutdown+0x80/0x80 [ 1547.856902] ? __lock_acquire+0x1657/0x5b00 [ 1547.857835] ___sys_recvmsg+0xd5/0x200 [ 1547.858661] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1547.859699] ? __fget_files+0x2cf/0x520 [ 1547.860545] ? lock_acquire+0x197/0x470 [ 1547.861392] ? find_held_lock+0x2c/0x110 [ 1547.862250] ? __might_fault+0xd3/0x180 [ 1547.863088] ? lock_downgrade+0x6d0/0x6d0 [ 1547.863985] do_recvmmsg+0x24c/0x6d0 [ 1547.864782] ? ___sys_recvmsg+0x200/0x200 [ 1547.865662] ? lock_downgrade+0x6d0/0x6d0 [ 1547.866542] ? ksys_write+0x12d/0x260 [ 1547.867364] ? wait_for_completion_io+0x270/0x270 [ 1547.868386] ? rcu_read_lock_any_held+0x75/0xa0 [ 1547.869381] ? vfs_write+0x354/0xb10 [ 1547.870173] __x64_sys_recvmmsg+0x20f/0x260 [ 1547.871079] ? ksys_write+0x1a9/0x260 [ 1547.871890] ? __do_sys_socketcall+0x600/0x600 [ 1547.872869] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1547.873975] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1547.875051] do_syscall_64+0x33/0x40 [ 1547.875828] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1547.876904] RIP: 0033:0x7fedaa47eb19 [ 1547.877682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1547.881538] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1547.883127] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1547.884622] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1547.886123] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1547.887620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1547.889120] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 [ 1547.902796] FAULT_INJECTION: forcing a failure. [ 1547.902796] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1547.905403] CPU: 1 PID: 9047 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1547.906837] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1547.908573] Call Trace: [ 1547.909130] dump_stack+0x107/0x167 [ 1547.909907] should_fail.cold+0x5/0xa [ 1547.910723] _copy_from_user+0x2e/0x1b0 [ 1547.911561] __copy_msghdr_from_user+0x91/0x4b0 [ 1547.912540] ? __ia32_sys_shutdown+0x80/0x80 [ 1547.913469] ? __lock_acquire+0x1657/0x5b00 [ 1547.914389] ___sys_recvmsg+0xd5/0x200 [ 1547.915208] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1547.916231] ? __fget_files+0x2cf/0x520 [ 1547.917083] ? lock_acquire+0x197/0x470 [ 1547.917923] ? find_held_lock+0x2c/0x110 [ 1547.918781] ? __might_fault+0xd3/0x180 [ 1547.919611] ? lock_downgrade+0x6d0/0x6d0 [ 1547.920494] do_recvmmsg+0x24c/0x6d0 [ 1547.921306] ? ___sys_recvmsg+0x200/0x200 [ 1547.922176] ? lock_downgrade+0x6d0/0x6d0 [ 1547.923046] ? ksys_write+0x12d/0x260 [ 1547.923855] ? wait_for_completion_io+0x270/0x270 [ 1547.924870] ? rcu_read_lock_any_held+0x75/0xa0 [ 1547.925847] ? vfs_write+0x354/0xb10 [ 1547.926632] __x64_sys_recvmmsg+0x20f/0x260 [ 1547.927537] ? ksys_write+0x1a9/0x260 [ 1547.928337] ? __do_sys_socketcall+0x600/0x600 [ 1547.929305] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1547.930402] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1547.931482] do_syscall_64+0x33/0x40 [ 1547.932258] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1547.933340] RIP: 0033:0x7fcf11593b19 [ 1547.934123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1547.938124] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1547.939758] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1547.941262] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1547.942747] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1547.944239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1547.945893] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:09:23 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 100) 23:09:23 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x96, 0x0, 0x0) 23:09:23 executing program 5: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r0, r1) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000010c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001080)={&(0x7f0000000040)={0x1018, 0x0, 0x8, 0x70bd28, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_PEERS={0xc84, 0x8, 0x0, 0x1, [{0x654, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "7f20675de9b2e1fe2346549b33ecd205f9511fad302c523692cebf935e4e0161"}, @WGPEER_A_FLAGS={0x8, 0x3, 0x4}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_ALLOWEDIPS={0x238, 0x9, 0x0, 0x1, [{0xd0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xf}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x41}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}]}, {0x118, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x1c}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x21}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x2}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x400, @dev={0xfe, 0x80, '\x00', 0x3b}, 0xffffffff}}, @WGPEER_A_ALLOWEDIPS={0x3a8, 0x9, 0x0, 0x1, [{0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x2}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}]}, {0x34, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x14}}, {0x5, 0x3, 0x3}}]}]}]}, {0x3e0, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x6}, @WGPEER_A_ALLOWEDIPS={0x354, 0x9, 0x0, 0x1, [{0xac, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x27}}, {0x5, 0x3, 0x3}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x2}}]}, {0x130, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x21}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @empty}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x22}}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x7f, @mcast2, 0x1}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x6}]}, {0x23c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x7fffffff, @rand_addr=' \x01\x00', 0x8001}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x1, @multicast1}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @remote}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2d}}}, @WGPEER_A_ALLOWEDIPS={0x1dc, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}]}, {0x118, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}]}]}]}, {0x4}, {0xc, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x4}]}]}, @WGDEVICE_A_PEERS={0x68, 0x8, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "89d9a7776727dd569196e8584624bca95e154dd6966d4ae04e459d7c09446a5b"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x7}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xe8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xfffe}]}]}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0xfffffe00}, @WGDEVICE_A_PEERS={0x2d0, 0x8, 0x0, 0x1, [{0x80, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @private=0xa010102}}, @WGPEER_A_FLAGS={0x8, 0x3, 0x6}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e24, 0xb1, @empty, 0x8001}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @local}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x2}]}, {0x90, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_FLAGS={0x8, 0x3, 0x4}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "17e09f5640160f7ca992729d6f4ec1ef5010923dbe346d72a0199684ae55d0e3"}]}, {0xc, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}]}, {0x40, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @broadcast}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x7fff, @private0}}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0xb0, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x7f, @private2, 0x9}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @local}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "4f11a5f17da225a127aafe80bd0de3664465b75dcf3171936280749b3b1fee6b"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e24, 0x5, @ipv4={'\x00', '\xff\xff', @remote}, 0x7e3f}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "9445fd62b21e797eb1b432d1ccc1a285fb348685e7d54759f7472913d399fc4e"}]}, {0xc0, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @multicast1}}, @WGPEER_A_ALLOWEDIPS={0x4}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0xffffff1c, @mcast2, 0x8}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x6, @empty, 0x4}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x101, @loopback, 0x4}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x66cb}]}]}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x8}]}, 0x1018}, 0x1, 0x0, 0x0, 0x8851}, 0x4040001) 23:09:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 78) 23:09:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x9e, 0x0, 0x0) 23:09:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xbb0e, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:09:23 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3, 0x0, 0x0) 23:09:23 executing program 3: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/vc', 0x1, 0x120) bind$bt_sco(r0, &(0x7f0000000080)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0xa0340, 0x0) [ 1560.867043] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1560.868385] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1560.882921] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1560.884229] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1560.891194] FAULT_INJECTION: forcing a failure. [ 1560.891194] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1560.894478] CPU: 0 PID: 9063 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1560.896350] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1560.898627] Call Trace: [ 1560.899353] dump_stack+0x107/0x167 [ 1560.900352] should_fail.cold+0x5/0xa [ 1560.901412] _copy_from_user+0x2e/0x1b0 [ 1560.902447] __copy_msghdr_from_user+0x91/0x4b0 [ 1560.903557] ? __ia32_sys_shutdown+0x80/0x80 [ 1560.904600] ? __lock_acquire+0x1657/0x5b00 [ 1560.905654] ___sys_recvmsg+0xd5/0x200 [ 1560.906573] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1560.907731] ? __fget_files+0x2cf/0x520 [ 1560.908675] ? lock_acquire+0x197/0x470 [ 1560.909609] ? find_held_lock+0x2c/0x110 [ 1560.910566] ? __might_fault+0xd3/0x180 [ 1560.911496] ? lock_downgrade+0x6d0/0x6d0 [ 1560.912483] do_recvmmsg+0x24c/0x6d0 [ 1560.913372] ? ___sys_recvmsg+0x200/0x200 [ 1560.914338] ? lock_downgrade+0x6d0/0x6d0 [ 1560.915316] ? ksys_write+0x12d/0x260 [ 1560.916224] ? wait_for_completion_io+0x270/0x270 [ 1560.917362] ? rcu_read_lock_any_held+0x75/0xa0 [ 1560.918450] ? vfs_write+0x354/0xb10 [ 1560.919327] __x64_sys_recvmmsg+0x20f/0x260 [ 1560.920335] ? ksys_write+0x1a9/0x260 [ 1560.921229] ? __do_sys_socketcall+0x600/0x600 [ 1560.922297] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1560.923513] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1560.924706] do_syscall_64+0x33/0x40 [ 1560.925571] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1560.926752] RIP: 0033:0x7fcf11593b19 [ 1560.927608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1560.931874] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1560.933646] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1560.935297] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1560.936930] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1560.938579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1560.940212] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1560.964078] FAULT_INJECTION: forcing a failure. [ 1560.964078] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1560.965972] CPU: 1 PID: 9078 Comm: syz-executor.7 Not tainted 5.10.236 #1 [ 1560.967042] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1560.968335] Call Trace: [ 1560.968748] dump_stack+0x107/0x167 [ 1560.969325] should_fail.cold+0x5/0xa [ 1560.969925] _copy_from_user+0x2e/0x1b0 [ 1560.970550] __copy_msghdr_from_user+0x91/0x4b0 [ 1560.971278] ? __ia32_sys_shutdown+0x80/0x80 [ 1560.971966] ? __lock_acquire+0x1657/0x5b00 [ 1560.972650] ___sys_recvmsg+0xd5/0x200 [ 1560.973271] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1560.974029] ? trace_hardirqs_on+0x5b/0x180 [ 1560.974705] ? lock_acquire+0x197/0x470 [ 1560.975329] ? find_held_lock+0x2c/0x110 [ 1560.975958] ? __might_fault+0xd3/0x180 [ 1560.976572] ? lock_downgrade+0x6d0/0x6d0 [ 1560.977226] do_recvmmsg+0x24c/0x6d0 [ 1560.977802] ? ___sys_recvmsg+0x200/0x200 [ 1560.978440] ? lock_downgrade+0x6d0/0x6d0 [ 1560.979085] ? ksys_write+0x12d/0x260 [ 1560.979675] ? wait_for_completion_io+0x270/0x270 [ 1560.980415] ? rcu_read_lock_any_held+0x75/0xa0 [ 1560.981137] ? vfs_write+0x354/0xb10 [ 1560.981713] __x64_sys_recvmmsg+0x20f/0x260 [ 1560.982374] ? ksys_write+0x1a9/0x260 [ 1560.982956] ? __do_sys_socketcall+0x600/0x600 [ 1560.983662] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1560.984473] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1560.985277] do_syscall_64+0x33/0x40 [ 1560.985851] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1560.986640] RIP: 0033:0x7fedaa47eb19 [ 1560.987208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1560.990048] RSP: 002b:00007feda79f4188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1560.991213] RAX: ffffffffffffffda RBX: 00007fedaa591f60 RCX: 00007fedaa47eb19 [ 1560.992308] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1560.993407] RBP: 00007feda79f41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1560.994497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1560.995585] R13: 00007ffdec8a993f R14: 00007feda79f4300 R15: 0000000000022000 23:09:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xbc0e, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:09:23 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4, 0x0, 0x0) 23:09:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x9f, 0x0, 0x0) 23:09:23 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20000000000a0000000c00068019ecd68367ba6c980700000000000000000000171123f11465f4c9ac0f0901845643535f4648b92493f93b3c5b38d8922b8d36def35c5a1d3e25401a884ced5699d4da0e0b1c05e4c57873539dd3b1825c1b0aa00f2eadb9596d3bd3544e9a83cb69a5261864f6580e5f2d3bafa11d21b25cb6a075fdcdc1df16edc5bc562743cfa2bd34d0f80411cc0af2d1ef92a8de39bbde4f0f2923ab19f6600d61f4943a2d457a7391ebbe14d83ecc7f3b14999f04572e700a5a1bbed754350b4a1413cbbae4a00ecbe67f4bc2b6beff1a044aa14438762b9a88fe6d516215d51a2c8a8fd404"], 0x20}}, 0x0) dup2(r0, r2) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) keyctl$chown(0x4, 0x0, 0xee01, 0x0) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r4, r5) open_tree(r4, &(0x7f0000000000)='./file0\x00', 0x1000) r6 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r6, r7) read(r6, &(0x7f00000002c0)=""/4096, 0x1000) write$bt_hci(r3, &(0x7f0000000100)=ANY=[], 0xb) [ 1561.017128] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1561.018827] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:09:23 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x97, 0x0, 0x0) 23:09:23 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) 23:09:23 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5, 0x0, 0x0) 23:09:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 79) 23:09:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa0, 0x0, 0x0) 23:09:23 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x40049, 0x0, 0x0, 0x9, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xee00}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f00000005c0)=ANY=[@ANYRES64, @ANYRESHEX=r2, @ANYRESHEX, @ANYRESOCT, @ANYRESHEX, @ANYRES32=r2]) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4305, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x82, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000000400), &(0x7f0000000440)=0x10) preadv(r4, &(0x7f0000000200)=[{&(0x7f0000000040)=""/39, 0x27}], 0x1, 0xffff57e9, 0x4) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x80202, 0x100) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)={0x108, 0x67, 0xf01, 0x0, 0x0, {0x4}, [@typed={0x4, 0x40}, @generic="078ff78dd043c806bb2419634a78bb20ffc0476cc8ecffdabdbf33bc44d8b3948d03b2a6a4313e1100c5037358d3cdb785452c4f027f78336d196cfa4befac3f5ec1e04568536702e081bd619c88e63000b6c49a6ddb7d0f02a7d37bdd89fd5aabe3288081dd16c51fa81982a98fe1e37d74f7343a52a95196f66c79f24c686005d72e86d9cb07f268d5fa2f3a296259c5fdd6a432652abb17bddc66557760894af857443a8908b329539f9b48b832af127edbda3f135aa64d68def3ba5e56a74bf366f8a7ea478c4293c0241cd38df3ef31100871cbeda084d1ee61ffcdeb7bc818f1d751e3df3c5b72e2430a"]}, 0x108}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r6 = accept$unix(r1, &(0x7f0000000640)=@abs, &(0x7f0000000540)=0x6e) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f00000006c0)={r6, 0x3, 0x8, 0x4}) openat(r5, &(0x7f0000000380)='./file0\x00', 0x24000, 0x20) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000500)='numa_maps\x00') syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) getresgid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f00000003c0)) [ 1561.131126] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1561.137196] FAULT_INJECTION: forcing a failure. [ 1561.137196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1561.138812] CPU: 1 PID: 9102 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1561.139731] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1561.140797] Call Trace: [ 1561.141163] dump_stack+0x107/0x167 [ 1561.141652] should_fail.cold+0x5/0xa [ 1561.142165] _copy_from_user+0x2e/0x1b0 [ 1561.142703] __copy_msghdr_from_user+0x91/0x4b0 [ 1561.143325] ? __ia32_sys_shutdown+0x80/0x80 [ 1561.143920] ? __lock_acquire+0x1657/0x5b00 [ 1561.144511] ___sys_recvmsg+0xd5/0x200 [ 1561.145041] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1561.145694] ? __fget_files+0x2cf/0x520 [ 1561.146225] ? lock_acquire+0x197/0x470 [ 1561.146752] ? find_held_lock+0x2c/0x110 [ 1561.147296] ? __might_fault+0xd3/0x180 [ 1561.147829] ? lock_downgrade+0x6d0/0x6d0 [ 1561.148389] do_recvmmsg+0x24c/0x6d0 [ 1561.148891] ? ___sys_recvmsg+0x200/0x200 [ 1561.149450] ? lock_downgrade+0x6d0/0x6d0 [ 1561.149982] ? ksys_write+0x12d/0x260 [ 1561.150496] ? wait_for_completion_io+0x270/0x270 [ 1561.151140] ? rcu_read_lock_any_held+0x75/0xa0 [ 1561.151758] ? vfs_write+0x354/0xb10 [ 1561.152260] __x64_sys_recvmmsg+0x20f/0x260 [ 1561.152839] ? ksys_write+0x1a9/0x260 [ 1561.153351] ? __do_sys_socketcall+0x600/0x600 [ 1561.153961] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1561.154659] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1561.155346] do_syscall_64+0x33/0x40 [ 1561.155843] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1561.156520] RIP: 0033:0x7fcf11593b19 [ 1561.157024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1561.159471] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1561.160432] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1561.161386] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1561.162331] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1561.163230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1561.164176] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:09:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xc00e, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:09:23 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) r0 = openat$incfs(0xffffffffffffffff, &(0x7f00000003c0)='.log\x00', 0x11b040, 0xc9) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000400)={0x0, {}, 0x0, {}, 0x7f, 0x5, 0x17, 0x1d, "ba66dde5a539ba188a5e77752ec79cb9b75a9f829164eb662d82c3185d0422a380e33b7bdaaa0daeaf8b19601c9861ee2dd339a6f83aa45de663fe66eeae934a", "c871bd7c569da94d0d51cc8d5ccfff03d6957d0f55b442b7f2c06199453074a1", [0x0, 0x400]}) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r1, r2) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r1, 0x8010661b, &(0x7f0000000040)) fgetxattr(0xffffffffffffffff, &(0x7f0000000240)=@random={'os2.', '\x00'}, &(0x7f0000000280)=""/223, 0xdf) setfsgid(0x0) stat(&(0x7f0000000380)='./file0\x00', &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r3, 0x0) mount$9p_rdma(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x40400, &(0x7f0000000180)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@common=@access_user}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'H{&-,{$&['}}, {@smackfsdef}, {@measure}, {@dont_measure}, {@fsmagic={'fsmagic', 0x3d, 0x95ea}}, {@fowner_eq={'fowner', 0x3d, r3}}]}}) 23:09:23 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x98, 0x0, 0x0) [ 1561.212201] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1561.213892] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:09:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa1, 0x0, 0x0) [ 1561.228659] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1561.229691] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:09:23 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x6, 0x0, 0x0) [ 1561.239168] kauditd_printk_skb: 12 callbacks suppressed [ 1561.239195] audit: type=1326 audit(1745017763.663:55): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9111 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1561.246293] audit: type=1326 audit(1745017763.666:56): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9111 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1561.272247] audit: type=1326 audit(1745017763.666:57): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9111 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1561.287285] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1561.288868] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1561.290618] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1561.302689] audit: type=1326 audit(1745017763.666:58): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9111 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1561.307376] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1561.326582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1561.328134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1561.329868] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1561.336735] audit: type=1326 audit(1745017763.666:59): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9111 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1561.358279] audit: type=1326 audit(1745017763.666:60): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9111 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1561.371992] audit: type=1326 audit(1745017763.667:61): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9111 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1561.384143] audit: type=1326 audit(1745017763.669:62): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9111 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1561.393707] audit: type=1326 audit(1745017763.672:63): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9111 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 [ 1561.402887] audit: type=1326 audit(1745017763.673:64): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9111 comm="syz-executor.5" exe="/syz-executor.5" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f138d785b19 code=0x7ffc0000 23:09:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 80) 23:09:39 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000200)=""/155, 0x9b, 0x200) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x12418, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f0000000000)='\x00', 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) r2 = creat(&(0x7f0000000180)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, r3, 0x0) openat(0xffffffffffffffff, 0x0, 0x36400, 0xe375d1901a7fcc3b) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) dup2(r2, 0xffffffffffffffff) pwrite64(0xffffffffffffffff, &(0x7f0000000380)="649fbbcc263319a35eafcd3d973648bd0205bfe4d3d4d1571ab6d074edcbf8e58b4aa2d92ac9dedbd1fa4e68017b1d61a11105667fcddb829ad89c9c72fff68161f20effe6efbb312bc648", 0x4b, 0x2) r4 = signalfd(r2, &(0x7f0000000040)={[0x7ff]}, 0x8) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0xa91f, 0x10, 0x0, 0x3be, 0x0, r4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x5, 0x2004, @fd_index=0x6, 0x7, 0x0, 0x0, 0x13, 0x1}, 0x99a2) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x5, 0x2004, @fd=r1, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="d7545a2499947df83f295ad96760de47cea11f2628bb29fa0bcdee6840083517629084b3d6fa09453b798b5f4a1fc68e0ffa321d4df85280f0cab5d2ee97b787b1ad0d53b27a75f202cb84cac35049d6ef0cb08bd465de08421ab4cec01ee4e1278a00d5e195d71af44a110a46fe7e9ed427863c123b7d7d3d94653d92c1e3a3b7136fee9ca8af4229aa46ba8ea46c6249c6603c5016f4d54ae79adec879b0e04ceb4ae4a839583ab99846b75a6df0b505e5804ed4f7e0d3f45895608c2ee421484030df8d0ffe68e22e9e90c057eab9cd81e634", 0xd4}], 0x1, 0x8, 0x0, {0x0, r7}}, 0xfe) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x1f012, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x656a, 0x8ce8, 0x0, &(0x7f0000000340), 0x8) 23:09:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xed00, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:09:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x7, 0x0, 0x0) 23:09:39 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001700)=ANY=[@ANYBLOB="6800000000010104000000000000000002000000240001801400018008000100ffffffff08000200e00000010c0002800500010000000000240002800c000280050001000000000014000180080001dd21cd9aa18ee252b6c862f46097698100ac14140008000200"], 0x68}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x14, 0x2, 0x1, 0x101}, 0x14}}, 0x0) 23:09:39 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x99, 0x0, 0x0) 23:09:39 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2, 0x0, 0x0) 23:09:39 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa2, 0x0, 0x0) [ 1576.743826] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1576.744872] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1576.745641] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1576.754310] FAULT_INJECTION: forcing a failure. [ 1576.754310] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1576.757052] CPU: 1 PID: 9131 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1576.758564] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1576.760384] Call Trace: [ 1576.760969] dump_stack+0x107/0x167 [ 1576.761780] should_fail.cold+0x5/0xa [ 1576.762628] _copy_from_user+0x2e/0x1b0 [ 1576.763509] __copy_msghdr_from_user+0x91/0x4b0 [ 1576.764532] ? __ia32_sys_shutdown+0x80/0x80 [ 1576.765508] ? __lock_acquire+0x1657/0x5b00 [ 1576.766471] ___sys_recvmsg+0xd5/0x200 [ 1576.767327] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1576.768404] ? __lockdep_reset_lock+0x180/0x180 [ 1576.769441] ? lock_acquire+0x197/0x470 [ 1576.770311] ? find_held_lock+0x2c/0x110 [ 1576.771211] ? __might_fault+0xd3/0x180 [ 1576.772085] ? lock_downgrade+0x6d0/0x6d0 [ 1576.773016] do_recvmmsg+0x24c/0x6d0 [ 1576.773851] ? ___sys_recvmsg+0x200/0x200 [ 1576.774761] ? lock_downgrade+0x6d0/0x6d0 [ 1576.775681] ? ksys_write+0x12d/0x260 [ 1576.776530] ? wait_for_completion_io+0x270/0x270 [ 1576.777607] ? rcu_read_lock_any_held+0x75/0xa0 [ 1576.778624] ? vfs_write+0x354/0xb10 [ 1576.779447] __x64_sys_recvmmsg+0x20f/0x260 [ 1576.780395] ? ksys_write+0x1a9/0x260 [ 1576.781240] ? __do_sys_socketcall+0x600/0x600 [ 1576.782246] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1576.783398] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1576.784528] do_syscall_64+0x33/0x40 [ 1576.785351] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1576.786470] RIP: 0033:0x7fcf11593b19 [ 1576.787281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1576.791325] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1576.792986] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1576.794541] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1576.796086] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1576.797634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1576.799181] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1576.802453] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1576.804775] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1576.807089] kauditd_printk_skb: 32 callbacks suppressed 23:09:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x8, 0x0, 0x0) 23:09:39 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3, 0x0, 0x0) [ 1576.807105] audit: type=1400 audit(1745017779.227:97): avc: denied { tracepoint } for pid=9129 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 23:09:39 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa3, 0x0, 0x0) [ 1576.867644] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 1576.869713] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 1576.871150] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 1576.872527] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 40 00 [ 1576.874139] blk_update_request: I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 29 prio class 0 [ 1576.877151] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.878936] blk_update_request: I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1576.881252] buffer_io_error: 582 callbacks suppressed [ 1576.881263] Buffer I/O error on dev sr0, logical block 0, async page read [ 1576.884903] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.886784] blk_update_request: I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1576.888872] Buffer I/O error on dev sr0, logical block 1, async page read [ 1576.892462] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.893677] blk_update_request: I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1576.895762] Buffer I/O error on dev sr0, logical block 2, async page read [ 1576.897827] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.899026] blk_update_request: I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1576.901156] Buffer I/O error on dev sr0, logical block 3, async page read 23:09:39 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x9a, 0x0, 0x0) [ 1576.914425] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.915957] blk_update_request: I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1576.918087] Buffer I/O error on dev sr0, logical block 4, async page read [ 1576.923630] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.924868] blk_update_request: I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1576.927007] Buffer I/O error on dev sr0, logical block 5, async page read [ 1576.929246] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.930424] blk_update_request: I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1576.932564] Buffer I/O error on dev sr0, logical block 6, async page read [ 1576.935174] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.936342] blk_update_request: I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1576.938484] Buffer I/O error on dev sr0, logical block 7, async page read [ 1576.940135] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.941351] blk_update_request: I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1576.943443] Buffer I/O error on dev sr0, logical block 0, async page read [ 1576.945068] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.946279] Buffer I/O error on dev sr0, logical block 1, async page read [ 1576.949704] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.951078] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.952385] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.953744] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.955044] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.956317] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.957891] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.959265] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.960546] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.962079] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.963360] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.964636] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.965958] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.967237] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.968870] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.970194] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.971472] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.972781] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.974068] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.975354] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.976703] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.977983] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.979342] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.981182] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.982450] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.983743] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.985008] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.986338] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.987680] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.988936] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.990967] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.992464] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.993975] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.995452] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.996943] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1576.998444] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 23:09:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xf000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:09:39 executing program 3: r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000100)='.log\x00', 0x276ef0e0967631d4, 0x7f) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8d0d51e52eb75870, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x55d3, 0x0, 0x3, 0x0, 0x0, r1}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r4, 0x0, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000100ec00180000006697987a3f0660bfae052314908ca77469a4d8af4f923b7a5ce293c654e68a349c73555abb2ae781b4d8d6f4f3d29d1737e565645f5170c1f8238a53f82932932bc346010ff6388d87828bf873426ee4e105072ee90d82ecb02770b516f5fab3f895b85bfeacd2d6ddb154717171a0b0143136bbd74afc955b18d1b37b5222801da6f408dedb3f8c608ae664b05944268a616e899bdb4231401951a60c43269343c5878eeb34973f150d03b92da1062a0f379aa3e88384552a09934e0f2a6168bde1f80607247bb79508c803164bd9d4117b57b67c2a454061d202137940301c599d4e327acee09ab574cfd8faf7070e4221d86515b39dc743055418ef4441", @ANYRES32=0xffffffffffffffff, @ANYBLOB="ffff0000000000002e2f66696c653000"]) io_uring_enter(r7, 0x647c, 0xad9f, 0x2, &(0x7f0000000240), 0x8) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000001c0)={'syz_tun\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="d11faa24a59c291ef1d37e883061aa4024203d9150ebf3794a8a8d4c000000000000000000"]}) setsockopt$inet6_int(r6, 0x29, 0x3a, &(0x7f0000000080)=0x3ff, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x800, 0x0, 0x0, 0x10, 0x0, {0x1}}, 0xffff) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}}, 0x0) io_uring_enter(r2, 0x58ab, 0x0, 0x0, 0x0, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r8}}, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x4, &(0x7f0000000280), 0x1, 0x0, 0x1}, 0xffffffff) [ 1577.001943] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.003425] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.006737] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.010873] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.012207] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.013529] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.014851] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.016141] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.017444] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.018745] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.020146] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.022471] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.024859] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.026529] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.027961] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.029296] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.031498] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.033854] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.035641] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.037129] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.038894] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.041235] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.042877] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.044434] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.046064] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.051724] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1577.053324] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1577.055324] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.056636] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.058308] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.061098] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.062346] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.063639] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.064864] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.066091] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.067304] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.068759] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.070251] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.072120] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.073471] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.074795] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.076202] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.077624] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.078954] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.081635] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.084674] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.085953] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.087189] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.088481] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.089714] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.090984] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.092189] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.093606] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.096716] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.097935] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.099141] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.100464] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.101720] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.102913] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.106007] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.107754] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.110057] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.111414] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 23:09:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 81) [ 1577.112847] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.114954] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.116341] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.117775] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.119223] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.121176] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.122236] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.123339] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.124383] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.125706] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.126757] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.127831] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.128876] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.130131] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.131176] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.132237] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.133294] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.134388] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.135441] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.136505] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.137606] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.138702] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.139772] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.140822] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.141890] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.142940] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.143994] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.145038] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.146127] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.147282] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.148358] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.149456] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.150489] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.151569] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.152610] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.153644] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.154702] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.156256] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.158260] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.162186] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.168251] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.170094] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.177457] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.183368] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.196062] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.197843] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.201017] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.202237] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.203252] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.204285] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.205313] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.206425] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.207447] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.209054] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.211315] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.212786] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.214130] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.215385] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.217141] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.218420] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.219905] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.221089] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.222290] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.223378] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.224484] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.225640] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.226707] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.227808] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.230711] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.231813] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.232872] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.233772] FAULT_INJECTION: forcing a failure. [ 1577.233772] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1577.233801] CPU: 0 PID: 9175 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1577.233817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1577.235865] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.237215] Call Trace: [ 1577.237241] dump_stack+0x107/0x167 [ 1577.237262] should_fail.cold+0x5/0xa [ 1577.238811] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.239782] _copy_from_user+0x2e/0x1b0 [ 1577.239814] __copy_msghdr_from_user+0x91/0x4b0 [ 1577.240357] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.241017] ? __ia32_sys_shutdown+0x80/0x80 [ 1577.241037] ? __lock_acquire+0x1657/0x5b00 [ 1577.241076] ___sys_recvmsg+0xd5/0x200 [ 1577.241842] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.242816] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1577.242837] ? __fget_files+0x2cf/0x520 [ 1577.242863] ? lock_acquire+0x197/0x470 [ 1577.243655] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.244512] ? find_held_lock+0x2c/0x110 [ 1577.245568] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.246326] ? __might_fault+0xd3/0x180 [ 1577.247247] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.247866] ? lock_downgrade+0x6d0/0x6d0 [ 1577.247907] do_recvmmsg+0x24c/0x6d0 [ 1577.249997] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.250671] ? ___sys_recvmsg+0x200/0x200 [ 1577.250693] ? lock_downgrade+0x6d0/0x6d0 [ 1577.251491] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.252484] ? ksys_write+0x12d/0x260 [ 1577.252517] ? wait_for_completion_io+0x270/0x270 [ 1577.253334] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.254321] ? rcu_read_lock_any_held+0x75/0xa0 [ 1577.254339] ? vfs_write+0x354/0xb10 [ 1577.254365] __x64_sys_recvmmsg+0x20f/0x260 [ 1577.255149] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.256137] ? ksys_write+0x1a9/0x260 [ 1577.256158] ? __do_sys_socketcall+0x600/0x600 [ 1577.256183] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1577.257001] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.257669] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1577.257692] do_syscall_64+0x33/0x40 [ 1577.258711] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.259455] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.260289] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.261256] RIP: 0033:0x7fcf11593b19 [ 1577.261276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.261292] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 [ 1577.262086] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.262948] ORIG_RAX: 000000000000012b [ 1577.262960] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1577.262970] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1577.262988] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1577.264003] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.264843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1577.264854] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1577.288429] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.290357] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.291757] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.293190] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.294498] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.295895] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.299143] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.300538] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.302211] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.303674] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.305003] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.306364] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.307729] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.325403] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 1577.327602] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 1577.329057] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 1577.330494] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 01 00 00 01 00 [ 1577.332391] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.333523] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.335148] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.336205] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.338141] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.339380] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.340428] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.341515] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.343384] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.345274] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.347201] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.349242] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.351179] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.353244] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.356213] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.358182] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.359720] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.361091] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.362179] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.363524] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.364678] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.365737] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.366877] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.367930] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.369039] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.370118] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.371169] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.372318] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.374010] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.375782] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.377113] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.378543] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.381260] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.384327] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.386324] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.388211] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.393613] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.395863] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.399287] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.401232] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.402741] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.404117] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.405648] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.406979] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.408470] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.409854] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.411197] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.412690] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.414028] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.415379] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.416759] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.418148] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.419513] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.420568] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.423092] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.424963] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.427320] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.429662] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.431514] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.433904] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.436280] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.438134] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.439943] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.442345] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.443752] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.445152] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.446681] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.448032] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.449406] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.450795] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.452225] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.453731] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.455084] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.456473] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.457883] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.459256] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.460736] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.462139] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.463658] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.465013] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.466818] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.468522] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.470248] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.471749] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.473155] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.474582] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.476164] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.478207] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.480171] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.482329] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.484344] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.486312] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.488206] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.491265] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.495834] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.497228] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.498704] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.500310] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.501872] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.503353] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.506303] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.508193] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.511189] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.513110] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.516623] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.518567] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.520478] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.522543] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.524086] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.525478] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.526930] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.528334] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.529781] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.531253] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.532796] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.534306] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.537238] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.539333] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.541442] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.543607] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.546458] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.548649] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.551085] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.553675] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.555173] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.556821] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.558277] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.559804] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.561243] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.563198] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.564985] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.566526] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.568162] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.569932] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.571181] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.572811] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.574714] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.577683] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.579584] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.582173] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.584207] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.585675] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.587593] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.589105] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.590488] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.592358] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.593805] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.598030] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.599690] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.604214] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.606130] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.608591] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.610480] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.613092] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.614929] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.617111] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.619160] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.620604] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.622647] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.623985] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.625834] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.626829] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.628469] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.630315] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.634264] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.637468] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.639342] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.642078] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.644425] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.646377] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.648358] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.649760] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.651158] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.652569] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.653964] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.655308] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.656821] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.658250] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.660311] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.663300] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.668195] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.670271] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.672629] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.674652] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.677309] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.679730] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.681225] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.682693] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.684516] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.685848] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.687431] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.689189] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.692309] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.696238] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.702174] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.705469] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.707419] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.710166] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.713292] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.716235] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.717833] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.719255] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.720817] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.722272] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.723713] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.726184] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.727689] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.729122] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.730910] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.732328] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.733770] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.735210] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.736717] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.738131] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.739502] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.740949] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.742430] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.743855] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.745318] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.746759] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.748203] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.749726] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.751132] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.752596] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.754143] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.755547] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.757008] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.758440] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.759863] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.761742] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.763160] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.764582] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.766100] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.767943] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.769748] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.771150] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.772615] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.774045] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.775452] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.776872] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.778433] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.779760] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.891499] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 1577.893731] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 1577.895240] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 1577.896693] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 01 00 00 01 00 [ 1577.899292] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.900328] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.901344] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.902336] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.903326] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.904326] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.905329] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.906329] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.911207] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.913965] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.915202] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.916428] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.917696] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.918915] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.920132] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.921364] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.923200] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.924215] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.925232] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.926242] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.927259] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.928269] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.929285] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.930293] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.931381] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.932399] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.933420] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.934432] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.935446] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.936459] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.937480] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.938491] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.940245] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.941802] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.943333] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.944915] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.945982] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.947429] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.948698] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.950305] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.951331] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.952336] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.953436] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.954443] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.955443] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.956448] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.957474] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.958481] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.959479] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.960478] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.961630] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.962717] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.963795] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.964802] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.965853] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.967115] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.968857] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.969930] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.971881] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.973118] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.974348] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.975581] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.976814] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.978035] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.979232] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.980456] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.981600] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.982630] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.983658] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.984651] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.985673] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.986671] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.987693] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.989186] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.990314] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.991342] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.992365] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.993369] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.994392] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.995442] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.996529] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.997676] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1577.999880] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.001114] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.002405] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.003928] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.005466] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.006869] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.008778] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.010012] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.011099] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.012112] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.013113] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.014144] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.015160] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.016174] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.017185] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.018187] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.019293] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.020788] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.021807] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.022828] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.023835] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.024792] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.026013] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.028282] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.030030] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.031586] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.033147] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.034377] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.035605] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.036856] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.038081] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.039304] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.040438] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.041459] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.042461] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.043462] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.044489] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.045496] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.046497] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.047501] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.048601] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.049617] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.050611] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.051634] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.052627] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.053642] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.054642] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.055692] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.057395] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.060114] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.062449] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.065834] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.066846] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.067851] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.068862] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.069895] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.070897] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.071897] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.072910] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.073989] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.075016] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.076008] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.077022] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.078057] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.079058] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.080064] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.081073] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.082215] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.083241] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.084248] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.085259] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.086292] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.087306] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.089093] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.090174] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.092890] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.094102] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.095347] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.096578] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.097858] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.099047] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.100256] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.101476] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.102610] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.103627] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.104610] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.105642] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.107070] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.108111] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.109143] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.110383] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.111524] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.113253] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.114257] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.115283] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.116321] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.117339] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.118351] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.119395] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.122390] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.123991] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.125251] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.126463] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.127798] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.129009] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.130262] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.131516] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.132622] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.133672] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.134724] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.135755] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.136790] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.137791] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.138793] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.139814] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.140908] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.141913] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.142912] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.143926] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.145461] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.146475] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.147467] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.148487] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.149591] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.150675] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.151693] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.152902] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.153942] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.154962] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.155996] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.157024] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.158603] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.160524] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.161895] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.163154] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.164370] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.165714] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.166921] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.168140] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.169267] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.170277] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.171291] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.172289] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.173339] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.174515] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.175582] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.176564] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.177649] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.178658] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.179655] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.180711] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.181851] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.182858] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.183878] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.184891] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.186791] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.189175] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.190782] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.192314] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.193309] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.194276] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.197443] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.199311] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.201224] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.203134] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.206260] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.208178] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.212967] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.215388] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.216879] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.218267] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.219680] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.221103] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.223072] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.224466] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.225869] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.227232] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.228793] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.230169] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.231521] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.232948] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.234314] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.235688] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.237085] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.238456] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.239892] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.242382] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.243749] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.245175] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.246583] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.247950] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.249364] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.250729] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.252211] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.253647] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.255013] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.256371] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.257772] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.259145] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.260488] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.261913] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.263341] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.264725] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.266146] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.267640] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.269014] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.270419] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.271769] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.273132] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.274680] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.276040] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.277751] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.279424] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.281132] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.282576] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.283846] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.285305] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.287441] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.288447] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.291371] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.294113] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.296346] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 1578.298135] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 23:09:56 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000040)=0x3, 0x2) 23:09:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x9, 0x0, 0x0) 23:09:56 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa4, 0x0, 0x0) 23:09:56 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 82) 23:09:56 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4, 0x0, 0x0) 23:09:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x34000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:09:56 executing program 3: r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x0, 0x0) fstatfs(r1, &(0x7f00000006c0)=""/182) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000002c0)='./file1\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', r2, r3, 0x1000) r4 = socket$inet_udplite(0x2, 0x2, 0x88) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000400), 0x303242, 0x0) r5 = syz_open_dev$vcsa(&(0x7f0000000040), 0x5, 0x400081) socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000005c0)={{{@in, @in6=@mcast2}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'vxcan1\x00'}) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000000, 0x110, r5, 0x8000000) r6 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000002480), 0x800, 0x0) ioctl$CDROMREADAUDIO(r6, 0x530e, &(0x7f0000000ac0)={@msf, 0x1, 0x1, &(0x7f0000000a80)=""/1}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0xc, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) 23:09:56 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x9b, 0x0, 0x0) [ 1594.390050] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1594.391113] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1594.391447] FAULT_INJECTION: forcing a failure. [ 1594.391447] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1594.394895] CPU: 0 PID: 9183 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1594.395945] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1594.396345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1594.396356] Call Trace: [ 1594.397411] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1594.399144] dump_stack+0x107/0x167 [ 1594.399166] should_fail.cold+0x5/0xa [ 1594.402605] _copy_from_user+0x2e/0x1b0 [ 1594.403451] __copy_msghdr_from_user+0x91/0x4b0 [ 1594.404428] ? __ia32_sys_shutdown+0x80/0x80 [ 1594.405370] ? __lock_acquire+0x1657/0x5b00 [ 1594.406298] ___sys_recvmsg+0xd5/0x200 23:09:56 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5, 0x0, 0x0) [ 1594.407121] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1594.408290] ? trace_hardirqs_on+0x5b/0x180 [ 1594.409206] ? lock_acquire+0x197/0x470 [ 1594.410056] ? find_held_lock+0x2c/0x110 [ 1594.410918] ? __might_fault+0xd3/0x180 [ 1594.411759] ? lock_downgrade+0x6d0/0x6d0 [ 1594.412649] do_recvmmsg+0x24c/0x6d0 [ 1594.413452] ? ___sys_recvmsg+0x200/0x200 [ 1594.414327] ? lock_downgrade+0x6d0/0x6d0 [ 1594.415214] ? ksys_write+0x12d/0x260 [ 1594.416031] ? wait_for_completion_io+0x270/0x270 [ 1594.417054] ? rcu_read_lock_any_held+0x75/0xa0 [ 1594.418047] ? vfs_write+0x354/0xb10 [ 1594.418842] __x64_sys_recvmmsg+0x20f/0x260 [ 1594.419753] ? ksys_write+0x1a9/0x260 [ 1594.420557] ? __do_sys_socketcall+0x600/0x600 [ 1594.421536] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1594.422648] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1594.423737] do_syscall_64+0x33/0x40 [ 1594.424531] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1594.425628] RIP: 0033:0x7fcf11593b19 [ 1594.426410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1594.430317] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1594.431933] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1594.433447] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1594.434958] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1594.436473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1594.437984] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:09:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x80000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1594.481183] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1594.482235] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:09:56 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x6, 0x0, 0x0) 23:09:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa, 0x0, 0x0) [ 1594.503738] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1594.504755] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:09:56 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x9c, 0x0, 0x0) 23:09:56 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa5, 0x0, 0x0) 23:09:56 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fef000/0x2000)=nil, 0x2000, 0xf, 0x12, r0, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000140)={0x49, 0x29, 0x2, {0x0, [{{}, 0x0, 0x0, 0x7, './file1'}, {{0x0, 0x0, 0x2}, 0x0, 0x8, 0x7, './file1'}]}}, 0x49) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0) fspick(r0, &(0x7f0000000040)='\x00', 0x1) sendfile(r2, r3, 0x0, 0x100000001) 23:10:10 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x7, 0x0, 0x0) 23:10:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x400300, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:10:10 executing program 5: sendmsg$NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0}, 0x0) pipe2(0x0, 0x80000) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x3, @dev}, {0x8, 0x2, @multicast1}}}]}]}, 0x2c}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r0, r1) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x108, 0x1d, 0xc21, 0x8000000, 0x25dfdbfc, {0x4, 0x0, 0x2}, [@nested={0x4, 0x11}, @generic="2ef9b9d79bb827e8b023d973f9a9b317430606a5eb854dcf902b63643a28dfea2b84efeeb6dd5765d40299ce6e50190d9408877186bdf575b0c6c65b685d75e818361d6b1d17e3cf85df0b3de40dc1ec6c27fdc611b63c9c9d1c566dd4d417a0d86a6b907220885899fea9320188a414523d893995ae45cdc0276ce695fd4969066c7fe9dbabe7b9f1185eaa5447775b2f81f9484dc04a388b73b9313d8395bb5588a2d2d59aaee6064f9ea0235eebdd073e56f754222c96782a97ca91ff39e0a241931526faa44f4a43cc21d76909df80017a7d975b60458ca0af08a73e18bb0a4e4a226258958c5ed14b5a4d"]}, 0x108}}, 0x88c0) 23:10:10 executing program 3: r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x0, 0x0) fstatfs(r1, &(0x7f00000006c0)=""/182) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000002c0)='./file1\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', r2, r3, 0x1000) r4 = socket$inet_udplite(0x2, 0x2, 0x88) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000400), 0x303242, 0x0) r5 = syz_open_dev$vcsa(&(0x7f0000000040), 0x5, 0x4001c0) socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000005c0)={{{@in, @in6=@mcast2}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'vxcan1\x00'}) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000000, 0x110, r5, 0x8000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f0000000780)={0x10c, 0x3c, 0x2, 0x70bd29, 0x25dfdbff, {0x1b}, [@typed={0x8, 0x1b, 0x0, 0x0, @u32=0x10000}, @generic="14bfcec92966affcd19d5b61edd64792812db09afde4b5a7be93cecc10f7b4d6337006182db347f5ca46fc0df9e481eb6a5145955c19cb43580e9abaaf6a2e711429bb21f175fd0cbf55cfa153b4a0e183ebdbc976584a46eee1a8473a4e77c4b0118f969714f74f9d5e883f906c2369512ca23407a11a3664ed7dee8c6264c8339b7d39e397e6f6ee7c06d85d6cb23067cfda7e8f96ec941f8c7bdf56e75f2e4421c3ced34a240ba58cca4e2ca0d21dd0ca39f52e463da7dcf428ab1c6803a90f3fdc5b82653a7909a0e5b86bececeff37c284f2e0d752619497cc1340ad705f28cb676c2ac9020aa042e678a45fd44"]}, 0x10c}, 0x1, 0x0, 0x0, 0x8040}, 0x20004800) r6 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000002480), 0x800, 0x0) ioctl$CDROMREADAUDIO(r6, 0x530e, &(0x7f0000000ac0)={@msf, 0x1, 0x1, &(0x7f0000000a80)=""/1}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0xc, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) 23:10:10 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 83) 23:10:10 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x9d, 0x0, 0x0) 23:10:10 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa6, 0x0, 0x0) 23:10:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb, 0x0, 0x0) [ 1608.043431] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1608.045171] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1608.062012] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1608.063828] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1608.072523] FAULT_INJECTION: forcing a failure. [ 1608.072523] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1608.075610] CPU: 1 PID: 9243 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1608.077362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1608.079487] Call Trace: [ 1608.080160] dump_stack+0x107/0x167 [ 1608.081085] should_fail.cold+0x5/0xa [ 1608.082075] _copy_from_user+0x2e/0x1b0 [ 1608.083090] __copy_msghdr_from_user+0x91/0x4b0 [ 1608.084273] ? __ia32_sys_shutdown+0x80/0x80 [ 1608.085398] ? __lock_acquire+0x1657/0x5b00 [ 1608.086521] ___sys_recvmsg+0xd5/0x200 [ 1608.087520] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1608.088777] ? trace_hardirqs_on+0x5b/0x180 [ 1608.089888] ? lock_acquire+0x197/0x470 [ 1608.090691] ? find_held_lock+0x2c/0x110 [ 1608.091725] ? __might_fault+0xd3/0x180 [ 1608.092732] ? lock_downgrade+0x6d0/0x6d0 [ 1608.093824] do_recvmmsg+0x24c/0x6d0 [ 1608.094782] ? ___sys_recvmsg+0x200/0x200 [ 1608.095857] ? lock_downgrade+0x6d0/0x6d0 [ 1608.096924] ? ksys_write+0x12d/0x260 [ 1608.097897] ? wait_for_completion_io+0x270/0x270 [ 1608.098924] ? rcu_read_lock_any_held+0x75/0xa0 [ 1608.099908] ? vfs_write+0x354/0xb10 [ 1608.100703] __x64_sys_recvmmsg+0x20f/0x260 [ 1608.101637] ? ksys_write+0x1a9/0x260 [ 1608.102446] ? __do_sys_socketcall+0x600/0x600 [ 1608.103413] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1608.104528] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1608.105632] do_syscall_64+0x33/0x40 [ 1608.106421] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1608.107507] RIP: 0033:0x7fcf11593b19 [ 1608.108266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1608.112179] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1608.113800] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1608.115306] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1608.116817] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1608.118375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1608.119879] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:10:10 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa7, 0x0, 0x0) 23:10:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xe0ffff, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:10:10 executing program 5: r0 = syz_io_uring_setup(0x4, &(0x7f0000000080), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3875, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000280)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x21daa100, 0x0, 0x0, 0x0, 0x0, 0x0, {0x2}}, 0xe49) 23:10:10 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x9e, 0x0, 0x0) 23:10:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc, 0x0, 0x0) [ 1608.242814] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1608.244456] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:10:10 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x8, 0x0, 0x0) 23:10:10 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 84) 23:10:10 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa8, 0x0, 0x0) 23:10:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xf0ffff, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1608.403089] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1608.404871] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1608.425863] FAULT_INJECTION: forcing a failure. [ 1608.425863] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1608.428410] CPU: 1 PID: 9277 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1608.429864] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1608.431624] Call Trace: [ 1608.432185] dump_stack+0x107/0x167 [ 1608.432957] should_fail.cold+0x5/0xa [ 1608.433778] _copy_from_user+0x2e/0x1b0 [ 1608.434626] __copy_msghdr_from_user+0x91/0x4b0 [ 1608.435613] ? __ia32_sys_shutdown+0x80/0x80 [ 1608.436544] ? __lock_acquire+0x1657/0x5b00 [ 1608.437468] ___sys_recvmsg+0xd5/0x200 [ 1608.438301] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1608.439338] ? __fget_files+0x2cf/0x520 [ 1608.440196] ? lock_acquire+0x197/0x470 [ 1608.441036] ? find_held_lock+0x2c/0x110 [ 1608.441894] ? __might_fault+0xd3/0x180 [ 1608.442740] ? lock_downgrade+0x6d0/0x6d0 [ 1608.443636] do_recvmmsg+0x24c/0x6d0 [ 1608.444431] ? ___sys_recvmsg+0x200/0x200 [ 1608.445310] ? lock_downgrade+0x6d0/0x6d0 [ 1608.446205] ? ksys_write+0x12d/0x260 [ 1608.447025] ? wait_for_completion_io+0x270/0x270 [ 1608.448053] ? rcu_read_lock_any_held+0x75/0xa0 [ 1608.449035] ? vfs_write+0x354/0xb10 [ 1608.449836] __x64_sys_recvmmsg+0x20f/0x260 [ 1608.450750] ? ksys_write+0x1a9/0x260 [ 1608.451556] ? __do_sys_socketcall+0x600/0x600 [ 1608.452528] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1608.453657] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1608.454751] do_syscall_64+0x33/0x40 [ 1608.455542] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1608.456629] RIP: 0033:0x7fcf11593b19 [ 1608.457413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1608.461313] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1608.462947] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1608.464450] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1608.465969] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1608.467478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1608.468986] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:10:25 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 85) 23:10:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x1000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:10:25 executing program 3: r0 = syz_io_uring_setup(0x12a8, &(0x7f0000000240), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x8, 0x11, r0, 0x10000000) r5 = syz_io_uring_setup(0x19b5, &(0x7f0000003480), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r8, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r5, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r5, 0x8000000) syz_io_uring_submit(r9, r7, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000100)) syz_io_uring_submit(r10, 0x0, &(0x7f0000000040)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x7ff) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r10, r7, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd_index=0x2, 0x2, 0x0, 0x0, 0x0, 0x1, {0x0, r11}}, 0x4a) syz_io_uring_submit(r1, r4, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x77359400}, 0x1, 0x1, 0x0, {0x0, r11}}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x2000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x541, 0x1}, 0x8001, 0x8, 0x0, 0x4, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_enter(r0, 0x7e66, 0x9016, 0x0, &(0x7f0000000340), 0x8) 23:10:25 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x9, 0x0, 0x0) 23:10:25 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0x9f, 0x0, 0x0) 23:10:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd, 0x0, 0x0) 23:10:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa9, 0x0, 0x0) [ 1623.314100] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1623.315960] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:10:25 executing program 5: process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000001ec0)=[{&(0x7f0000001a80)=""/94, 0x5e}], 0x1, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)="ee", 0x1}], 0x100000000000037f) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendfile(r0, r2, &(0x7f0000000000)=0xffffffffffffffff, 0x1) fork() r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002740), 0xffffffffffffffff) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_EEE_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x34, r4, 0x1, 0x0, 0x0, {0x8}, [@ETHTOOL_A_EEE_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}]}]}, 0x34}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan0\x00'}) r7 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8000) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) [ 1623.336745] SELinux: Context î is not valid (left unmapped). [ 1623.348925] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1623.350595] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1623.369645] FAULT_INJECTION: forcing a failure. [ 1623.369645] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1623.372200] CPU: 0 PID: 9299 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1623.373635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1623.375388] Call Trace: [ 1623.375949] dump_stack+0x107/0x167 [ 1623.376711] should_fail.cold+0x5/0xa [ 1623.377514] _copy_from_user+0x2e/0x1b0 [ 1623.378362] __copy_msghdr_from_user+0x91/0x4b0 [ 1623.379338] ? __ia32_sys_shutdown+0x80/0x80 [ 1623.380263] ? __lock_acquire+0x1657/0x5b00 [ 1623.381179] ___sys_recvmsg+0xd5/0x200 [ 1623.382003] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1623.383026] ? __fget_files+0x2cf/0x520 [ 1623.383860] ? lock_acquire+0x197/0x470 [ 1623.384689] ? find_held_lock+0x2c/0x110 [ 1623.385549] ? __might_fault+0xd3/0x180 [ 1623.386400] ? lock_downgrade+0x6d0/0x6d0 [ 1623.387282] do_recvmmsg+0x24c/0x6d0 [ 1623.388066] ? ___sys_recvmsg+0x200/0x200 [ 1623.388937] ? lock_downgrade+0x6d0/0x6d0 [ 1623.389817] ? ksys_write+0x12d/0x260 [ 1623.390622] ? wait_for_completion_io+0x270/0x270 [ 1623.391629] ? rcu_read_lock_any_held+0x75/0xa0 [ 1623.392601] ? vfs_write+0x354/0xb10 [ 1623.393381] __x64_sys_recvmmsg+0x20f/0x260 [ 1623.394289] ? ksys_write+0x1a9/0x260 [ 1623.395084] ? __do_sys_socketcall+0x600/0x600 [ 1623.396040] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1623.397139] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1623.398225] do_syscall_64+0x33/0x40 [ 1623.399002] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1623.400073] RIP: 0033:0x7fcf11593b19 [ 1623.400848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1623.404695] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1623.406298] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1623.407787] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1623.409277] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1623.410770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1623.412258] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:10:25 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xa0, 0x0, 0x0) 23:10:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe, 0x0, 0x0) 23:10:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xaa, 0x0, 0x0) 23:10:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x2000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:10:25 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa, 0x0, 0x0) [ 1623.521884] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1623.523535] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:10:38 executing program 5: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$msdos(&(0x7f0000000080), 0x0, 0x0, 0x1, &(0x7f00000003c0)=[{0x0}], 0x0, &(0x7f0000001580)) r0 = syz_open_dev$rtc(&(0x7f00000000c0), 0x80000000, 0x8000) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r1, r2) openat(r1, &(0x7f0000000180)='./file0\x00', 0x800, 0x180) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x1, &(0x7f0000000100)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@noextend}, {@posixacl}], [{@obj_user={'obj_user', 0x3d, 'msdos\x00'}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}}) 23:10:38 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb, 0x0, 0x0) 23:10:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x3000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:10:38 executing program 3: getresuid(&(0x7f0000000000)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x4197a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x8000}, 0x16c0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000080)='devpts\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = io_uring_setup(0x6c1a, &(0x7f0000001580)={0x0, 0x9b16, 0x2d, 0x2, 0x2d8}) io_uring_enter(r3, 0x4bad, 0x4, 0x2, &(0x7f0000001880)={[0x5]}, 0x8) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000380)) fsmount(r2, 0x0, 0xbf) vmsplice(r1, &(0x7f00000017c0)=[{&(0x7f00000000c0)="93592f18bb1bf35e2833e9996fa325df362240225b8d5297c437ef2ddbc14cf8dd2e9b1329a663d12af7da2b7ba09fb151c590ee473a9f6edeae0149bdac7cebb7787205af9a6904a23cb7b108bc9a11b8b669d4daf8553c5f1a4fd3c77c36bc6e92dbf3e37e22b841e5aa8dd0b95b85a734db", 0x73}, {&(0x7f0000000040)="96c741a69e29aa29a1ca95767fcd99c2afad9479c38062e06c8a849135d1dec42c79721a8b3060475d", 0x29}, {&(0x7f0000000200)="ea30381de7701d689068a1f56e18de0a6bb2fd3f6edfad260d3ecc1c40b1a1b40c003e0f3e6197ff971c9b72efade23063efecc83618720440bc6f69491aa8eee73a75437d6f8eeef08f382c2b9b29dec894eae1d483f625fe5c891ceec4a484c37274e490449d80727f85be6115e22d7e583c6046c1ad65dff164d873ba7c6540f5c1108959e5c106007b351e", 0x8d}, {&(0x7f0000000580)="525a282b9814711a0dc99498e845144c38d33988aaa7dacdd1c44991cd7da2cef127f207f585d011f50f6bff927fffcda6ff16ea1cdf821904297e7349a2787abd2c88580fc7721725c5435bb9192e312449ed0608a0dc23b9ad571be247383feb006ebf0008fc5e6b7e8c1b21e5dd92e23b2afbfa1e918a3a6c282f0bd0ba42cc401137f0ce5c6b717a486f478dbcb72fe64408f494297aeb88c01f637875d9e5310a1d9db18058a6dbfae8dc1cd82b080b3416dfb624d87ec6933ca2096eb01da088ab2a9dc8d6a53a2b4d28cad219bfd8ff2a305caf0ce66a0b416e432858f4365fd6e67f9eed23628730ec5f39e9729358e0aa2a62b8be8110390f56205671bad4bcb1c133df3d29bfaa227b643c7b2bad4ee0514d0d84fe73197738cf465a8b67a0b2817c641876ec720461d7d1e7ac43e6661db8b9aa65b390dfc8a140ef028c6881e0167146dfeacb6c26d1148de6d3ec2a3abf4c42a165e20d0adfbe206c838c75e64ede6d765ad30699c0ab459b9ad8c4a244b40f733b272cd99b4766bc347f375939e05e01e95eeb7a629536b0bf34f032b307f94234a3f5efc19751170fdbcf353bc7a496b162eaf9eff4a67ef3b9cb312b44d909bc677361ae0efde6cf618f52d0b009de0df10b169759e055bd6f1b4705593f4630996607d43dcbbc186e09de83bd4bb3874bf30ff7345833459e377d7e360abfd576ddce909cd95f5c8ef91c2fa2752eeb5954b8450791e6fe522b3fb0246e7556ea464b5a2cd1660d82d2d7764c690d1a62dd1cbc93b9ce6ff7e54f01eee39d344d87e68e552a230c89a7138398ab0f3d274a5b2ee135b11315c167a21d72c21408ec27d9246fb5126c009b54cc16d63a4e282256189159f52d334fb320a2b6072851a868b1d338a28f5d94b33ac37a73cda62ca742467ca7505eb9723d0adc75320064f420c2bf08cefc6249d9cd3c9eedbc2321e6e03e1e187bab58f575fbb194aa2339daf5153ef3c1c79096c36524dd4c50f3914a27e1ca7f21dc0b1c310e19c2c659649af28dad3e78b277d387b5782622be042410c40c0332586e450cd2eac468e9dd666250e34fb8d6251104a7b293b6fa98a70d753b451df5ad69086a8e63c26962a7199128f0f415555f99c37eb419651905d1903dde81e35cb7744f89a50575b1c918a45676833d25516ace20adc0cf01e98204b7b409cc421abc494d7e6bb2a09c0a6dc4d7f546e047316d37845064544f1c04f3bd4da8d9cb8af0b186f868b0a3f9f9a7aeb0b3cc968f280c89287a4f5d161e09ad164e5e9f770b5296476c9744d3e42931752bb91cf4a8e259d279810795ab3308bbae8c7a321fabf79ce2415264cb93fec989c66bcfcfb82d6ace7e768fed0295057ca009fe8d51b7e797594d7ea61924b9023b0d068ffa94255b8f1459267ddff17fabba072aab67e8ba101c34eb94423ffafc04f76ebde3b35d905c591c1c147afcb02ecd6b1a1342c4f77f776f058d15cefe8c77fa76a4fb1c49b86589ac6ff54d549b8f332986895631d51e3f9a1c623e2e0f3ec042999d3acde40fb6dcd4f5b948e426e1abef3d5da9614510fdd4e3ac417005169d05c37243869a5c99038819b5569d1cb382de7d35ba5c9fd6ca349a12e6e6eccdce428b227f13f0def7b09e976acadcaff3187ea4736aa0c51d30aefa6edc9e55aec529a24857e8a590d4929d7c31fd940933f6e8371902abcf5d88c562b48048ce4eb4749b4791ffe3b2ea2c7c73f82161961ba2b6191f4b96493f3f1a7ccc337d5e2aded5f5cf05d296f60c178339905e89451d4f1d2822df29ca4de858f4e7cf88ce9b4f3a4c673f9b346ff8b68b18e11c8e52a59a4ddde4a411bf1653abb86b06d30e1f6041ef266a21ea309a90bc3cfe5fb73c4613c724226d21dc51075a4c448e7a41992a43cd75d1843ae22985aa827aa03035f20594ab1bcb4c8cd87561ead604b6d681551bc991154ada937a606f261a5c18c34c8d19dd784f191cd1cde7f782064b9a7d57ad915187356f91d343f3543a2369676234d6ef0238eb8a70c21a6826782154cfe972c8b7b72a1cc06065c6acb61bc09ad6b4d9cfe96981e56d8745053b0cc0f97836534f5266074037ff576d95ef40af977f80bca47f8149dbe579b8d422cd61e5a8dfb626cf637beaf56eb1ba1e007bfe501300bf659362d70b4cb3fa5031de8eb5457f0704ec83b1ca21ff1ace4b31c961a03fc86eb983af9b04e2929ce3e360441abda3a462a0035f218dc67965a828a52ef1bf9425e1988d741162c3f3b9a4cd282906fc6f430755aaaf2d2d6d83c871d67ca9a00c390712d6fa4c510780905b4a99b8a6ecb726e1557c25db0e6be9c81e8d445138757cb8df80e6c43242db6e78088243a25b2318cca046e6b7e096dca08f4878082e0e11d864f0ff3d5c1c7cba16e3e4dbc7cd6b7bae3776f5387b2ae2cecd5430e033a3eb61094f1f48b48c0b77ec9deb5f63a242a2a412d7f4938a1d3a3b203449cb597e6b5e74e6f14d2ee94b9854729ac87f58e459993ffe0fe016bc557b7d28a58c3dc59a60afd50d9ccd45fe546ec658c04266b5a51f8e665318f9004fd23b37266669911ab2fd1bf6de1337e9d0509f52511d02dd332d23a05f978ad722c0cae135165ccb4cfc9e34bdb22a4ff3ae27b5dc913985a31d84f1b5801eedcbf711a2a4e5fb956d09b7376a8c07c28129c85ab871482a36ab914f729d447112f28b3500b6be1402798dd4f8b91d008d36d534f52593ade954b0fc4aca0fdd90e7e99e5a66cb8ab32cb11a1783b8cd228ba8af420d56f694e878e8c946ef5946c59dd122512f8d91bfca9175bd6147b49f074dff042455dd39262cdb2494bd6ad356e5a98e3d22698585e41153a9ccf4783d2093a2d4c6d71bc73d30223722c435b430a6d106ad692970d897cde6723cdd8d6c38f4e15bfb868ae76bb6ae7f3adc4e9ec57e73759f97c4baa26b5f0790093a8f94fc58d1c9497d9cb28393b932ab35190b2540cf3f19d502578567ed520cb63893ef345d464b4db1357d17beb2cbb97368d7e26a6332d2c971bd850a717dc233a1bfb446c6376a587732fbc14631c4cd3d4a0d2b0d96f0ac0d1542a6111552acc2c73024bc2a1ebcc6b84d43e225c4494557e987678d22d82650c77e20973c944d8894390d7b9e8796c123c5062a9e7faa8f5f5e772444c28182eddb106ca7f24e482d3ef97b88e81eb90e9abd3158e6cde5c85798b9a79f355d6837188eec2386ef74f503ff62267459cbb2fb0389158584a21223f3978254140612ea91a130dedd47fbe5e45453a6642216536f8079cd414301a3af12955f575499de9d7f90416a904a693222e2f4de8c94515c63b9faf3713ec2177766e74bd70553fb2a8efd64bf80cd4ef9ebbeac01e416f798f4fe2d4fe43354e71af633d186840a8bfcda1e7c02f9ca86eac3720d5846a9a4289c32d96744e22e486baf1bcb11e58316eb3f28415830374f4498ec6567dbf787c21f927c215b5fdb6ef10841f109dba0db7edd8da4eb7fd859443e93763239e17a491d0142c5b308149e84a5efcf8556f0f2b995090874b65fc6f300cd9ba1a8a80c5c2fb7865080a13cba9cd092664d0c6193b2ac49b6f269443af81e012d468952792821b41a79aa2d27ed3ea4b2cc22dc7b36fb9bdb61c9436d4cd78763c4820e6bd8bbb076c91107acd7b55abd807df297213ac9dcedbaf315bf6d3583281e7f8dfacfef1733359eaa800c8e7df65bcfb9485a8a55a8891e6e9c3b082bd15f031128a93e2690b9a41f3dc2a363d1e8e0884a6abd3c52d1a4b20c63d2a9517a4d931c99bd84295622799d6281383824f504a3b0c17ee1cbfe684e7747fe8e3c2b0f675a2e328ed5ab863f711d148a76f77dd9c76e0d945886afba0cab7d4477bde940bf76b5f096de4eaf103865daa02e8fe439ac1d2b3b0f5fcad6b49cc2a1fe1ec62cf9b582cca26d05162048646fd931195ad5421639ef7f9cc294dcaba5f6e9fa3fcf21dc4330c35b8f5b967bce1d8b87a4bf3cb03bcdf32d18dc235c5b823af25b3f5d5de3b61f7eb97f7ab20caf4c64544398948320a169090d408b66464930dae269114b222a2d4d59580918937490f931158c8d0051a68396a4027bfde2dc3cf10ca9bc9031582ddc380aaea6fff70dfd92ccf5dbbb72ad431d31122be12cf97c529baa253e91a9e263eabb0b98fd4ebba07907e2b7cbfac53a332b9534c7bb2828652da304bc49a2d5fbf2fcabdcb65419f13bd6909c370a1113b8c5dbb02daf8904c82a0c34c597a75762f4c0e20a46617862a3369558b461020d7a95d3c668f589da56db71af5aca8701c94077f76349f91bb807d4e10da70a8301555275b9b1b108413070a69e35b82a82838de6bfa77a2081c3398dc93c10c4eb1fce4c57c8504ebf73e2fc9d33144f151844facff5bd23d7b6ed1a5b2723bf69df03eaa5c43ad03dbd72fc6f5a4decfaf8f67990d4d256861b492f7b9fe25c92bb954413abbfb9b4ee904a3663c7def634dd771853d5ec29dd09e091a0ba181a7fbaa783c6a4d4a2b270cc6ac49a23aa4c1cf6d66a0c8fbfe4abc72c0b826a480568ec66efd518b262c45a77bc9603e4de8e5110d0b1849b3f3fc5757335ff0424551bdde4d2965a14523f9bdbf9f34010456d6a025ba97b366f066ee922a5f51159a08f6fb79adc41991691ec85f7111d46954449c18743a552b8aee806b210319aa529f21ea4a1f879f2f5981d0200da1dc1824e0a37b7fc3d1b23e2ad7613c343049baf3d596f31d472f2a4dc3f54cf597b6a820360ae894997995fd4136edc443db052c15f91dccd0d62bf96fcf08339d82dbbfe294fda7f06d91aff43d5f538c59a6c170319e1aaa4c5f66dffe8195f5581c4e68dade2076c6e93be4919e88f1cd475378c0ca896885b43ad6a647ed4fe401849c4760bbb7d0df52be16ddb26ff5fe7b52fbaed32041f362315ded9ff9a02f27cd56958e65afe7a3794e5c01a805db98d42b5f36d1cfe8022dcfefc3252aea9daae51cdc1965dcced25d56c0ac2c006ad80e70ce0526a59a52d3df260154008769a52a73c5e51c4181b2cd9d96ebdaa76658c00eef48eaadb025eede7eebf1b2df5353d2f83030951e3deb008cc4b87163543ebc1d5c37b44a236f5ce89661311e190048a89d3f5b157d52896c170f35d593c2038a36120619e53e5d3a887a96d7a6665bddbb46d42985242f8f28adec43f5ac0801e3b914482c763dbf76c158c99c7536e74e0d6bb591fb666b71dd213a50090dea4a082e3d4615de35f1291990e43f9c2f1af7f021649676979c37ae88781e8082ad85be225da6454b7d3313d3b4a041cada40192b6d1741d1345c2ac30c4f9a21dbdc6592ec8c23832d332a6b71fbed4ffbdb8993c5bb9a3b619527e7c61c19a2c5af7f09872f263e02ccc966c6593d40c5decc3ee33a5dfc605152029fd1602b31ae8c8fdfaba2ae93f6e2f12a4ccc56467c3a9e027b309c5d392b18809887dca5efdfd91f4241e73cfa630916cb3f22fbee5203ab390965df91eaeee23291a1b7659edc3751bbddb0b327ba0ff8ed8e68c68d372cfee8bfd9ba64e0e72e057b373d26f437370047b4194157b3c97dca400e90758450b6877a7aa6efbca9cc56118bd150f297831d0392032c22e4a277704749651b0a69b93b1d4f02aeb100624b1457cf39982409635c1a3386101efe145d89eb81b1229ef23eb35571df5a8e2a412017ad030c99fd82c505a12cb6610b17c0f721758df0ca80abfb25fb6462f426a23fd", 0x1000}, {&(0x7f00000002c0)="e3ce6316f4881c3fa82286d95e7398f1c2c7e2fc505a9798f3428102a1c7333fe2b982eb8a81e470002d527cadbe143a88a3cdb1e40512e8c3e589a0a8dc5a06b76fae400255cb1eda964c22d2fefee6de797c27189e4c055d8863135e2d13a5d66670b800955f876ce08e75199c4e8a7a85829707a0ee836791686b3160b7dc4a18c89b834ba2635bbcc4b54df47b3d4f0257ca5967fd6c9f20458b3d4d1394ce8ab88bff0054259956c914ea38c039a2c4977a6ee267ed", 0xb8}, {&(0x7f0000001600)="12e936834f223d1e4f5790a9ebba91f3ddce359275cb75f901fdf8e21f2b738a5a661cf60a9605b084fdaa8b6989b85f6c203137e7e671ebd251eaf1700693945171cffbb7f29e421902ab21a8f6ae45816c6524a97b5db6ea98dd9047170304abb3c2c84fc4", 0x66}, {&(0x7f0000000140)="475577453cf5d538d315e54685a566b3b08424012ec68780456ff6470ebb", 0x1e}, {&(0x7f0000001680)="a3d911a67c7ec6fb6280101f0aed2aa1c4f0f779d287e494c561df13ab0fe98cab725963494b5147040cdaabec8799b5169812a254a88b6fd3c737cae9b5943cd46652eb2b3a4893e5697cb0ddc951a50bc96cc158b956aa7112ee0cf632e9360c5a2d2a85417f3fcee4718eec38a6ae281b709bf2438d8906f69b45d43f3779fdba4e7af16bd8e2d7c180eac88b2dc237e85d5f8c0037503f3a0db65f8a753d95d58720147ae29f71846eb14074ab4f9970ed8146ce6f959862082107a3ad019b1169757b2ae501186a8f68c68f6d05", 0xd0}, {&(0x7f0000001580)}, {&(0x7f0000001780)="381aefa6bade3c01ef4c9acc728df0a2bdc7c6ecb773b0295c3b3dfd5ae94ef7500803df841eb2f5c0c67b", 0x2b}], 0xa, 0xd) ioprio_set$uid(0x3, r0, 0x4000) 23:10:38 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xa1, 0x0, 0x0) 23:10:38 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xab, 0x0, 0x0) 23:10:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 86) 23:10:38 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xf, 0x0, 0x0) [ 1636.296102] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1636.297868] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1636.309009] FAULT_INJECTION: forcing a failure. [ 1636.309009] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1636.311591] CPU: 0 PID: 9338 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1636.313043] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1636.314813] Call Trace: [ 1636.315374] dump_stack+0x107/0x167 [ 1636.316146] should_fail.cold+0x5/0xa [ 1636.316955] _copy_from_user+0x2e/0x1b0 [ 1636.317803] __copy_msghdr_from_user+0x91/0x4b0 [ 1636.318805] ? __ia32_sys_shutdown+0x80/0x80 [ 1636.319739] ? __lock_acquire+0x1657/0x5b00 [ 1636.320668] ___sys_recvmsg+0xd5/0x200 [ 1636.321497] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1636.322537] ? trace_hardirqs_on+0x5b/0x180 [ 1636.323468] ? lock_acquire+0x197/0x470 [ 1636.324309] ? find_held_lock+0x2c/0x110 [ 1636.325176] ? __might_fault+0xd3/0x180 [ 1636.326029] ? lock_downgrade+0x6d0/0x6d0 [ 1636.326930] do_recvmmsg+0x24c/0x6d0 [ 1636.327723] ? ___sys_recvmsg+0x200/0x200 [ 1636.328607] ? lock_downgrade+0x6d0/0x6d0 [ 1636.329491] ? ksys_write+0x12d/0x260 [ 1636.330316] ? wait_for_completion_io+0x270/0x270 [ 1636.331339] ? rcu_read_lock_any_held+0x75/0xa0 [ 1636.332320] ? vfs_write+0x354/0xb10 [ 1636.333118] __x64_sys_recvmmsg+0x20f/0x260 [ 1636.334040] ? ksys_write+0x1a9/0x260 [ 1636.334844] ? __do_sys_socketcall+0x600/0x600 [ 1636.335815] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1636.336924] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1636.338032] do_syscall_64+0x33/0x40 [ 1636.338829] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1636.339916] RIP: 0033:0x7fcf11593b19 [ 1636.340702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1636.344617] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1636.346237] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1636.347739] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1636.349240] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1636.350758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1636.351039] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1636.352268] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1636.355654] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:10:38 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc, 0x0, 0x0) [ 1636.399906] 9pnet: Insufficient options for proto=fd 23:10:38 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xa2, 0x0, 0x0) [ 1636.414599] 9pnet: Insufficient options for proto=fd 23:10:38 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x10, 0x0, 0x0) 23:10:38 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000140)=ANY=[@ANYBLOB="6300ae389698a17bc42fa70401830000"], 0x10) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f00000000c0)=0xa2, 0x4) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/image_size', 0x22902, 0x0) write$P9_RWRITE(r1, &(0x7f0000000240)={0xb}, 0xb) sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80c0}, 0x8000) getsockopt$inet6_buf(r1, 0x29, 0x14, &(0x7f0000000180)=""/137, &(0x7f0000000040)=0x89) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x4300, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r2, r3) sendto(r2, &(0x7f0000000100)="f79b89a15b60fbd20fdb5c70a23716acb37d57890da2bf48938bfbc761c26aac24c34f4958baed2b2c67a1a513d09e", 0x2f, 0x40000, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x11, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1, 0x0, 0x0, 0x3}, 0x200000}], 0x7ffff000, 0x0) 23:10:38 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff, &(0x7f0000000540)="4fa961a32c46292c4c203b03c6cfcb7f41a36b2033c451524efa095f3259d324fe60cf5baa606c7c29d5626c6a425a3357a6ef9b122793056fe62dc737af44a1070dcbaede3f1a1a803aeec79b506e019ba9a0faad0ffeddee88e9c7f880a2b88dd7ec8a16c3670691b02178a9efe72a78120600fe8be129a52b1b4d82cc8adf2f88522df22ee2ca034bd40b6be1e2b77c7b9594a599c877", 0x98, 0x0, 0x0, 0x3}]) syz_usb_connect$cdc_ecm(0x4, 0x0, 0x0, 0x0) timer_delete(0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000004c0), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000000)={0xc92bfb053a14a5a}, 0x0) clock_gettime(0x5, &(0x7f00000003c0)) timer_settime(0x0, 0x0, &(0x7f0000000440), &(0x7f0000000700)) close(0xffffffffffffffff) timer_create(0x7, &(0x7f0000000180)={0x0, 0xe, 0x4, @thr={&(0x7f0000000600)="1a90741b478736dcb3b315064fc9e72c4608370b13bc2cb637529112fc303e1776468566db550164e33a10b0631194d0c525a6de03dea72ca7919d9f8026f6731bde01f3232df675dccf6cfdc168550c74433af885e6c95d44c46a6227103177f847898edf0b69b5bb4ce7cb18c9b532190cab9007de662870fd202b7c55fc84576b9e25c32997e5ebfb4bf56dacbc75625e461c5efcef9c8d5ad29e03c5acb0699a5bf8fca88e223ab1b91bd8b79f91aeddb32d54049112fa", &(0x7f00000006c0)="d268db7656a375b39a1a8696902ef074b8ab"}}, &(0x7f00000001c0)) timer_create(0x5, &(0x7f0000000000)={0x0, 0x19, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000140)) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000007c0)=ANY=[@ANYBLOB="928acc4edf796d136ee5a5f4ad9d32bbf06c7023bebb5ae32ce2c90bf1772bd2ebe307df9c867b7b1b1b7c98dcc695e13884868e223ca5f476d599073b6fc6a6e1a888be016fea3a51f103d730f70900def015758b170d26a0acfb2fd0be582998c6ad23b993e0514482f8a64d82391eae", @ANYRES32, @ANYBLOB="00ed04000041899b09e5cd54b9d40a39fe4423ce044ef83b3696bb9a713c70dd5d985e32d20000000000000000"]) clock_gettime(0x0, &(0x7f00000000c0)) clock_gettime(0x0, &(0x7f0000000100)) timer_create(0x9, &(0x7f0000000080)={0x0, 0x22, 0x1}, &(0x7f0000000380)=0x0) timer_gettime(r0, &(0x7f0000000280)) timer_create(0x6, &(0x7f0000000240)={0x0, 0x4, 0x4}, &(0x7f00000002c0)) clone3(&(0x7f0000000740)={0x40182300, 0x0, 0x0, 0x0, {0x34}, 0x0, 0x0, 0x0, 0x0}, 0x58) 23:10:38 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xac, 0x0, 0x0) 23:10:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x4000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1636.519656] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1636.521347] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1636.525772] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1636.527451] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:10:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 87) 23:10:38 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd, 0x0, 0x0) [ 1636.601479] FAULT_INJECTION: forcing a failure. [ 1636.601479] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1636.604077] CPU: 1 PID: 9375 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1636.605543] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1636.607340] Call Trace: [ 1636.607916] dump_stack+0x107/0x167 [ 1636.608698] should_fail.cold+0x5/0xa [ 1636.609523] _copy_from_user+0x2e/0x1b0 [ 1636.610395] __copy_msghdr_from_user+0x91/0x4b0 [ 1636.611393] ? __ia32_sys_shutdown+0x80/0x80 [ 1636.612341] ? __lock_acquire+0x1657/0x5b00 [ 1636.613296] ___sys_recvmsg+0xd5/0x200 [ 1636.614164] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1636.615227] ? __fget_files+0x2cf/0x520 [ 1636.616092] ? lock_acquire+0x197/0x470 [ 1636.616944] ? find_held_lock+0x2c/0x110 [ 1636.617842] ? __might_fault+0xd3/0x180 [ 1636.618694] ? lock_downgrade+0x6d0/0x6d0 [ 1636.619607] do_recvmmsg+0x24c/0x6d0 [ 1636.620415] ? ___sys_recvmsg+0x200/0x200 [ 1636.621311] ? lock_downgrade+0x6d0/0x6d0 [ 1636.622214] ? ksys_write+0x12d/0x260 [ 1636.623048] ? wait_for_completion_io+0x270/0x270 [ 1636.624095] ? rcu_read_lock_any_held+0x75/0xa0 [ 1636.625088] ? vfs_write+0x354/0xb10 [ 1636.625905] __x64_sys_recvmmsg+0x20f/0x260 [ 1636.626825] ? ksys_write+0x1a9/0x260 [ 1636.627649] ? __do_sys_socketcall+0x600/0x600 [ 1636.628636] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1636.629753] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1636.630864] do_syscall_64+0x33/0x40 [ 1636.631665] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1636.632755] RIP: 0033:0x7fcf11593b19 [ 1636.633556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1636.637481] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1636.639110] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1636.640637] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1636.642163] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1636.643676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1636.645191] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:10:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x11, 0x0, 0x0) 23:10:39 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xa3, 0x0, 0x0) 23:10:39 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xad, 0x0, 0x0) 23:10:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x5000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1636.755290] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1636.756965] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:10:39 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe, 0x0, 0x0) 23:10:52 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x12, 0x0, 0x0) 23:10:52 executing program 5: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x188, r1, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x100, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @broadcast}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010101}}}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xaad7}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_SOCK={0x74, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffe}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x401}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffff2f06}]}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x4000}, 0x8040) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r0) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x3c, r2, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xdf}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x80000000}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20004c81) execveat(0xffffffffffffffff, &(0x7f0000003200)='./file0\x00', &(0x7f00000032c0)=[&(0x7f0000003240)='security.ima\x00', &(0x7f0000003280)='/dev/vcsu#\x00'], 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x408801, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xee01}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)=ANY=[@ANYBLOB="f4579c570100000018000000", @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) 23:10:52 executing program 3: r0 = openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x7f, 0x0, 0x0, 0x88, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xafb65a5e9945446d, @perf_config_ext={0x4, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x98a) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = fsopen(&(0x7f0000000080)='cpuset\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000080)=ANY=[@ANYBLOB="caffff916e71e8e80d9f0154e43e8a31e5e16f07fa9540e7e0b23b401a736f0bf0bc9f4c", @ANYRESHEX=r1, @ANYRESHEX=r0, @ANYRESDEC=r3, @ANYRES16=r1, @ANYRES32=r2]) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r4, r5) read(r4, &(0x7f0000000100)=""/52, 0x34) r6 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1d1409662e42545f040000001d77010300000000"], 0x14}}, 0x0) flock(r6, 0x6) openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x916f0e0b00d1ab96) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000240)=0x67bb, 0x4) unshare(0x48020200) [ 1650.537856] FAULT_INJECTION: forcing a failure. [ 1650.537856] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1650.539412] CPU: 1 PID: 9401 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1650.540269] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1650.541285] Call Trace: [ 1650.541619] dump_stack+0x107/0x167 [ 1650.542082] should_fail.cold+0x5/0xa [ 1650.542567] _copy_from_user+0x2e/0x1b0 [ 1650.543075] __copy_msghdr_from_user+0x91/0x4b0 [ 1650.543661] ? __ia32_sys_shutdown+0x80/0x80 [ 1650.544212] ? __lock_acquire+0x1657/0x5b00 [ 1650.544758] ___sys_recvmsg+0xd5/0x200 [ 1650.545245] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1650.545861] ? __fget_files+0x2cf/0x520 [ 1650.546366] ? lock_acquire+0x197/0x470 [ 1650.546853] ? find_held_lock+0x2c/0x110 [ 1650.547368] ? __might_fault+0xd3/0x180 [ 1650.547865] ? lock_downgrade+0x6d0/0x6d0 [ 1650.548394] do_recvmmsg+0x24c/0x6d0 [ 1650.548865] ? ___sys_recvmsg+0x200/0x200 [ 1650.549383] ? lock_downgrade+0x6d0/0x6d0 [ 1650.549907] ? ksys_write+0x12d/0x260 [ 1650.550393] ? wait_for_completion_io+0x270/0x270 [ 1650.551003] ? rcu_read_lock_any_held+0x75/0xa0 [ 1650.551585] ? vfs_write+0x354/0xb10 [ 1650.552044] __x64_sys_recvmmsg+0x20f/0x260 [ 1650.552580] ? ksys_write+0x1a9/0x260 [ 1650.553055] ? __do_sys_socketcall+0x600/0x600 [ 1650.553616] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1650.554279] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1650.554918] do_syscall_64+0x33/0x40 [ 1650.555373] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1650.556007] RIP: 0033:0x7fcf11593b19 [ 1650.556469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1650.558754] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1650.559698] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1650.560583] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1650.561468] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1650.562347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1650.563230] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:10:52 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xf, 0x0, 0x0) 23:10:52 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xae, 0x0, 0x0) 23:10:52 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 88) 23:10:52 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xa4, 0x0, 0x0) 23:10:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x6000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1650.574356] validate_nla: 2 callbacks suppressed [ 1650.574368] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1650.577016] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1650.596945] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1650.597895] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:10:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x7000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1650.650468] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1650.651487] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:10:53 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x13, 0x0, 0x0) [ 1650.660041] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1650.660970] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:06 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0xac, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_SECCTX={0x2f, 0x7, 'system_u:object_r:update_modules_exec_t:s0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_SECCTX={0x2e, 0x7, 'system_u:object_r:audisp_remote_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0xac}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x10010009fe}], 0x0, &(0x7f0000000240)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pwrite64(r1, &(0x7f00000000c0)="04", 0x1, 0x3ff03) statfs(&(0x7f0000001580)='./file0\x00', &(0x7f0000000340)=""/125) 23:11:06 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x14, 0x0, 0x0) 23:11:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x9000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:11:06 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xa5, 0x0, 0x0) 23:11:06 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 89) 23:11:06 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) setxattr$incfs_metadata(&(0x7f0000000040)='./file1\x00', &(0x7f0000000000), 0x0, 0x0, 0x3) 23:11:06 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xaf, 0x0, 0x0) 23:11:06 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x10, 0x0, 0x0) [ 1664.048949] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1664.050607] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1664.059173] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1664.060788] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1664.064915] FAULT_INJECTION: forcing a failure. [ 1664.064915] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1664.067508] CPU: 1 PID: 9453 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1664.068941] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1664.070706] Call Trace: [ 1664.071265] dump_stack+0x107/0x167 [ 1664.072026] should_fail.cold+0x5/0xa [ 1664.072831] _copy_from_user+0x2e/0x1b0 [ 1664.073669] __copy_msghdr_from_user+0x91/0x4b0 [ 1664.074662] ? __ia32_sys_shutdown+0x80/0x80 [ 1664.075584] ? __lock_acquire+0x1657/0x5b00 [ 1664.076505] ___sys_recvmsg+0xd5/0x200 [ 1664.077325] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1664.078364] ? trace_hardirqs_on+0x5b/0x180 [ 1664.079282] ? lock_acquire+0x197/0x470 [ 1664.080110] ? find_held_lock+0x2c/0x110 [ 1664.080976] ? __might_fault+0xd3/0x180 [ 1664.081815] ? lock_downgrade+0x6d0/0x6d0 [ 1664.082707] do_recvmmsg+0x24c/0x6d0 [ 1664.083493] ? ___sys_recvmsg+0x200/0x200 [ 1664.084360] ? lock_downgrade+0x6d0/0x6d0 [ 1664.085238] ? ksys_write+0x12d/0x260 [ 1664.086050] ? wait_for_completion_io+0x270/0x270 [ 1664.087071] ? rcu_read_lock_any_held+0x75/0xa0 [ 1664.088046] ? vfs_write+0x354/0xb10 [ 1664.088839] __x64_sys_recvmmsg+0x20f/0x260 [ 1664.089743] ? ksys_write+0x1a9/0x260 [ 1664.090561] ? __do_sys_socketcall+0x600/0x600 [ 1664.091520] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1664.092620] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1664.093702] do_syscall_64+0x33/0x40 [ 1664.094490] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1664.095564] RIP: 0033:0x7fcf11593b19 [ 1664.096348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1664.100240] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1664.101851] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1664.103361] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1664.104856] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1664.106363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1664.107850] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:11:06 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xa6, 0x0, 0x0) 23:11:06 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x11, 0x0, 0x0) 23:11:06 executing program 3: r0 = perf_event_open(&(0x7f0000001240)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x80000000, 0x401}, 0x1000, 0x0, 0x9}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000000)='./file1\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x8800000) syz_io_uring_setup(0x3c30, &(0x7f0000001140)={0x0, 0x940f, 0x0, 0x0, 0x3da, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fef000/0x11000)=nil, &(0x7f00000011c0)=0x0, &(0x7f0000001200)) r3 = syz_io_uring_setup(0x3875, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000280)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r3, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r3, 0x8000000) syz_io_uring_submit(r6, r5, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x6000, @fd_index}, 0x80000001) syz_io_uring_submit(r2, r5, &(0x7f00000012c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x8, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffff81) r7 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000013c0)={0x0, 0x0}, &(0x7f0000001400)=0xc) mount$9p_xen(&(0x7f0000001300), &(0x7f0000001340)='./file0\x00', &(0x7f0000001380), 0x2080000, &(0x7f0000001440)={'trans=xen,', {[{@access_client}, {@debug={'debug', 0x3d, 0x8001}}, {@version_L}, {@noextend}, {@debug={'debug', 0x3d, 0x9}}], [{@smackfsroot={'smackfsroot', 0x3d, '-&'}}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@subj_role={'subj_role', 0x3d, '\x00'}}, {@uid_lt={'uid<', 0xffffffffffffffff}}, {@smackfstransmute={'smackfstransmute', 0x3d, '%--$(@('}}, {@measure}, {@fowner_lt={'fowner<', 0xee00}}, {@fowner_lt={'fowner<', r9}}]}}) setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r7, r8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff2000/0x3000)=nil, 0x3000, 0x2000000, 0x810, r7, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000080)={0x1, 0x80, 0x2, 0x4, 0x8, 0xd4, 0x0, 0x7, 0x2, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0x1, @perf_bp={&(0x7f0000000040), 0xa}, 0x48000, 0xfffffffffffffe1c, 0x1, 0x0, 0x7, 0x200, 0x8, 0x0, 0x0, 0x0, 0x281}) r10 = openat$cgroup(r1, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) ioctl(r10, 0x9, &(0x7f0000000140)="79af0e74f6324764d89fc68b7bf981550b7e28e99a1a12d5471d512edd6fc6997950fefdb8549cacf2f057b74e3e5632fefc56a503a3d0fdc82363f897e7b4c18c2ff629db003629b71879dd25fa6caec77c4345d07c10266fe986d081ba47f628bf2909a194722877f5eda9cac91a5459fd4ad9c645de574c9482c3076c066ddbf764e981c03c276c818f1976d538b69b73e620c6b9d71b7628a90fd666378b30570e9c8f5fc519a02e981aa044c7356cd3844c6158ded635373ed547014449d8f3a510057155820a961aa94d98107f0dd16de0541215a9f81d897d0fb1a06995ea42078f17b5d78ad8be376d6e6f9dcd4758dd9ce9b19eab70bdbebaa2db9898df45e784b2050b350becd385e209654fae142ae86097882e7fc32349c8f70a6def9f33c82c959679fe8f58410743662aaa6dc0dd667e46aae8e8599bab3fd7958527813fa403618026fb417ddeba5ad824a62e4d088bf5da67b536d6d38e2c85fce724ee2cf4fa07ef28659b9219d8d6940185016c3aa6b79f824594c08cafcd030e2566784f142059c10e5e5a27e0169ce969a258a266331c1da7ca728f87f72a27f1cef761f3dde19e2d0f2ff01eeb5493bb724e51ec48e6d93c2074fd78c839f9511684f905da1d6b181a7dcab97c05843b83b2faae3efb38e015fed2bb96cf09c353af6f2643440aa9b00140c9ee453d6b23f102d76c5a71aba93b88951f1e57ac6f08a010882d20f6bff4290d13b88ef05098c757a7d935e238f3d7e67b3d6f2beaab5bb10214f6e74f7a5b5e0c2386e3af21ab5a4cf2e6236ccd308b0b5458acb33c119001b9efd36bf533d3a14654d93a9db75ed83a21ead6524a330ae7999c61946d6494a1f2313058299aabade5813f00023c17591d05d5612b9229d592bad99e182c960f56d083eaf38bac24a811c837751838845158f5131cb3100cc5c469d9815a7eacf943a1362156043a6ff76ddf1dd0dd63b11fe7572619dd145e344fe576c8e13690a3063bc956751212bf96f5db469a5ce0728521eba6b0e0ef06fcc0da6630cd15afb64eb46d2e7cefd07c2bcbe54eec54e010e88c7121fce1cdcae80aa206047511ef7070f468a36ab9054edfd648c60268f7043d0100b9c89461a61ad1eec182837a4972e4b8e91ec33eff5553cf8b920699f0e3f1484e2a16fb64f936330b295392db6bfdd36431f49565dabd00be78aa76468dcbb3e72dd98c40a8ed69c50da7cddfb899e11e1281fcf81d9be358c43cf9276396894be0adaed4977c3aa7b15e0c19c8553d96956f2058e5c3147f68f27cc2c18811d3a5e7b6cb99f63e34c6ce36af6df5d8b63b12cdf5ce5cc133e3d0173063a653eb5f5d2462d925c005c94db1002ffcaede9960a1898b2e67647b246493eb965983387938e60afc9f5b6b3ecdac0101429a49915e9f260d824e75df2145d5ab98556dbec7de1fa8c6ec1a630f010677c5b4b8541b1cd45389df419586ede8392d61f4813dfe53baf3b4df1de5c2bdb90785f54c475c5558cc26a298814d0409b4c2ac7273ae259998d9354207dab9d13686ba4d07fd3c6590a4b6d38e1a708b1c2a10a1fd367662ea21b5389f9f53a18442d77e71539750c69fa7459aa4c633d7514afd2d57aa1fb0da4014b655866fb9102e90cf5a2fe36e21cb1d2c3ca4d4aa964348ab32e8e67d0452d4e7af9663ce66ade0846d2a72305f1f9c2181e378dd71529ca73a5963fdb364132940ca0e53396d9e5e269ef17edd0b9eafdd9358d1419973feb9b5213dbe34fe0f571e97ba019500b1aefe4280f1b36152ea60110e085fb36be0f9a5ba7c911715429bd9e6074ddb9de5affd0b780c02ba351ae38c23e8073992e5b68a198347d04f435e4c40218b761944ed16d427643ed1696e9af68bf10c21c28626e1d658e636bb3285a493289d3e937486ecb9462b944bdace1853853611a0426a05b5a643ff0ed92f86e416f0dd0dbe29ed8aad3cdda0535b4dd639258c2586114923228e0d897f1df51589fc83ab79ab42e0d9049a46cfbee42629f4c99062ef98745df9983a7738dc8bd9ae86f0e9a5f5afc81a757b4a4afb3f39202d5b93373d06ec7cd91bc597eff34e95c5d53dbbc1f05e3b8cd6545934e71c73f5a2d998303c18b87733d1ef66b0b9cbe47dc9a1a6b0b1c1d1df306b60e94ccc4aa43c7746bfea11c0df38c7491b2ca8393cbad89e4da84879e8efc54565713e770a6f03d5c5be03ea32c9c226838990c4c04d1b063ee7dabbe59de284ba5a728116e4488213f41040d3ac08e487ea90322f45d49cc1f79dbce15388f3625a07bde75a61a050c947310c118f876c6ea10b652922ab9b3b932c383b3b2408211443980072080b7070fa97a8d850991e957be5f2adb4e1a47092163d42c9678837221c4353e185e8b4be6b7d5578322d27312e2106a56b0377692356a2497e891024e9da0b5b2d4e686e17ff8c227ab08db87d2133df83a191420cf216e2ec21a540e48618fcd6a7b3c2fc906488c4b776a2d911fa634d69555c4bdd6833af5cecb3cbfacef37a98605835ad9618406db9f6bdd49c96e3e16cf438bca91ae6c267029d3a6e3db177e912873c2832e4c398dc68894d0e74749b9743030a5b99824346e6fe0c50054d3ff953a09f78846b0870c396d5fce365df7051e2b46797f3cb89d8e9c265b3d73a3995c75bd6cf0040b6baf3d36da30bff62149835778ea50087c2ef43a5f26c8bd78a857c5caf7f3a5931aed5996d4941d968319e6442a53f57010bd4830cc8da2cc59ce1d5f205c7cb97a2300c27b07cff983a95a8fe683fc8739827bc4caf02854253dd865f6e671de212c895096a2c09c2724c635ba03cb33f8f6a570212ae1ac22ae82b6be9a450ba90c8f8d5da41f991ba758bb2b9800605c8a96ec047028fd483baf40c5de3dc9d71f07dbc940edca280a9d652619b158af412a3835fba87bacfac9c687b883c3f59fb5e9ced04bf67e1700f4f57b83ab600b98a262ceccf68336abb156466c10f87a4bc01c61f1e29be0188c451b6acad3add95e6f425bea9192bcf94402d0744b088100efb5022285a0dc0470d774b25bec8992ca6f6312cd7bfb9011f6ac1d4ddf5818dcc2870746d0936b72200503d7a31e88e7e8915857116264fd2d86f9dd5a7957baa84bc7f4e904430f9c2ae26f84380d66ee1881127c10217a074a5f29544c2f8dfdb3bc17e77e6a873b2ff1e551bd3057964c3b19bc3e681f01b21a5ed434cfb73a5c45804f350b4a30cc1940d714ee08998ad76e633a7b8daeaae280c6e157238b026e677cc387d1c81ccb7a8cc1dcc250325db2ea22386e0191836bed4964414a2c779d0b299bd0ebc6dc35855d1054faf0050cc6a34c6c5fa924bb06407f47b8837add1661918011831bbde7b1e55621e54cbc0d742f67e47738149d1c17652e95d7b52331292fb42ca41b2ee3a88f70ed85f518df184dfeadfd473cc3c0dc73d39353632583c456550bfe12dfbcfccc57b1113e58da1bf92c4e71376144d6defdbf739d9ae191a5cb059603b5b6cb5e41984db245f4470af7da1f966e68cd5d1f621479f50a818273694353b372e83b766c03ddb2766e3cde3aef3ef891d4653ccf54f00058bc1481c2d7a705014d69f6b603ad9e5567b6fa364c41a99ff5d8931e80c8f3110f8a35e474fc9bac474bdf379c4fd2ca7e43964df7f3dd688f82ec5972892fec3c39359a8a115d6a8f22f64f162fc1e82625f76fd8c502bac474940bbc5571dee46ccff5af51f254ef60b5cbb67c57377fbdeb5a3ab5b38b3633ec1d575962aa39193d16894ed542130daa32d27ef9c8d1a3882233d118a278cb776bacf60dc483d1aa1df8efdf368fa96a66d9ff247bda20675d8649d2fc1eeebef3a129ba9de576c40ffc5a85d09732c98f522086dee4622a061e1714957bdd80c74919b6c6dbbbbd53b6992928d8206fdcde000a16f12d9fc148ab6c90356f42bd3c973924966340b5edfdb7e07a65cd83e0b754fd86430e6f2d50fecfb98931fbaf07e09de1929959ca745f008e1e59b59aa0ea7d1849d95f38b11c19a9fb07f72f0aba6a059e457bafa53424fecbbdf615b0e13eedfe53946eced11494db78769e4b2b0c18f23f3836fda31b544f4bf27ef6c10f7d8f5f40bc80a925dff1cf2d388a0428ff9c7955d6fc9275db7891af077991d0abdaac98f3c2a3168c3f75474dfc0acaa4987fbda780f16dad78d0742240427a142cf65524495f16ff0324377d4b90a49d6d4c2535383f391e043b7af1254912726cbed8ad0871eb0f3d0a7ea29349b6831106453501bf9416595375d02831f4b589a904808a5a05acabc3c3400393ce7d46399dd42858595c9d2063fb9571551dc2b1c1ed4f429ecf682531217b98f69341589472d317ca2dfb218fadf50c27a8d96cb8f038ed2c5d9d707e2f9fab7bff9bb32ca2fc24045510671bc4d17118a6d3c924baa847089a2b9b02e61609ad437fb13b3b73d01e8e8b917c243c9092c313388b89d08d98e3e75dcccb7207d099a363d43d483cf071bf396b7d1b44727c95ea6159b45511f8b7d214382755de19e16526aa512d2249828e9b671fe430e09c085872ba3bb5e231748cc9a41f26e6e42295b7269e4e87b4dedab3c473105288b776dae8c3757d0a2182c453cf723baf833817724a84f8a96fecfdac5c2b5a0b434a164da4285f8dc5007bedfcb5d65f97a1e45fc0e9af17029dc2648f6dfee493bfe7b71477480b90d18da63366cbd1c2ae2c632fd9c198f78761b84a8d58cd5766ab877883a7aeb27a9964bbe7e3562d23421951b54ccd7a5e8e39a69c999f5cfbc81f8c6973a7dda3b30df6077be789b7126288b17e57bf7bba4b138ff041deee9c3a3389a7b087308404da82255c7d02ffe8e10bb74dacf86db5ef201a6302ac954961e6eb79a6586627855a00b2119a169de953edb6ade7c5195643cc7d75d3f58b65c20db2092cd6921bfd332fd43f4625c580052e33f3839ab39ca63624df26604c6e4046e21764c7fd62bcdbde9e737d6e9eee0eb9290c56347b5cd84886faba98d6c47de0bde8f86700c3d9c8fadb17bb41913001e740be5810e2ccb4bbfb4376bffcd35e8fd953091cdb4b09c8e816e0328b737681f6c6c8a5d37aba7fa69e5e3f06dc07aa1abb6edd9e6f028c785b1b9eed0b249292cb6971619c5abdbdac2f0e610080ba52120823e2c33d31142078e906a40bc939345303da2db976f654f158299398d0e75331b6d148d641b1a4045174d9302525903c736b92056d3bed053ea927bbdc880921eebbcd8fb5a8c95dc6f752957b29d7302c2dd9e6cc326d96738f88b9940dcec6a9b38da8b147c5a9e44d9f3e2d597724ef106bab6e1fc3beb97762eaff759b6b4d401a0a52276350be1d79a25f32b93a7a08973d3852d89f5756b012e14062244e5cc20ef2d817ecd259430957cdcd39579cdc223ba506dd9d8315bcdb9b6fe53ef505627bd28981fe74dbbe12545c735ba582c1e4b1ab8c6d3cad064ae5c649045556a2d1f1f11356d876b9054676d6c8d8e1b928ca1c837b1ca20b90708f813fd0f94e4f1d7e95ce1563ae431ee1800708768314e828a7b0f49775897f6cab2ee5acdbd5ea263ec2e1111afa9931d08a7438bf81c93a37ac003743d989e1782fd988b557769da2520c13864a163ea5cb8e18c957c52522c17ec4f648791feebc13b780f92ebb1f14db3ef473df115eb6fb926c34eb8b4f4194c4dfb22224094a3b8d6eab4700df65f7245b48a554bb85a042b69fab994a4c27b3d21876c") 23:11:06 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x10, 0x0, 0x0) 23:11:06 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x15, 0x0, 0x0) 23:11:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xa000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:11:06 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb0, 0x0, 0x0) [ 1664.241494] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1664.243237] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:06 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x12, 0x0, 0x0) [ 1664.260416] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1664.262168] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:06 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xa7, 0x0, 0x0) 23:11:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x10, 0x0, 0x0) 23:11:22 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x16, 0x0, 0x0) 23:11:22 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xa8, 0x0, 0x0) 23:11:22 executing program 3: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000640)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) splice(r0, &(0x7f0000000700)=0x5, 0xffffffffffffffff, &(0x7f0000000740)=0xfff, 0x1f, 0x2) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="280000001000010000ef00000000006dd53d8500000000000aaa282c4114b30ef8b3bfb8a8e690870024e031ca82ab5566c66073cc701745535dcea2e215d8120ce1c8bf49260e5ffe7e91de5c61f010d9a87292709dd124d08c160fb69ed4f03767f444ee8e9083af31e21021282b7460ac9c7c26f4f1f4207510ca9058aa8f75aa1a6ee0285d39c5cef8e1c8d4ae57434c7cf2095a5d4f5b72912dab5463c8fdf8b23ae664a7197199047abce9a4ecec917abe9c01414491f929651025dac871d1a0e0e2d225", @ANYRES32, @ANYBLOB="0c000280080021"], 0x28}}, 0x8) ioctl$BTRFS_IOC_FS_INFO(r1, 0x8400941f, &(0x7f0000000900)) r2 = syz_io_uring_setup(0x31f7, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_setup(0x1f8, &(0x7f0000000680), &(0x7f0000fee000/0x1000)=nil, &(0x7f0000fec000/0x14000)=nil, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)) r5 = accept4$packet(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000180)=0x14, 0x0) r6 = syz_open_dev$vcsa(&(0x7f0000000240), 0x400, 0x200140) inotify_add_watch(r6, &(0x7f0000000600)='./file0\x00', 0x81000100) syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r5, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@generic={0x11, "d1774d858e8cde63964bfb276ff5359d895ffaa50073c79291adcfa6e3c34fc3c9323d352702bf4bbff8edea0ada1e2b15c956cf03fa535ef8eb9f7e527cde94d392a39042d6984e7fefaa79814edf15f6d12d8f8c7c25cee6512cf76f82e57851ab949e6b58fc5e7188d73c57681c2ea270ba4e8afbffcf40549c70e2ec"}, 0x80, &(0x7f0000000280)=[{&(0x7f00000001c0)="6916b02cd4e09054ff23c3799b3be9f71768dde84ad54bd387517a13d5cb681460568821305dcf7510364bd101ccacd183722a83b2a145ec60fd", 0x3a}], 0x1, &(0x7f00000003c0)=[{0x28, 0x10c, 0x7, "994f4be35051f34281be99f18f2c17f6175903"}], 0x28}, 0x0, 0x48}, 0x9a6) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48ed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7681b961}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r7, r4, &(0x7f0000000100)=@IORING_OP_FSYNC={0x3, 0x5, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x8001) io_uring_enter(r2, 0x58ab, 0x0, 0x0, 0x0, 0x0) 23:11:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xf000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:11:22 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 90) 23:11:22 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x13, 0x0, 0x0) 23:11:22 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb1, 0x0, 0x0) [ 1679.760994] FAULT_INJECTION: forcing a failure. [ 1679.760994] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1679.762942] CPU: 1 PID: 9497 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1679.763874] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1679.764983] Call Trace: [ 1679.765343] dump_stack+0x107/0x167 [ 1679.765837] should_fail.cold+0x5/0xa [ 1679.766359] _copy_from_user+0x2e/0x1b0 [ 1679.766901] __copy_msghdr_from_user+0x91/0x4b0 [ 1679.767514] ? __ia32_sys_shutdown+0x80/0x80 [ 1679.768101] ? __lock_acquire+0x1657/0x5b00 [ 1679.768688] ___sys_recvmsg+0xd5/0x200 [ 1679.769208] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1679.769868] ? trace_hardirqs_on+0x5b/0x180 [ 1679.770459] ? lock_acquire+0x197/0x470 [ 1679.770991] ? find_held_lock+0x2c/0x110 [ 1679.771531] ? __might_fault+0xd3/0x180 [ 1679.772057] ? lock_downgrade+0x6d0/0x6d0 [ 1679.772623] do_recvmmsg+0x24c/0x6d0 [ 1679.773125] ? ___sys_recvmsg+0x200/0x200 [ 1679.773674] ? lock_downgrade+0x6d0/0x6d0 [ 1679.774240] ? ksys_write+0x12d/0x260 [ 1679.774768] ? wait_for_completion_io+0x270/0x270 [ 1679.775405] ? rcu_read_lock_any_held+0x75/0xa0 [ 1679.776020] ? vfs_write+0x354/0xb10 [ 1679.776522] __x64_sys_recvmmsg+0x20f/0x260 [ 1679.777095] ? ksys_write+0x1a9/0x260 [ 1679.777602] ? __do_sys_socketcall+0x600/0x600 [ 1679.778205] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1679.778918] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1679.779603] do_syscall_64+0x33/0x40 [ 1679.780101] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1679.780791] RIP: 0033:0x7fcf11593b19 [ 1679.781291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1679.783740] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1679.784766] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1679.785716] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1679.786662] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1679.787614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1679.788556] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1679.791685] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1679.793352] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1679.800774] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1679.814620] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1679.815671] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:22 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x14, 0x0, 0x0) 23:11:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x48000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:11:22 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 91) [ 1679.869613] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 23:11:22 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x15, 0x0, 0x0) [ 1679.883967] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1679.885057] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1679.898612] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1679.899603] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:22 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x17, 0x0, 0x0) 23:11:22 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb2, 0x0, 0x0) 23:11:22 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xa9, 0x0, 0x0) [ 1679.939501] FAULT_INJECTION: forcing a failure. [ 1679.939501] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1679.942008] CPU: 0 PID: 9525 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1679.943453] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1679.945191] Call Trace: [ 1679.945750] dump_stack+0x107/0x167 [ 1679.946522] should_fail.cold+0x5/0xa [ 1679.947325] _copy_from_user+0x2e/0x1b0 [ 1679.948167] __copy_msghdr_from_user+0x91/0x4b0 [ 1679.949144] ? __ia32_sys_shutdown+0x80/0x80 [ 1679.950063] ? __lock_acquire+0x1657/0x5b00 [ 1679.950989] ___sys_recvmsg+0xd5/0x200 [ 1679.951810] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1679.952838] ? __fget_files+0x2cf/0x520 [ 1679.953678] ? lock_acquire+0x197/0x470 [ 1679.954515] ? find_held_lock+0x2c/0x110 [ 1679.955371] ? __might_fault+0xd3/0x180 [ 1679.956203] ? lock_downgrade+0x6d0/0x6d0 [ 1679.957089] do_recvmmsg+0x24c/0x6d0 [ 1679.957880] ? ___sys_recvmsg+0x200/0x200 [ 1679.958763] ? lock_downgrade+0x6d0/0x6d0 [ 1679.959638] ? ksys_write+0x12d/0x260 [ 1679.960447] ? wait_for_completion_io+0x270/0x270 [ 1679.961465] ? rcu_read_lock_any_held+0x75/0xa0 [ 1679.962449] ? vfs_write+0x354/0xb10 [ 1679.963236] __x64_sys_recvmmsg+0x20f/0x260 [ 1679.964145] ? ksys_write+0x1a9/0x260 [ 1679.964948] ? __do_sys_socketcall+0x600/0x600 [ 1679.965912] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1679.967028] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1679.968113] do_syscall_64+0x33/0x40 [ 1679.968895] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1679.969973] RIP: 0033:0x7fcf11593b19 [ 1679.970764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1679.974628] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1679.976237] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1679.977728] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1679.979234] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1679.980727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1679.982220] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:11:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x4c000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1680.021191] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1680.022199] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:35 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x12, 0x0, 0x0) 23:11:35 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x10, 0x0, 0x0) 23:11:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 92) 23:11:35 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xaa, 0x0, 0x0) 23:11:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x18, 0x0, 0x0) 23:11:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb3, 0x0, 0x0) 23:11:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x68000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1692.931479] validate_nla: 2 callbacks suppressed [ 1692.931487] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1692.933080] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1692.937313] FAULT_INJECTION: forcing a failure. [ 1692.937313] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1692.938804] CPU: 1 PID: 9552 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1692.939643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1692.940672] Call Trace: [ 1692.941006] dump_stack+0x107/0x167 [ 1692.941481] should_fail.cold+0x5/0xa [ 1692.941956] _copy_from_user+0x2e/0x1b0 [ 1692.942462] __copy_msghdr_from_user+0x91/0x4b0 [ 1692.943036] ? __ia32_sys_shutdown+0x80/0x80 [ 1692.943574] ? __lock_acquire+0x1657/0x5b00 [ 1692.944111] ___sys_recvmsg+0xd5/0x200 [ 1692.944591] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1692.945189] ? __fget_files+0x2cf/0x520 [ 1692.945696] ? lock_acquire+0x197/0x470 [ 1692.946180] ? find_held_lock+0x2c/0x110 [ 1692.946686] ? __might_fault+0xd3/0x180 [ 1692.947173] ? lock_downgrade+0x6d0/0x6d0 [ 1692.947692] do_recvmmsg+0x24c/0x6d0 [ 1692.948153] ? ___sys_recvmsg+0x200/0x200 [ 1692.948661] ? lock_downgrade+0x6d0/0x6d0 [ 1692.949174] ? ksys_write+0x12d/0x260 [ 1692.949649] ? wait_for_completion_io+0x270/0x270 [ 1692.950244] ? rcu_read_lock_any_held+0x75/0xa0 [ 1692.950820] ? vfs_write+0x354/0xb10 [ 1692.951281] __x64_sys_recvmmsg+0x20f/0x260 [ 1692.951811] ? ksys_write+0x1a9/0x260 [ 1692.952284] ? __do_sys_socketcall+0x600/0x600 [ 1692.952847] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1692.953494] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1692.954128] do_syscall_64+0x33/0x40 [ 1692.954593] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1692.955221] RIP: 0033:0x7fcf11593b19 [ 1692.955678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1692.957922] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1692.958876] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1692.959751] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1692.960636] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1692.961510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1692.962384] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1692.976637] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:35 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x16, 0x0, 0x0) 23:11:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb4, 0x0, 0x0) 23:11:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x19, 0x0, 0x0) [ 1692.978328] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x6c000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:11:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1a, 0x0, 0x0) [ 1693.037058] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1693.038064] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:35 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xab, 0x0, 0x0) 23:11:35 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x17, 0x0, 0x0) 23:11:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 93) [ 1693.102425] FAULT_INJECTION: forcing a failure. [ 1693.102425] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1693.103876] CPU: 1 PID: 9589 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1693.104666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1693.105626] Call Trace: [ 1693.105941] dump_stack+0x107/0x167 [ 1693.106370] should_fail.cold+0x5/0xa [ 1693.106824] _copy_from_user+0x2e/0x1b0 [ 1693.107291] __copy_msghdr_from_user+0x91/0x4b0 [ 1693.107829] ? __ia32_sys_shutdown+0x80/0x80 [ 1693.108346] ? __lock_acquire+0x1657/0x5b00 [ 1693.108853] ___sys_recvmsg+0xd5/0x200 [ 1693.109306] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1693.109870] ? trace_hardirqs_on+0x5b/0x180 [ 1693.110374] ? lock_acquire+0x197/0x470 [ 1693.110842] ? find_held_lock+0x2c/0x110 [ 1693.111316] ? __might_fault+0xd3/0x180 [ 1693.111777] ? lock_downgrade+0x6d0/0x6d0 [ 1693.112261] do_recvmmsg+0x24c/0x6d0 [ 1693.112695] ? ___sys_recvmsg+0x200/0x200 [ 1693.113170] ? lock_downgrade+0x6d0/0x6d0 [ 1693.113655] ? ksys_write+0x12d/0x260 [ 1693.114100] ? wait_for_completion_io+0x270/0x270 [ 1693.114665] ? rcu_read_lock_any_held+0x75/0xa0 [ 1693.115200] ? vfs_write+0x354/0xb10 [ 1693.115635] __x64_sys_recvmmsg+0x20f/0x260 [ 1693.116133] ? ksys_write+0x1a9/0x260 [ 1693.116571] ? __do_sys_socketcall+0x600/0x600 [ 1693.117100] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1693.117705] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1693.118301] do_syscall_64+0x33/0x40 [ 1693.118745] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1693.119336] RIP: 0033:0x7fcf11593b19 [ 1693.119767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1693.121868] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1693.122756] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1693.123568] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1693.124389] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1693.125205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1693.126020] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:11:50 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x16, 0x0, 0x0) 23:11:50 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1b, 0x0, 0x0) 23:11:50 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x12, 0x0, 0x0) 23:11:50 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xac, 0x0, 0x0) 23:11:50 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb5, 0x0, 0x0) 23:11:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x74000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:11:50 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x18, 0x0, 0x0) [ 1707.949171] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:50 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 94) [ 1707.952206] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1707.953164] FAULT_INJECTION: forcing a failure. [ 1707.953164] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1707.955357] CPU: 1 PID: 9605 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1707.956255] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1707.957287] Call Trace: [ 1707.957625] dump_stack+0x107/0x167 [ 1707.958080] should_fail.cold+0x5/0xa [ 1707.958554] _copy_from_user+0x2e/0x1b0 [ 1707.959059] __copy_msghdr_from_user+0x91/0x4b0 [ 1707.959628] ? __ia32_sys_shutdown+0x80/0x80 [ 1707.960170] ? __lock_acquire+0x1657/0x5b00 [ 1707.960710] ___sys_recvmsg+0xd5/0x200 [ 1707.961195] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1707.961804] ? __fget_files+0x2cf/0x520 [ 1707.962293] ? lock_acquire+0x197/0x470 [ 1707.962792] ? find_held_lock+0x2c/0x110 [ 1707.963287] ? __might_fault+0xd3/0x180 [ 1707.963771] ? lock_downgrade+0x6d0/0x6d0 [ 1707.964287] do_recvmmsg+0x24c/0x6d0 [ 1707.964744] ? ___sys_recvmsg+0x200/0x200 [ 1707.965248] ? lock_downgrade+0x6d0/0x6d0 [ 1707.965757] ? ksys_write+0x12d/0x260 [ 1707.966226] ? wait_for_completion_io+0x270/0x270 [ 1707.966823] ? rcu_read_lock_any_held+0x75/0xa0 [ 1707.967398] ? vfs_write+0x354/0xb10 [ 1707.967857] __x64_sys_recvmmsg+0x20f/0x260 [ 1707.968381] ? ksys_write+0x1a9/0x260 [ 1707.968841] ? __do_sys_socketcall+0x600/0x600 [ 1707.969409] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1707.970052] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1707.970703] do_syscall_64+0x33/0x40 [ 1707.971158] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1707.971779] RIP: 0033:0x7fcf11593b19 [ 1707.972240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1707.974474] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1707.975424] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1707.976292] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1707.977158] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1707.978034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1707.978921] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1707.983668] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1707.985499] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:50 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1c, 0x0, 0x0) 23:11:50 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x19, 0x0, 0x0) 23:11:50 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1a, 0x0, 0x0) 23:11:50 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xad, 0x0, 0x0) 23:11:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x7a000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:11:50 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb6, 0x0, 0x0) 23:11:50 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 95) [ 1708.071496] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1708.072499] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1708.098494] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1708.099420] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:11:50 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1d, 0x0, 0x0) [ 1708.151762] FAULT_INJECTION: forcing a failure. [ 1708.151762] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1708.155634] CPU: 0 PID: 9639 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1708.157048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1708.158760] Call Trace: [ 1708.159299] dump_stack+0x107/0x167 [ 1708.160049] should_fail.cold+0x5/0xa [ 1708.160837] _copy_from_user+0x2e/0x1b0 [ 1708.161649] __copy_msghdr_from_user+0x91/0x4b0 [ 1708.162595] ? __ia32_sys_shutdown+0x80/0x80 [ 1708.163511] ? __lock_acquire+0x1657/0x5b00 [ 1708.164410] ___sys_recvmsg+0xd5/0x200 [ 1708.165204] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1708.166219] ? __fget_files+0x2cf/0x520 [ 1708.167049] ? lock_acquire+0x197/0x470 [ 1708.167875] ? find_held_lock+0x2c/0x110 [ 1708.168705] ? __might_fault+0xd3/0x180 [ 1708.169527] ? lock_downgrade+0x6d0/0x6d0 [ 1708.170397] do_recvmmsg+0x24c/0x6d0 [ 1708.171167] ? ___sys_recvmsg+0x200/0x200 [ 1708.172017] ? lock_downgrade+0x6d0/0x6d0 [ 1708.172874] ? ksys_write+0x12d/0x260 [ 1708.173662] ? wait_for_completion_io+0x270/0x270 [ 1708.174659] ? rcu_read_lock_any_held+0x75/0xa0 [ 1708.175605] ? vfs_write+0x354/0xb10 [ 1708.176361] __x64_sys_recvmmsg+0x20f/0x260 [ 1708.177239] ? ksys_write+0x1a9/0x260 [ 1708.178012] ? __do_sys_socketcall+0x600/0x600 [ 1708.178960] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1708.180026] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1708.181089] do_syscall_64+0x33/0x40 [ 1708.181862] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1708.182914] RIP: 0033:0x7fcf11593b19 [ 1708.183673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1708.187432] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1708.189006] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1708.190453] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1708.191922] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1708.193367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1708.194834] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1722.189453] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1722.191390] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:12:04 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x12, 0x0, 0x0) 23:12:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x81000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:12:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x16, 0x0, 0x0) 23:12:04 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1b, 0x0, 0x0) 23:12:04 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xae, 0x0, 0x0) 23:12:04 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1e, 0x0, 0x0) [ 1722.218982] FAULT_INJECTION: forcing a failure. [ 1722.218982] name fail_usercopy, interval 1, probability 0, space 0, times 0 23:12:04 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 96) 23:12:04 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb7, 0x0, 0x0) [ 1722.221502] CPU: 0 PID: 9659 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1722.223169] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1722.223454] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1722.224923] Call Trace: [ 1722.224950] dump_stack+0x107/0x167 [ 1722.224971] should_fail.cold+0x5/0xa [ 1722.225930] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1722.226469] _copy_from_user+0x2e/0x1b0 [ 1722.230046] __copy_msghdr_from_user+0x91/0x4b0 [ 1722.231033] ? __ia32_sys_shutdown+0x80/0x80 [ 1722.231957] ? __lock_acquire+0x1657/0x5b00 [ 1722.232879] ___sys_recvmsg+0xd5/0x200 [ 1722.233702] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1722.234731] ? __fget_files+0x2cf/0x520 [ 1722.235580] ? lock_acquire+0x197/0x470 [ 1722.236413] ? find_held_lock+0x2c/0x110 [ 1722.237272] ? __might_fault+0xd3/0x180 [ 1722.238106] ? lock_downgrade+0x6d0/0x6d0 [ 1722.239007] do_recvmmsg+0x24c/0x6d0 [ 1722.239801] ? ___sys_recvmsg+0x200/0x200 [ 1722.240676] ? lock_downgrade+0x6d0/0x6d0 [ 1722.241557] ? ksys_write+0x12d/0x260 [ 1722.242370] ? wait_for_completion_io+0x270/0x270 [ 1722.243387] ? rcu_read_lock_any_held+0x75/0xa0 [ 1722.244356] ? vfs_write+0x354/0xb10 [ 1722.245137] __x64_sys_recvmmsg+0x20f/0x260 [ 1722.246043] ? ksys_write+0x1a9/0x260 [ 1722.246853] ? __do_sys_socketcall+0x600/0x600 [ 1722.247819] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1722.248918] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1722.250004] do_syscall_64+0x33/0x40 [ 1722.250799] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1722.251873] RIP: 0033:0x7fcf11593b19 [ 1722.252653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1722.256525] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1722.258131] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1722.259642] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1722.261148] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1722.262651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1722.264154] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:12:04 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x21, 0x0, 0x0) 23:12:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x9effffff, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1722.283492] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1722.284510] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1722.293223] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1722.294196] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:12:04 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x22, 0x0, 0x0) 23:12:04 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1c, 0x0, 0x0) 23:12:04 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xaf, 0x0, 0x0) 23:12:04 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb8, 0x0, 0x0) 23:12:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xbb0e0000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1722.371639] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1722.372662] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:12:04 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1d, 0x0, 0x0) 23:12:20 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x16, 0x0, 0x0) 23:12:20 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb0, 0x0, 0x0) 23:12:20 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, 0x0, 0xf, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) setsockopt$sock_timeval(r1, 0x1, 0x43, &(0x7f0000000040)={0x0, 0xea60}, 0x10) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_int(r1, 0x6, 0x19, &(0x7f00000000c0)=0x6, 0x4) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x4, 0x9, 0x2, 0xff, 0x0, 0xe96, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x3, @perf_bp={&(0x7f0000000080), 0x1}, 0x0, 0x3f, 0x4, 0x1, 0x19, 0xf8bd, 0x6, 0x0, 0x10000, 0x0, 0xfffffffffffffbff}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x1) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000200), 0x4) sendmsg$inet6(r1, &(0x7f00000006c0)={0x0, 0x31, &(0x7f0000000540)=[{&(0x7f0000000100)=':\x00', 0xfffffdef}], 0x1}, 0x10044001) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000240)={0x1, 0xcea}, 0x8) 23:12:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 97) 23:12:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xbc0e0000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:12:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x23, 0x0, 0x0) 23:12:20 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb9, 0x0, 0x0) 23:12:20 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1e, 0x0, 0x0) [ 1737.804010] validate_nla: 2 callbacks suppressed [ 1737.804022] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1737.806808] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1737.818126] FAULT_INJECTION: forcing a failure. [ 1737.818126] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1737.820713] CPU: 1 PID: 9715 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1737.822150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1737.823888] Call Trace: [ 1737.824446] dump_stack+0x107/0x167 [ 1737.824585] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1737.825206] should_fail.cold+0x5/0xa [ 1737.825242] _copy_from_user+0x2e/0x1b0 [ 1737.826769] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1737.827540] __copy_msghdr_from_user+0x91/0x4b0 [ 1737.830795] ? __ia32_sys_shutdown+0x80/0x80 [ 1737.831726] ? __lock_acquire+0x1657/0x5b00 [ 1737.832641] ___sys_recvmsg+0xd5/0x200 [ 1737.833451] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1737.834474] ? __fget_files+0x2cf/0x520 [ 1737.835313] ? lock_acquire+0x197/0x470 [ 1737.836143] ? find_held_lock+0x2c/0x110 [ 1737.836997] ? __might_fault+0xd3/0x180 [ 1737.837824] ? lock_downgrade+0x6d0/0x6d0 [ 1737.838709] do_recvmmsg+0x24c/0x6d0 [ 1737.839503] ? ___sys_recvmsg+0x200/0x200 [ 1737.840371] ? lock_downgrade+0x6d0/0x6d0 [ 1737.841247] ? ksys_write+0x12d/0x260 [ 1737.842058] ? wait_for_completion_io+0x270/0x270 [ 1737.843083] ? rcu_read_lock_any_held+0x75/0xa0 [ 1737.844050] ? vfs_write+0x354/0xb10 [ 1737.844841] __x64_sys_recvmmsg+0x20f/0x260 [ 1737.845738] ? ksys_write+0x1a9/0x260 [ 1737.846541] ? __do_sys_socketcall+0x600/0x600 [ 1737.847519] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1737.848614] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1737.849691] do_syscall_64+0x33/0x40 [ 1737.850467] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1737.851547] RIP: 0033:0x7fcf11593b19 [ 1737.852325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1737.856179] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1737.857773] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1737.859258] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1737.860737] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1737.862216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1737.863714] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:12:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x24, 0x0, 0x0) 23:12:20 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xba, 0x0, 0x0) 23:12:20 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x21, 0x0, 0x0) 23:12:20 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb1, 0x0, 0x0) 23:12:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xc00e0000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:12:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 98) [ 1737.979023] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1737.980689] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1737.993241] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1737.994760] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1738.021628] FAULT_INJECTION: forcing a failure. [ 1738.021628] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1738.023849] CPU: 0 PID: 9742 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1738.025149] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1738.026735] Call Trace: [ 1738.027247] dump_stack+0x107/0x167 [ 1738.027926] should_fail.cold+0x5/0xa [ 1738.028640] _copy_from_user+0x2e/0x1b0 [ 1738.029391] __copy_msghdr_from_user+0x91/0x4b0 [ 1738.030259] ? __ia32_sys_shutdown+0x80/0x80 [ 1738.031086] ? __lock_acquire+0x1657/0x5b00 [ 1738.031898] ___sys_recvmsg+0xd5/0x200 [ 1738.032629] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1738.033548] ? __fget_files+0x2cf/0x520 [ 1738.034293] ? lock_acquire+0x197/0x470 [ 1738.035044] ? find_held_lock+0x2c/0x110 [ 1738.035809] ? __might_fault+0xd3/0x180 [ 1738.036544] ? lock_downgrade+0x6d0/0x6d0 [ 1738.037339] do_recvmmsg+0x24c/0x6d0 [ 1738.038028] ? ___sys_recvmsg+0x200/0x200 [ 1738.038797] ? lock_downgrade+0x6d0/0x6d0 [ 1738.039590] ? ksys_write+0x12d/0x260 [ 1738.040313] ? wait_for_completion_io+0x270/0x270 [ 1738.041213] ? rcu_read_lock_any_held+0x75/0xa0 [ 1738.042076] ? vfs_write+0x354/0xb10 [ 1738.042775] __x64_sys_recvmmsg+0x20f/0x260 [ 1738.043586] ? ksys_write+0x1a9/0x260 [ 1738.044287] ? __do_sys_socketcall+0x600/0x600 [ 1738.045143] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1738.046116] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1738.047094] do_syscall_64+0x33/0x40 [ 1738.047790] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1738.048726] RIP: 0033:0x7fcf11593b19 [ 1738.049409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1738.052807] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1738.054214] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1738.055534] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1738.056853] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1738.058185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1738.059510] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:12:20 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb2, 0x0, 0x0) 23:12:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x25, 0x0, 0x0) 23:12:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 99) 23:12:35 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb2, 0x0, 0x0) 23:12:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xbb, 0x0, 0x0) 23:12:35 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x22, 0x0, 0x0) 23:12:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x26, 0x0, 0x0) 23:12:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xed000000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:12:35 executing program 3: ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000002c0)=ANY=[@ANYBLOB="010000000100000018000000f8c1572b622cfd1fe41a6ef33cba499a2642b75ad15c96a38f3d71fe03310b87df1d3877456ec0d6126fe46c558d3887e904004737725e96c910d9fd24d49a43de5e97696bf658a8877b392b6cff23ed79040822b6c3208851637264edad26c392b26a942e81cd0b93bcabed2e25525b489f07803f467d85144e66c6e51456c3704091a78a9b2ed363a1621ae109ae2a083191121d57ba5aaba30dee3d7ff13a7bbb54671596117e818b43a62b5abdd3584b9bc77341aed60c71209ed56698e5867a7c91ee8f5d449676c043fdb4c724319670d92cc6e2f9c136816b3e3327e8ff", @ANYRES32=0xffffffffffffffff, @ANYBLOB="371dfa00c97a07e19bcf0000"]) stat(&(0x7f00000001c0)='.\x00', &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = accept$unix(r0, &(0x7f0000000200), &(0x7f00000000c0)=0x6e) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000000, 0x4010, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000280)=@IORING_OP_FADVISE={0x18, 0x3, 0x0, @fd=r2, 0xde7812d, 0x0, 0x9, 0x0, 0x0, {0x0, r4}}, 0x800) setresuid(0xffffffffffffffff, r1, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0xa00000, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@access_uid={'access', 0x3d, 0xee01}}, {@aname={'aname', 0x3d, '/dev/nvram\x00'}}, {@afid={'afid', 0x3d, 0xcbe}}, {@cache_none}, {@posixacl}], [{@fowner_lt={'fowner<', r1}}]}}) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x102, 0x0) write$binfmt_script(r5, 0x0, 0x0) 23:12:35 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb3, 0x0, 0x0) [ 1753.526198] FAULT_INJECTION: forcing a failure. [ 1753.526198] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1753.528734] CPU: 0 PID: 9758 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1753.530180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1753.531947] Call Trace: [ 1753.532505] dump_stack+0x107/0x167 [ 1753.533272] should_fail.cold+0x5/0xa [ 1753.534081] _copy_from_user+0x2e/0x1b0 [ 1753.534924] __copy_msghdr_from_user+0x91/0x4b0 [ 1753.535909] ? __ia32_sys_shutdown+0x80/0x80 [ 1753.536834] ? __lock_acquire+0x1657/0x5b00 [ 1753.537760] ___sys_recvmsg+0xd5/0x200 [ 1753.538584] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1753.539623] ? lock_acquire+0x197/0x470 [ 1753.540469] ? find_held_lock+0x2c/0x110 [ 1753.541331] ? __might_fault+0xd3/0x180 [ 1753.542165] ? lock_downgrade+0x6d0/0x6d0 [ 1753.543057] do_recvmmsg+0x24c/0x6d0 [ 1753.543853] ? ___sys_recvmsg+0x200/0x200 [ 1753.544731] ? lock_downgrade+0x6d0/0x6d0 [ 1753.545610] ? ksys_write+0x12d/0x260 [ 1753.546423] ? wait_for_completion_io+0x270/0x270 [ 1753.547457] ? rcu_read_lock_any_held+0x75/0xa0 [ 1753.548427] ? vfs_write+0x354/0xb10 [ 1753.549216] __x64_sys_recvmmsg+0x20f/0x260 [ 1753.550117] ? ksys_write+0x1a9/0x260 [ 1753.550924] ? __do_sys_socketcall+0x600/0x600 [ 1753.551889] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1753.552994] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1753.554081] do_syscall_64+0x33/0x40 [ 1753.554868] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1753.555959] RIP: 0033:0x7fcf11593b19 [ 1753.556745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1753.560618] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1753.562221] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1753.563734] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1753.565241] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1753.566751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1753.568267] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 [ 1753.573401] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1753.575062] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1753.584884] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1753.586569] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:12:36 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAW(r0, 0x560a, &(0x7f0000000040)={0x10, 0x303, 0x0, 0x0, 0x0, "d1bf431c5e95ec31"}) 23:12:36 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb4, 0x0, 0x0) 23:12:36 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x23, 0x0, 0x0) 23:12:36 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x27, 0x0, 0x0) 23:12:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xf0ffffff, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:12:36 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xbc, 0x0, 0x0) [ 1753.686234] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1753.686253] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1753.688107] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1753.688125] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:12:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xffffe000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:12:51 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb2, 0x0, 0x0) 23:12:51 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xbd, 0x0, 0x0) [ 1768.648455] FAULT_INJECTION: forcing a failure. [ 1768.648455] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1768.650158] CPU: 1 PID: 9808 Comm: syz-executor.1 Not tainted 5.10.236 #1 [ 1768.651106] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1768.652241] Call Trace: [ 1768.652607] dump_stack+0x107/0x167 [ 1768.653104] should_fail.cold+0x5/0xa [ 1768.653631] _copy_from_user+0x2e/0x1b0 [ 1768.654179] __copy_msghdr_from_user+0x91/0x4b0 [ 1768.654817] ? __ia32_sys_shutdown+0x80/0x80 [ 1768.655429] ? __lock_acquire+0x1657/0x5b00 [ 1768.656035] ___sys_recvmsg+0xd5/0x200 [ 1768.656569] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1768.657258] ? __fget_files+0x2cf/0x520 [ 1768.657808] ? lock_acquire+0x197/0x470 [ 1768.658371] ? find_held_lock+0x2c/0x110 [ 1768.658929] ? __might_fault+0xd3/0x180 [ 1768.659479] ? lock_downgrade+0x6d0/0x6d0 [ 1768.660058] do_recvmmsg+0x24c/0x6d0 [ 1768.660585] ? ___sys_recvmsg+0x200/0x200 [ 1768.661152] ? lock_downgrade+0x6d0/0x6d0 [ 1768.661735] ? ksys_write+0x12d/0x260 [ 1768.662262] ? wait_for_completion_io+0x270/0x270 [ 1768.662937] ? rcu_read_lock_any_held+0x75/0xa0 [ 1768.663579] ? vfs_write+0x354/0xb10 [ 1768.664091] __x64_sys_recvmmsg+0x20f/0x260 [ 1768.664679] ? ksys_write+0x1a9/0x260 [ 1768.665205] ? __do_sys_socketcall+0x600/0x600 [ 1768.665828] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1768.666540] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1768.667244] do_syscall_64+0x33/0x40 [ 1768.667769] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1768.668478] RIP: 0033:0x7fcf11593b19 [ 1768.668984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1768.671501] RSP: 002b:00007fcf0eb09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1768.672543] RAX: ffffffffffffffda RBX: 00007fcf116a6f60 RCX: 00007fcf11593b19 [ 1768.673519] RDX: 00000000000005ac RSI: 0000000020000000 RDI: 0000000000000003 [ 1768.674492] RBP: 00007fcf0eb091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1768.675472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1768.676439] R13: 00007ffca39d7fcf R14: 00007fcf0eb09300 R15: 0000000000022000 23:12:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) (fail_nth: 100) 23:12:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x28, 0x0, 0x0) 23:12:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x8) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) fcntl$dupfd(r1, 0x0, r0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x14, 0x27, 0xc21, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}}, 0x0) 23:12:51 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb5, 0x0, 0x0) 23:12:51 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x24, 0x0, 0x0) [ 1768.686682] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1768.688336] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1768.710924] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1768.712670] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:12:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5ac, 0x0, 0x0) 23:12:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xfffff000, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:12:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x29, 0x0, 0x0) 23:12:51 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xbe, 0x0, 0x0) 23:12:51 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb6, 0x0, 0x0) 23:12:51 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x25, 0x0, 0x0) [ 1768.811894] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1768.813572] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:12:51 executing program 3: creat(0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x1020) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x222000, 0x184) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x4c07, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) [ 1768.834463] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1768.836117] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:12:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2a, 0x0, 0x0) 23:12:51 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb7, 0x0, 0x0) 23:13:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xffffff7f, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:13:05 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb2, 0x0, 0x0) 23:13:05 executing program 3: r0 = syz_io_uring_setup(0x5595, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3, 0x10a}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000fec000/0x14000)=nil, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) pipe2(&(0x7f0000000040), 0x0) read(0xffffffffffffffff, 0x0, 0x0) r3 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lseek(r3, 0x40, 0x2) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11b081, 0x0) sendfile(r4, 0xffffffffffffffff, 0x0, 0x7ffffff9) dup(0xffffffffffffffff) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/fscaps', 0x0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/fscaps', 0x0, 0x0) read(r5, &(0x7f00000000c0)=""/198, 0xc6) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000000080)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48ed, 0x41004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x4}, 0x80080}, 0x0, 0x10000000006, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x9) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 23:13:05 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xbf, 0x0, 0x0) 23:13:05 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2, 0x0, 0x0) [ 1783.423708] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1783.425487] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:05 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb8, 0x0, 0x0) 23:13:05 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x26, 0x0, 0x0) [ 1783.451169] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1783.452905] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:05 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2b, 0x0, 0x0) 23:13:05 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3, 0x0, 0x0) 23:13:05 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2c, 0x0, 0x0) 23:13:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xffffff9e, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:13:05 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x27, 0x0, 0x0) 23:13:05 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xb9, 0x0, 0x0) 23:13:05 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc0, 0x0, 0x0) [ 1783.602237] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1783.603998] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1783.621672] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1783.624771] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:06 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4, 0x0, 0x0) 23:13:06 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2d, 0x0, 0x0) 23:13:06 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x28, 0x0, 0x0) 23:13:21 executing program 3: syz_mount_image$vfat(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_mount_image$nfs4(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x3, 0x3, &(0x7f0000000280)=[{&(0x7f0000000100), 0x0, 0x2}, {0x0, 0x0, 0x4}, {&(0x7f0000000080), 0x0, 0xfffffffffffffffe}], 0x3110400, &(0x7f0000000340)=ANY=[@ANYBLOB="7270635b7b27255e2c7270635f706970836673000000006e745f686173682c686173682c00ba1b255c70bd3464c8a5cd554cf595db520a5708755cc63bad3d0ec1fae82f60a10930b7b144c93bb3b9715365269cb0ff4f87e72d3ea4fa5505297402ba6cb6692602f7efeb99f1486c2ec27b01aae88e8f6c5948ba0be1ed75d2029bf3e0b660c262e4e1da806e045c80c2295aa24e995f18204c983ad23cbae3232ae872f800afcc3db31faecf3de071bc20efc8fdd1e60f64c73f0da7119277583dba68"]) unlinkat(r0, &(0x7f0000000080)='./file1\x00', 0x200) openat(r0, &(0x7f0000000300)='./file1\x00', 0x400080, 0x100) r1 = fsopen(&(0x7f00000000c0)='rpc_pipefs\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180), 0x1008, &(0x7f00000001c0)={[{@mode={'mode', 0x3d, 0x6}}, {@huge_advise}, {@huge_within_size}], [{@smackfsfloor={'smackfsfloor', 0x3d, '[}]!'}}, {@fsmagic={'fsmagic', 0x3d, 0xff}}]}) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fspick(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1) fsmount(r2, 0x1, 0x6) r3 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(r3, r1) 23:13:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc1, 0x0, 0x0) 23:13:21 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x10) syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r0, r1) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x4) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x610102, 0xc2) renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', r2, &(0x7f0000000080)='./file0\x00', 0x4) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) 23:13:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xfffffff0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:13:21 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xba, 0x0, 0x0) 23:13:21 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5, 0x0, 0x0) 23:13:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2e, 0x0, 0x0) 23:13:21 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x29, 0x0, 0x0) 23:13:21 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x6, 0x0, 0x0) [ 1799.464987] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1799.467341] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1799.493753] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1799.495402] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2f, 0x0, 0x0) 23:13:21 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xbb, 0x0, 0x0) 23:13:21 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='ramfs\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(0xffffffffffffffff, r0) mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x20) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x3035, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpgid(0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) dup(r2) perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x2, 0xfb, 0x5, 0x3, 0x0, 0x7, 0x490, 0x5, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, @perf_bp={&(0x7f00000000c0), 0xa}, 0x40000, 0x9, 0x101, 0x7, 0xf19, 0x517, 0x7, 0x0, 0x7, 0x0, 0x7}, r1, 0xffffffffffffffff, r2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_setup(0x5, &(0x7f0000000080)=0x0) fcntl$setstatus(r3, 0x4, 0x44400) io_submit(r4, 0x1, &(0x7f00000008c0)=[&(0x7f0000000200)={0x0, 0x0, 0x8, 0x1, 0x0, r3, 0x0, 0x4000}]) clone3(&(0x7f0000000ac0)={0x134064500, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x46) mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r5, 0x10000000) ioctl$NS_GET_PARENT(r3, 0xb702, 0x0) 23:13:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc2, 0x0, 0x0) 23:13:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0xffffffff, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:13:22 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2a, 0x0, 0x0) 23:13:22 executing program 3: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) dup2(r1, r0) [ 1799.646509] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1799.648217] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:22 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x7, 0x0, 0x0) [ 1799.667333] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1799.668976] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:22 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x30, 0x0, 0x0) 23:13:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:13:22 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xbc, 0x0, 0x0) 23:13:22 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0xe0) close(r0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) clone3(&(0x7f00000001c0)={0x90068180, 0x0, 0x0, 0x0, {0x2000}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58) execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0) 23:13:22 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2b, 0x0, 0x0) [ 1799.818400] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1799.820196] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:34 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x98a) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = getpgrp(0x0) pidfd_open(r2, 0x0) fcntl$lock(r1, 0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0xff}) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000fffffdfd0201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000400"/248]) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000001c0)={'macsec0\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="3c0000000100000003001502e10000030300000220000001dee8fc133fc92b570000000100008068fb93f2060cd998bb2382fbef2e605d20efd13ad8020454fe726d5ec46065bf6e5c2fd748b7382cb035aee7d07675"]}) clone3(&(0x7f0000000480)={0x2080, &(0x7f0000000180), &(0x7f00000002c0), &(0x7f0000000300), {0x2}, &(0x7f0000000380)=""/10, 0xa, 0x0, &(0x7f0000000380)}, 0x58) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000500)=""/142, 0x8e}], 0x1}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x81) unshare(0x48020200) 23:13:34 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc3, 0x0, 0x0) 23:13:34 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x31, 0x0, 0x0) 23:13:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x2, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:13:34 executing program 5: listen(0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x3972, &(0x7f0000000a40)={0x0, 0x5912, 0x8, 0x0, 0x24}) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) syz_io_uring_setup(0x2e31, &(0x7f0000000040)={0x0, 0x164c, 0x0, 0x0, 0x2d2, 0x0, r0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180)) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r1, r2) writev(r2, &(0x7f0000000240)=[{&(0x7f0000000ac0)="1b9c640c9da4d3f740be1e2a80a1ca3c53cf97c784cf277d9d4ad6b9023dee5ca4557e9f0842343778cea10de58d6c017bb647a1807bb4731055f47b1906a31fac69e31bd615a90fe889ea6b1d20ebad1ca0b4eaa8c3ad3f2a062fedc9d540ae71dbc89b61f65dc1699d5e46412bc9c6234eb7358e6552c8f3881a79aacca3fec03c1e0296079fe77e8e572a4efc1c22d3350b0baf9b8b778c9fbbf65d25d36cd6c9f3c2f509df60914f13031870acb93f0667c36ff1481f5097cd2023c90af5752e3e5be8887b4778e28b37d7f2556f8faf890adb2b75d0001814da54bf79a96b508c659d78dc91bde58f11e44c948a1303a1afd574bcd82af702bb492d572b2a3b3ac1c220759d4600a8ad4bddb3c5270ef69c6bc55b6d0eb8164fac27f27599a30293fb634e0e908aa74bf451d4b9b1cbcfea5d8ced11b71ec48d2836d9ca1a1a9fead7d1d9c650b5405eaeb53b8b8c6f7354d4c65fee532e105d4e4b677543c08d03115394f5d48a120d4304d94899395f2d0aba462f9a17c5ad085dc7e232b89b74dc82b46ec42da06cab9ffab168dd1496c32d2bd120e8095cdfd56fb06c630886b6ac8a9883579f0427b7b65cd8ffc34639a5f2444b1e7aa2562ba474f907999662930f96d62b615ecddc13a2137cedf0d1cdaec7c64e7e621f27a09c4bcb7104bc8a9b57efadea8294268ee5ddd1d2cabe9f04a6e527723840751fb1d6816a760fe7645b9bd42325feea63a9669bf04ad7772880772bc34cd728d137ff96ba5f8288f9cb2b8d6688217e65b0322f013d512b71e08cbee396cacf339ef21b83e90803080a9a9682e3ec42e5714d9d557d7ce9129f99910d689d02e95728f07b11f8a7be9fac715891ff1888ba44da8811d339d03240ab44154b31607e9e18d8686f3ef1befe3b25aa3a755e4298795a1cef91f6c5c3b8a9b9734fbfa71b4cf9eaab6c3d145b0b53267cca838b51214db14964ebb59fb34468da68662738a09a253c97665be2aa64bccd20f2c7c3b13c28fcb45b021ef1a40b2a70dad3df317e83f771b42c551d78cd5f3b4974d257d7219f470227f6aaa447a8689264aed193c8d39dff96f6f82b8aa9ec2e5fb83e44da685806b4f368f447ee09dfd9d8a5f6d8d252bea16203639b3e2c9760e688a1968bf759fae33f67bb479a27d000bf959fb52dbd2fc51cd0c8e25f5946a294cb595ec5dc33029c52cc11446e10ad885e189ef28658a0423e594551c810651e8de6d65414cd57c3c005b8f18d225e466e8375214861bde8f639661fea11496e0236f55d50a8ddc3c84de1143f785d386432edc857467a0317576eaeda4b168fa0cdb10a5a90426c68a172e33fc64bde255f05de59c040b1c1876cb3b1006098cea4df82c70073a7576d19950224805e2619aab023202fbe5d50ab252243b1f3c741b12243d5145f7957a3ceebb6d7dadd8dce2ae0867e95afccff5fc46a647217cc6ec6e24bb4709a81b64d61286751d4a66e77eedddf54c7c12302abf256c595c8a6811985efe16682c2dfc9e32c588d5e20264e48a8cdc2fce2d57f05a1d38a533ebad3a2563755103d021030c70d0bda40c221770725c250b774edd5ab9ed2358fc772fe83638e15821688c7a7207e0f6fd01f3f5abe4ce1831da2c0516084bfafe701d41fa17ec10899bedd2ccd580b39fe67ea3f60a7b490c6868d15b3b6e01bff68f1d7886bb45a5806033c91a099756faa07019afd68b9fb9e83a1d4f0f898d511996b85c70cb8cc32501839003ee3d041c53c985292e278d79b9edb7a15aaa176e6d9d878d09f6acc3e90aade73aeee369ee06886f62226593cd7248c27f1b9e0803ac3fe89346586fc0bfe975464d422c4f5192d68a2a91524daa37ad05bca790dcf8460f132fed58b24d5498d395bae6fa267aec5bd0b539b3a03792da6234e45f24d156b64743a2ed6349b5ef13e50c99a81c2fefc6c62c86e0be77433477714e0fc6db159964ec57aa276a5884e68d401e6ffcd421a766e5049b60906c8ca027fc27a937cabeea27fe7003aed6c16c6f1ef6a612062e06072f726b7d116316987912cb8f8fed6331674cb54d2a257083415e2b10523686c21c97876ee8a3c02cac29fb65a471dfdca0f576619e136ce8162bf2d2ca3de7cbe1b6ff69b33781e8904e633a721f035d3020d68de02e7f0eaf030e77f7ab6e3cd30788f7e097f790b490af9da61eda51bfd8491054b792032fb4b6b3de565e794daa376d62bd5966c4c8646fea4cd968300bc25817eeba9cc2cd40b165541867fec17faaf7d30c3cf1cbf5294a9c12b761891475787a9cddba11914ca29df9ea0ee010924d389053a3503784c5e95c91a42b256ec21255669a8be90b30589a58a0f6b1d27a2d357b56868c2ac0bfda3c7dea8d730551073d042bf5c69fcb18f75093b3ef4c00e6dfe4600a7633192a76d7dd26779f28e388f4ae2e42de6d382d1e9a95b1b44a0db6cc22a64c88eeb108ca0d9e7460dca97c016a423d4fc076f5d4fcf074d1ab6566f0024c7c7ea800a491626a9f4021eb87e30b976fa2daf06e88ae3296746f4be7856a58b3f857df2746dcaeeff2810801309b1c3f478e58e790cf51d6716e5e5a6f90804376f367e219518874618f1112ebedf69bed63f6c71fe1667c6f765c48245fc7475e393d1315d5fc5e9e61b112b5612e178ede5994f023f82013807e491d92b4e7a5025eb9d374265de46977e1e679ea52261826f6d95130d21652ff4dac999f08e8990ae7ad49ca578d51275bf642d26cd00a738a6400b4efa7f9a03c0e5ad23d0a42a87c311672c7d458aa9eec045fd14c5fa00b355f205aef0076e35fcfc3c7b7bab4e25488e32a98419a2c26c906d7e3ffd3b5942a9e0af11104a5a3aaa21cfc29e87575d89bc7463e1a746d961452aa74af20270cdf7bf256ca64aabe8b175d061c57ab4deb5cbbf4f28d35b08abaea8f29fbcece4b8783c2adb43b3bf0b0b1175b09dd1720ffe9ee46648652734a716ecf499908bb4babf367b1615f2868aaf0b136e7e66f469ade84fb5b22c7cee2bc66102a9eddece685f275b354fec4365930196d49345ce7b583adfdc446834e038bac540ad1991b4dc04cba4ae9c49eff805702abb948c0c0ffb20afd4b046d010109a91ce4c22a998e1927eb6c2cf8f2b1d51378863d5a44c75a5dafa784db043ca75c51b8c00064bc5def239915ba98e154365abde26d3477016f38caf410420365d9066b6d47cdbcf0a2a2e3d787ce2c41a011ada35bf84e08c1996141d80511490929c7e7d83d1dfee4681c476bc4eb870d4d747ea4d5efbf02c8f1597495333ae240ffafa6c9abbebfebfd03999b87e3f96d32ac643d4eaf2e7d793071381d3ff6cd9bf2ab4f454676c2dee1f2820350bbf3a80b6d978b5abcf8cecb43ab5f49d51a8cd3b5e6c61a65b3e6b016c1e3bcfcd97ed06dfe973300cf9436529f40c0d8cf1fb5bb360ff33e8e17cd86a5f5950dec7f43182c60bc2aa0d6c72895c69038691818cf1d191401d234a94daa1416efa57b8333ebac437a5602fafb5287b2090ba899bdd88de4fd02875c9729ce002b82afad29885692d7c975bf3dd19fbab5673cc4456c7223ab0e41b39d2b39b0afa35df8be7f29a343851fb3d20b5880525501459d0c345c63a3d67b947081526f8bf19c4082cbf9f3343958a71bd020d62d98538f1bc93f8ec680a914397787c3d56b97e140e5c277b6b3e0f36d511c1e976833bd68d2f259d08a656a69ad83089294d230c5c3b2ec8b15795691a22a6d9b7faa52380c260948101bd15ff30a87b07738c8a8640bcae06ec13f40bdb28b386102930ba2c27ef180555dbda91de809cf0994019a8645a1d8892c45ef8eadc9282b467fedc21b531981c7d9ccae86a7bfb2f754186446d9912765a3ba4ea5bd82520936515fa8692a49543b7bf4fb4d58804f41868ba93395c55012d6221afd1bcaeaf9c500edb19e14bebe3892566ebffd95352e8d10e612aeb49e24d2dd947578824c98419ebfa208b683e06c08d8926b9a646681fc1b28a18fc127edb4184bf200fcd0bb2d9c49f3f19870067b94000597f62d387859caa0fb27af509e3f32b355ae3198756b8e4baf1fbef13dbc4ac42c0b71948bcb12626a8ba2b6acd08a6d0f4eb4a82b08d2813e4218bf77d20a147041f70eef0aa194b1049ae54b77601df2646713f7c7e4085cb724b71fcde4c53fe1bad14fe832018d6aedafeb73fc6a48e95811491493cb1b3fa6ab8245c495c2c1ca9abada1e5d3d271391c9037b6599cd6e7e182d99b7f95960b728149df050a079522f3caf7ce8950c44c40af313b65f34c509b0f11c7b45b7d40e8a4023f74ba5ffb1c488b6ba754e710b7e878f0aae59206f559f5058d8a514884917b9542e800297a1aaad6b4e35f977a1725044184953848367bfdb4dc1436053b5758a578fb884a34b77c58153256db86845621a19c846ba0d57cc24e84f03ec27f1228f51751d851f5056f79001563f01d7c05067e5386246a6d2fbde0232ae6ccaefcb48b7dc6451899d1e62fedd00359920498175d57fb3b5ce289c6ebab71f515ee836eecabba8d775add3435e87f1a23e02d414a1da4d9c6b2aedf63280463d201c9c349c6e8dea5cbd5a043701f026cdcee7d3e2caf5efbd2021ab52304c440dfdd9396e86fec8f8b70bebef892730fc0362e853af91fd2a81b2e45e8304871550e58a66d24a2d525ad455ad36b596a3d50dc142db5640907713d518bb218ed313029009f08cf50413274ac21a9b20ffb58e387bb1eb0ed8d7332136c021c1a1caa3f2871a58b7d2b16fdc407c2ea06f4f687d7a12c80a360e13b9942da5fd8a80973abe5968c1f5f107b5e37964aa3dbac0e024cf9dd5e43763a8d9e89a9c3c26e263f05113c667fad9822a8ea07db7c0866644265853121d14ee82ed15cd8f4d81f9dfa020aeed6d892a9dfd7a64ff9080ac4a590757f7249f00ff994c2dadbf976fdfc43cb8181de19ac6bced558be4b4c73d7eefcc3c757cd1d641166078b4ddd6de845fa6e458157d22c25e4eb86511c0f1528f4b802d6e2ba9c45e5712b6d4b2c085b11f681821ae584aed5d606d623e9efaad555cf90656ab61cc78587e6fc89b51288377b418dce89410cb4c41912acd93b8765e74ca4f6f600afbd16907ad652b3ec3a3d52bf73c29e3e810d68fada38836c40d8a957e6680a015ec154f1a31f2c9727f848f1f281bacb09bd3b0f6904db9b19a9b058fff0b32c8d8cdcd6881df6d09141a20db4a5c38deb4857a66e75810ff14394e39e5eff42ac547790b199fae2dd465428296eb3287e7a915c8b3ed07fcd3c5bc8d16b5eeace45115ae3159a95e4f9725e54001710c7e05a4dfd2167b0fa3f62014393387dd20c4ac912b9ef87cda9f6459d21bda46b9fa3ab356824a2ddf70b6d0343213bd26ef43dc7c9a39f4f96360cca3ab669c59f6cb768d1e222c4a460e642eae881d6a0ca20e9d2ce4fa12b6fd3d589b989a47405242839140e5b3995f7b1d24e81ec9157b0fa1bc6cb12d5a60b9d8869106ff34416b5d0728695566b97a8a40b10948f660f68ffdb5892ed1d032a52c2743eaf9d681e5984359f9935997ca599a8fd3ae63baf72d42cdc4b1e5d7aa9a2c227e66f6492a7cee45d0574b67ab7c1ddaa958780181401fe3a084058eb60480536a2dc4e31dd199d42bf82ed6a04cd8bd087ed3c4222caefdedeb7b9ff67b602c67b5313a6dcf3f8d95b3300fddea9dbd236079a520e5ece30a8d885a92d9a14f9da73af0b783e20a99ff8df", 0x1000}, {&(0x7f00000001c0)="969943bf41a537731278b58ab44cdae97134da79b8e2573e2211998746065efc9145be166ab4ab9d64a3a2bd0d5211bf403f22ec3ef7d7cf9117f8f88d38e7f0c015f152720d6e348353dc916723d6b63a083dae67c5220f7fcde9b860a8e26dda3bdc3e711f11e168071870511c567ae2176bb350ff12d43028225387", 0x7d}], 0x2) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) pread64(0xffffffffffffffff, &(0x7f00000000c0)=""/77, 0x4d, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001d00210c00000000000000000400020014001180809801a7b0c7dba09475f251c743092f2000008008000000ab271e31e1bbb1e1270323beb24e6c164d9314ebf9391329f015537a585fd8b86146b746940822b0c5e87918f642eb129062b89b8041d6251162d7dc9eea2b8a947f6e5d7441958bb0756f25cfd7480c9757411ebee3998f37b7a9b393438ea352dc319dad843a7c68e7a5c1", @ANYRES32, @ANYBLOB="14000000fe8000000000000000000000000000bb"], 0x48}}, 0x0) 23:13:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x8, 0x0, 0x0) 23:13:34 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xbd, 0x0, 0x0) 23:13:34 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2c, 0x0, 0x0) [ 1812.516505] debugfs: Directory '€˜§°ÇÛ ”uòQÇC !' with parent 'ieee80211' already present! [ 1812.531803] validate_nla: 2 callbacks suppressed [ 1812.531816] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1812.534529] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1812.585977] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1812.586969] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x32, 0x0, 0x0) 23:13:35 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2d, 0x0, 0x0) 23:13:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x9, 0x0, 0x0) 23:13:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x3, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:13:48 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, 0x0, &(0x7f00000001c0)) syz_io_uring_setup(0x36e7, &(0x7f0000000000)={0x0, 0x66e2, 0x2, 0x2, 0x59}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) 23:13:48 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x33, 0x0, 0x0) 23:13:48 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x0, 0x7f, 0x5}, {0x5, 0x0, 0x1, 0x3}]}) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r0, r1) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000440)=ANY=[@ANYBLOB="4fd37d5b20aac5b8b645355cce7ded231b84f8db461d6ec4729f0b138c1b5b98a306a401a18a8e914c8aebfef7e65f9d3b0e3e96aef58b5b60b99c88db3110117b"]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000580)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101982, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) ioctl$LOOP_SET_STATUS(r2, 0x4c00, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000002c0)={0x0, {}, 0x0, {}, 0xfff, 0xa, 0x13, 0x4, "a33ffde15ac5e3597997ca8986bc6d30fb365a162412350d2dbb5f02e4b9158f3b699d557e93639a919a636fc399cb69327ad1688070049903904fc96628577b", "2f87934459fd43a9829984709a2e821126913d74f3d1ad8285ca2e3a4a403d98", [0xffff, 0x80]}) creat(&(0x7f0000000040)='./file2\x00', 0x2f) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f00000004c0)=ANY=[@ANYBLOB="9789cdc1a58bb7b4ce6b9173a41ae2f452523a45992fbb476b7ba2f081093dc89803cc6745a634a85feaf8f2cd4ec14543c88d990c72ba873c4073a7537a6349e088000032925ef7240019f7bde0a219f9300d8075d74edf81562bc254158d758aaf5c8bad5ffbb966b332d87a3c99b80c16f31f280431ef91e603"]) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x4, &(0x7f0000ffb000/0x3000)=nil) open(&(0x7f0000000080)='./file2\x00', 0x80, 0x26) acct(&(0x7f00000001c0)='./file1\x00') openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x20082, 0xf4) acct(&(0x7f0000000380)='./file1\x00') 23:13:48 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2e, 0x0, 0x0) 23:13:48 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xa, 0x0, 0x0) 23:13:48 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc4, 0x0, 0x0) [ 1826.511287] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1826.512299] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1826.531576] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1826.532502] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:48 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xbe, 0x0, 0x0) 23:13:48 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x1, @perf_bp={&(0x7f00000008c0), 0x8}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000240)={{0x1, 0x1, 0x18, r0}, './file0/../file0\x00'}) sendmsg$nl_generic(r2, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1a000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000c00)=ANY=[@ANYBLOB="f81000003100040027bd7000fbdbdf2513000000ecac4ca95caf4514d44aa58375cdcf25212650fa699af9626d82be8f1d12961beb31430dd0d9e4ebfa721b9ee6b9e615d3b3060fa7f7ef935f04534c3306c612086fbb6cf56f12334ab256a106841d20ef1aec4c54186dde13697a7ad46c736e8c3723450797eeb045941dd8b88c88c94f84f952af36a84b0acd55b8c988687e4287ed26abe882a58dad0f768d7517e51337e0ff858030d0c9c68685f6c9db271aa4771344497d0089fea82abc5d89c0c8b82fe831c87896dfe18292e5083e5be6a6696fddef15f1dae0b9c64ae05e8669e0bdbdd4cbc03a394a6641f2846afa81a09215d717348f2964807bee3369c02994bea33298b2ece35de3ab47f9cf0e0307e8afabaddff5b1bd359d8f6a4dd9175add67f611acbd162c2a90367b9b274ed621193fddde340889b3fa586de01d0a802da4e98e8b62491bf629856bc01dbb75c4fd3337bd2df43d437557e2565a48e0e55b6279175d80aff7a5d44f5f2fa6dbc03ceed431d16caaee38112a03672f3d84457363c76de0fc4a2531c7daffbbc58f39289d4b1efebdd403b239a03693e399137dd87f676a50aace435ab32852b8d7c79d972a65c13c3e0bfb5740f96a34667a5f6a5f0d91ee66951fa060a741b73b49937b5ea15c76c01b9ce4e250812be3be620fed068424d45cf8010161b48f34dd10b4909bc302941b9e48a42d28a8b7da09e46b52abaf76d82fa8debbf05adb3dbf76a2ec58a1090b24696035667358218af4977aac42d3c1e3da2568d193db2eedec475ca106e82824cf69afc9fc3fcf1a95ac96e689ce0acd6647b46d5a1b8bd6b9bd8681399f59008b5c2ce0afecad075f33ef02ba21b0b965344307948a420aa78eeca826336d72a3758055f7d62ad6e8369e542b3a0b4aa845ef98734b551f574fc1dffc9a31df18ddaeb3c2d537311830ab235209070a794ba8a54f4f8e83900cc919c1f1b153607ba3423f052bdf0b753ecf3bb613786ec5cd318e796d124e1ba5a1afc61f21a769b02b3a0aea7f3cc6686fb22f8aa3056325d76f518fa7e5b47ab3949a61d20fe61498958fb95d41845a6149878be5796fbfd19fbbfb2486e4f45153d93335b868a67420430d06370d82cddb33ef1363c547dccfe336119fe5715b65091ea141608f488e50affaae2780a70748dbad8ecaea4f5c1217e74f25d5fa6605bc3e372670492bfd4e2488a5a1e465e5e652cf9a5f34c85e985be755e4ac3758b11b073e4c9de4fc8153b765a518d3b669e90ecbc35776101507b51c3e28082592782bc64f6fc61734e4aaba99dcd625209c9f36982378bf096eef4525e967c761ea61d493898babb1089bed8c791166c600b38f217f037bf30011dde2e8bd74c83d7bd6f50ab6d3edd1d9bbfba1ecd5f7e6fca72575bb743287cb5bc52543b5e2c3443cf6087182cf67264c1fca5e63debc863839cd6f5c2c5088a74697a05583e22573daf3371a1a66849376e3b7e9f8d49660aa5daf69d78864d969f98ef6d0d4f6b34772c08e4545fea66a962fc2011fa2a2151e7d6c61638b4aea823b22e62352bbf29207371bfc52a1d084713e34651cf217cb2469bdc4c774fd42ed710950b30500d38ceae88cf262012780f83c8b406f0fdf7813ea6e9a1406ab00fbda3952be95bf97462babb34b02c8f613f3f9c0df33a98b52edeea2303cd27c2f25abf8cc16481025c768a1de48e00b1881c61ea4dc2813ceb659978795b2ac7fd96a7634e418552d52db36af320e22c8be70836a6f68550bf245209a9bf73c1db410c4aa5ae74af2a64ab8777e172f4bc05c0fece24657ff066074f066e0bc0fb73f37297b79d39a3c38c6c676824eb3cdf2a8f2a4686da52c6881293525a9d60aa03d468ce4679ae9134fcd481b29189ad6371c8bb6c44f352bfa785afe3191941106b73babad36c9a3e8e6ac340ac7076092118d924e035ba2e147f2245ea574edcdc267380f326ff4d24a42d976dd856c16fbe1cfb6c3fb887264bd67309e9a7eeccfb89e30280e98951abb0df3dba968033d0ef1d2ae2d7ad0884668cdb3512a2030285fa7d97676934315a2b76382f5465800dfa6a980afbd868b7f39bc3388046a42c02494226dbe3c9f68681668e835398c5b296b3407f775d73b33b541e936d2da35808af09d00ba77711d5cb954465cced2a753619590dd60e6df90362231a3756ef10907a14e006a784782106ace58a87ef4c79a4d16a9af34f616f149c89efd5b3c5a7605247cca21fba1bd064863bb47599a21b46e15f38cd10cdcde122e25fc3994b75c781a43b962104d1a4a3f85aa07da86524a2f7d4c898da92dd46d05c5ac6969df36572aaa0d57790b4d782016a1e6bbd4ce3c43d0cf46b17b1f5d6da15efc08f92fdcfbec2932be3d2102ee350a928b99e2809df730dafefb23f6d01529edab7f1ca00db8a702186d1d37fc4dc8649e3eeb91860313c0b435fa462c8dca8f367311bfad0b78754874f8144abbd40f03bc81c4e8a0644350bba6caf923a15416e753fa3dce4e27af01c9697c65876d7892cd3c8cf4a04208b2205ca4dff86ebc0274d9bd6cfe605654c60dcb893ca7629e28e4b317f820ed869eb371feab47a2d1fd48b7d2fdb58674b4370752662fa097a0bf74073eafb181b0a24b0639ffe5da2bed2c22d89268eccaf4747dfb3ff52b4cdffaffc9194f8444c5b8594544134d18c1b1cb00577f522079d6726ad8d1ea086b7dd38017f7b751d95d88b08bf90ba116576de96a1ce898aa1432f1932803728adb2c7dbe44c4f55cad9b6bd43574808eb5a7be383b910db1891e18848f8cc70fc56b5d1cefe62f846f0b80385970882d6afce0982dca30dc16e250c518a8d8ce26deaa13f43443b0b27be3e2a799d73cd2db7c0eab54f8b4bccbd2cecee6709a620b829f52cf32f2c8243efee40cd6e3de445722384e0a203c4b88791d7988ff58f62832e95bbf09cef01e5e1420dbc84c1c2d600822c02a0f9a69df4f9a47d484ea873e9fbc478e6d87dd57cca05218309164f803f7de7f75f2599b9576b88cd30cb30eb49a8f4062668603e0432cb7584282d9831dddec43ad20e09229f6c8f5a7e1f1a048f01dd412cde1def666d38c78753d1e3f1a0d20b622d23f682094a22979c6482f17bda64dc7a8f0a01db5433d3ccbd88e047b07b576f2267fa3fddb3e3568660ffe127635878164c5e3f1b9d2c3d7273c5f509b11f13b0c27adccfe3a4291144c289e7e74df59bf4785d3bb50116850163632e5bd0d6f7c8a19753303b67b09cf4bc8c9e5b97d4eeb877e520a0d9b0d6f062f409189dd3dcf9d5ce6f1050b58339536ad06dbbeec2e38360bd16c70a6e1700ac4a2ff211b96e5c369b15f7e1cafedba4eb0ef7fc7a29485a3d21236406826c4f3f4f455ea9adcdf0cd1d46caa2454835e6d61159d094f75f8d26d0a637ba75bc99f0de8a20927dfce50626f6022d14feaeff4c2b28f71ad9af25c68665580f86f3b416d797eb5dbdacb2827bfcfe266135ab608ad6b554db77abbe2b213248c3aa28dbcd43d8018b50c578b501c53bdd44cf9893f3f4055c9db95b5ba8689d485e10e596b6c3161c539eaba8e7815bcd84c9ceb46ae3e0439e8a45f7aacf73cd16f08075c31d16000390e552d4672e4ce519242e4fc18ce1cf13cf10c1780d4e6e16a480915fa4ceab027fc823cf4763ac0cae24ec5fd0858c68a32d6880fac19fdccf366c4fd5f14b5e561a5ea922385a884a7baf3d3b89ee5bf0ad21563a985217fbe65373df79025726405725befe832f3d962c07dbb2364f40dbbb54491cfe7e77f8f2609a86c210456652284754be7fd22097dd174fbfbb06b92214de0ea54cf435df963f6982231fb25ade3ed7f4d920e0dcb96e66d3ec32c1f9d4e57586df54b7e65f829596a89707c425387f2c0a56eff00f4d85a37e6dba92e09976af42d8bb2360736fcabcd36fdaba45de753c2ed4fd240bed93a7709faa8863672fb1edc546742e12eb2aeed8e926a9d8a9818f9a879e7159e3c04e7e432c17a994443b8c188f9f30d525aa2010b29f70a6e63ce0eed07b31fad874e39e18d8f872cfbd60afb92fc429b589e7ffe268e21f9578b3aec98b8af251e3677db1d78e092170031d46806bc5561c9da1ddd2d8f3e9ecda9ecb590029ec17fd40ca19b80711030a9ff1d63ac29704c4051ebf197aaa5d4adc85c147ad991ab38d52c49174b0819b8ef403b265a79cd1b7fdb9b91d9d396e6f27f077f000000644b71d7e274a27da8eaaaa3b742ab6e507320adc5ba839355cddbf1fbc674eceb239d1d2600a9477727dfc228bda747fd7b7df4875fb7df1a24e4a2285913338b7ea3149828c03c6c05ae1a8a026236d8dc0e99902803cb48a9b4f95cea946101b21ea43f1755ec3628919c22f6c8550438ef95c793ce83f802ddc3cfa30714298ae0afd819c7cf3a404ecced0a6715c74e9d65db241842854900cbe4e7fad34a763bf7fd2a00b3bd0c4d98f2be7b4c7ceac0ebc972d5fbfc4aa385f8f8466de05bf1c40ff987a8e3a338a040299b43bcc882dc5b4b545ef6a608762a365c46d450fd05ef639d0c98ab2771ca5f3a3796cbf8b2f19cf2c20c8ba7df20e6654ce27e2961bd109738ce23e9102d3b0f5ee4bf3b5a0ad64d043d25a5ce07ac4f67239504f094ad3912b95e764812001dda0e7099e9042422b3c5499bdabed92839694a5c674856a315d97e1a7dc45a5538e16f6c22612b36ce0702ec1b594e2f81d4273467078574823140d30d64e55a11a355391165e58555ec2a00ebd309d172830ecf5a8af41f81ba0039da6e9cd905c0cde7c7029b0617a17afe2807651361be4d841061fa006ca9c72a2e7e93d58866b414c5901623a92da422ecd5f6a65f7e3d64592f0d2b9784f63db0d7529b48790a52fc3372c79696ea57584dc877d42549580a0857215e5a88a34a1183d5db45fbde1efe46efd8f83164d796e895b113b343d945099c24977592643582af3f49c0abb8a05bde402584b3ebaeeebae36b855bbccb1a06f6045b8952f777f890b80f869c9a3a81e6da1673f021a4ac56b03bb9b1340d3ddba20584c13538a643b844e6ed401ced8a075885e3281dcbb98453464f9603a8dfb9b2a6a45e05bc80f5f5d4fa218a19c9500c31cfd4d8d14634407260110f2dfd7ccced29a87a50cfee010357ba41d43aa59ea2623382cf658364e180f0c3d7721c5095882b699beb3ecde7153964c649165dc1861813f4d63b845954dde50259d2be4044e29e4cab976dd22bedfd91239a61b90c53df67c5d259b92a15fa4102d6e4b64562b4dd3f23c3af342e2099a7a85a5487320b571f5281f3dc49fffaace545c956961135119bd39e0d4c1a05996e3afa8b5c7bef909a5b85bbb22704c1e45e24f414493276acee62b6071f79fd9d0cd1b48854becde0b61576ff37461a9202873d4f5cdb4221a9eeab4d27d04a674ae5a5a79b8489c2e1a6a3080055bcaef068b31e377caf79c0ad5125e408e6045e80ad50ae6ce015f9e569a75a9dd328c65444cff2b3e0b7ce29768433c2f24618a7ac02d1b4ba194a684cae5d56aeb8c01b66bc89bbb1d4ef8742ab2791de75086cefd65aeb70127334ef9bade6f789e96b266b7324972b7595bf39633bef84d3aa144db311cfba67c85c200c7f4c24d33b28a92de42892ba21bbc51c12e37dd50dbeab75169c8ca8d3102f2f8d436fd288d31b0794bdd4664684f26ca8275007319e4d3d70b34e002dce1a77b1898fabead2def8c4699aed57b82d7abe9aab3cb672bc8c1e58c005f86a0e864057e2385d3003c8bfd513bdef103f4bf6d91e26e50deef5648233b4ea4b67bff9ae1a2757dbee496e9a46ffdc187a4162dc17a1d91be735d47c796c2cda0d418eb07824483e24f09c967fa3284177ea9bb675e97b48631c717f5e84c20f65f8cbdadce4a9156cfe0038a9689ce75d063ea4438487433f041b3e1e4653064b901badcaf493dae065e76d5679b4773604bbb840ff3dba59d89dd5a6ce6661b7bb72fc538f9e82ffd0bdbe829ef54624eac6356faa7893688c743a117e9d8e2f33125e38284661556974bd0c75f678a3a03058ddcf422eba2469f5c67ae6904c143d0000"], 0x10f8}, 0x1, 0x0, 0x0, 0x1}, 0x40) setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000140)=0x7f, 0x4) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0xfffffffffffffde1}, 0x404c008) r3 = fcntl$dupfd(r1, 0x0, r1) sendmsg$inet6(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000bc0)='+', 0x1fc0}], 0x1}, 0x0) write(r3, &(0x7f0000000380)="071e9f7358ec922343d9786f7c2147c81e6890a8016fb53a5ffc4951d0a6a9f38dda8a9bae8f6f3750405ca0111cc8069cb8ebd8c8564cc6aff4e3631e4eb8ebf43b0e3a61bb5878257df934ab1c2df75a49f4d39cf7effe02c00c95f02860e708", 0x61) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_open_procfs(0x0, &(0x7f0000000280)='fd/4\x00') syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x100000, &(0x7f0000000440)=ANY=[]) umount2(&(0x7f0000000200)='./file0/../file0\x00', 0x0) unshare(0x48020200) 23:13:49 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x34, 0x0, 0x0) 23:13:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x4, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:13:49 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xbf, 0x0, 0x0) 23:13:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xb, 0x0, 0x0) 23:13:49 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc5, 0x0, 0x0) 23:13:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc, 0x0, 0x0) 23:13:49 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2f, 0x0, 0x0) [ 1826.674109] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1826.675870] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:49 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc6, 0x0, 0x0) [ 1826.691361] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1826.693010] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:13:49 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r2, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0x7, 0x2a, 0x0, 'queue1\x00', 0x8001}) close_range(r0, 0xffffffffffffffff, 0x0) 23:14:02 executing program 3: ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000340)=0x85) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0)}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x7, &(0x7f00000000c0)={0x0, 0x0}) utimes(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)={{0x77359400}, {r0, r1/1000+60000}}) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) clock_gettime(0x2, &(0x7f0000000000)) r3 = syz_open_dev$vcsn(&(0x7f0000000180), 0x8, 0x20a342) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x1, 0x0, r3, &(0x7f00000001c0)={0x2}, r2, 0x1, 0x0, 0x1}, 0xc0c8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r4) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, r5, 0x1, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}}, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x4008941a, &(0x7f0000000080)) r6 = fork() mmap$IORING_OFF_CQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x8, 0x1010, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x4000000}, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x4008941a, &(0x7f0000000380)=0x2) ptrace(0x10, r6) ptrace$getregset(0x4204, r6, 0x202, &(0x7f0000000140)={&(0x7f0000001280)=""/4096, 0x1000}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x2004, @fd, 0x7, 0xfff, 0x28a1, 0xc, 0x1, {0x2}}, 0x9e) 23:14:02 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xc0, 0x0, 0x0) 23:14:02 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0xd1, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4307, 0xa004, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000300), 0x5}, 0x0, 0x0, 0x524, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x1, 0xffffffffffffffff, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, {0x1, r0}}, 0x10001) r1 = perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000000c0)='comm\x00') r2 = getpgid(0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) r6 = dup2(r4, r5) lseek(r5, 0xffffffffffff8000, 0x2) perf_event_open(&(0x7f0000000140)={0x5, 0x80, 0x6, 0xf9, 0x3f, 0x8, 0x0, 0x4, 0x11000, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x200, 0x4, @perf_bp={&(0x7f0000000100), 0x6}, 0x18440, 0x1, 0xff, 0x0, 0x1000, 0xffffffc1, 0xa69, 0x0, 0x1, 0x0, 0xf8}, r2, 0xb, 0xffffffffffffffff, 0xb) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r7, 0x0, 0xffff) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r8, 0x6, 0x2, &(0x7f0000000080)=0x90, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e1d, 0x0, @empty}, 0x1c) sendmsg$nl_generic(r6, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="241400003d0008002abd7000fedbdf2508000000f3ee8f609306f0e604bbb79da95f89597111fcf5a6b1809dd9ffe2a4c73fb605ade8043fdd96a5d7c057cd8fb92040a250109b354974eeedf5c49ff2956fe58addb339577bd0223406c5122450c64102013eb1d1383c4bc77a1d9f205e2b754c0f0df7856380c50768f99855e663198ef532d30d56cdcdf3ccc06f8c8a8a8cbf6595a0677ccb670c008d8008009100765b000066130a8066ce4613045718dd52bdfe8a673c877bd82a2ebd466faa29d6fd53baf5304de91f230a4b75a09427d19cec5ac32e47044bdd57dffefed035babd06e44eb9a1ae4c4ffca03b2793c62645d637a0c38458b16e667da6e2dd719b0e9419b4d2b8b38b7ba275fb90f4b3465cda1109e4135e0d95b009b5f320e4da0062e6c7ccf3663abf6506bdcfe5ed750756625899a9fca45fe88257fb0d375ae1d5e40a17c7afe3782a71706db2fa79a3a0d8c2b5e6e860f65a0e60e0f976177cf38446f705244fbb15a659ebd4cd56008d41db99a23549698a04081e089fcbb8b5e68fb9649439f4e33b5e16c7771de871aab099a3db93abb03bd5c9d2a292e15540e409ebd4ec1713de3a637c365b044f22bc7863389e335216dd64c469cef5792a5fe2eb7c7ecda0e96f5509b8f326288e744038f262fdf190ff2d2ab2d020458d450dd1159713e713d73734a2f91fbe793f5a6347bc811af1a99a780106203fd3cb3391debad1cf416defc103f62f5c145ce4595f843080265d27589d517cfd69250e655295e8ae76cd15eea60a2e321167cd7cbe506372fd028121d530a61d9587d956fe30b36cfd06560f777e1b5874296a972302293133c6e3dd06a7daac3ae0dc1bdebca989f44ade20d49cc9267b6c73e9a4f50ef9509edd11e31724365f4ea3fbb4788455956920e63435b76dfaa94d83678db820eaaf5c3bd1e0265a26cedbf528fd18dff06338696c6c9af4800d77904adf4fe9fa81f6cacf300591ff13866aee4ef68e5a0fcbc65fb7e3d173602a51be75e77c7e3a93541f903d343aa45d95027f2a01461c44e006ea43f0c108d5192646cc693af208c766d27d9673409a7980a558e521f4d929005d0089379e3cab231a3aa889fd798030211cdae98c6f5ce92fd3dd6723de9b0c52ef92c586b69c0000000c003a00010000000000000088fb0722e7eb17e58624b191d1b2ed7aab4c2870c772350c0e4591d4788e0f5dcecc1fbadc7dc583767d5b849e85da59980c69e17b3f074da8a24c433cfa656e1f4396a985d199839c1d444d9911a6a52420f423f1233f4f6d07d2105295e04107549ce558e9ac447ab9d15a3d8ebc27af9ad9f84b5ea0e0dd2bd51b9800199a909608328f09ba07ac75eac92f5b98abc60cd177f1c8db5e5927e8d3372fb23cee700f6d3037956080422a252fb4f30256cffc6b5250814b1c8bf76b6cff0405d0ad50a55ee34e9ad21080d6c4adcdcabb234e11be7019b05f2cb1eb5c0c9da67b8d79ae5b4b239dc33f3f7d2ebd19ea383875aff366c6cafa28afbbb1d26a2db0d61dc4ff87e34416c70c9ac77373830667b5d9f2295907a78a1be1eee50fd2d30bd158f0edd05c65ab970ed2e2b31ec320620769534ada711d8789b7b0eda7d6575dcd547841886e7ed38f150aa18304a61deda7b6850581a27454c4182cff1a4e8a8c46f34c718334eab016fa708c7be731b7c314933639c498f12ed958e2a31c0ec29d406c9a307c08e7feaf244ff9df3a04e6078e0f9c1595d0fd641306a5705a55de7f80fb48098423a417550d62bd4c05952d4f7451e37a94919b4ee78263478cb532a06a459d82c13b9d049605e333bb93addadcf5e1db47367b909e3d1c4d9fcf3358962e9ac0050aec4ad1e01feb0eb0da7524e3df83208418000aac410e8fd539332f04ec317622845000a1f1709745a4dfc9650aa13de9c48dae61c11c6dfe7b60f74452ae351b966f0d4c533cf275cbd75dccc294c6e2af49d7fd5f2cb5f6fc19d0900d10e1b58afc7b08193cf308fe16088ee9057337647e297e0bc804d8bf9b0b2932344607b192d84c43be51ff7c005ab61509633e26573e599aa20e35889709b3944937770833f1ef0dfe8901a58d153d7dbf44e1631e43939088bfd57f8b2a2de1622fe2a40a37279a934b781ecfee021b19d6b885585d62ffa3a4ee4272c92e233db7234dc3fe825b5c92ea56127d961bb81ac15437952c0d15c2c54db48652dfaa0ba3ce2757ab0f933f67ab91b1be176df734bd660e05b3d5771a57daa8ac61df57854fbbfb589e75278a20adf296cf7b943eb1dae6e166eab68e49d1b0d3dadd172cc023f53e0a42b83cea9ac501973d98689b9c0c3fc383fc998210730f1f1bbcc713f93fc9c2b31fb8ac5226de3b7aec422dcf9b84cce6abe7849134e5bb2d31c643964413222c178466e31d9bae3fcfd865064d23db45f2441b5ebba20c617f6309263b1e01e764b00a484dda0001432dfc93100cd44f82e623e9b07d30755a840ccda23627470ea42585b126da3fc58f5223edcc30d12811d34493b666b98178ab8ec6156b917b30661a901efad357f143f99e02b7c9e5a431746611fcca535d519be7b0a870b6d5ccc7066471bee8a7d9bb423a120e8acb8af78ef5224995ba8dd9e0a3974f235f9cba213562937fc2caec3dbd943b7abd8f04e1ad297c55713393b62d17e27b55cc651f4fa20e36ad5b5ae4fa49f68c8a1d0a86d4b272b3bc4b7b202cc4dc830646c31e02e4594eecccff2bb5eb460420599dc2bd24df5ab5a83871d86e9074594946ada1e3378d290a95447a2fb99b24d0ba1f0f107a172ca5279b13068a8eca427a8a7099087b50f316361cd38ce3e0b8238440e251184bbce699834439cdac652fb2b456ef1165ae3e01e83ed8dae6f06844032656401f46672c510a5629676a6ee7a1ecef508b2c3fd8fd8d74c56d2073181a209f606d2ec1b9e3e41ae82937c1fc25e77b557e8b32fe17924d7aeefc675a52dd908dd7a9f5d519f39766e72d899a33e465bb5fe8b01698c6e51222e1f817b420b9a6fd58e6a5587ee9720fea9d1aa3727731dbc3123ec1d1e609d200dcf85ee7dd7095d8af79b74e9fe86b72c8db2f061fc6cd0d97a11af8aea9235a80d3013cf7dbe1ee7080e23bdf9da8c758c92b12d124ce4b339139b81d0c908f1ad7c3241fbd2bf919887ffa634e4d00d44ebce8f686bf96bcb74ca9e2b2c8b1675e97022411dab589aa8c55cf8e4a32dff9d0f3459032de02bfbbcf94451b576a656af020523d99146de288b654fbf3522314555d40ca0d04f343f52fa526938b0796fd9b44c52611f3036c525ab2675e4e6b1c64cd5d003fce8e3267010b12e73f2c9b41ff624b2d69255ea1f19f74ae8e3492a21fe0fb97c105ea1ca93a2cc14001ec66dd67eeaec6822a4215793d7217118778aae9f7f6e95c22648da48450af166ec6d48277abc3e73188bbd69907416a1ca0f579a3aeacdaeabad2aabd5c03baebb0b23b8204fd1722259b94950224d21362fda98ae685ed04a6d06129aff95d0d8e29519f46bd31ba3e7aeb224a48bc96b5b8bea831fb1d4449721390456a6e2a00652e2de9dd2b3a1b086ad4f9b76e04da429b8e76e8cb3fd4139e2ef59c269e15843d7e8d30d9f6de4a6998eb3bf7a470b1c1e9406d81dcaf7a2dfae91d156d5b22d4ccc1a7919125c7ddbf5096aafb7ebc4670e9833166c8d2ddf33aae31bd35b0894399c213c70014663ac59c961caca7ada04c15a7fe3987e108b8b2b48ad2c2664827e8cc5c138313a913622cf13df10aa7c6ac53f6efaf36ec558d38b0e8e5d9aab1dacd770a8dc46680769691c44460b575c25534ac76b83df4591efaaa789f6e78c7a07250a10034578fe71fa60f9aec989cc4fc35477d8dadb6448cb960568f303e03d677b6bafe44536bd43f6aed64de088e18c3107bc81ba8000a369d1430700d2a24640f402127e78566d8a98889aebcdf6731f6e95944799aaae378ea63e63f14de11f9e1ea6186d6dfbc2114cc9864f3fd159b7663b274bbf208befec1be8e2969d23639c3b6a16abe500eea85341f3e93b536a29249fb2200cb0c077950e25425ab5905bcf5f96900527acce1aeff2c03e85251004e337e1ed300a3a0f37029fd5b7951ef0cabf5aab977e8f9d32f7fc9f758493aba0766984498a47105a191451bbe65a43bc1a99c7d45e518793f0c357916a0aba5ad11d89126908d1f9a21f6264ceb66cc28ebc01a8a7336307eb2bc1b8bcec174587c4dfd0efd49b21bc60612ae84f0a4be3ebc37a3574c798d6068631c3a0aae5ac132a9c2e19827c53916d49aaa820985c5a000b041c2dd4bf7e4f70ecd9c24e2d23519142b8c86c5df0403c68cec7d178dfca88d02d0e8d344baae722291e4bf9464090ec15b89ca1f327801bec0ac6f0a709bc66730bddcd373dce6c67f2e25cb6a237f3cd4635f5a5a9c200a9b4ab8fffd42669a7d621c2228394a87fb581c987e858ff9591187f50b4e51ea3d3b46d8efd094eae30e744cd97788743b0c221951cc8d44a9a165c1a491d5189ad06502e4558a088df537075a18f8b29f526c7ede4d07897fdb8c060c49df5166483ccabd7f3ec7dca2c6985a7e0854a41880b3bd8280d39b1ffcdac5402f35e224a149ba3f07b5c4f60511b6b6489bda7edd6f26a1104e092746056bf62882ba8145ec85760977565a7dfae68d8cd89edb278070199f1fba8a7dbd4886f742252b0c027945b400c4294ac1154c815339a3c2a3475dfe1d330eecaabc70687066e45093d3cef6739f6318e2e243f3c9d969ac7a410eb0f7d83de70037831c07ee66b38ba413ac08ea9042c78c5086794f15e562e3752dca81bd76fa33211b35e9812ffb55a09a5b91be04850ba6c4b49db1f638e0adcf56a87138dd1f0fb14c2add76e0695fb71378c9e0f977db33686195f365cef15d03596f4a5cb3b31eb4a798bb6dd05919e8387e088fee5e9be09f99c65a9dbe23dfba4cccc3f4d4d0f7614f0e2a6d356b7aa6ca9ec6d21e8969f0e98b3a8e52e379ba65874b2c751bedd69b2879ec6b8729c748337c7e8196d42868931d7dac069696f17b74203279f2a4c7c7e89bfb8cd54f383c3ad8d355b9b67ea859ff8743fdb3dff051d4c3d071f7f8e17fdbeab54b96c06f550dd8ab731fc1a6823d96b08e9b659d2fb77ced75d25f2e4d7af15072d42334ccf74550b82bd038e9a5b83f398faf7046ca52dc72f666a2e10b7078fdb2550231a8a544ac19a81693046461f5e55bdd37fe0c6585600cbc27d4a715ff138445abb905d6307b4fa8e004e89b8b77d8233a9597e6cfb21a95f1a8348cdb6575917295fd3b190dc4313af25f5272f9c07413de4049d81be671b52b32a806ed2e99a63b7d480c0383685ff7fa7a141b0c8c4357a836243a55ec6f90185b706ff16de2632527ba3f431a07c7f4f50704534e40c55dd2fc1c6433519dbc73e3395d8ad6f229861d0b257a856b1bce27f44b13027a070837de58c86399073c08f3b8f1a6071d5fabf0d4670721ec38be72ddc5da4b355a65f564ad2cf9470e06e9185f83bc43548b51fae09e6619100afd52e07c52ef8776e437d3b12e59b90462d97185934ba51516b90ae93f098dab0c9fffbea21116ab916a3cea62fbd70158fd3ec07af1d63eee0d87fd76849eed3dfb857c2ed50cc4962fdb4df4b1f1851bb99fb08a1c1035e4977d7866d5ff0d99dc6fc594b133259a3cc087da8dbbe431fe467fb9a2f5e78a121f5163fa885078260cb8b6edc973e97964d2beae0ef2defb05031e8b1098b92dbbba61ed1cb4e0b94e209681d9cf53fbb1ea60e0dc2e850ce33d9e603e7296e2bfd00fc19b2d3006217eaac220e86c1950e7bad69574f29211e6200471f83c699256b67d81f66e7b031e1c220a3647184e5473a915ff06a659435be10982ce88f8658c80b53536f95218e27b99f2ee5f43398db950a8a83ef48c91d23871566ce4532a454864bd9d0df738e5d4f455236c7cf40d964d85356c37ec7a8012897266f52cf53c6867a99e1d5b01eec6f7731071c77dc17f8d3795ce18800633ea80358c006a02678f079b867988e8dfd2b1639b0e186ad95d4dceb1cfc5eb3b82a13f0e35448c1f2756f4467af3f978fa9bd5bdd1c5bd8c1d45c2925a68bb5a3985cb01369b9b045ac3b24e1f63efedc9822a722ce41ed19ae6948436a44ab353d5eef91fc17de83959580798ea02b7c8895cc9ac5d07f2ce236bd57847e234ebb1817ed6698f5728ab4e0ed9236e11eef1e8db5d674344dc4a7a611f154868b0195355e61ea12ede26e601d920e74be31702833b7fa93c53411ecd9d4d96681ae3ab573c07c159df8797bcf02ada757a4a25d5fa3162a80fae7175fe59d10cb2c70031563f43f1b37a9a1a63e5c18e91f4b8a37ebcc11afed1f4c5f1ee1a6c49f5716e688047dabf374d59a61193b6a87ca5c0a670b991758adf51625ab1298084efb70b9b32c0c33ddb9e7dceb035625e16637b43f077976537975a3a009bca51b3749edf4e1aacdf553f6ab2c0b7ab393f5b30c78638eefa625f9a37c09551f73522540c1031069784d43579d96473cfc36c7759fce58b0841b06882624ac565b89dd0a837f5f127c9ad8682f4f49ff0e2d909c93a108ac6ceaa37fcf3e81c142f462b4c80f6249635263693857fdfa17408a5d2e9e28379141e2402e541c924bf5a6fb458242cdd0c76bd3e5c0c325101f02a12a6a85c6ce8c529f416546dde56c6c0c97202e70cb96d5975b2214d7482021d453be69f3312d817462e1e6f8b47d186f956b4095e152e52ab3ec21588eafe003bb9b9302c1ba084ec5af773458a9cf98b44ade799f65b4670f1ffaeb6f126a3851b444a35a3d1ca720b189d0bfc33bf7c32b76e0a75a95ed8fc802901e7828d1fe582052c14e140d4b42746b3d5c50c005000fcffffffffffffffa7d7930a7905f88cc9c309e66b5274df27defe812e40ef670a284af83963912e76f2cbe3211df84f63a331f86cb827d90df141d71b1ac58303a8b47ccf963449fa852f46f7106db839f97ca190d4a0aa0dd6ddcb81fed810ed9095d3b6968d0fde5e8b4c26cdb434dd9f0fc94d81b7964d55c32390375b30b758b8e5d611dab3015f0e537817e000735a84dc3e2c87cab735951396f06b72b0aa146fd490becfed096c6a5a6c98a29c1fa6ee2b162e337b52f19a0000140016800f0087008a8947aa5ebdc1694ab4ab00"/5146], 0x1424}}, 0x0) 23:14:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x5, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:14:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x35, 0x0, 0x0) 23:14:02 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 1839.980700] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1839.982472] netlink: 'syz-executor.4': attribute type 15 has an invalid length. sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd, 0x0, 0x0) 23:14:02 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x30, 0x0, 0x0) 23:14:02 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc7, 0x0, 0x0) 23:14:02 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc8, 0x0, 0x0) [ 1840.028605] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1840.029709] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:14:02 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe, 0x0, 0x0) 23:14:02 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x31, 0x0, 0x0) 23:14:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x36, 0x0, 0x0) 23:14:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="adefbd0762fb456b788bdfb16fcaecfb2c01369f000000007c5f90d454dbe1c50000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf25060000000c009900030000004e0000000a00180003030303030300000a00e80008021100000000001c00e7005ac1591cee71cd489eeeb1d39a75dab7ac43ffaeca97b75c0a00e800ffffffffffff00001c00e70082b8cbc7d74ac4084fcb4dbf1e8ab6e6992ccd4cfbea0c251c00e700e7d39782f0855d6b58b948cd707857ebaa0acc2e8bd8156a0a00e80008021100000100002c001780040001000400010004000200040001000400050004000500040001000400010004000500040002000a00e80008021100000100000a00e800ffffffffffff00000a001800030303030303000005005300000000001c00e700022f91368ecb6d093c70b9149a2126711530ebc049c2f8210a00e80008021100000000000800050009000000"], 0x12c}, 0x1, 0x0, 0x0, 0x40800}, 0x0) r3 = open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x1101) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000240)={0x8, &(0x7f0000000200)=[{0x4, 0xb2, 0xf3}, {0xf940, 0x5, 0xe3, 0x6308}, {0x1, 0xc4, 0x1f, 0x4}, {0x1, 0xff, 0x24, 0xa2f}, {0x8c, 0x7f, 0x15, 0x4}, {0x200, 0x7, 0x8a}, {0x7fff, 0x7, 0x13, 0x42d}, {0x4000, 0x9, 0xff, 0x100}]}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000b9823265192d1e956dbe84ac000000", @ANYRES32=r4, @ANYBLOB="0400280004006e80"], 0x24}}, 0x0) 23:14:02 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xc1, 0x0, 0x0) 23:14:02 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xc9, 0x0, 0x0) 23:14:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x6, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:14:02 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xc2, 0x0, 0x0) [ 1840.187983] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1840.189729] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:14:02 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x32, 0x0, 0x0) 23:14:02 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xca, 0x0, 0x0) 23:14:02 executing program 5: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a", 0x2}], 0x1}, 0x0, 0x4008000}, 0x0) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) open(&(0x7f0000000880)='./file0\x00', 0x40c0, 0x10) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r4, r5) recvmsg(r4, &(0x7f0000000280)={&(0x7f0000000040)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000340)=""/153, 0x99}, {&(0x7f00000000c0)=""/57, 0x39}, {&(0x7f0000000500)=""/165, 0xa5}, {&(0x7f0000000400)=""/77, 0x4d}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/156, 0x9c}, {&(0x7f0000000680)=""/73, 0x49}], 0x7, &(0x7f0000000780)=""/187, 0xbb}, 0x6060) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 23:14:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x37, 0x0, 0x0) [ 1840.219044] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1840.220735] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:14:14 executing program 3: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x1418c3) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000500)={0x0, 0xe00, 0x1, 'queue0\x00', 0xb8}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001700)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @multicast1}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x68}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x14, 0x2, 0x1, 0x101}, 0x14}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r1) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="fd89646e6f2d27900d52225683", @ANYBLOB="a2d891b0aab0672cc68a796be9fe269e22625d5a1acef65f9ed9ef575c99517ff901c8e9ce3c0fb104e18bd510e5fad60db9790642b9c744199c5de691e46a202cab2d26166b8656cae6162ad199b4ae57b29509b487aebf387b8dc372032d928b5c3573a3d06bd84cc3b46c037f4503c6d02653df1e48250d4fd63e3b31284d23269c6d480bb510ed590c0cd4db68e42ca229dd9ad388c5f1904d919185ad628c5f7f8fd2f2799c2489cfd49736f145089974d1526ab44a118ed155d9fc3a387bedf619c9f9dd9a04669ff11f82ff9d5b3bc1f46470ec4aa772e218313c3db6766b84a3406d4af3f961c41cbacfbb2e8af85ff5efa024e3f4871f8a9b996142d899c233ee64bef604f0a69fc4894f44cf4052e15ba3f921a68bf20854731a6dee75ffc07c66b0c4861dc805d68c30f12f09896abb39a303dd914ba04a26d71df52e1708fbf1936d68bb45d745a4a0f9a0298bdb642e7bf8df45e383ca7776fe1fe7048f121a7baaaba1815686c8dd66456c50675be0dd64a4868f537982489447df30f9477f14eb974cfa0c6392b859ebafd474c4c59534ff83990b1d7d8dc0a858c347cd4c163a3a8fa8a7969252d03f0b263f815b6ab927362d4ec2152f270c2027226db1a4338af2af9f88a0722d594682aeaeca2d703cea62d89a7441f90b90cd843adb0efe22ee1f97df11bb493da0fa1c55314e585da5d156df25a89b795bb9ccf93263f6e8218d634200782b6665d762a87f2660f15b2750cde379c117d3f483d692138a1463e6cef910a2de0bd78d43763f5c351fab8259b93d5686bb7045855b2625055c4f0a21415d154ab99e44c0812d3fb5560905450158b122e34c72f9d1feb0483df14943bf7d028d970eb0564d269e5d10a59bd14b9ec4e1a7aedfd30d759253477756410fd571e10dd1cd0f4801c6482a854b321a0c7972300a22be43cc302cf66ada5c899b6e12d7ef919c02e71c7ad8dfc850a9de0c78bbb7cbd0c59864013eb15f866653578916af5a1366c7fcac233a", @ANYRESHEX, @ANYBLOB="2c636169742d5f2a1816b2d3b064755b6368653d6d6d61702c63616368653d6c6f6f73652c000000000000ffff6163f3003d6d6d61702c667363006e7465e15ddcbc7973613d212c6f626a5f747970653d63616368653d6c6f6f73652c0000000000000000000000000000f879df265ed06f0a4b3a358e5862e6a4efdc637ab37de1ffc452d6149a3f4ed418587bd927a1f6bfa57e87c1cb78e6a89aad9baab9474f90a5834a6219436e4134eea2f8c53373379eba32f37833c28c2a67af53f772053d5f0ec353a8506519eaabac2dd10519"]) execveat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', &(0x7f0000000340)=[&(0x7f0000000080)='t\x82ans=?d,', &(0x7f00000000c0), &(0x7f0000000200)='fs\xc11\x1aiext\x84\xba}\xbf\x95\xd6\x10\x04\x00\x00\x01c(tc\xa7\xd6:\xfe\x88\xfe\x96i/', &(0x7f0000000180)='cache=mmap'], &(0x7f0000000740)=[&(0x7f0000000280)='h\x00W;\x7f\x91-\xff\x06\x9c\x02\xdc~\xe9\x16\x04\xe6\x84dz\xc3\xab\x9a\x98\xfa\x7f\xdc\x16\xd1wdz\x98 \xc9>\x7f \x02\xda{\xfa}$a\x89\x87\x04\xcc\xe6H8\x0e\xcfk\x13\xea\xc5\xe7)\x04Er\x12\xab\xb2\x1b\xa6vT\xf9D5S\xeakI\xdd\xd4{\xcb%lB\xfe\tE\xc5]&\x03\xf2\\\x9f\xee\x1bUd\xd8HD\rg\xe9\xcb', &(0x7f0000000700)='trans=fd,'], 0x400) r3 = syz_open_procfs(0x0, &(0x7f00000005c0)='fdinfo/3\x00') ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, &(0x7f0000000600)={0xc9e, 0x0, 0x0, 0xffffff01, 0x2, [{0xfffffffffffffff8, 0x0, 0x1, '\x00', 0x2000}, {0x2, 0xfcc, 0x2, '\x00', 0x1304}]}) pread64(0xffffffffffffffff, &(0x7f0000004d40)=""/102400, 0x19000, 0xffc0000000000000) r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000004, 0x11, r3, 0x10000000) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f00000003c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000040)) syz_io_uring_submit(0x0, r4, &(0x7f0000000140)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0xa, &(0x7f00000001c0)={0x77359400}}, 0x7fff) 23:14:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xf, 0x0, 0x0) 23:14:14 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xc3, 0x0, 0x0) 23:14:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x38, 0x0, 0x0) 23:14:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x7, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:14:14 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xcb, 0x0, 0x0) 23:14:14 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x33, 0x0, 0x0) 23:14:14 executing program 5: r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x44002, 0x10) getdents(r0, &(0x7f00000000c0)=""/133, 0x85) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x2000, 0x1) faccessat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x0) statx(r0, &(0x7f00000008c0)='./file0\x00', 0x6000, 0x1, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000a00)={0x0, 0x0}, &(0x7f0000000a40)=0xc) stat(&(0x7f00000001c0)='.\x00', &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r3, 0x0) stat(&(0x7f0000000440)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000340)={{0x1, 0x0, 0x0, 0xee00, r4, 0x41, 0xfe00}, 0x8, 0xffffffffffffff3a, 0x0, 0x0, 0x0, 0x0, 0x3}) stat(&(0x7f0000000440)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000340)={{0x1, 0x0, 0x0, 0xee00, r5, 0x41, 0xfe00}, 0x8, 0xffffffffffffff3a, 0x0, 0x0, 0x0, 0x0, 0x3}) stat(&(0x7f0000000440)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000340)={{0x1, 0x0, 0x0, 0xee00, r6, 0x41, 0xfe00}, 0x8, 0xffffffffffffff3a, 0x0, 0x0, 0x0, 0x0, 0x3}) stat(&(0x7f0000000440)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000340)={{0x1, 0x0, 0x0, 0xee00, r7, 0x41, 0xfe00}, 0x8, 0xffffffffffffff3a, 0x0, 0x0, 0x0, 0x0, 0x3}) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000a80)={{}, {}, [{0x2, 0x2, 0xee01}, {0x2, 0x4, r1}, {0x2, 0x3, r2}, {0x2, 0x0, 0xee01}, {0x2, 0x3, r3}], {0x4, 0x3}, [{0x8, 0x1, r4}, {0x8, 0x4, r5}, {0x8, 0x7, 0xee01}, {0x8, 0x2, r6}, {0x8, 0x3, r7}], {0x10, 0x4}, {0x20, 0x2}}, 0x74, 0x1) [ 1852.061315] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1852.063120] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1852.064986] audit: type=1400 audit(1745018054.486:98): avc: denied { map } for pid=10170 comm="syz-executor.3" path="/proc/10170/fdinfo/3" dev="proc" ino=35524 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file permissive=1 [ 1852.070771] audit: type=1400 audit(1745018054.486:99): avc: denied { execute } for pid=10170 comm="syz-executor.3" path="/proc/10170/fdinfo/3" dev="proc" ino=35524 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file permissive=1 [ 1852.098690] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1852.099653] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:14:14 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x34, 0x0, 0x0) 23:14:14 executing program 5: syz_mount_image$vfat(0x0, &(0x7f0000000600)='./file0\x00', 0x0, 0x2, &(0x7f0000001880)=[{&(0x7f0000000680), 0x0, 0xb67}, {0x0, 0x0, 0xffffffffffffff06}], 0x1400d2, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r0, r1) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r2, r3) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x52, 0x0, 0xffffff00, 0xbf, 0x100}) openat(r0, &(0x7f0000000000)='./file0\x00', 0x74002, 0xd5) [ 1852.129859] loop5: detected capacity change from 0 to 8388096 23:14:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x10, 0x0, 0x0) 23:14:14 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xc4, 0x0, 0x0) 23:14:14 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x35, 0x0, 0x0) 23:14:14 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) r2 = fsmount(r1, 0x0, 0x74) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000000c0)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f0000000340)={0x8, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}], 0x5, "b53acec1810ff0"}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000001e00)={r4, 0x0, "a16a6067940f867f919fdb9aca083dd719a016945a2163ff8809a8f24a53eae3129630cb6df87d2a7760b3765aa24ed38f36ca258a73f1a24e26b6318cc9924bfa1c36e4fa9da2704da111edce5fc8168ddac3338bf7415d57329711e7cc4e73ff11c86aa792188391c3ed29de421356f0603d746183b596d3b4ed3d9dcbd762cb7972dbbe986f9de0c5c12c358060f231dc199f18661e73fbb9e4c4ddffb0081f234913945e332e412f4a0664ac298cef9af6f2ce0deb503ecc38bc600c74eee1e409352d4451c314160ea6eae6c64e2d83aa5dc1decf0883705b68855112ec5d9f319902ed6cf00a94bf32564b3cb3c622573dbb23c8c6ae7d75d0ad8a77a6", "96409917853f2fe629426766ce0e39b56d6d32eae97dad4fe251de78f69240ab641cfcb39922adbc4056ae1ccb6845712a294570bca89738cd4ded142e05c3ed360a387bd1d02e8d111c29287a0cb3689690ea18609e88f8e3629569bc51e681b4c365097921e13338b8d53e1e629b6e77406a753f5d72bd06238cb2a3c1ba335f51ea86c4e7a8d2d2c5e44649e0a55434ebf6da78f98bd51b99e1fb64f4f288780952c13ca18f2aba6032f710cdd5aaee3f0aac7615a58c98cfefe0fe5a44e293683712ae14062c289c58ab146440e108adde89f804f9663b92747fbd2709e399b13167062720bd21887dd518e11c1557287d28c7c49ccdbf4783a1d7b8eabdb810f517869f695de513c94a298f1dd6c8e8f4de28270b520d7cf875be259ee56cc09a65da3bbee6fe2ee13caca71faf37ead8d322f6211a798cf4076def4df18fe724a1d909efa392c43da34ffdc645fd26b19864ec562f2b87dd26cae46d1afda6166aa9ff7a23c3eca06d825c687adcd626659182c9d47e8ca2b850b59367dc70be94ec9f10e918a9726042d98bdfbed2428dd4eb9dda5e9c582f4065178a4ed18e66271a0b78a47a62f7883fb725136f4ab0196e38a11187afa6f72195405181578e3d3902ce6bdbe346d15e97b843171dcde5630244c9f374ba768ed61ca0a01c7c6abec6269bbcf367b19a41a8fb00d0a562bf0ce59a213985f53c2b30aab65bab6af70fa3316b700f9172aedc8cc6fc465652d826bdf187b72c0d9853040d39b8f23f36b13df34247a241d0fca74a90a2e84a97266c5040cd994bd9b8b22456c8ddb7b65470c4c8a7cd90468aadb3afea50577fbf501d3ce4319eed5d85963d37d893d27f7292eeac340399da882f91ffe8574f5c74a26496ffc308cc97d989c0873f3f0a2a2ca96e209626bd9021e17a3d84d8dd3605bda06606c7c2e9f64e135d0378aff687c4d23cf3cead1b39eaef04b012eedb39e41e496fc06ce97978c4d2faa27159e7c5ce09938f0c81bbf697ebb0f608f2f78e86078b91f7092e9de2b58d35d50aae3abd9a1ce20a08967a9575f694e1bf7db7585ca322b9b24ec20c46f2eac746cd194952cae61a6fb562d2c00f83a773214c6e6ad5544245c3d8ab5b5c7e00c2169c9c1b6defa100e39732bceba57244b273006eac256aaed9b297ca0907b8aee92559afb66131e02f4d1d8c7a84759bf466a060b84eff9ba3cb3589b9b464d21a6765734e75b6457a74665fe3e5e0fc6a08acd1d3e9059b23956b3ba63e4e8a56de103d1e723fb76facacb6a959b8961f34165d6d88b6a5b4c3ba842c276ba274a80d9d2d4bc4e89b8fb200b432a337d4ae8eb7a90ecb5331a393ef7fd3d6da7ba6667bb2e99d4210df0a479bcf20fefb9f15839cfa6c7c3f50e337fc990eb16458d060936b4fc94bbb72ce5268947162dd7a23b1a631dc96fca2af806e385c2174409714c93628fdffdb7b7f93fc4ef573106ae70a389bc743a00bc2deee8356671dcd028d98596391be0e5ea148f436d0122af2898f411d5f01f08211412e3819249baf55216a7e7f1557d6efa2dae76e1a95dae70ce73cdbb8149b1eb6e10c03f7130e95dac697e9218862e072565ad194730ca17ac37e3267a5969523d33fb1abeea1cf90502bc57db5d3ccaa9ecb23785c16d725640d378a646cfdca7d5fc702a7a4f8356a549f131104ec7888de58d9ab8a8ad15b26d36745d334a4362580e291518497fbe4318bea3edc48783f11a62a837f8076cbd0674a86a5fa4da76ac0abaa5a8b8d5dba8e670fdad0146f04bed727555546175f197546015e1c35351a6ef15fc16ac6860152c26f4a724040beaf5880b2b0a1c1d2d61df1ede313c37ca3faf48cf4915e2f5002cbd0e611dc6ea95ff997c6f646464c4433abf62ef46b2f0dfc9126bcb2d5f78563d1bee59075c8bd6907702c8bc508419d356ff331c0e57bf456c1490e9cc8984391d72d7b6ecd6850da9e9e42457e0662a388f3f6ed0162ada25d5bb0ee534b08dad5463f2057140c7e6a03c29087bd8b7b93c424d22ebe47b854b12bc404e8e299bee40027baf5a393d8358a29cdc668be92f043cc282141cf4bcf8c324b2bb3300f3ed152b67b5720ba90506d32298d679e564f4fc49cc236ef23788710a33f3c1981bec82e3460ff4050183fbb8f7a7d44bd7ca2eb22ec3df1d6c960cda8ea3833cac4ecc47dbcb3f30d5a758126984ac619a7bb7098f6c2c38fac086da53eefe9832947199e6670cb4574962cea117d353ee23d0115afc2e382691499b4d8a40dd4a9171dd53ed928225f615666bdbff23326288991f49104700707459b3eeb2ae3049ba8f0b48f1e05ea1a5fa686c7e73e4b48705b00aa3d305d50a31f4f57d9590620df8af2efc0bd5ca171658c3612ee6bdad0ac3576fde9181a667660666301dfbaad16ca2ef4306a4060239ec3a5c2dc133650d0692bc257128bad38bf186384b6d8ca9b054d7e3632c8e04e866fc1e9c0f4860ca74b800e0640ffd32c32c2cfac659bc1274427aedcf40e6ebc9ce184656c2669cb54df632943a707035b9c97282c75f44764c43d0f33024d215db4ad563d4815b898259945b35d6e1089d7bfd13ff0196d8e94f6f68f139f8b975343d5f17329f4ce86d3dca507ba26ec39fdba64576af6da439bdf5b9a13f5da43ef18087c97a8a0ae24b224c5b0300032f1d5800a44a432c642de24368922ffee60a7969c7ca8217d353a1d2a776dd9c4adf5a869f2c7a08376a995d6ca4685cec5352edc1c18ab72925426d4364a1ca364339839b3a6a388af205b03acd05994c2c435a16c8c7803cc32d8a3b476f12030a97c872a6e086d08d519ee50c1b20e518619856df960fe6d897dd0ba24cdafe240d4000476ab0e1095c4cc7a66f05794fe6aac5316d970ebb2c5d6a72ca09c093f5b10ba4101df0830efac6699f49f68c0496e454016f1f7893be6335d5f2f0663d19469cf49e892cc6e41c40c67d827836e02260890071b079ace50b90d551b710952736a44e6c58f6b2084fee369dbe9dd50955bcca4a3698746d347c09e2fb395c5308ab6fa23a5d8bc0f7749a7ee626e77cd0834decfb083632672a528357946fc0d48ed951362252fa7acacbb01ae0a572cd54a0a980f5d6e7ad81b2fe5e20b6cb5443b0bd4e8bae494297d42cbeec58dcbb816ab8ff4bc99efd6b35e2f6bb5ea318a92631e2bd95f6a9bb43c69a1047d31689f65beabf469452a1ab92f30110b742db6bca0deee0907cd12388ab3ec09770160c428770c2432dd68cf11421435db484743b04bd5649a4def7cb03f8f2b7ae50458f294de286b7efd7956418ae57392be4d23c06a896ca21f48effbe9dd3cb45057efd2cb416df7ce36848c1f30296b2f3ee30f15088bec9a91bb8898721dc849a81009367224e09b7a91085ed198f9200ab3d66cd56731fb6df56dfcaa7dc8b0503fd70247cd994f09792d5287e45c9c2ad55fc323eebdc6e9fd27ed6ff1dccec171b869df5594e6a9766606754e0618e5e9f3aa7163541b0a47ed5fa21555f35fbdf9ae6b15955b6f174cf80a32fd7f5889b42a45bcefc51305c50831925208c89d3b5550cd435f6132110af744d2ec150f5382bfafcbf8dfee5d0c2d2320a04811c6b325532370776c23eca0af1a8a0fe4847bb8f48c712b9447e380c2544c137688ef8ada8b6e20262cc7b99a82520c2d0b822fe91e8d4eff6fc6f8ded3912bd7a09025ad3a520189c3fbee54e8c361edb39e45a85e4e6334ef39734602db1bf1a9e6bd352b88a4d1169853b41ea752d900b59d0c1980043adb76a311aeea1793eebc9f33c66001d1c602657ac6b1421cad18c7533472768de72f798f7463b7316f2d13dcfb13e25b067961da35c29450ddd9eedd39fdc19253b79bd11aaabc4f71397eb823f34bbedcb28f2dcc4f160596b5bee35f3c4ad186c3c61266dc4f090c1751b86117fa8d4bc2167a80e71b2ac36bfdfd79ff60103d6936cc8fdc84256dc1fd98cbfaddc2f9cac2725e2b7531cbab474ed1653c6532b0b758c6c51904a11e6a8fa7eaa1964931150b54b76a3e4fe85a258fc8d7c12baaf82239e810b82275c85904d7bc7f107a3a26948f310ac5a998f2c073ddb475cd72f0b5acecd8fad7d123112d60a5482415bb8d458b67c70d800b24a839e360421238b87799e7b728211b0992d645c5c0e936d0fc0dd7fd782942520f50fdbba43f1acb1ea015e7ee86be226af702ac1758e4bfb347c74777b8ff778dce6af479972923ded39d874ffece78b38ecaf1244f94f1245d92bb47a0b0b391e8b9ba873058dd1c8fee08dd82573268b677240da722ae90b1aecc2f060e7e4b15217abbb3f2494159d493a2c091e32275c716b2b83de574c577d0de2451b4d541cb219cdf1865bee86edf37c1ddaa417d885e3ce2b5d81f4fce2fe7da5a54bbf0679f7bc367131c55a694a0b59e85f0fae9cc22efcb0e4ff7643ae2259352e4c61a8c3e9e5bc6dca0f8bdeafdbb6338e000a1167d8d7ac5907153b3cb5e953cc2a789c9e66908a1bb145651e70b7945cf66ab1add958bc5a5a569e71240a85892460bbd9ebcc7fbd3ad6822266494539814f8a9f927de2c0b54b42d97e40c869fe63c1f5e5bc0dba5f0ad05ade4881b5ee503472db5d176b8d353245b174e7dee69419535fd7f09b84c4f5a7a6711b562afbb2002f70a20393c07cf30b6caa8f59da79d9d1c8666c221dce00c022160a61b9bdb95e9b4dd9236ad817ff98ea5b5c97eb184d2e7a2c437b14f974845ff941e7eb1c9ab687cc37e249d1a201af412034c244e499227285ce6809f3c714f483c2ab5f5434f2f461812929d2e9de601375302ee7ea792756425377af08d30a6c0e44eb1fc863c0e6ca40539cf209f9d12b1596f435394c9328fbe42734837d30bd99fd53b2173e00bfdb07777d35106fa10a33c177e9c7dc71a3141161765d8a3c146e3334cf90699570015e7d771080de16b9aaed3ca05052b8551a8126c2ce70b51dbeba04c426cfd2e10d28dc2ffbf28157fe62d6b5d70fc744065a925c2b4292acc05fa8ce1b6c4799ccc7661b31d54fa3acd15ab35212b8e8e5321c1aba2b500825dcfcd2e0a9995df8390f0ca9a943205b9c8887b1a86ab50f8ad1d6fa7edcd4676f745347f7e52ff4bd92db84ea6af0aa7c8f76bcc5ca6f54c88d06c3611f347fdda44d6f48cec8e1d878670c2f7dea73e85a803dabbd224815113ad17ea0b40d4f26d0a45434a892ec6cefcc85cc46617bb6fabeda465e2e3109e28fc4e940f4763a262f8196a18972e389e72869d06e958771a75abb24efc67ce3ad21cff6f4a667500b8aa40c593fade8064e15fa1aa10edf1c48454bc781fb772aa235ff91473643c59b8f7e3e7e4d514b5b1f2bbe48d"}) lseek(r2, 0xffffffffffffffff, 0x1) r5 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) sendmmsg$inet(r5, &(0x7f0000000300)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0}, 0xe00}], 0x40001a9, 0x0) [ 1852.156899] loop5: detected capacity change from 0 to 8388096 23:14:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x39, 0x0, 0x0) [ 1866.015818] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1866.017668] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1866.022139] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1866.023842] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:14:28 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4000000000000}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x3, 0x80, 0x70, 0x0, 0x20, 0x0, 0x0, 0x101, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10602, 0x0, 0x3, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40086607, &(0x7f0000000080)) r2 = syz_io_uring_setup(0x8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3, 0x2c5}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000240), &(0x7f0000000000)) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x800448d2, &(0x7f0000000080)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_POLL_REMOVE={0x7, 0x5, 0x0, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff}) fcntl$dupfd(r2, 0x406, r4) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) io_uring_enter(r5, 0x64ba, 0xe03f, 0x1, &(0x7f00000002c0)={[0x80]}, 0x8) syncfs(r3) getdents(0xffffffffffffffff, &(0x7f0000000380)=""/233, 0xe9) ioctl$AUTOFS_IOC_FAIL(r0, 0x9361, 0x8) 23:14:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x8, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:14:28 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3a, 0x0, 0x0) 23:14:28 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x36, 0x0, 0x0) 23:14:28 executing program 5: r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5f000, 0xe, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000be000000000000be000000000000000000000000000000000000000000000000000000000000000001000001010000010008080018000000000000181400000000000000000000160000000022001c0000000000001c00080000000008007809140b2a3a08020000010000010100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202073797a6b616c6c65722020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202047454e49534f494d4147452049534f20393636302f4846532046494c4553595354454d2043524541544f5220284329203139393320452e594f554e4744414c452028432920313939372d32303036204a2e50454152534f4e2f4a2e534348494c4c494e472028432920323030362d32303037204344524b4954205445414d202066696c6533202020202020202020202020202020202020202020202020202020202020202066696c6531202020202020202020202020202020202020202020202020202020202020202066696c6532202020202020202020202020202020202020202020202020202020202020202032303230303932303131343235383030083230323030393230313134323538303008303030303030303030303030303030300032303230303932303131343235383030080100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000"/1408, 0x580, 0x8000}, {&(0x7f0000010600)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d002000200020002000200020002000200020002000200000000000000000be000000000000be252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e0000000000001e00080000000008007809140b2a3a08020000010000010100002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000730079007a006b0061006c006c006500720020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000470045004e00490053004f0049004d004100470045002000490053004f00200039003600360030005f004800460053002000460049004c004500530059005300540045004d002000430052004500410054004f005200200028004300290020003100390039003300200045002e0059004f0055004e004700440041004c004500660069006c0065003300200020002000200020002000200020002000200020002000200000660069006c0065003100200020002000200020002000200020002000200020002000200000660069006c0065003200200020002000200020002000200020002000200020002000200032303230303932303131343235383030083230323030393230313134323538303008303030303030303030303030303030300032303230303932303131343235383030080100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000"/1408, 0x580, 0x8800}, {&(0x7f0000010c00)="ff43443030310100"/32, 0x20, 0x9000}, {&(0x7f0000010d00)="01001c0000000100000005001d000000010046494c4530000000000000000000", 0x20, 0xa000}, {&(0x7f0000010e00)="01000000001c0001000005000000001d000146494c4530000000000000000000", 0x20, 0xb000}, {&(0x7f0000010f00)="01001e000000010000000a001f000000010000660069006c0065003000000000", 0x20, 0xc000}, {&(0x7f0000011000)="01000000001e000100000a000000001f000100660069006c0065003000000000", 0x20, 0xd000}, {&(0x7f0000011100)="22001c0000000000001c00080000000008007809140b2a3a0802000001000001010022001c0000000000001c00080000000008007809140b2a3a080200000100000101012c00200000000000002064000000000000647809140b2a3a08000000010000010a46494c452e434f4c3b310026001d0000000000001d00080000000008007809140b2a3a08020000010000010546494c45302a0021000000000000210a0000000000000a7809140b2a3a08000000010000010846494c45312e3b31002a00220000000000002228230000000023287809140b2a3a08000000010000010846494c45322e3b31002a00220000000000002228230000000023287809140b2a3a08000000010000010846494c45332e3b3100"/288, 0x120, 0xe000}, {&(0x7f0000011300)="22001d0000000000001d00080000000008007809140b2a3a0802000001000001010022001c0000000000001c00080000000008007809140b2a3a080200000100000101012a0027000000000000271a0400000000041a7809140b2a3a08000000010000010846494c45302e3b3100"/128, 0x80, 0xe800}, {&(0x7f0000011400)="22001e0000000000001e00080000000008007809140b2a3a0802000001000001010022001e0000000000001e00080000000008007809140b2a3a080200000100000101013400200000000000002064000000000000647809140b2a3a08000000010000011200660069006c0065002e0063006f006c0064002c001f0000000000001f00080000000008007809140b2a3a08020000010000010a00660069006c00650030002c0021000000000000210a0000000000000a7809140b2a3a08000000010000010a00660069006c00650031002c00220000000000002228230000000023287809140b2a3a08000000010000010a00660069006c00650032002c00220000000000002228230000000023287809140b2a3a08000000010000010a00660069006c0065003300"/320, 0x140, 0xf000}, {&(0x7f0000011600)="22001f0000000000001f00080000000008007809140b2a3a0802000001000001010022001e0000000000001e00080000000008007809140b2a3a080200000100000101012c0027000000000000271a0400000000041a7809140b2a3a08000000010000010a00660069006c0065003000"/128, 0x80, 0xf800}, {&(0x7f0000011700)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x10000}, {&(0x7f0000011800)='syzkallers\x00'/32, 0x20, 0x10800}, {&(0x7f0000011900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x13800}], 0x0, &(0x7f0000011e00)) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x0, 0xffffffffffffffff}}, './file0\x00'}) openat(r1, &(0x7f0000000080)='./file0\x00', 0x6a4f80, 0x80) 23:14:28 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xcc, 0x0, 0x0) 23:14:28 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xc5, 0x0, 0x0) 23:14:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x11, 0x0, 0x0) [ 1866.047920] loop5: detected capacity change from 0 to 389120 23:14:28 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3b, 0x0, 0x0) 23:14:44 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000009, 0x4010, r1, 0xddb13000) write$binfmt_script(r1, &(0x7f0000000000)=ANY=[@ANYRESDEC=r0], 0xb8) close(r1) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x0) 23:14:44 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xcd, 0x0, 0x0) 23:14:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) recvmsg$unix(r1, &(0x7f0000001040)={&(0x7f00000008c0)=@abs, 0x6e, &(0x7f0000000f00)=[{&(0x7f0000000940)=""/24, 0x18}, {&(0x7f0000000980)=""/99, 0x63}, {&(0x7f0000000a00)=""/17, 0x11}, {&(0x7f0000000a40)=""/249, 0xf9}, {&(0x7f0000000b40)=""/240, 0xf0}, {&(0x7f0000000c40)=""/19, 0x13}, {&(0x7f0000000c80)=""/188, 0xbc}, {&(0x7f0000000d40)=""/158, 0x9e}, {&(0x7f0000000e00)=""/213, 0xd5}], 0x9, &(0x7f0000000fc0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x60}, 0x2002) perf_event_open(&(0x7f0000001d80)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x49c0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x88b, 0x5}, 0x2008, 0x200000000, 0x0, 0xcb819cdd160ccb3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, r2, 0x0, 0xffffffffffffffff, 0x8) r4 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$binfmt_script(r4, &(0x7f0000000200)=ANY=[@ANYBLOB="4a9a"], 0x1020) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x1, 0x2004, @fd_index=0x9, 0x36, &(0x7f0000000280)=[{&(0x7f00000001c0)="6ff020e0e9ea41962ab088a13312cb48398b55c7812c516c3d426088fb55a2f1293f", 0x22}, {&(0x7f0000000240)}], 0x2, 0x0, 0x1, {0x2}}, 0x2) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x80040, 0xe) perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0xd7, 0x7, 0x2c, 0x3, 0x0, 0xffffffffffffff7a, 0x44001, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0xc5, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0xa020, 0x6, 0x4, 0x1, 0x0, 0x5, 0x9, 0x0, 0x1, 0x0, 0x5}, 0x0, 0xd, r3, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x4022812, r0, 0x0) 23:14:44 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3c, 0x0, 0x0) 23:14:44 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x12, 0x0, 0x0) 23:14:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x9, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:14:44 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x37, 0x0, 0x0) 23:14:44 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xc6, 0x0, 0x0) [ 1882.536921] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1882.538653] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1882.563027] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1882.564757] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:14:45 executing program 5: fchownat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10) shutdown(r0, 0x1) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x7fff) ioctl$FIONCLEX(r1, 0x5450) 23:14:45 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x13, 0x0, 0x0) 23:14:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xa, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:14:45 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xce, 0x0, 0x0) 23:14:45 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3d, 0x0, 0x0) 23:14:45 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x38, 0x0, 0x0) 23:14:45 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xc7, 0x0, 0x0) [ 1882.687402] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1882.689138] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1882.701801] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1882.703455] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:14:45 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x14, 0x0, 0x0) 23:14:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xf, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1882.823231] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1882.825020] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:14:58 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xc8, 0x0, 0x0) 23:14:58 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3e, 0x0, 0x0) 23:14:58 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000480)=ANY=[@ANYBLOB="e00000117cf81dea41f163000500000000000000000000007f000001e00000010a0101017b6eb6adb1"], 0x24) setsockopt$inet_group_source_req(r0, 0x0, 0x2a, 0x0, 0x0) getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000140)=""/179, &(0x7f0000000280)=0xb3) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x16020}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x181080, 0x2) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000240)=0xb5, 0xfffffffffffff0b1) r2 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x30}, 0x0, 0x20000040}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0) r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000005c0), 0x224800, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x80010, r7, 0x8000000) bind$802154_dgram(r6, &(0x7f0000000000)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x14) syz_io_uring_setup(0x3a5b, &(0x7f0000000380)={0x0, 0x3cfe, 0x0, 0x0, 0x17c, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000400)) syz_io_uring_setup(0x7657, &(0x7f00000004c0)={0x0, 0xf34c, 0x8, 0x1, 0x1ed, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000440), &(0x7f0000000540)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000580)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x3, 0x0, r0, 0x0, 0x0, 0x0, 0x1, 0x1, {0x3}}, 0x200) connect$802154_dgram(r6, &(0x7f0000000080)={0x24, @long}, 0x14) sendmmsg$sock(r6, &(0x7f00000021c0)=[{{0x0, 0x2303, 0x0}}], 0x324, 0x0) 23:14:58 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0/file0\x00', 0x911802, 0x140) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) r2 = openat$hpet(0xffffffffffffff9c, 0x0, 0x80000, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) r8 = mq_open(&(0x7f0000001200)='G\x9d\xbb\x8a\\\x18\xd1\x04\x80\xd6\xea\xb0D\x83\xe8By\xb0\x1b4P\x1c^\x11\x01\x04\x00\x00\x97l', 0xc1, 0x15a, 0x0) flistxattr(r8, &(0x7f0000001140)=""/76, 0x4c) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000002e00)={0x7, [{}, {}, {0x0, r5}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3, 0x0}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}, {0x0, r5}, {0x0, r6}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {0x0, 0x0}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {}, {}, {}, {0x0}, {}, {}, {0x0, r6}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {0x0, r5}, {}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {r4}], 0x4, "9755154351ac9a"}) mount$bind(&(0x7f0000001240)='./file0/file0\x00', &(0x7f0000001280)='./file0\x00', &(0x7f00000012c0), 0x1080420, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000013c0)={0x0, ""/256, 0x0}) openat(0xffffffffffffffff, &(0x7f0000001340)='./file0/file0\x00', 0x14000, 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r2, 0xc0189377, &(0x7f00000015c0)=ANY=[@ANYBLOB="121911b86de3b84ddb581d966a9f30caa75142def3a8e94a15dee7a5f98b25a1330bbf11bca22ca17021559d2aab2583bd5e4908acfd84c0f86b458af1638cc2c9304cc4a13de23a9d8672667aba84cf5e010645d5b4cfffc9f92cee61764e90106c75a8c9dccdb4d9b30054a4907d41e550bb0cec39f2adce0c6d70e8deb88ec77ac199b76f21d718937259259e2bffe31eb2b636251d37c1d9fd8c8120e97c98c2fb8d8c2b75627c44640fdfec4b3cbd9270f0531ea809b1115431f78137f0472dd7a12f096ded84216ca302650af00000000000c9a81b546e3742a62eeef289b904de0880d18acb5e78f02d49215802", @ANYRES32=r0, @ANYBLOB="07000000030000002e2f66696c65302f66696c653000"]) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000140)={0x0, [{}, {0x0, r10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r22}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r24}, {}, {}, {}, {}, {r15}, {}, {0x0, r20}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r19}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r16}, {}, {}, {}, {}, {}, {0x0, r26}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r13}, {}, {}, {r17}, {}, {}, {}, {}, {}, {}, {}, {r29}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r23}, {}, {r27}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r28}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r14}, {}, {}, {}, {}, {0x0, r18}, {}, {0x0, r21}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r25}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}], 0x7f, "9656c75f04ba4d"}) lseek(r1, 0x0, 0x2) r30 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) copy_file_range(r30, 0x0, r1, 0x0, 0x200f5ef, 0x0) 23:14:58 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xcf, 0x0, 0x0) 23:14:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x48, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:14:58 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x15, 0x0, 0x0) 23:14:58 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x39, 0x0, 0x0) [ 1896.564802] validate_nla: 2 callbacks suppressed [ 1896.564815] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1896.567607] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1896.594717] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1896.596421] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:14:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x41, 0x0, 0x0) 23:14:59 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x16, 0x0, 0x0) 23:14:59 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xc9, 0x0, 0x0) 23:14:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x4c, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:14:59 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3a, 0x0, 0x0) 23:14:59 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd0, 0x0, 0x0) [ 1896.738689] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1896.740351] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1896.756922] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1896.758595] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:14:59 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xca, 0x0, 0x0) 23:14:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x42, 0x0, 0x0) 23:15:14 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd1, 0x0, 0x0) 23:15:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x17, 0x0, 0x0) 23:15:14 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3b, 0x0, 0x0) 23:15:14 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x0, 0x0, 0x5}) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0/file0\x00', 0x911802, 0x140) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) r2 = openat$hpet(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) r7 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) flistxattr(r7, &(0x7f0000001140)=""/76, 0x4c) mq_timedsend(r7, 0x0, 0x0, 0x0, &(0x7f0000000040)) dup3(r7, r3, 0x80000) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000011c0)={0x0, ""/256, 0x0}) mq_timedsend(0xffffffffffffffff, &(0x7f0000002e00)="3cd52ed97c9e213909d730166b17123f3294a3353d43c2bda33f8b46124feb3e574cb78ff55dae93c1d80f8b1b571caa5d0f953fdc20af7c2907f40c853111e5a4a6405dfd6510e2573f0cd5a14f722a746315bf5955d6443a167b62e37e70e67059a451add17b0ba3a4167e37a184c25fd56c25f32d2c08713830771e190d3e72e360fbae6eb7f69da7ae1b7575584eb3aad405c2e0cecf7c57c725e35199b38412b21fb229249cb5214590ea9c200b689ed99433fbbb389404f04d726fe19ef657f8896380c769f15ede2ebc816773d5730db7acb1828fbcdffc4da713e0944bca7028c47238c1aace7879fca945a836e4ff365b155de4a6b5e69df15c57c8c84a27359b026401b2d2ebb22fc4727115b803cbed672e1c10421e53aecb9848432f39231a6fe45af05a49d7f66593d188b01763da10fbe076c0103b005492008157072857ecefae4dfd561229bd8ecf19e938d25a4315e343c5ffc67c1810af17fff3e930e390dc021b8a020e9ad5750cbdb6ac2406d580f35c6776feba23704f457eb3c9e481a38ae02519b5561493b3a5a22682f0622f55b91bf3fe3b6eeb0b411767b39cf41b6ea7f7606bbbf59f038ed99313e9185bafa002fb0d7f8f854025afe6eb498d49d00f869ed3d4abccfb90d70f1dd88a92a1f6c2a1f62238ff8733e3b25225fe919598664429606c6ba859544fe0de3a9f18ed8fdd5e9ce15ab80c870a454b550e5fe805396bf4ed72b627314fad05b74a500135c9bb1b297b170356d42c9983c3275dc8c95a5a198f3b896c712d4c44d66ee10f29d4d71df5484c473cdcd107d66ded8e5219a066b00f45faca7ccbde009031f583819cffcba547c3b5707c7c1eba73dc6ade8f584244ba35302df2a0341c8e629d52fad82cc1c34dac09d39a975902e883ce1b648080e5855ad37961abaa7eecab4ac63cb839f4039f8b93d2ba6e618ebc437166e24e210171bc8ae12f31e90adadfdba265f9a8df86648ff4bcff451f289c9142ef5bac4ba3131852ff820087a5b7e1131eb05c8c857dd4cf2839501138174f70eca95c39a59220f47be95cbe4996c214f17e5a790679057bf0c05e7d79797fa74af891a0bb050183e9124f3677a94c92e3caaeb095d0746fa8a82e30f14b228fffee24ba0385ae2940a223aa6fdd3bee655aabb131e4660eefa4e65a0cd2197f54d94783a2513ab6ae8c548b7fae70692ffa367a95cde0cd90d37be42547f30d1583a913b11c9f998d60d8c78a3677d79c717dde50a0124d918e66655902e6cb60ddd82727bc05b31057693ee9d7601be6d8870edc47c328afa800911568d99655a271c65de3a07616806e280bd453217ee2420b32544c67e34bbcec1874b450af23af54048d3a10e71967bc1ee3c0029235d95f158895bbdddfa81a3cfbcc74c7c352820f75e00324e154441074853b7c2dc1c3ed42873c6323e0bd29058b62187f57ee8def92612a91b1598af90904e770a8788c05934b54f998ed0a4b54198e74a1bdcd6e5a07109f6bd0271384211633d2d70c28843fbed80968d3cf49a697bfaffb92101e0626dc34c4b9a8b47438606152c9eea6481597918ef7739be21f562c86289b842b1d9208459f41716f2518da7d3f4ba062c0ea28a221e44f071325deef0c9ce5e8bb729e8f393020db13ad241503f9c4dc21fee5bc58893e112a2bd2528aa825c3b8e19d8312b268a43c9c662737da60bf318a5cd9069a2d96653818733825f5808371ad593f124ce11272705b5dd827d269ea01ea8a3948418278ba34338fea40665bcb5365033785adbbc7f20ea2489a728670108781da688a9d2f327f7723b76e4d2dba9c05a8f15bc05fdd521ce44e606fb0daf61c3cf96094bc4c8ca55892cd55803da5ec5f72c9ea01273ba23d834061b1a4e7778470cb726d78692d1d00291b9753fe96e43b24f239b575978b0fc6855aae3e384fff6dca011d58ca718f5a64ce083744057fadce07c1569c0a2dd34cc2f990c2d0705d4ad2dd03ed74e005e495987f5dd3b561bfd610d372abd48da2cdaa6253b074b55a30c7663daf7268768a656ac8f36d0c61a6671f6b75b69634c5c3cb06bf7d28e5b01743d673ed200a51e70f7d72c908e21769144a72870fead7075c25ddadbfeb9a9818638c3829d329eac2eb542f190986977bf6b79ae967ede1bc3e998d271f8225d5ae195e1be0ae7be5dba2584bcda86187ccde07022a3a462f505557140b14646b8d2ccb67c82bcfbeb71ece2f3af3d2d522613571766fbc39716026361c6d109d1ca6616495a5c1186cb2009e8d365abaf16a81230ad8c05889f9fcbb7ce0c6a507f9b5a078dfe5a7483d376f16428d23eb15c688f252d8548b5d94f34f8cd430b1a31bcc3e1ce90d14e3e7a33021df06882d32b90e4c6968c8046a7410bb6920f278d1b1c166875217c8e8d417adf9b50c85c509fa0581d906ab12c339e7ce03a49693489e7965043c75e5950363f062e43933d848ac73cb5f8585eee7d22305f9332df9ad7a11377c01f15ae3009d92dc3fae370f8f817400fd7f5aeb5b103fa1ba707b86ebff9324e2d52a8d46baff356e4be977bab515127107916440e1867c4d6279b08479597b3268c98566723c935f96b569b2b60807f8a046ea6e2761c062c7913dc9d4bf71f60ee2fd0e7bb3e5b718e8d4a62c43f2d53d9ecdbfb6d1dea8d8ce51c574c5007a55bd1a5933e3895659255153d501e3419ecb2c63cf337b7de31b0830f7c5b4fe267ef576c7776d34e47c7ee204609284af5a10a88b0d2488574d50614b004c04285cadc63001ac023f570b6fa4c0a21635b2d53405c4279ce02adf0a980a27d5acd32f68e166ddd6c43e186de12bd09f14e644c5f7a696b1cec0cfc757dc64e8f0b64c8bab66db414fa724c175fa49676d0ae100537b7cb55751a54149b60653a20bbbdaa58a9172228e553a5ec93387db79eaa9cd542cf8035d4c50b7e09e3728f153641e7fd5c9cb8969df5374a25d3611aacc81ea1d195a4b2f7e1f861259fe1d2d6422e32acd44d2f996508c07e54b200a472e4782b0e5aa030898f4c51b578f60d17fc5c01055be225120118c20b171d8bffe38f194b0ef598ac5696825da3442eb0513e31dcf997a213ffb711392223c906b637c77a5ac612611b9d4f949bfa43d746b38fa61a2b736f116edfeda864cf56357f0d9ed25d27cb057c8227379a86d9f2bf00f289ea8fcf4a61f0bbc50045047e7ef0b097e4c65d749f4d40a89f6ff2e17990e837f81364faaf32cd0c5cdf9846173610759a22a424e00f57a3143c8cf561f12489ff01fa64ef27c39370e1eca076ecaa6fbd701ad2a29b80cca60bdccd34e5f26fd0ac661ef5da02883d55401b05b15770399f960c8749fdc90fc06ddc18bd88ad6d21a7db3aaf52e28ab741f211898192d4ab34b659e79eddd844a28b5c3d0125f5b8781f270f7832114c744bc5820a60b28d408291884c0f85b47e660f8545c412c235e85da5e33bd315067b9f89a36b76e204e82ee465031f0fc463d42254f73fe269bd7ba4f4f06dafe7057f58f5387f40b0bf3fa2e9ca6b2afc496d26ebd092e0373750cc649f16e1e35179825f3a51d8b015539a4ba1661addc540c776257ceadb0d795f8fd6737bc302fc39b4dda8bf0db0f4d0a62839b02ff488810413131a566082d864e073a63f17b28aa8929cd239f50689fef85a8de3308be69b82d7eca3d9e5190586362841d1ff6c562a3c6d74e57750e80baddf2aabd9cc40ff3aa30e2a9be9150815977e3292f171cd184074d00e90251ffb0943b276e67a87d7eed7af3d886519f54aec72d5eb01268202999e8d78532461a8524aa0fea7c49aa864f956bc4dd31047a529f8bbf4ba971ded87c6121533491863d6d2f4dbeac566839675a781f43c9ed27d0527c961a60f212deafd75ac331674b4e76d9151c9813aca07565b1e8b52a835d1693f36cdb9be6fa8cdd7431183467be6dc75c867268cbc7f7a6cd1059ccb123c47de06785d1deb8a2a4ab286929253e05107d07c80d2790af78fe59f022763514ade2fd2f2aa0fff6c99c6af7498c9024259f2f49d8e0f054b9e7d774b4e7b1552340012153d4c79451be6ffc71079da12c140d97f3a813256e93e22e3ff9045fc6075df39fab13ed8661a6a06bc083194ebe6bc40040840f08cd586d7a3a36fe7015d3a636f94553955325eeb3d5c538251202c6c1521cbe2b87e3a22ffd2744094a44be4a63e09271a29fbddc042872a53dfe54670d0028d640754c2aa06ab7e299244bcf5517eca5a0d50799ff872bdafe888a587633f3771c161c520e56764ae13e351dd4a4fbbc4c12e00986c58a3af279473acfa42cdd442d2ab36a1f2c8e15df74b9b9fdb7f4ed0a527e1b2522ea18b822d420e493a114031ef87dad32101c7002f7aacd435e3c952c5edf7f6317215709f673926e15feb3021c3d31adaf27f468ed93f65201963ce3ec173f8003d417961a503bfe5181ed3397bfe1299107235aa1562baf276ddc6b3e802a35042d0f8a79ee06102c8e9b0a92e7e92da2788c8e6450a924fe8d7637a183f9a0b69e949ee3d54bd5abfbb6a90bd3cb8a9bc9d8d91418c72b3fe665d54dec99eb53fcf474a0f42171e2f3fb16a00633408f77c205a168f70379d5f1098851c6d2605f1811c5c22d9e3e44f483cfc65e373e431eb224414db926be369c40fd1e40f2938cc484b33f69d8ee518c33a91284d6e3635720b731c68011d6b46721816deb3b6c47ae211375d738b6f77a4f6ea2b80579aa34b3d0bced65466b6946f386482db484af971f33f546f2c0b0bcf6135784fcf3f0f1006fe34617e86adbabf80935995d34b48b9d1f12ef089510dbbd616a59e875d3f3e0aa7aea1758d6c5f2a699d031823205a4ad815efee17395d817015c392a79e4d0ac9686e596220b0ecdd2c1646e54a5630cd6022b1f52d81de0b7c0e772ab6a9c931bf527b0a874f79fa860cc82283d36be2114a4ce514b60f2b1ef941fb4e1a8d2899467d6231f82fefa3bc2462677ffd1d2436b44bf4f7fe734064f0a0b16c3f16332a85895ff84494009e00440ff7940096065996741278b3652d6286545b10c77ab2e905c1bb8c2d538ca6521df0707f55e0054d2d87d060f863c9cc50db915ac404ff6017a48a04190d12168a647d803819879c0bc3e688663d1585493dc800727fb4775473005d0cc37c3941dddb31071cb5389083a0ee8aa5317326c7f8a29646e24bb32c6d6198d2e095a6694f5ad98e3940608d60e169cc7dc507564e043aebdde61d7adf96f0a52adbde8f9ce5f99a323c8cfbb35c23baef865a6a6f949b9ee425ed2dbf1f74eda38aea9bb1e814f8de792d106ffc203028dc7afe55db61dbb25f986508d023b698226c40e366e93264fbf51c2fa8a889f13ef4b768c480ae4ef3d5f061d7cd2ea2456e0c2bca80c3e7b23209a4d221a1df8cc6b3e5fa6dead523253952380abf2ca49d628a4078e4c34c49caa2f84dbd9325c2459dcf8ffe65163a438dc1f204cfeca634cfd0a2f0f165539b88bbff3b4136f21cd050ea0c2959701aed2f44be88498bd6ccad2935aa459f91e146928eceef45a9dee8ac5d9ecedf6f3757a3058742aa743b74020dfbd925deacc4fc4c1e1d91653f93b190229888c5103c29a4b5ffc836babd2035e79d5742e32f663fa44ad2ccb40e547037ecfc1d8f1cf1f70638302c6b8e8524ffe1e1b33464ae0c4ad2b8f53350998a864ac84789fd0f48534295285e6d058e6fb97fa21f3b3626a98bdb284ff6c833a585f13f4359110cb202da48118333b14c425133bdf7d4b4dded8447e317a28a31062aa45f1c8b421c7d3edc2489d1dfecd41e4d087b2ce6ff389f5eafecde0fd17f5ab337e11714ccb70354e1c5354e5df53cacf32f1a2904087f8d56ee4bd276eba770fa5514f6e1c4ce3fd491d8f52be75f8770db4bf70e8234a9088446c4d35469a2f49d2188a8a1d2600"/4254, 0x109e, 0xc021, &(0x7f0000000000)={0x0, 0x989680}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000140)={0x0, [{}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}], 0x7f, "9656c75f04ba4d"}) lseek(r1, 0x0, 0x2) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001440)={&(0x7f0000001400)={0x14, 0x0, 0x600, 0x70bd2d, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x14191}, 0x2400c801) openat(r2, 0x0, 0x480c1, 0x186) 23:15:14 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xcb, 0x0, 0x0) 23:15:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x43, 0x0, 0x0) 23:15:14 executing program 5: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0}}, 0x0) readv(0xffffffffffffffff, &(0x7f0000001080)=[{&(0x7f0000000000)=""/15, 0xf}], 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x1}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3b}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x0, &(0x7f00000000c0), 0x7fff) pread64(0xffffffffffffffff, &(0x7f0000002100)=""/4083, 0xff3, 0x38) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) stat(&(0x7f0000000480)='./file0\x00', &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r0, 0x0) stat(&(0x7f00000001c0)='.\x00', &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0xc) stat(&(0x7f0000000440)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000340)={{0x1, 0x0, 0x0, 0xee00, r3, 0x41, 0xfe00}, 0x8, 0xffffffffffffff3a, 0x0, 0x0, 0x0, 0x0, 0x3}) getresgid(&(0x7f00000001c0)=0x0, &(0x7f0000000200), &(0x7f0000000240)) setxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f0000000280)={{}, {0x1, 0x1}, [{0x2, 0x3, 0xee00}, {0x2, 0x1, 0xee00}, {0x2, 0x2, r0}, {0x2, 0x4, r1}, {0x2, 0x6, 0xffffffffffffffff}], {0x4, 0x2}, [{0x8, 0x5, 0xee00}, {0x8, 0x3, r2}, {0x8, 0x2, r3}, {0x8, 0x6, r4}, {0x8, 0x1, 0xee00}], {0x10, 0x2}, {0x20, 0x5}}, 0x74, 0x0) fork() openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0) wait4(0x0, 0x0, 0x0, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x9) 23:15:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x68, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1912.090527] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1912.092602] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1912.110286] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1912.112214] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:15:14 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xcc, 0x0, 0x0) 23:15:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x18, 0x0, 0x0) 23:15:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x44, 0x0, 0x0) 23:15:14 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3c, 0x0, 0x0) 23:15:14 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x64d79ca4eb02dbd8, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001780)=ANY=[@ANYBLOB="140000001d00210c00000000fbdbdf250100020058e1f427ac228a56bc00c90f3fe66caa1497d1c4f4df5ae2c0158ab966c0f8ac7a2a330419306c10c4dbc57d0b91a0a89005ee18c339bf30575625bcfd9b5dcd52c532e97ffe59c32fd06d2267d09aae07f6db51a7ddcfe39e42a36bda4a8694badc4f48b0754e2a90b7deddf481d2e832ae0fcb0019f7cc3acf992c083678e7a263c462644cad337c4642a7ab9b18b837342e073f13b7487e7f38441e3171a400804cfdf4e57246f8b4b4f5f282c84723120903"], 0x14}}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) 23:15:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x6c, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:15:14 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd2, 0x0, 0x0) [ 1912.295055] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1912.296759] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1912.307068] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1912.308875] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:15:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x19, 0x0, 0x0) 23:15:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x45, 0x0, 0x0) 23:15:14 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xcd, 0x0, 0x0) [ 1912.850995] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 23:15:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x74, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:15:27 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xce, 0x0, 0x0) 23:15:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd3, 0x0, 0x0) 23:15:27 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3d, 0x0, 0x0) 23:15:27 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1a, 0x0, 0x0) 23:15:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x46, 0x0, 0x0) 23:15:27 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1081, &(0x7f0000000280)={0x0, 0x0, 0x40}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000800000/0x800000)=nil, &(0x7f0000000180), 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0xc, 0x0, 0x0) r1 = syz_io_uring_setup(0xc96, &(0x7f0000000180)={0x0, 0xffffffff, 0x0, 0x5, 0x2b9, 0x0, r0}, &(0x7f0000940000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) syz_io_uring_setup(0x4ac9, &(0x7f0000000500)={0x0, 0x8593, 0xa, 0x1, 0xe3, 0x0, r0}, &(0x7f00009d6000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000580), &(0x7f00000005c0)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c53b74be1cc06a8682449c18237d779b4f25f709ca", 0x1a}, {0x0, 0x39}, {0x0}, {0x0}], 0x67}, 0x0, 0x4000000}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x6000, @fd_index}, 0x80000001) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000640)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x4, &(0x7f0000000600)={r6, r7+60000000}, 0x1, 0x0, 0x1}, 0x7f) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000340)={'ip6_vti0\x00', 0x0, 0x29, 0x0, 0x3, 0x6, 0x5a, @local, @private2, 0x7, 0x7800, 0x7}}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000003c0)={0x0, @rand_addr=0x64010102, @rand_addr=0x64010100}, 0xc) syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x5fb3, 0x0, 0x0, 0x3de}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, 0x0, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r8, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 23:15:27 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x2) ftruncate(r0, 0x1000003) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa418b6d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/netlink\x00') read(r2, &(0x7f00000002c0)=""/225, 0xe1) socket$nl_route(0x10, 0x3, 0x0) r3 = dup2(r1, r1) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x266d40) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ptype\x00') io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r2, r3, r1, r4, 0xffffffffffffffff, r5, r1], 0x7) fcntl$addseals(r2, 0x409, 0x8) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000100)={{0xffffffffffffffff, 0x0, 0x39, 0x1, 0x8}}) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x401, 0xfffffffffffffff9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000240)={[0x9]}, 0x8) writev(r1, &(0x7f0000000600)=[{&(0x7f00000003c0)="125d24ccd0551e54708513241d1924c20ff7f4258f4b3403330c7ff08baf11015186d7d17948ff4912e46f3e8a7df4c82104b59a9501a8a6ee9282a0e175e4dd15a0d12ee81bee28ab481737a1558bbb8563cef24f7af4fbec7d96af48a8c1b776731c4aba23cc8a4714b35728ff15cb0412b53cde3113837e1067b8f1b86a26", 0x80}, {&(0x7f0000000200)="0e975ec3cd79c8d9ee84", 0xa}, {&(0x7f0000000440)="f82e134484ff2b1352f34a8ec24c3698de944e59082544f346dc80777b51f8305d4191a36bb94bd1e5d4fee54abb8fc7b2d7ada38457b0cd6cc9712d3293594cc0844b6fdd32bcbe209435e9c354921e3c6aa118e42d7f20fe4c57fed4c0d9bdcd51e3aa963e9c9ac6bfc2ffd48529b6a15bed480534cfe6b21221b22501aa335d023e9f42d776dc6b2ad636d21b5b19ed53d3e9e19f12a0c4b9ea789ab1ee65d02c2ffa8e8c509e54199c2271f875bfa20b1664c452cabd8bddc8e14a92f41e37ca5847adc23857646f120752268a", 0xcf}, {&(0x7f0000000540)="4e90365b609510c59fde5003d41f9ceabc329b8c2953d10e6b8e911d5acdfc7a33dfa71f9c5c4bf24270fa940d6d98f4829225802e4bb8fa93f6d510ac91a2ee53a2a2bc23a177509c084d3c970ed7c7ffaad711fd531a3ac9f9f906", 0x5c}, {&(0x7f0000000280)="3eea3e22ee4be99d470d550a7223b7f0afb9e2ed016ee69b5ac79333ce63d9c638a4a4a1ec60d9b1ff7673f9", 0x2c}, {&(0x7f00000005c0)="67d6b0f6f69e02c64be9fc9bed3273622ff25eba7168ed1fd55612aa8a8e0301ffcd1df19f33e8eddedf1f8a82937f4f7153", 0x32}], 0x6) lseek(r6, 0x0, 0x2) r7 = openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0x10a) copy_file_range(r7, 0x0, r6, 0x0, 0x200f5ef, 0x0) [ 1925.460801] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1925.461882] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1925.469097] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1925.470993] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:15:27 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='net/nf_conntrack\x00') ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000240)={r0, 0x6, 0x4, 0x7}) sendmsg$IPVS_CMD_SET_CONFIG(r1, 0x0, 0x10) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) readv(r2, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/141, 0x8d}, {&(0x7f0000000000)=""/83, 0x53}, {&(0x7f00000005c0)=""/147, 0x93}], 0x3) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="30000000100001002cbd70000000000e00000005000000000000001100fc61487fec864b245e0f3f9be149f8000000"], 0x30}}, 0x0) fsetxattr$security_ima(r3, &(0x7f0000000280), &(0x7f0000000300)=@sha1={0x1, "9f8ce3fd5eba33278ce4ec989be7aeef64c50e03"}, 0x15, 0x2) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r4 = syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x401) mmap$perf(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, 0x110, r4, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='ns\x00') getdents64(r5, &(0x7f00000007c0)=""/180, 0x200007d8) getdents64(r5, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x4, 0x2, 0xff, 0x4, 0x0, 0xfa4, 0x1000, 0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x1, @perf_bp={&(0x7f0000000180), 0x10}, 0x8, 0x0, 0x5, 0x6, 0xfffffffffffffffc, 0x8, 0x6, 0x0, 0x9, 0x0, 0x2}, 0xffffffffffffffff, 0xd, r2, 0x1) 23:15:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x47, 0x0, 0x0) 23:15:27 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3e, 0x0, 0x0) 23:15:27 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1b, 0x0, 0x0) [ 1925.538381] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1925.550416] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 23:15:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x7a, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:15:28 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xcf, 0x0, 0x0) 23:15:28 executing program 5: ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2, "77004a6efdff0000000008002600", 0x0, 0x401}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) r1 = syz_open_pts(0xffffffffffffffff, 0x208c02) ioctl$KDENABIO(r1, 0x4b36) mq_open(&(0x7f0000000000)='-@\x00\xb7!\xf9Z\xbb,;\x7f\xc0\xa9J\xb3\v\xfb\x84\xaa\xb5\x9a\xa4O\xa8\xb5\xd2\x13/z\v\xae\xfc\xfek*D\xeb{\t\xba>\xe8\xe2\xba\x00\x00\x00\x00\x00\x00\xd0zd\xccD\xf4a\xd8/\x90x\xb5\xd8\x04\x19u\xf9D\xb7Eq\xc1\xcee\xd9\b0\xec\v\xe3\x96\x1f\x80\xe4Nk\xa6\xe1\b\x97,\x8b/\x96\x9b\xdb&\xd1\xe3J\xd5\xaf\xe3\xfc\xde\xbe\xa0\x8b\xeb\xea%\x10eW\xf6\xa0J\xe51\xa4\xfesm\x96\x89\x0f\xea\xa6\xc02\xd4\xb8y\x83L\xc4\x93U\x15\x9b\f\x9b\xc3Z\xff\\\x9d\x83\xe6\xc7fc\xa9n\x8e\aV\xe8\xf9\xf9\xe4\xfb+~\xabu\xf9K\x1d9[\xcd\x9b;=6Q\x80', 0x3, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/230, 0xe6, 0x2) r2 = socket$inet(0x2, 0xa, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000300)={'wg2\x00'}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000580)={'syz_tun\x00'}) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = syz_mount_image$nfs4(&(0x7f0000000180), &(0x7f0000000340)='./file0\x00', 0x2, 0x0, &(0x7f0000000480), 0x80000, &(0x7f0000000380)=ANY=[@ANYBLOB="2a2c272c776732002c2f6465762f6e65742f70756e002c76657468305f766c616e002c2f6465762f6e65742f74756e002c2d4000b721f95abb2c3b7fc0a94ab30bfb84aab59aa44fa8b5d2132f7a0baefcfe6b2a44eb7b09ba3ee8e2ba000000000000d07a64cc44f461d82f9078b5d8041975f944b74571c1ce65d90830ec0be3961f80e44e6ba6e108972c8b2f969bdb26d1b6d5bb90a82b2ad79149e34ad5afe3fcdebea08bebea2d106557f6a04ae531a4fe736d96890feaa6c032d4b879834cc49355159b2c9bc35aff5c9d83e6c76663a96e8e0756e8f9f9e4fb0b7eab75f94b2c776732002c6f626a5f747970653d2d4000b721f95abb2c3b7fc0a94ab30bfb84aab59aa44fa8b5d2132f7a0baefcfe6b2a44eb7b09ba3ee8e2ba000000000000d07a64cc44f461d82f9078b5d8041975f944b74571c1ce65d90830ec0be3961f80e44e6ba6e108972c8b2f969bdb26d1e34ad5afe3fcdebea08bebea25106557f6a04ae531a4fe736d96890feaa6c032d4b879834cc49355159b0c9bc35aff5c9d83e6c76663a96e8e0756e8f9f9e4fb2b7eab75f94b1d395bcd9b3b3d3651802c646f6e745f686173682c646f6e745f6d6561737572652c686173682c0009041b849e3a3a3c628c9796"]) openat(r5, &(0x7f0000000980)='./file0\x00', 0x268c40, 0x108) sendmsg$nl_generic(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="300000001874bc357b9ad63c00210c000000007f4dfee702000000080000000085e67cd1b214c800200014000100fc0200000000000000"], 0x30}}, 0x0) ioctl$VT_GETMODE(r4, 0x5601, &(0x7f0000000100)) dup3(0xffffffffffffffff, r0, 0x80000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x840}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r0, 0x0) 23:15:28 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd4, 0x0, 0x0) [ 1925.650630] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29720 sclass=netlink_route_socket pid=10450 comm=syz-executor.5 [ 1925.675438] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1925.676301] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1925.680982] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1925.682645] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1925.700366] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29720 sclass=netlink_route_socket pid=10461 comm=syz-executor.5 23:15:47 executing program 3: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x7, 0x80, 0x3, 0x0, 0x81, 0xee, 0x0, 0x0, 0x8c010, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6, 0x0, @perf_config_ext={0x9, 0x8}, 0x8008, 0x1b858, 0x6, 0x3, 0xe1, 0x32, 0x6, 0x0, 0x200, 0x0, 0xd9}, 0x0, 0x0, r0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_tcp_int(r4, 0x6, 0x9, &(0x7f0000000040), &(0x7f00000001c0)=0x4) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe6b02, 0x0) r7 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) r9 = dup2(r7, r8) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000001440)={r9}) getsockopt$inet_tcp_int(r7, 0x6, 0x1e, &(0x7f0000000240), &(0x7f0000000280)=0x4) read$hidraw(r6, &(0x7f0000000400)=""/4096, 0x1000) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000280), 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r1, 0x40089413, &(0x7f00000002c0)=0x3d9f) syz_io_uring_submit(r2, r3, &(0x7f0000001400)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x4, 0x0, r5}, 0x4) openat$full(0xffffffffffffff9c, &(0x7f0000000340), 0x10000, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002900)=""/158, 0x9e}, 0x0, 0x2203, 0x0, {0x1}}, 0x0) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 23:15:47 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x4002, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000800)=ANY=[@ANYBLOB="01000c77efd02b8218a9afaea175df4be300000100000018000000fff15da1d4ec31c0536b9469889b31d41c3a714fc91dc162e631845d4bcb2500a61a80e9f09bccded137156780755ef6ddaa2a02", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f00000005c0)=ANY=[]) r2 = socket$netlink(0x10, 0x3, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000005c0)=@file={0x1, './file0\x00'}, 0x6e) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4305, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000680)=ANY=[]) sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x5008c00c}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x3fb, 0x10, 0x70bd2b, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}}, 0x8804) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = dup(r3) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000000400), &(0x7f0000000440)=0x10) accept4$bt_l2cap(r4, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000640)=0xe, 0x100000) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x80202, 0x100) openat(r4, &(0x7f00000002c0)='./file0\x00', 0x92180, 0x1) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000540)={0x8, 'veth0_macvtap\x00', {'dummy0\x00'}, 0xfff9}) sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000780)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082abd7000fbdbdf2501000000000000000741000010c0004c0018000007ff62726f61646361737400"/95], 0x68}, 0x1, 0x0, 0x0, 0x20008008}, 0x0) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 23:15:47 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x48, 0x0, 0x0) 23:15:47 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd5, 0x0, 0x0) 23:15:47 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xd0, 0x0, 0x0) 23:15:47 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1c, 0x0, 0x0) 23:15:47 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x41, 0x0, 0x0) 23:15:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xed, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1945.488188] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1945.489314] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1945.500046] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1945.511485] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1945.512372] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1945.516133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1945.518275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1945.520151] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1945.533843] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 23:15:47 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xd1, 0x0, 0x0) 23:15:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xf0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:15:47 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1d, 0x0, 0x0) 23:15:47 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd6, 0x0, 0x0) [ 1945.584852] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1945.585771] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1945.610599] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1945.611505] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:15:48 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x42, 0x0, 0x0) 23:15:48 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x49, 0x0, 0x0) 23:15:48 executing program 5: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = fcntl$dupfd(r0, 0x0, r5) r7 = syz_io_uring_setup(0x78f0, &(0x7f0000003480)={0x0, 0x0, 0x0, 0x0, 0x283}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r10, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r7, 0x0) r11 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r7, 0x8000000) syz_io_uring_submit(r11, r9, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_io_uring_setup(0x8003a75, &(0x7f0000000300)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000100)) syz_io_uring_submit(r12, 0x0, &(0x7f0000000040)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x7ff) r13 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r12, r9, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd_index=0x2, 0x2, 0x0, 0x0, 0x0, 0x1, {0x0, r13}}, 0x4a) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x1, 0x0, 0xffffffffffffffff, 0x0, r6, 0x2, 0x0, 0x1, {0x0, r13}}, 0x3) dup2(r3, r4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r14 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r14, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 23:15:48 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xd2, 0x0, 0x0) [ 1958.810003] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 23:16:01 executing program 3: ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, 0x0) r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x3) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={&(0x7f0000000180), 0x7}, 0x0, 0x0, 0x1001, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000030003d01000000000000000000000000080001"], 0x1c}}, 0x0) r2 = open_tree(r0, &(0x7f0000000440)='./file0\x00', 0x1) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x40, 0x3, 0x1, 0x801, 0x0, 0x0, {0x2, 0x0, 0x7}, [@CTA_NAT_DST={0x2c, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x1a}}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x801) recvmmsg(r1, &(0x7f0000004600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) r3 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0xd649, 0x0, 0x0, 0x0, 0x0) r4 = signalfd4(r3, &(0x7f00000000c0)={[0x52]}, 0x8, 0x0) ioctl$sock_SIOCOUTQNSD(r4, 0x894b, &(0x7f0000000200)) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) setxattr$trusted_overlay_nlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), &(0x7f0000000280)={'L+', 0xfffffffffffff801}, 0x16, 0x2) sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x4000001) perf_event_open(&(0x7f00000006c0)={0x4, 0x80, 0x7, 0x1, 0x8, 0x40, 0x0, 0x454e, 0x600, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x8, 0xa7}, 0x80, 0x1ffe0000000, 0x0, 0x829b0aebb907551f, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, 0xe17}, 0x0, 0x2, 0xffffffffffffffff, 0x2) 23:16:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x300, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:16:01 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd7, 0x0, 0x0) 23:16:01 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0xa596, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000100)) syz_io_uring_submit(r0, 0x0, &(0x7f0000000040)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x7ff) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r0, 0x0, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd_index=0x2, 0x2, 0x0, 0x0, 0x0, 0x1, {0x0, r1}}, 0x4a) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r1}}, 0x1) readv(0xffffffffffffffff, 0x0, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, {0x1, r2}}, 0x10001) r3 = perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f00000000c0)='comm\x00') r4 = getpgid(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) perf_event_open(&(0x7f0000000140)={0x5, 0x80, 0x6, 0xf9, 0x3f, 0x8, 0x0, 0x4, 0x11000, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x200, 0x4, @perf_bp={&(0x7f0000000100), 0x6}, 0x18440, 0x1, 0xff, 0x0, 0x1000, 0xffffffc1, 0xa69, 0x0, 0x1, 0x0, 0xf8}, r4, 0xb, 0xffffffffffffffff, 0xb) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0xffff) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x2, &(0x7f0000000080)=0x90, 0x4) bind$inet6(r7, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4000}, 0x1c) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) 23:16:01 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4a, 0x0, 0x0) 23:16:01 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x1e, 0x0, 0x0) 23:16:01 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xd3, 0x0, 0x0) 23:16:01 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x43, 0x0, 0x0) [ 1958.844096] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1958.855438] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1958.856873] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:16:01 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x21, 0x0, 0x0) 23:16:01 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x44, 0x0, 0x0) 23:16:01 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xd4, 0x0, 0x0) 23:16:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x500, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:16:01 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4b, 0x0, 0x0) 23:16:01 executing program 3: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[]) symlinkat(&(0x7f0000000140)='./file0\x00', r0, &(0x7f0000000180)='./file0\x00') chown(&(0x7f0000000040)='./file0\x00', 0xee00, 0xffffffffffffffff) syz_io_uring_setup(0x3875, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000100)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1}, 0x1) stat(&(0x7f00000000c0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r3, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x800000, 0x123) openat(r0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) 23:16:01 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd8, 0x0, 0x0) [ 1958.989785] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1958.991214] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1974.366279] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1974.367643] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:16:16 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xd5, 0x0, 0x0) 23:16:16 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x45, 0x0, 0x0) 23:16:16 executing program 5: ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x5, "f31a0000434ef9bab774bdcab95c000d00", 0x0, 0x8}) openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) r0 = socket$inet(0x2, 0xa, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1c04, 0x0, 0x1, 0x0, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpgrp(0x0) pidfd_open(r2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, 0x0) setns(0xffffffffffffffff, 0x2020000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) ioctl$SG_IO(r3, 0x2285, &(0x7f00000011c0)={0x0, 0xfffffffffffffffd, 0x0, 0x0, @buffer={0x0, 0x1031, &(0x7f0000001240)=""/4108}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000040)={0x2, 0x6, 0x5, 0x3, 0x2}) ioctl$DVD_READ_STRUCT(r3, 0x5390, &(0x7f0000002280)=@manufact={0x4, 0x2, 0x800, "00bc95e1d7c7526002994560cca3cb55b66678e5eaea2741345629a1cec02f007569e0842af897601b10179ce9c733b49449827210b73d70a774f7e48cea1c35a571cf104a8db9faf6c7f7a86647a7a3a4a1740d6e9722cbf84f0d9ec33b9bab22d97351d38686158264793722ee3b2516645cf01a1a9ae08aa9192b0aa2d521be5340caa28d3e9aca95d6c911bf19b56b60b59d718961708152c187c5ec50437a3df5039deb78aa1ff0d0c1dce7ff26bb1fbbd65861e3bd8db8c3eabd654b68db5d517f3cad2b86c70d81f32e2a06e473b6ca25df162c2c9c07bc413dca11294ad0405edf9d6960235bf04a490a886388edae8fe3dc39031f5cf8d64613ce9bd37486c957324e5f11cb734692496a2ea9f4a345751bc9c2fe871e70c7b6611549350cde91af83ff7b1c57a2b3fa51cb7019e32b4a56fc4a3f0f78c41e923aed5cb89ab79fb2b1d7d2264638ec688486438cb5bfcda5bd3336c0eca5c4eb49ec0284e9b1356de8e47797300221dae6b2dc5998e5616720ffc947ec2810b3c85b606781abf15f61154565f58d2492cc6a2c56dffa9ba7ab98278ed6ee13653b779b893d8494c76cebde9bc51ed405e27e8daf3d6a9c0e3a09f155d92887781b7e1d1bdca9c0618f5ed7e0c97917b349b694a3d9005f9a672cd522aee5946b70b962128c7702b069399bf489ddb076c5ea02fe2b9030823c4247a6d22cd8c59b4290c56d47ccfa5167f94e9bf5e66bf4fb99c0585598f1113e111eb23cff6482c3060b77f79a77f71e9a6d8fdf8a7311ef5c2eaf7b102e638b3cd28644c29855f14b30e9c0631ead0c314870a30615de4c1bda467575f75edaf7569a77ba047b8443d96d8c862006bfcc7c21b848904100527b69d39c5caf1c3aa038fec350da5c1cbcdec3def9c83b0fe0e3d5f044685ca4e3da91622fcf098a3d4a827740c771dcfc67298754a2a1601e363c35ba09e0191097ac1cb793653beb39885a70b00457010111f12223bc6d6b8dfc16c29e31e27a0bf6c35b421907f10cd41cedd40709d56d7b8e9e3531c1acebc0a5ad21dc1a18affe006320ea8b5d7c4fca00ba4028f802c97ca82c5b321867ae14d8ec57614c9bc5a8b0b7df20bc38585a32d3cf58ea3f9402c478d84c9312e1660648f67ad131560dc6a4932657afcda99b9d5cbf9c8d8e19798f86e62c1dcf4e4bfcdedefac0cd9d9d21cc692a1eb6b7d5b1b2c1a1a49ea7c3566fa56a9d2cc025332479e61fe3a750e20446ebece96faaa58a355e59fb83205c2b389243ecf8141c4a75ffe7281adb43074b88a501682b32c5153f9b79441306a130d17536eafbc70bfe91bb34cf4488d8624cc4fa287fa60b6502c2cc1a049b0afc6bee5a6240238d5ef0e762791121ed045a939dafdf1dfe996325fd552570887ffc7f3066e857015ee8cf082339375cc0989afe26e125bd66579d44c56c4ffe86507b5155ac7f47ef66629ed7b6b11db00c40ef262f5609733ef55b27370e8fbfea36500ba3e9687232eb9f2f6af04dfbfa79a64cd7bfab080648330776ff4088b0345f436f869f5aea2dbd1155bcd62cb858f694ea8e8ca34c418dc7ee051a1a041f0521abd04a7319f73d8fb902688e58a69c9043e8392ff1ddb95a9f6f7c72d5ca765c809901b9e4da6929e6ab98fdbed606854e05677b5fc04b46c7e77550bb2cac1747774d9f5bb41071a2edfdf7ca48303b65800ae56b1d4254d504555484040c8a6a7ff987cfd65e29c921d6aa356ab1ab3c9c3f493cb3c55b414d31cde83084e2183bc2e173f5872c252ffbc5c97ff6712d5934fdc512575dc5db977bf7d5d0b92fc13fcdfd04bafb59d28aeac0d8d5c105b1d648f07753c1fb731f883d0957b1c56138847f34b9b669511580ccbe523de0abf33ee0ae793d659cb2fae7bb1e546eb3d9c4b805499627618b9d0400ff60fdafaf975cb3a9663eb1efef94676dce8042f0d93f11e93d7fcd25d7535c7a37f57b2835b2aefa0108924efba0390da2d939630b6047eb7fff3395d421a27412fadd589e4673f4e3b86d92c51b8d2451812ce4623b2c5de86894519f6e72e381c8fa39ef43f95bd4c812936794f709556e89f9f1044fc59237da4b40406d74b630f4b558e0ca5a7e85f45968ee2162c5c787123f3165cea19f4998ba73ea99af14de50017ced399b32c65fcc3b0069f2393958c5b8fae29ce59e3de43ff2fe4f603b264190ca1ebf9763cef6d81b3b16e59210c72f53f064e3e877791cdbb836cfc3fa9ca97c8adf27f1d012fffc243a95e10adb0de9d1b375c15d4b94e6e1ff7a2b1a3162fccab6e526e8db185555acdf449e15f9fb8b60185c61fc2f838e9c258ab52ece9a38214b0e8d100da3681e215eee5a2052de65f2568d49744786e56185416a53934f627f3fbb460880e5e399993743cc048549a08f9a4a1e11210fdf0ed031a3c8f44cee83af55bf74948f51126d53e6808915d630a0ec0e31884c3ea8b9eacfbda96501b44c200bb7caf55032ae99324af341291df2183ef4a6b0cb2f0272007dac9589149953e61f01e027627dacb58d5edc892fbe29146b3bce72431ec4e2fb4fb7a03af2c2e94c7d68cf59c2f618eff3e7e06d0e03608ac678b325dc4c7bf5af32b215b65fa9a1bed17292a56e9131a8af0e22b79a91f66e5294c9dfd0ee6546978e0d3d5420649f10c1b9f917351cf824887011a8b4ed165b5db68d8f8d4dbd87d337e49f05873553fe5d0e34638851a273618f59ce5fe148ca149cce089a8f4301a5507404939cf4993b4afa6f9d2a76c40adcbf4607e0e293483194f7756ac3fa8f7e2eb28be0a251d0e70f428d06731a135a02b239ab8a0a79472002e08291a7242c41251cd36185a1b31a32ba3da99897886dc37fc9c4d2a8d1"}) ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="0090f0000000e48734d800c3c388f707ddf5002ee441a6063847ba567b9cfe85599234e32de892100a230ba38d5a7d1391e4e08c73a77c72a6509afde5366121c8801f0c274de53e7c4c6ce4194b1a8b0e0cc0ea0e89d1ea8e6ff99fd07d58fb80d08a8b93e35b2aaf36bbc3c9475a35109c6e85fc4a594c84d73aa47efeb064ae7e33db7d13b16c34a4bed7193a257cd0f07d088b6680b49eb006c6ccb828ac0a142e1c80d071d714104c902277792177484a8f870751830d03b5ef61e036f9b8367e82c2fa5402882dcef22844aa45bb3df24b1a5524"]) ioctl$TUNSETLINK(r4, 0x400454cd, 0x201) r5 = socket$inet_udp(0x2, 0x2, 0x0) dup(r5) 23:16:16 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4c, 0x0, 0x0) 23:16:16 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x22, 0x0, 0x0) 23:16:16 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x5}}, './file1\x00'}) r2 = syz_io_uring_setup(0x21, &(0x7f0000000100), &(0x7f00000a0000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0x12, 0x0, r4) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000501c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="0900000000000000030000000000000003000000000000000000000000000000ff01000000000000400000000000000004000000000000000100000003000000090000000000000000ffffffffffffff3f00000000000000846200000000000018000000000000000000000000000000000000b3afa7a7006e959cbe32c1d70f"]) setxattr$trusted_overlay_origin(&(0x7f0000000500)='./file1\x00', &(0x7f0000000a40), &(0x7f0000000a80), 0x2, 0x3) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000050280)) execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0) syz_io_uring_setup(0x37a5, &(0x7f0000000040)={0x0, 0x83dc, 0x4, 0x1, 0x214, 0x0, r1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r5, &(0x7f0000000a00)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r0, 0x0, &(0x7f00000009c0)={&(0x7f0000000200)=@ieee802154={0x24, @short={0x2, 0x2, 0xaaa1}}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000280)="c5b6c00e37e6943e79", 0x9}, {&(0x7f00000002c0)="60ffbdede2c2a9181b9bf368cc174f439fee1a656c5f286fd2a83bc4084ed0f8c14af01b4528f7707e40283bae46015b7bc61361330a94b3319edf5ae37776e7a4a0a492ec12874120ee42bb8e108e529370c8ad7bcefff23c311d747c436a23d0", 0x61}, {&(0x7f0000000340)="c38220f99366534232b3f07fcc642964af6be4eeb7888be8b5d4fa7fc98cf55e33fbad463074b6cefec10a8b5c8ae3ecb1f3b99f74", 0x35}, {&(0x7f0000000380)="e2b5017acdfce16cbd1f40d52ca5b90fcaf22411cff695f21f606ca30f6cb7fba8bfcd09012df20d521e8a3df46b5edb9704548ae413d7082c66bfe88a9267ba61fa39ba9a9e30906e69b1f9a5b1bd080a8749f7205dc1ef07404771f5f1cfd48ab45e392458fb8c36745548cdd6db9b42129966f023643a5ee0f59307df2a2545f58eb3b0152bfd8d687ca70cd7a2d972da341aab01c680b341b85c8824bbfe62755c071515cbb4631e1e8b83644d32877297061208bfaa9659fe15eb87dda155924156d09c49a353d734c543353f47e895ac8add8ed5a6558e", 0xda}, {&(0x7f0000000500)}, {&(0x7f0000000540)="f77be5a7fc25389c0efadb18356e270b04a14a2d9e85634b5d5dcfd9833559b32584a76aecf10914728dfeb334ac374abadaa2861750a8a1ff11511f", 0x3c}], 0x6, &(0x7f0000000600)=ANY=[@ANYBLOB="30000000000000003a000000fcffffff14bf714e0fd99f6963a0ade7350f7f51d89167823247458dd8830800000000004800000000000000010100000000000059d5fcfd954a894e2136c5021d4366943b51a9a41379fce17f1215d4a81f92928727e455fca0354943c5517b69d4df520caa57000000000030000000000000000b01000005000000ab8593b0797bf65c07f2786431c2b0672af5d9b6463b82d94ca0000000000000c800000000000000010100000600000006beb39695761e906a242c557118a2c64e35d4f805d0f5a26d407119b1dff0aab9a4d5e144eb02b6037c46076d7efa4795b88d6dd5ceaa1bce4dfe6fb3a114f483f9d7606e10876ca7a3ad0cb615c90a827a88efcd43174f5de59eefc8c6f0e8c4b4d63bdab59e84e272803ae55220b48e24fe72f1a1856c231f0be586618ca7fb94fe8bfd025bf843240acc48fc37c4ad99e82c2ca246680b2c9809061d5131085018350deb377b44cf16133984c8150fd677cb922cf60088000000000000000f010000370f00000a0fef00df7eb8e415d78d3a46f4ee572a92429c61508f6fd432baea10ffe2e99d29c027352da5c7ad123ff5aab33690fb3782e6cee3bc5518e8fde33d8f32a3370e90a8b05a77c17c07aabb6c64f8d8ee91025405c06cfa2c4db3e4d9e79cc41c6a0a548362d379f8dc04369f475885f76fe80000000000e8000000000000001501000004000000386e9b4e5d5d86a986936ea0766adf01ed7539c4ea8ac52f31700448507d1a809bf78dedaea85bfa8a76a567467a060aa7d72458f25b1737c370249909493aafdc01c747dbfa149385beccb58322e13cfbb1369e6af21e3d403b6f073b65f8c787b28feea4c6da051b3e5fd1769db0ba052617ffa90843834bbf70ce83f0b25d8f1b3acef51d9297c178374519deec0e936b53e72f1cf43e2a3224b02da4a9959c3e5fa2c2ed3ae1f7f2077a00770583ea336679d79fd1a6f0b5e06c15f1a849801a4958b9acd10000bbad234e8de1a3ac9f000000000000b0000000000000000101000080000000c160990d38d5c8a6802941d97f595d3cde71ee7b17397810c07d7ffe8c8c7eb195a45f776fd41a51cee74e48b8c69ea7a4a41fd80f0b62632911e15cc526a6351d76966394ca2f0fb71ba04913cb97855113866ced2f5bee1a75ac6a664f20eb50e84e92d9da5c6ea21ea4426a6c2fc2d6a784aaabe21528f9834727d2c1397cfa41aa0b38a2450ea02af456047a8ab6eee795cacadf4b8965cacee22f47962b"], 0x390}, 0x0, 0x10}, 0x7) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r6, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000100)) syz_io_uring_submit(r7, 0x0, &(0x7f0000000040)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x7ff) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r7, 0x0, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd_index=0x2, 0x2, 0x0, 0x0, 0x0, 0x1, {0x0, r8}}, 0x4a) syz_io_uring_submit(0x0, r5, &(0x7f0000000b00)=@IORING_OP_SEND={0x1a, 0x5, 0x0, r0, 0x0, &(0x7f0000000ac0)="f621e1985e37ad04609c92564449bd60282e61eff5b8d7c8be47", 0x1a, 0x0, 0x1, {0x0, r8}}, 0x0) 23:16:16 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xd9, 0x0, 0x0) 23:16:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x600, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 1974.383156] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1974.384442] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1974.408367] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. 23:16:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x700, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:16:16 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x23, 0x0, 0x0) 23:16:16 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xd6, 0x0, 0x0) [ 1974.468181] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. 23:16:16 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x46, 0x0, 0x0) [ 1974.483935] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1974.485574] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:16:16 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4d, 0x0, 0x0) 23:16:16 executing program 5: msgrcv(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x0, 0x6) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x42, 0xe0, 0x79, 0x0, 0x0, 0x10001, 0x400, 0x8, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1000, 0x4, @perf_config_ext={0x7, 0xd7}, 0x10011, 0x2, 0x3, 0x4, 0x0, 0x4, 0x5, 0x0, 0x0, 0x0, 0xe9}, 0x0, 0xffffffffffffffff, r1, 0x9) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) msgsnd(0x0, &(0x7f0000000280)=ANY=[], 0x8, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000100)={'wg1\x00'}) msgrcv(0xffffffffffffffff, &(0x7f00000002c0)={0x0, ""/126}, 0x86, 0x0, 0x1800) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) r3 = msgget$private(0x0, 0x24) msgctl$IPC_RMID(r3, 0x0) msgrcv(r3, &(0x7f0000000380)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004044000000e9ffffff000000000000000000000000000000000000000000e842764873db6519ff82b4dd9a3e1046272d4a4615becef0108f8265d357a1028676be6fc138178bd9111be5308c2bbc1f400fa9ffc9429e5a64ae210a47d59a8c76fd4e6290405432b01d5220923d2544a0f4e9da7cf5a5318ca7f0d518"], 0x6c, 0x1, 0x0) r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4, 0x28010, r2, 0x10000000) fstatfs(0xffffffffffffffff, &(0x7f0000000280)=""/54) syz_io_uring_submit(0x0, r4, &(0x7f00000000c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x5, 0x0, 0x8}, 0x3) msgget$private(0x0, 0x60a) copy_file_range(r0, 0x0, r2, &(0x7f0000000040)=0x7fff, 0xa1, 0x0) 23:16:16 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xda, 0x0, 0x0) [ 1989.366810] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 23:16:31 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xdb, 0x0, 0x0) 23:16:31 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xd7, 0x0, 0x0) 23:16:31 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xee00}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f00000005c0)=ANY=[@ANYRES64, @ANYRESHEX=r2, @ANYRESHEX, @ANYRESOCT, @ANYRESHEX, @ANYRES32=r2]) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4305, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000000400), &(0x7f0000000440)=0x10) preadv(r4, &(0x7f0000000200)=[{&(0x7f0000000040)=""/39, 0x27}], 0x1, 0xffff57e9, 0x4) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x80202, 0x100) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)={0x108, 0x67, 0xf01, 0x0, 0x0, {0x4}, [@typed={0x4, 0x40}, @generic="078ff78dd043c806bb2419634a78bb20ffc0476cc8ecffdabdbf33bc44d8b3948d03b2a6a4313e1100c5037358d3cdb785452c4f027f78336d196cfa4befac3f5ec1e04568536702e081bd619c88e63000b6c49a6ddb7d0f02a7d37bdd89fd5aabe3288081dd16c51fa81982a98fe1e37d74f7343a52a95196f66c79f24c686005d72e86d9cb07f268d5fa2f3a296259c5fdd6a432652abb17bddc66557760894af857443a8908b329539f9b48b832af127edbda3f135aa64d68def3ba5e56a74bf366f8a7ea478c4293c0241cd38df3ef31100871cbeda084d1ee61ffcdeb7bc818f1d751e3df3c5b72e2430a"]}, 0x108}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r6 = accept$unix(r1, &(0x7f0000000640)=@abs, &(0x7f0000000540)=0x6e) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f00000006c0)={r6, 0x3, 0x8, 0x4}) openat(r5, &(0x7f0000000380)='./file0\x00', 0x24000, 0x20) connect$inet(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x4e23, @private=0xa010102}, 0x10) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000500), 0x531a01, 0x0) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) getresgid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f00000003c0)) 23:16:31 executing program 3: ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000e40)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) fallocate(r0, 0x0, 0x0, 0x1000002) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x4, 0x230040) write$binfmt_elf64(r2, &(0x7f0000000500)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x7, 0x1, 0x20, 0x2, 0x2, 0x3, 0x6, 0x1c, 0x40, 0x13b, 0x6, 0x2, 0x38, 0x1, 0x7, 0x2, 0x5ac2}, [{0x60000000, 0x7ff, 0xfffffffffffff000, 0x6, 0x3, 0x9, 0x9, 0x9}], "d86ea678c17c2c12a5cbbcdd0a074e3ae8b5b0f2ec4f51be5ac3bd49796f3ed43cd4297a2d6a072bda1454c081120fecba656eb32f530ea75d1807be3472d2292fb5ad3366586e8c0c85fe65f4d39a5804d351df1e9c842557d9dff1df303527e86628607768ba04f4f87c2e9356b2027340bcffdd4ad88a7a1b970ce06faac4d60be14f559978dcd5e3c8cb4a566e21652b2ed99db1af4844dc163ee872169ee87800cf7c995e3f07205c14bc3cc392b27719f19bedd9c270283f30d0cd74204b39c2b895c8cfc9f7aecbbc683efddb58de774f4a8d36ac35944977ef58068d8115a481", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x75c) lseek(r1, 0x800, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0) r4 = inotify_init1(0x0) r5 = inotify_add_watch(r4, &(0x7f0000000040)='.\x00', 0x2000003) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000140)=ANY=[@ANYRESHEX=r3, @ANYRES64=r5, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="080011667ac90993fd", @ANYBLOB], 0x54, 0x3) sendfile(r1, r3, 0x0, 0x100000001) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0) 23:16:31 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x47, 0x0, 0x0) 23:16:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x900, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:16:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x24, 0x0, 0x0) 23:16:31 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4e, 0x0, 0x0) [ 1989.379247] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1989.380875] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1989.404228] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1989.405885] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1989.424604] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1989.426169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1989.428406] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 23:16:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x25, 0x0, 0x0) [ 1989.456011] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 23:16:31 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xdc, 0x0, 0x0) 23:16:31 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4f, 0x0, 0x0) 23:16:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xa00, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:16:31 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xd8, 0x0, 0x0) 23:16:31 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x48, 0x0, 0x0) [ 1989.527086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1989.528637] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1989.530304] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1989.586848] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1989.588524] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:16:32 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x55d3, 0x0, 0x3, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000001c0)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_gstrings={0x8}}) setsockopt$inet6_int(r4, 0x29, 0x3a, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x2000, @fd_index=0x7, 0x800, 0x0, 0x0, 0x10, 0x0, {0x1}}, 0xffff) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}}, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 23:16:32 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x26, 0x0, 0x0) 23:16:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x50, 0x0, 0x0) 23:16:32 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xdd, 0x0, 0x0) 23:16:32 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x49, 0x0, 0x0) 23:16:45 executing program 3: getpgid(0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x22902, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000140)) syz_io_uring_complete(0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7fc}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000440), &(0x7f0000000480)) timer_create(0x3, &(0x7f0000000000)={0x0, 0x5d, 0x0, @thr={&(0x7f00000002c0)="c58435b56fadce6925a8c5ef8299d1c9436890996f121c55fd3949c7ffe74e562d5b7ad3ba81ec2ee03296fc177baf9eb677c3b886f2d2f6f15bbb7648f001000000a7e1de93ae4056fd27712f2d24552e5d7d39ec16e048786d22b4989871bad0f0ee169831b6e6f3e5f6aec27d337087b8119f6d755f6e40547c31e63fdaf4b4593725c72c370172c9527216a415009b28cfab12175e4c530e215b70f7b654b1cc73e9eabfb340bcf589b70ae5e8acd00b6770b80a2a135bf9bd68f3679d8a46b4c50a69d29136daef4804fe9cb5f8caceaeb2b7310d7154d547c522215a4a59b9787a63c4e818bd23c5668aa30f9e030613", &(0x7f0000000540)="2ac7a21c8555cb8161df3e647dcdb023da28a1a647a16e4f8e6fa8febca24d45c7a3d99bb9f57cbd2a9300e181ca7c1e21a348b0080a5409b2a4e4d827024c7bc481ad488ef6fded915ad2c221d17d526fba95e126bf2c8f45e164040e2fc26125b81d14d34a97df6efce3e5b87ef010bd0fd8fd2cad78e0a46b99411deb3883"}}, &(0x7f0000000180)) r0 = socket$netlink(0x10, 0x3, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000080)=""/200, 0x20000148}], 0x1, 0x0, 0x0) read(0xffffffffffffffff, &(0x7f00000003c0)=""/101, 0x65) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x16, 0xd01}, 0x14}}, 0x0) read(r0, &(0x7f0000000240)=""/39, 0x27) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x15a}, &(0x7f00000a0000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000002a40)) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0xa, 0x0, r2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) clone3(&(0x7f00000001c0)={0x40182300, 0x0, 0x0, 0x0, {0x34}, 0x0, 0x0, 0x0, 0x0}, 0x58) 23:16:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xebb, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:16:45 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xde, 0x0, 0x0) [ 2002.622136] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:16:45 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x51, 0x0, 0x0) 23:16:45 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xd9, 0x0, 0x0) 23:16:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fallocate(r1, 0x32, 0x6, 0x5e9d) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r0, r0) dup2(r1, r2) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x2000c000) [ 2002.624174] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:16:45 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4a, 0x0, 0x0) 23:16:45 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x27, 0x0, 0x0) [ 2002.668848] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2002.670956] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:16:45 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4b, 0x0, 0x0) 23:16:45 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) close(r1) sendmmsg$inet(r0, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1=0xe0000021}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048efd000000001c0900ebff0000000000000008000000", @ANYRES32=r2], 0x38}}], 0x1, 0x0) 23:16:45 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xda, 0x0, 0x0) 23:16:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xebc, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:16:45 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x52, 0x0, 0x0) 23:16:45 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x28, 0x0, 0x0) 23:16:45 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xdf, 0x0, 0x0) [ 2002.854043] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2002.855755] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2002.879079] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2002.880939] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:16:57 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe0, 0x0, 0x0) 23:16:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xec0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:16:57 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4c, 0x0, 0x0) 23:16:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x29, 0x0, 0x0) 23:16:57 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x27, 0x0, 0x0) 23:16:57 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xdb, 0x0, 0x0) 23:16:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x53, 0x0, 0x0) 23:16:57 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000440)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x12000, 0x20) openat(r0, &(0x7f0000000200)='./file0\x00', 0x40000, 0x9) chdir(&(0x7f0000000040)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x101142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000100)=ANY=[], 0x10) sendfile(r3, r4, 0x0, 0x100000001) sendfile(r1, r2, 0x0, 0x100000001) write$P9_RFLUSH(r1, &(0x7f0000000100)={0x7, 0x6d, 0x2}, 0x7) [ 2015.046274] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2015.047703] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2015.055738] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2015.057417] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:16:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2a, 0x0, 0x0) 23:16:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xf00, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 2015.147952] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2015.151371] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:16:57 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4d, 0x0, 0x0) 23:16:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x54, 0x0, 0x0) 23:16:57 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe1, 0x0, 0x0) 23:16:57 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xdc, 0x0, 0x0) 23:16:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2b, 0x0, 0x0) [ 2015.192699] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2015.194699] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:17:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x4800, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:17:11 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f00000005c0)=@updsa={0x1bc, 0x1a, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}, {@in=@multicast1, 0x0, 0x33}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth_trunc={0xc4, 0x14, {{'sha256\x00'}, 0x3c0, 0x0, "5a6855fde7707c1b7cae3c147135f9c2ba7b610ac300bd06b2f009bd0537d7580c0bb8bc4a600300009ebf1fd296cb32d8347608236c9004d559f11fac88076804527b3839e6b2eb1bfbff2583102c3acdd40d498078a0e5414843d514f7feef875b4d8b47d8028280268536e3fd7a983c0ce3f890c1bb41"}}, @XFRMA_SET_MARK={0x8}]}, 0x1bc}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000200), &(0x7f0000000100)=0xfffffffffffffc60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x9, &(0x7f0000000300)=0xfffffffe, 0x4) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f00000000c0)) io_setup(0x5, &(0x7f0000000700)=0x0) r2 = signalfd(0xffffffffffffffff, &(0x7f0000000280), 0x8) io_submit(r1, 0x1, &(0x7f00000006c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0, 0x40) r3 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000180)='devices.allow\x00', 0x2, 0x0) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x200000, 0x0) io_cancel(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x2, r3, &(0x7f0000000340)="973718d000416d0e113ace690a98f1619484e4960056aa777fed63e5d28907e5dc658359736aa2b3be6a054ff61d0d0a1704feb3dcb95ee5a9cff583a4c2fe2b47dfbb4b82095e76228691e017e710f5527b9185295cf3d3a3e16d4d705f339c596fb9ddcd0bbc9eb440a4102813cb2df3f63c3d37f8ed50d3a4270ad215d9176a280cd1e1d5", 0x86, 0x7, 0x0, 0x3, r4}, &(0x7f0000000280)) setpriority(0x0, 0x0, 0x800000000081) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000400)=0xc) r5 = socket$netlink(0x10, 0x3, 0x0) fchmod(0xffffffffffffffff, 0x6) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="300000001000ff000600f700ed00000000000000050000000000ffffff0100000000000000245e0f3f9be149f8000000486d200809dfec8bea11fd74e171fd75723b09328051a53eb1264a54abae016d89b2981a7ae25e039096b8d9da6628b3e4877ffc2463d0c47dfc444186fb9d86eb7bdb5cfa3dae8da93b6264346689d3fd6c6b7c5c474e35fc5b42a7a9187e7d4e2edad4d86ade6d62d2b65465efd857801ed8e7e542fa0d5dc04e01bd8dd448da4fd577094a0b83470083791e3530eeb37f9e97d9e2fd3297638aee525ce8bc4a0c9b731d3564bd7a53a02771e58b6c427793e41eb22cd9980424a9ac492045ae0c48e7f6218992829eb5dc32ef0000000000"], 0x30}}, 0x0) lseek(r5, 0x1, 0x4) 23:17:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x27, 0x0, 0x0) 23:17:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2c, 0x0, 0x0) 23:17:11 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4e, 0x0, 0x0) 23:17:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x55, 0x0, 0x0) 23:17:11 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe2, 0x0, 0x0) 23:17:11 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xdd, 0x0, 0x0) [ 2028.748629] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2028.750323] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2028.757208] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2028.789120] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2028.790901] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:17:11 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe3, 0x0, 0x0) 23:17:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x56, 0x0, 0x0) 23:17:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2d, 0x0, 0x0) 23:17:11 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x4f, 0x0, 0x0) 23:17:11 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe4, 0x0, 0x0) 23:17:11 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xde, 0x0, 0x0) 23:17:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x4c00, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 2028.917909] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2028.918894] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2028.923770] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2028.924658] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:17:26 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x27, 0x0, 0x0) 23:17:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2e, 0x0, 0x0) 23:17:26 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xdf, 0x0, 0x0) 23:17:26 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x50, 0x0, 0x0) 23:17:26 executing program 3: unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom1\x00') unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom1\x00') openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x2, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/binder1\x00', 0x800, 0x0) unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/custom1\x00') unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/custom0\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x4000, 0x8) copy_file_range(r1, &(0x7f00000001c0)=0xd15, r0, 0x0, 0x20, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder1\x00', 0x802, 0x0) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000240), 0x48001, 0x0) ioctl$FITHAW(r3, 0xc0045878) r4 = memfd_create(&(0x7f0000000280)='#\x00', 0x3) ioctl$AUTOFS_IOC_CATATONIC(r4, 0x9362, 0x0) ioctl$KDGKBLED(r3, 0x4b64, &(0x7f00000002c0)) unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/custom0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x151042, 0x10) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$KDSKBSENT(r3, 0x4b49, &(0x7f0000000380)={0x6, "2ee0fd4cd56925e9a288ae190bc211548090d96755e623717774112bef93005d7bb5751670518e28ee2e809eaa891971cc22c5d42f3fb63033f482db2dd75f4baa13701fd83e82fcb48e27955b09879c90ce6fbc1a337a6213828a6d46be3859fb3d3a9b4e8fab4fdd1c9f085eab8b60669ac9110fd75662e9fdc6dc6ac1e140052bd05b89f14d74316711d833254b32f6fca16fc34db2f752e427ca1af82c3f21280e6a6699f2b6e37064d8579472bdbb243c9214a0d9b8fa3404f44c9791f6afe7f16bfa0f013ea8cfaf4c8f9af2a1cba02103722ec6455433852afe5e8759be69db16fbc82a7bfbce77e8ee466c77a27a665d3c2b3325c66a337eac8cadc05b12bc999aef95fdf83a7e0ef31fe8e8a9adb1577a1e4374bf1a91f9258f0a12d7faaf0f98449aa30f0e4df328212a64e86a07d1ff2d9b9ac3614bb50368046c11f393ab5f9b822ec418123508076f637053c0b93f1eed8f449b85481eee8c25526c015f3ef81b63cc29f436fd069bec3184b4fe675479fb6f53ddd7485cba446a8a711a112e393b1e52b674ebc016570e61d8678f7131b7a46ce446f58032553f3ebeea65af1f5d2d353e5a2dba0776da484992b9753082449437280b2440f03ac20c2e314f77d1d33b882d5f9d8be8ba50a53b5a1f7495df39c1abdc0ae3a6d51a5b66d67df5c05b20da9ce5400a3e2d1f9df4b70c6ee9ba89d160acaa9406"}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f00000005c0)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000009c0)='./binderfs2/custom1\x00', 0x2, 0x0) 23:17:26 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe5, 0x0, 0x0) 23:17:26 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x57, 0x0, 0x0) 23:17:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x6800, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 2044.434175] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2044.437053] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2044.460595] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2044.462292] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:17:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x2f, 0x0, 0x0) 23:17:26 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x51, 0x0, 0x0) 23:17:26 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe0, 0x0, 0x0) 23:17:26 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe6, 0x0, 0x0) 23:17:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x6c00, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:17:26 executing program 3: r0 = clone3(&(0x7f0000001380)={0x101983000, &(0x7f0000001100), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r3, r4) execveat(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000480)=[&(0x7f0000000280)='^-\\)\x00', &(0x7f00000002c0)='%+\x00', &(0x7f0000000300)='!,]\xf6\x00', &(0x7f0000000340)='[@\x00', &(0x7f0000000380)='^\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000400)='\'\x00', &(0x7f0000000440)='\\\x00'], &(0x7f00000005c0)=[&(0x7f00000004c0)=']{##\x00', &(0x7f0000000500)='\x00', &(0x7f0000000540)='-[^-\x00', &(0x7f0000000580)='^[\x00'], 0x400) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200)=0x6359, 0x4) dup2(r1, r2) clone3(&(0x7f0000000180)={0x8001080, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x7}, &(0x7f00000000c0)=""/116, 0x74, &(0x7f0000001400)=""/4096, &(0x7f0000000140)=[r0, r0, r0, r0], 0x4, {r1}}, 0x58) 23:17:26 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x58, 0x0, 0x0) [ 2044.587359] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2044.589052] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2044.611994] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2044.613676] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:17:27 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x52, 0x0, 0x0) [ 2057.701334] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2057.703142] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:17:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x94, 0x20, 0xc21, 0x0, 0x0, {0x2}, [@generic="bfc976fb889182e93930e7a3715c46b099a4ecfb3871a203104b9f1965a206dc8df013524fff1b865e9931b27eff5f608c9aa48210f8e738da6d9eeebe025aafdbc00dd957317b942e8503ae2bf84795dad98727bff2dbd10e6f1b2ea239f5ceef3d5e8a848fb15a220e5ddbf726b187d0859bdb993d3e85e3caf6cbc38608605c1f857d52e87e57b3d07ddfb437188f897e5467d30cbdcb781e17ca756678db384298e250e08287ff9a6e4b02c063421e3f895e4ebb700a6dbd355cba138f0eace21f92ef45ca4d54b23a073b42654b766da550f305f58519c30b442b608346ab11d75380554ef2af27607e1c1369aac4a6584133327929e8a99745bfb7e8041ca68e477c0d8dc68c9ab7833c7730c8ea8acc5f10b1c2210356420afd3fd412cdbbaaa7ec2e22d8abbf1949bac0db536200c39c9753a4e181de633c55dfe167b87a876caa69a360b1c4a4e504c20c412b05197f8e9ac10fc8f34540c724a33d3e6bfb53e033ad6ab5baf9fca45bb27158038bf01f7b7e4a23d7b8cdb5af18309edb9a6024bd12c880f343ac9a98dd4968b6891b79947e90cc12d37b4f04980900893d31495681c35a4c3fb2a44f2ce7e45a58454594dec2397788df849301bd9997472b531c8ea4851570dd218d840749111a7e01e9364eef13207301630ee48352bd12eeba8ee2253cf18df522d31df214d3e105c45e2ff93ba038d2abd564b09c36d3a1b53bfbd92e6a99661613415c05cc513f5dd059333f2426e8ddc452f7cf96ff662e2510328b31c55f253ce02661b3b21f919f62cf6776515f63ef950727fae5caeb12101b4ea9e079856281d7b08214bb4cda51c1c6d7492fa251cb0ba101a2111083fb40b097b79d0ed43de12a6733c48336beb654d35e9faa373f626b56dbef3b02dde3558a36cd1410a5ca435eab590cf5ec351fe201aff547b90a7690e14cf428ac15cfc0ff73979a72e288b1fc2425288f32767ae2eb9a1e1b2442e4dcd4f6ef01d097527f06351ad2423572e16991a1716f7ce1336329ede026ce8f6d668041e91e6df3d5ab1af39762d8b9901fab8606003d0666f36dfd0b5f8af724c2874c5eca6887a2f936eef4a439fa858e12c0a8b90e8b25adf625c0247c98bb9609aa240c6d475f684d283bbf9d1f8a055bb33fd43dcf5d25e36be7f1fdb534076e844f8a30e69364c80eb33c5f682e184314fbbab294699762897f2766f8ff21491266eb794a13c1606b3c55d7001153d432865183ba95f67120a2f98cd15361e75ce27ecf9e8d1e7afd9a402508ee2e941d83bc4791e016ae7cc92052b00814fc6ca6b1d904e6c4bb3673bf24f61e7b0e04f1a05b10872317d5d8dedddb912fd290de492b731f3d9d0b771faf320458534112d98964072f1f66b9addd96969e7b592265b2297bcc41725697b0e90801e4100efbf2e843da4323f4219f0a02e7a06ee15240efabb62055e165b7d03cb8a14a85d552480c35fbf3888beb654ea11db746be2aecacb232fd6fd13ffb9aa5cc579a382de149c37731ac8d7daf0d45933dd97bc5cbc47ff8005dfcc5dfbaf9669e7e8b2a68b83e3a2cbe4f72330ae4533fed2a254cfa80aba4e685f4b7375cf1a345a610a032f186b2630becd6664079e4641283481aba32514604ad3ef1e5014a2b49f420fef10d1005c13b0bd2d941a538d265280b6579305379a3666b55ef4d2e6c8823348916874114c0c6072eff0945a13812ad96f854b7034511a015669046331d8913c975dd6de3758a223f5a31256763c0311c40c531fd0b88efa394688f4147b4d87013fa7ccc279136fd2a9126debbf15bda74b5067cd29c2e27102fa157cd22db45d43b79244a94a533a7a21a1c28d14f4150cd36bdfecdcedf438f26c39f5d4fd59f12243d60ad621ae7b575072b028c64b70e9484460ecfb9cb993e17822cbf327d0460e8f4e9a24245c568e612cc62ef2c2ed0f84af7c11ca4fbf9fcb54af9f0a56bc8631db04d400716b0b3ee6f088019c172002b77dcc1f3b8b9a1e2e06efd261a4344b9e146606951d45c308785c7ffc14d652a692316ed3c5fea66cebf6deff858ba71a287b5685639a7b79ce494f453dd1915d219db60865bc85ccd081fb79b4d43d599738771480e16d2aaa88dc70f1d93eb64b9b65cdeed6df943d6e09809e583ad149deb103a1969462e7894a786b9a0c3450d45021b3181ee431473b04d94e45864cc00b8ee79cccaec6078514b5a29564eecf975ba7ba3812f016ea8097b1354956c493965f4d8ec1b299048f5aad42768ae462bf5b167ef6edcd088ac2f348e49f56f28adec7f062de2df875e6a18b930a2438ccb9abb2e1e025de2b5b9bc5d9899dfd3ebb923e862fd2bee153c085eb8551997a14edd95373380b2c64eefb039bc6fffcc347e6da76067fe8317082374dbadffe7ddffc4e9c6bff4be10c098354e7655db678537614f6a12d57e4c71a9ff7958aefc4947e98d6a47575fcaef7c1293c0c598de1176873b70fe9ffa82c77e75d29d920336d09bb59ecdd1589ebd3dfa5b94b0529504a94f10ec8388e919698c393ea7a28d7ab78f1be89b7a67cb740c4e47bc69939cda0dc76750d9f5f8793291fe219656ddb6d555bf2ed0b4798e472a9b22df64b24c4134d906869c433800b2c9a73c8cc58b3d8bc5c2d1655e66d9d851d36d594b4950868e2802d0bd71059fc904b9a2e173b71a0182b4ac5f644ae6a7e8c28d7e60522a1873b88a2b78dc6ef9ae598038379c3e12529db5c0d23ccf0da879df219bea8e464a94fd7ff387093ee4b6aa2cdadd6b5e6c0bf2c5b7217268ceefcb26d8f3eec4b75bb75a51f2714fd81ccf3152f4d6da389cfcbee9068f0961eab8506aa72cb9578a41cc3e064b79667bbf7f74ad56b34259dcc927e8c6a7f9c28abc979b76eb32fcc2c1d32b37bb7f17215472984868a6f52b71ced2e272e65e3e710face2f901b14d80a6d592aa1018379cbc91a815ab25726980eb7ba014f341fe6b7ee5725219346d2fea2517081b223a93e54b195cb39b392f483acb33ed6b055933c44566851773a368f409d3c2b16ebef99d1a7281679cbe29f41895cfa6025ac402752ad9039958da04614b69f28eec095ca52bc74df775b24262d29a74aac88092e9e77a066407fe32817598e8bbf22397be7bd9def3ee1b34f5bdeae48c0c623cd676263c940944ec0d23fd0ece84baa8a88115f4513925de2b72c17ecc5d400913e2975452d881a7dde6f622ecd01c6d7aa807c4fd3c3dd37ff8d4221fe672316dbc66ceb77726d0a3a6beab507c8c5987accb31103729079e40b67870bf846dc6b5189e2aeb2780dfbb2d48ccdc560341c3f12d6014679a2b88218fbed82c90480f2decf1de52880ea34bc4ddb40a4bb6cbf1d772688b7ed66a9d1fcb8aa3d2cea246cc05c66986e16dc0682294751b5fbfcd508c7ff2afb073675f8b7b8660eef36879e1cf4f2715afecac5cd8af843145df5291e183752740af1c3fd021e2622cc80a85f7277ce99f5e5fffe7534555bb4dd86c3ddf5005eecee4310c78b2bfc14b964ff88de439af5fcc57432763bf8a2385a0deefebd4d0b07b6f21aed31b600c416d2da71f8c84f3f9b6699c535cb09858278fa88e5057c518bed75f63b80fa687b785457cb736a201fcfd52d09e78ae2c85d8ea8e9e9371e584436a5011e363258303a979dfbb10e7ca65965fa662b2d787307a30e2ca747eb27308105bcc04be6b665fe101a648a1036c2ee0d3a1ecf714d9a5f981d02e075c792af67eb38eb2ab9d9f47fded8bf29263d20c78c3cdb89bd7a9db6c40ac3278cf766e1d110d4ef761129cc0c9aa031b1d249b0b1366d1f9cc4af03c09f1ea18dbbd22d64b7a4c827b069a7d4263e9af241b3b3f16c8023acd32f3afd70a63b933ab99abdad2c07bd431e923c89f3ca22baa93254128e85479eda67a085562271c469d8e998ebdde7ae350363ec33f68787d54ffe2ad03b6206f0af127f89ec236fc853ad6b6fc6025c12a04e940810be26e1ede91ed9975d2ba3b3aa21a2f0d5e3a2847c4b44335c9c5f8b29ba240693eec12d226d7b55fa8e2d5eba039dd440b6fa9423eb704af09d85817d9ed614fcfe183b9639001faa939dfd9d5c96787759e9b9d3970a46e3aa9489f3f7c7f83e8d3b2a24ae49fead5a43e87b465fcb216d198c29162f8a3c35789979a88780fcfd2b8310f3e6d625ffb3e25e15869dc48ad6cab390057af4c55589387cdcf9f232674eec723ecb40efadd041a622f7453f6eadd86e3cdc8a3541461703f2df72e4f0b58792b5e406d84e25d8a272bb8298b98878dba09b7a4a0035567b5b23bd7a078e26dec209e61f00a91e55b0210895bdf81c7ed32fbde9c59aa5087f885167c514087af23393f76c619d2cd718e83942edf2a283d9203b7f3ea9a6f727335c2f9b36a4a552224b59ac86316126118120773de6745e207c86e59df99f046e05ecc59da96de93589729b0ddf1ab38ae3299935fea47864025f0157cd6c565da463c134b66f57c59c947dc112400c3ed39e495067067a3944e83f9989b3062487578fb7468e9291ef339530c193bec18df2e8436cdaad3c241fde46d825cd60a28810e973114315446d629c18e2948ca19a5277d7ace895455f8ca900df49346606faeab3e7ea4727fc1540da2b8fc6e9c6c1c66c723c0520a44ac088e4348dcc597aced5eb4d60294dd0c4752ce8df8f977c45dba6e9ba5fb6d4df5cf0a272cc49af649c927002dd24b30b5b4402b31af282c13482bf76b29998fb80f709d3916b96f08127db67fa932fc40fc968ebad25093422828cf0575ebd88ca27e8bde6d11ea20e21e655212ba95527d5b27436699a310d6f70454839c12f05ffd8da6cd112b80f8601a417b5f9330ace4239f038e01c88f9bbf42517be37f518d3faf000b0a6dbbcf0f85693a243375e03bd1f1b8b6b27818f301760b12406d680acd9b98921438c8530da11bd2aed50ad174a6c6bb7e3ca04fda9de516a64112111c7cbcef0c1c65a42e92ddac308dbf0a65df220010a3e241fbfb175bdd86b187cf26ce7c5bd32a82bc902f2604716a8bf64970d1ac450e012b5b2864da16f1f1b46de83fe7496f7c96820088af25435e1d16a221d91692cb544233bb70e2ac6e7a3d08a1577288987c4d8624b7e4c79929d19d472a11ca215782ff99b2f2376d2f33b5be7f62c78ac01007d1338fb208e6beeed9d753ddfc01abbc0a1c4a0372a494a620523310377a1b9c6ee062ed8122d5ad3b54be8b63d23466f902a2201ae699b6f94b1db1bf74dc1adffa91b3a651b673ea72b29dd6d8f3c319bd23bcc19a9d4b924d900c718a2a26e804eca5173c672ef87d5cbf0879feb797a9733ae518b0ba112174b9f918227af73ba704004b0012c25f73c0f9f2b28c754860ef0880ddda9669facc0035344e23741872c966feaa054a05a7ecc3b9759ca9614875b477580802c17663470284eaf3035fbb0b599565bab6d3c3d28f4c9195a3b98abe8cc54d6057bb044b1597415e28df1a0be75a6e697a32daa2c1fa8fb2fa2ca35ec07e8ba5dfe8ccb6348f47eb80803067a6f71278edfe6c862d5dfda03eb6decc81b538a2ff530ace4ddb71bf5c763421ccc0ba687d2b7b6014ab557d51ff2698dc44b54ed1750a0d0531a6f69931daec362cf82174edb7355fb5a682781d921363a094cc9017efe992891596194bff2733415c69449560f4273d174701794ce44e93aff0dd760083d891e8448d97dae8a6b182a1bc34fb4a9406f948c9e7b300560b7f7d", @typed={0xfffffffffffffd95, 0xd, 0x0, 0x0, @u64}]}, 0x94}}, 0x0) 23:17:40 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe7, 0x0, 0x0) 23:17:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x30, 0x0, 0x0) 23:17:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x7400, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:17:40 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe1, 0x0, 0x0) 23:17:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x59, 0x0, 0x0) 23:17:40 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x53, 0x0, 0x0) 23:17:40 executing program 5: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x1004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x201, 0x40000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') r2 = clone3(&(0x7f0000004600)={0x20020000, 0x0, 0x0, 0x0, {}, &(0x7f0000000280)=""/78, 0x4e, &(0x7f00000000c0)=""/28, 0x0}, 0x58) r3 = fork() kcmp(r2, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f0000000340)=ANY=[@ANYBLOB="010000000100000018000005", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531001e537c25f95ea4e72a52807a7238f50c3e369e33256d79bab788a2dfb4fdd078f2b3e7d7214d9f9a8837a6213ccb6074303a95ee899a571e37a18b8ff026717260a0ac2b38eaa67ee0740946e8621d6a0a1cbab59d02b8aa809373aed019bd41d033a1e26ad6310062a46c264afe52595e5540660c7e3d2aa8fdad82f83d9e5e61351bd615ea1e5400180b71a06317730d2e1e2ad79b8150424a75c58a8619bcab7221d2a92afd96e0940a42890358c41ce9fe"]) perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x20, 0x40, 0x5, 0x20, 0x0, 0xfffffffffffffffb, 0x10118, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x9, 0x2, @perf_config_ext={0xff, 0xcd7}, 0x4006, 0x6, 0x80000000, 0x7, 0x4, 0x7fff, 0x3, 0x0, 0x7, 0x0, 0x100000000}, r2, 0xd, r4, 0x3) openat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x88042, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000002) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0) r7 = inotify_init1(0x0) inotify_add_watch(r7, &(0x7f0000000040)='.\x00', 0x2000003) setresuid(0xffffffffffffffff, 0x0, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)) sendfile(r5, r6, 0x0, 0x100000001) [ 2057.725705] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2057.727369] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:17:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5a, 0x0, 0x0) [ 2057.749041] netlink: 120 bytes leftover after parsing attributes in process `syz-executor.3'. 23:17:40 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x54, 0x0, 0x0) 23:17:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x31, 0x0, 0x0) 23:17:40 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000003) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) clone3(&(0x7f0000000740)={0x404d2340, &(0x7f0000000480)=0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000500), {0x34}, &(0x7f0000000540)=""/201, 0xc9, 0x0, &(0x7f0000001800)=[0x0, 0xffffffffffffffff, 0x0, 0x0], 0x4}, 0x58) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f00000007c0)={0xfffffffd, 0x81, 0x667, 0x3f, 0x8}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2, 0x55) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000100)="9a0bd21b6e0d9209e21dda73cb8dcd3fd5575c910d4e8a1037904f62df7e1e1b7fdcfb859fc1e4a32ab4099617d3269e990d", 0x32}], 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000300)={@private2={0xfc, 0x2, '\x00', 0x83}, r3}, 0x14) fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f00000000c0)=@v2={0x2000000, [{0x40, 0x20000}, {0x8000000, 0x3}]}, 0x14, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x10000, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff], 0x5, 0x0, 0x1, {0x0, r7}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITE={0x17, 0x0, 0x2000, @fd_index=0x6, 0x62, &(0x7f0000000200)="2cdf817a65bffd2bbbfe7384984cd664db19906757c1c69a13da0e77b6f6f4af559b3a403d383262dd1e1766a820b1834fd7969b1de605975c646c12764d2b4cc5800a939e654c8ae1097d3af69b3e680612cc807789ecf2da5ad6dca98972", 0x5f, 0x0, 0x0, {0x0, r7}}, 0x3f) 23:17:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x7a00, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:17:40 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x55, 0x0, 0x0) 23:17:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5b, 0x0, 0x0) 23:17:40 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe8, 0x0, 0x0) 23:17:40 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe2, 0x0, 0x0) [ 2057.908137] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2057.909818] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2057.926351] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2057.928139] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:17:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x8100, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 2058.063412] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2058.065181] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:17:40 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x56, 0x0, 0x0) 23:17:40 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe3, 0x0, 0x0) 23:17:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x32, 0x0, 0x0) 23:17:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5c, 0x0, 0x0) 23:17:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xbb0e, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:17:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xbc0e, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:17:55 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1003a75, &(0x7f0000000080)={0x0, 0xfd64, 0x0, 0x1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, r3, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x2000, @fd_index=0x5, 0xc11c, 0x0, 0x0, 0x0, 0x0, {0x2}}, 0x80000001) syz_open_procfs(0x0, &(0x7f0000000040)='clear_refs\x00') perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x7, 0x3, 0x0, 0x0, 0x7ff, 0x800a0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x60000, 0x0, @perf_config_ext={0x7f, 0x6}, 0x0, 0xe6, 0x4, 0x9, 0xcf, 0x8, 0xffff, 0x0, 0x6}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x2) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 23:17:55 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x57, 0x0, 0x0) 23:17:55 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xe9, 0x0, 0x0) 23:17:55 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x33, 0x0, 0x0) 23:17:55 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="bf7fee733f19f8df0cc86977b2a2b8a326ac1e8660e4a47e9de2bbf844f5640c70f37b9cf399e589f2d8829aa91955be026f34b6ccca4fb5badf8a66dfb075e1aa41c08a5dd4024974858e9297de1d3c93659b4d"], 0x98a) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'}) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r2, r3) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000000200), 0x6e, &(0x7f0000001480)=[{&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/178, 0xb2}, {&(0x7f0000001340)=""/48, 0x30}, {&(0x7f0000001380)=""/75, 0x4b}, {&(0x7f0000001400)=""/104, 0x68}], 0x5, &(0x7f0000001500)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}, @cred={{0x1c}}], 0x60}, 0x100) sendmsg$nl_generic(r1, &(0x7f0000002c40)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000002c00)={&(0x7f00000015c0)={0x1630, 0x1f, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@nested={0x268, 0x54, 0x0, 0x1, [@generic="b1e6c0a65722c92ecb589812a6277495f58c7b3b55d9dc6766bb78a0114fd5f85d515ff0b7ec52c0f79f4c22396b8436ad7eda91a354a403ee941283a57de42759195114bdc9994cc8c55a568174f5115dc7caafa2c4bdee17e4e4f2ef58efa474f326b108e62bb14e3d4ac0732c3284eece38266be5", @typed={0x8, 0x10, 0x0, 0x0, @fd=r3}, @generic="3414065f3a3934f291b3c4a205d5539c3acef4c6f5724154aeece1a38ece5a95e360e941e3f129a2d371669ff0957cbf455637d2ec26f3e52d822387", @typed={0x8, 0x4f, 0x0, 0x0, @pid=r4}, @generic="a8769a040dd4a319bb597c88bb64fdb3111937d305f3bdb669afbeff0ed7ab37c77dbf341f05f2666cbedd4435840e8886ea55ee606c585fb27e88bdab1b71cf0bcb6ebe89e9d64b318c16b06e9db0addf31e4e0df6b9b8fb0300b2f76656570da2fc265b96964ea60877d44e86151f2a358fb4d8da782c8465b1dc0c8ba7222f1bab327ecaca77567b722f93fad4ef4a3d7e150c59c17dc7ec8d2558e4e1c5f5ce1a149f8c086561e64b8cdd75a43795715a16ffa34b5a86303ae384172896b20e96a26be0a59af7ea79e296c6b48aa74d59ec5fe90", @typed={0xc8, 0x6c, 0x0, 0x0, @binary="0c87d87103515a3c28d8fe90baf3d5e8620c9091b2fac4fc09993ba92deb30f4ec7e27d7671e694e07e17ef2e13a6a97836c7e156656f1781e4a817031a6c82d4fb0388ca21ff23514f39db509dd7abeb75cb4a1993e8c20b82342b5e66105e3931a89408eccfe74b8b361d260872585bddf2eedc265c0fbba228f6c37edc55768c058ddbad3126bc1cc169ef8c53053ea82f8b7a288ecb2e8a1ff096247a5335f4815b959a2b13478d8a7677a9a88af1220417a15d047d5b320354af311535e18e7b021"}, @typed={0x4, 0x69}]}, @generic="4eb5253a5d80c559db0cd54a91f9b3664ebba464738ba1373c279a33c7dd61d3cec9a0041da06f6aff0cb67d77e8bba60da5758670fe45bbcb03b715fd42fd2b9bca89e79cddd44ee53f9fdc", @nested={0x20, 0x78, 0x0, 0x1, [@typed={0x14, 0x92, 0x0, 0x0, @ipv6=@local}, @typed={0x8, 0x52, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x30}}]}, @typed={0xc, 0x89, 0x0, 0x0, @u64=0x1}, @nested={0x46, 0x2, 0x0, 0x1, [@generic="9e5ab70cc4504a370b445dcdfb57e43bc2667f7b5537aa4ad135a1d671a0935ed1778a7b1b80cb2476a3fdf8d1a9b618bd95ee5870c5e6348d70cf2c1db5377625b2"]}, @nested={0x1293, 0x78, 0x0, 0x1, [@generic="1b7862cad1a4e8a4be338ffdc78f8cf48986416348891d6cf3a4ee5ef97592c11d774407b134af0617deb67c13e6838f9e91ec16742e092ec6562e3ec823e9cf109a7f005a137c1895a8f481bf309c2492fc3fbb11355bc2d5e252a08fb48c8a0e3461faca03f50e023fb17f444819f448406a3910344316f8f55b420367d3048702b0ddc7cba980e2e612226f5ef43c6d0885741f03dae13264a644782f89d1466a22e1c1005cbca30c6366b8c2e356c7bb68a71888959a9b7ba7b524686107a9bfee43422b7275dbe13a7a6d4a92b4df9ec6d6a7dcf19962f086a92c357dc3ac9e6eb835d502f061b455864a505649b5a67cb37bcc9693536347a7f5c5422426ba1614d2f5daa9712773a86fa13024e7d59af1370992adfb26f3e8da81639e604b535801404f4ebfdd26e7159bfd7f7405194410137b553a7626cb356d8834c4166a947eeec991ddd9766fb9ddf330a4c4bbb44a4d25cf77ae8fa5a219297235ea15527318b7268171770ec9ece7a34797a1ae488028306b83040a5b501e648641f4d187cbd8a8898496927f2b0106cc656384ac916cad9d82567d227b1472b355c42c82c578605231a962107be79fcf88684e7d8c89445881e0b14bf762c0be52935c78a416690c7359507fcf40e610e85d4c807a63e4b25f8b9adeaf330b2d834d6832774a4ab8cef6b1e0a43fbf0d8fcfb4221c90ac4737db646fdd1b08182115d75de57326bce2b047ea9320fa30eb0a614cdd3938766d7f58e43107afa03c0d453c083e33836dc78647acf9ed1a7bcb1f7d78e44c469186ddffd330ebd7e5cbff799e834b81582b5e425b1f8a977717ffe702da3425585a553a1dc90fa8068e8c5932f1e30307ab57342f0eb3f8774d5ddc9184aaca6fcf70845cae041b8c9e53e2f8873f0f21ff17f1dee0bcf67358680090fa9ffeb7c25eb568fa12a14c66be9829aa0156920316adbea0a76ef311d661dd874e43a5d139169c05f5d331833351739a8c830a0124fa65ebaa00298ba391bbba0f5e67b65cb753d4c8e9c0c6241829fb45cbc482faf9d2eba114b3f76d6c0c597dae5e136ee16a758529307191b57ed833b8ab9e93275334e3c480c92e60f37f0ea16398d4b04b9bc9ba1f2e4d8cbe531519b0e7eca376e5e74e6713b4212ea2a1230916f3bcc56fa58c883400f4806846019b18d12e551ce692539847cc1031d7aec8ff2123847f4545ad8be9f5c2ab4c5b9901c9f66b42b0e543f8c596ebe0ed0af6ef86d997ce6ffe4cd04f9e2bdf4487f157e50c81db230a35d0af665e4ec2b636ed35857a12a4d36007d756ca22d87975277b3ca9989ed65c01b00cbdf921afe537a630d630d591844685ee180309bfbab49a25fe404c8d75dfccb379a4050f88155c7519c972ecf4fa136f6a634493f5fa3587b95aa02e4d4473b684d799c82242a4760d449ff7d8df7932e46dacae58c023eac809440d917eee1e3ec331b5995ce98a8913f23557dc41d3775d8c82fbb417a3f131abb2176baec8f0a30575a54bc69cd682136a9bcf452c6c785a701abbf797fb847d355b3d561d842db07edc0088af495e3407a82bf62c4036eeb95e10e9b5437eb031500ed8c72ffa22b9dbf1e5fbfe1be2ecf28834ced41e635ad17d3732d285e8eac96b4dc7827826d60ecf56b83d6db308d6354a4eeaa9d01ae2942f90a405aa1bea60efd931fe4830d4cb629805b841a565e95ae3fea0fc295b3d6bd63e8a294ddfe1221672c2ce798e2b38f6d4025cd92cc9c1c53bb8b3270fa0063b55d6c0e5455dfba4690962fc5553b09d82cbfbed940bdd9c60852d2bcb38ef6216b5b39208ae4057ba33b0528091d7bff0bedd7691c4cf62b8cb473bb6be574e7634141bc1fb6dfd8e86bcf438586b6b77b91b6c793c83d8c4366fcaf79f4498887796c662083c5286ea27b983899d610d80aeada6edf2d5f5b8e65b1c7027dbe32c22b5d0d78ceaac4ed8515132c135500d38cf5f9e9b961a4414d2a1c8955ce1e5694a00a6aa637076426d71c539fca27811711eca60ce30c979c1eee0fdacd5230007a01d025a80c258981a03b8b310e94a57a7d456b2847d5ae1319ec1cedab69d849d2b7f45c3ebaaf319e11603a4ad88751d2f7f4df6b64ac0d07338b9d2f70d91a9db301f13fd6fea144425804dfaa921ed1cb4c5c74183d824d090593621a258ee45179a96823513627268c693ec4737d88d9c595bc3f26b061ab7d5003d4b53555d784806bedbd05013347118e8200916d56bd861d219b1ee6ddf24c518e868b1ecf207af5dfe910c9c1652dd276f6ea5db3b21bf33987f7aa773656b528e3f2b950b3098276d7fb805fbb0efd5627a9212aa034738d0d30669d5b267fcc0503b0e668c3a20baba1d68646cdef44f051a45d317dbcae65d29695d35811fad6dae74e7e5fbe14755c1768f470a092ba932974942906e7cb6a904b9fb32c11a9a667f9b85ada73736d3179abfe9bda3900dd2f9546427467b705014e9898d9851e16bf702c51c8c5890262c752785ffe3c7f32a1ac9e318517e43d4c986f7159382dcf6e5c40f7258a38669961277c608414828153a92ab9150ce48a750bc392619fba40f1c2a3c80973e118bd85c16771c1722b401bae5eb70564e8a47d8cd65671179d4e1c3cf6e059e0a62f0c1057d738e89528ddd88cacafbff2c0791ba771de533f554708518115167642348c81f04faf7c4fce062243e105471e404f12475000f3889042d092b71d44d6c8268398cbee62ac2a9eab1596200ede475bab10d5698590102846ae6c6ca6bb62fcc535aa049dd9de13d64c6e85172742cbffc80bf81f69069c0cde96a3909096b907a380216b6cac179d9fe68737ba55308a336b8356acaa694b840a94cb6619afeb61b413928cc3fde7b398ed20199278ca000c94daadd217c325536f7e5b3d04fbd67d88f7b631ff0a4f66454444cb0fc6433c18eec01e585c47367d2ed55d832575698499ac566eb0cf4cff8e383e5eebf534c3636b270a4fa2f96d79c84f0fabb821bd74116659bf33f95f841839319f4c28b281fd5c3f0eb3c33c292184ec89305b93f8fb846db8b33c92767a16f9b1e7d7d43fe83d7b0b33773816c5a050d07f9e1d8700ba3b51c760b969a6554ea1a267ec69687c03bf74d6fb4de1553e3608d4977588d9982fe115a2c36bd446ff8e966d1e2040b61f669c1994148d7a7510e2ac3c82f613dc637bf1ca106c9bbcc889f8e50d7847b974162d45270f45822e90acf1135b103bd219edfcdd60e07ac2b0326340a13949ff1c8d6dc0bc5d0bf374a0bde1959d826360e3229a6ce6bb63c035e3c229b55c4bb90243e02f0400a372d15f2134860f61487505b7bed2a13c24e9b0fb652bf7b322045206982c9b5b37d670019cac2223d04605e939a847c9878019b5089bd3f79a92c0ab8499b5b3deba163b2805441b985da124f5275e18ea9c95bb9f5c773ca455500c4b7e7b735a03145b869c2210a85fdc845286b751873b5ba33da12bbba816d865b6ad25ea8b0d15473108b05f34d9cbb6fcfca0046c13ecbc812b2945078be4f7e866473f2e02bcdc367309f06bd327d4539fb1d521d634ccd5c6a68380c0c89236e03488b6fca51fac136d5fa4250b8c72ba666788164d114b91cea84ec0995fda262624c75e0c41647775b88433b4a09cac1517eb8409c48d927c19170183c953749a4b852ba29fe9c75532c2e0cca910a9377c36d98e098a801a19f613eb1f579a44654fc77674e94cdf80a0521df48f522c97e0128442196fd175935e9132ee357ec5527f365bb412db4a4ceed79bbb5aecf1ccbd7a2483845c7a88b7330eb81a9cc7ad8438ec1a501bb42c328d8e6b2773a036cd6e4b65d63f2b7e12282b93fe3ed90f0b5cc1fcfcd5151b3c2f019755e94e9d1cfa71763fbc738b5dfb50a3863cfba8550f711a49ee65d78e060bf19a5e2f136dfafa5741a6713872a8d835340f5fe2a8d6ef08278e174cea671dd0e8829c65105521235b98445ae21650bab8b34afefd9f16b97b82e44b022c7d96c9a4bc91e57e4d0773de11c21848321b01ccf7b418170fe85a05f81ae111e055103d14447a391ae7a34b7b601817dbfe92c7d81937ecd929c6622407e2f14bffd26cf497b30817be334bec1e0e22ca419b45a138ae0419dfabc34258b5f90e29a9993f0b36315001005e845c80cef69fbc0e5fc32bdebeba92e5a4ef8e7ee1e15946c1a16e7fae1812134dc87e3915baf682ab86a6cefae787fa1f7173fb61c3ebb7b66928c0555dd0f47fa7dbe7b3ab5d09b808a3482286ba4b44d13c72e087f19f27884e00aecd817692bb378a417a6d1da82237b9719689624ed10506fb5eec85969b3e5c149023e3362e25502dcaf6c31da98a579629d3bacd1e16a9035d6acd2f5eebaa2041d2c08a70300a04d3ee08d2cf5eb1b4b0017449f4f9fcabc1dce6fedde8e4ecd68edd86b8d37358d09998e410e989e53e54f2efa06ba48a96550a4ffe6649387ae87ea0e49142cb6225f7245293f47c8f33ebd02fc2bebf7656a32125426281bc5bc4da53dc7f4c72b3e52e6aadd61b17663321751939dfafc73835394125693ec4bcebc8caadc67c25be968917d358fae792b3afe662b877e79e72ce1af8e86ac8fd9d6e12b6e99732b10a359f747468292b315e8f67930e984ec67572d7dba6d324d40c044b3afb14b94cabc13a2afee94592c548b5f578fe1d546580732f47d5a4e060f930aae98dc594a1e80059117538fe724d36f773b445502a93fbcdc5e657461b19774c898a6665746e5cc47a30389808763bfbaf320d1c40ba4918f65682accc9dc221dfd13cc997b4d7ed1464a62a712fe1443163360e04760aad40c6995dc1b6bc6f3349aff94d8d7cf2a3fdccb9a3010ed99516d29919d0e10be06d45adf86804c9c1435e57493c524adbc243dfbb75ccd45cafd82998a3c8bdbe52d1a3398cf52872679f517d162a4f3f90f8b4deba06ada8d92a4649913f919c46d3b0b1c2b0b443bd88d710c224d8842e0b56535710e0933071bc4066ff8574c6ad77c22d85f75f1cf801e24431826e9c8814527af62c8441e66aab2b6f423d02270e110e6e60ebfba9a40b248b6aa741e516646c5af486a1442ebd623d5e2a05e4e0da5a00d2447d7c4df372c68288113b28729df9ff3e28b1eeb3850d1a55e0c2e3cf92c7b668bcda3f540a2bef9258a563b1c399111e6577d807e3d96800f79ac44fc15dbc4b0470df886c0c3470fb93b7747aba19c9f0790ed4f7bdced564783cf9bd15e2c79df991e7cb85910d54a74a97f503d6a6a8323c402e1928d9b9490ca33ece9d7de583e91312890702b142720eee178b7d7cb78db7b65e9537ae31dd46118578c3a00d8cea4e0dbec5781703736072271ae6eeae198353e12449086f22d2a38394886edc6a268206ebb7e82290fbfd25ce8752215317bd60571b7840ef0041725242d86f828e846a39dfc5c6f483c6d6587a6e67bef41ce62394ef53291b45f22747bb79be31d6a5874547437031fd1f7a8343e1c0cb4e6d55bce5373cbdc8f513f7655dbfeda00bf3ab83982c858830a486114fbfc72973b53749066ce27e82aed3fa19b0083ceaed49e60d1176b8c1609054ab738439d21ac841aed0ebb743942065ed6d21bc27ff1e0c80b335b8c514d4ba3a4c30e48bf7900163e85a16e3a7d361d9e1280b2d8d7fd3ba2c94830ff0a3e3985f2dcfd9ddac0f0428cb4d4ad52d65f51b34b8f292f467e4ee54fb1a9f9639175dcb49ee2c0b260f7b783a437a694", @generic="bde2fa37828c3d4efb6f0236cb1f78022d43069bd5b21af86147f9d6dd8cf378d56fcf14fd0470af5adea5b8c991200b21010a11d808789a5380a93d1418f39e3dc91143eeb32ba49fbe932a8f3fbe0adb75b6c34bd0960f6394c2c62953635f25dacf9edc147b222ea5d36fa6210892f2fdd0e2ab9a4968af6742c5e2a1c743b31c0c59a5dad62c7e70523f2f2b78bfd6666f0c22ab06712590d4edcde581e3a06b1e345f0b44", @generic="56c461f19627a4c1218b201dc237afc2171ef040e44782076e49cf3b337717b35492fab69cdba901c152844138b7a40ce0471737bf46b5230d56163837ee2d5074b4e2c4aecd8f38e671b3161a20437b2b8893820e2d36c5742c355bdf48f4ee0ebac959e55f394a7d8fc74cbf2938d24e5b755c51a0929e6f1ac3f6a0fb70191ec44fb907596228e9b332d1668906e718a590973600e70d588b81103f80bdc42f1728f6b028dc4f0ea1c9e1e055dc", @typed={0x35, 0x8d, 0x0, 0x0, @binary="344574df56e2c07d37e83f84df352b4c8723eb04803a54ca00f69e49f0d8969bcd3f1ae285d614efe9ab5d90081216565a"}, @typed={0x4, 0x86}, @typed={0x8, 0x3d, 0x0, 0x0, @fd=r0}, @typed={0x68, 0x6e, 0x0, 0x0, @binary="fbd9c4a2e61abbba0a7833eb3d56dfbd5be2d9350a5a5f41a0933396b720aa57d560b35559a444ba15e691ce7002e3d6d091710346f36367937a12b997ca8f0e29c739bf4975ac95c9762c38461c76f53e744373e181b62f6c45d8686b661211227bcb69"}, @generic="95fb4e2d9e2f79300b068254d01d6bf524a16c53e88b582f3281b7b53bb0e17c370573eb9fc9ce0aec78c8c224f46bc4faa69d6d0ad787902e0730dbc5df10d1388f580f6a32e506e7606d419ddb965bc4dcb8594e053f498c949a5f5edf0c939216a96af1e2a773d5b8b436067f5204019efbced22359450d7a7c0b491eca730db4d6e90be0f22794176913ba"]}, @generic="17109915a30103f506c62f6e95ee22cfe26ef946a6730e0b9582fe7fec1afa2ff073eb1700bcb06288cab280d0beab568d861a63f80cb9c77e3418a8e3cb13b2116d010b2f9db5d0f4", @typed={0x8, 0x4a, 0x0, 0x0, @pid}, @nested={0xc, 0x8b7, 0x0, 0x1, [@typed={0x8, 0x26, 0x0, 0x0, @u32=0x80000000}]}]}, 0x1630}, 0x1, 0x0, 0x0, 0x44}, 0x4004000) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/cpuidle', 0x100, 0x128) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r5, 0x80489439, &(0x7f0000000180)) ftruncate(r0, 0x4) setsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, &(0x7f0000000080)={0x6cb, 0x3, 0x7, 0x40, 0x0, 0xb3, 0x1000}, 0xc) 23:17:55 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe4, 0x0, 0x0) 23:17:55 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5d, 0x0, 0x0) [ 2072.632866] validate_nla: 4 callbacks suppressed [ 2072.632884] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2072.632913] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2072.640625] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2072.640643] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:17:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xc00e, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:17:55 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5e, 0x0, 0x0) 23:17:55 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x58, 0x0, 0x0) [ 2072.779357] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2072.781016] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2072.788965] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2072.790728] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:07 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x42, 0x0) mmap$usbmon(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000000, 0x10010, r0, 0x39) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000080)=0x29eb, 0x4) r2 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r2, 0x2285, 0x0) write$binfmt_elf64(r2, &(0x7f0000001e00)=ANY=[@ANYBLOB="7f454c464f600500000400000000000002003e0003000000b50200000000000040000000000000009b02000000000000faffffffff0038000100f3ff0101a3bb51e57464090000004000000000000000ff7f000000000000060000000000000006000000000000000500000000000000050000000000000000000060ff7f000002000000000000000700000000000000db180000000000006f00000000000000ffffff7f0000000007000000000000001e564753e51459f42377a4a4892f4e4c53db77962d0049a65842530b7b76d3b3c0325a6c989cb25066463867a2b230ef2e3722ed1dcddcf81ee8b3dd15149def3ef45f7fd4538a00300072177ccab771398fa89067c484d56653f2dcb2eef7dc8717ddc0b75500c64d40538f0e2c12342ebb38acd2d2c8c48cf5babebf44066a2bb82af1394b5018835588971d35cac0a6eef437919e673c5f7e8d4392c70d55d2fc6fb48429229eab8c17b6fff0bcbc063d4cda7155799e8b2cf4e6500f26cbdc8dae7f26b94c3a3238941458c1b5766b3b6cbedb5e3550c7cad7f36fd2d3a4a327000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006711e42acb3971cef4814ee80d0ea62cb3346420a1c87f280a557b81e94125b679ffdc38b3b879de22866ffd35bcc7a7b7d736dd653b6b80edb5044de38eb7d928a630d6d2726ede4f7524335422fbf833c46dd23cd927"], 0xb92) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000580)=ANY=[@ANYBLOB="0100000001008000180085005529311faa54defc329cff6528a1dc43571e3dd2c9f134687a3df19fc9d00ed24583a6dd53af76065d0501806f3c6bec4f964ae0eb4782dfb0e8ec848e698c448873d20023d7da32bb73078e4efeae1e12c8dad9d1d9b1ee7f35cf3d47ee845be981af99410b14497346b9e437fcfc996c1f35f946e1363b386fc5d68722f42acb14bba358a8c5d1e6274d501786af8bf6432957afb1a0f313fe8df3917d57b11215b8adae52af90905d6b069862d0ff96087f05fb932700771070f4a5f84a4df5e8a7f0bd9dc6c17112d16312b8070120ccb52367208e0ec65f214ce4a5026dd4c61c4e52ba94d7add24d5b0105000000000000008926035cdacf25e0eadcdd5c9c73ab5cbd1f42078e4494f4e44d5af7a11600f193ce3696a89a8e01838bec8d947567c89b8ae4e0a4a14aa89a62ef911459e989dc990bb160d0afab06189c90598cc88a210afa81d57984cc1188c94ad2faed807c72125e968058856c68982afce3c2c1b17d80ae935b82f0462cad725da33578016e70d831035fc49af323076d68090cbe2620bd9ae24abe102ccb4811551dcefd68683961714a31fa9c55da0f0eaab206d9b9adbeb9e9fe1a285e5447770b921e95e71c0fe9168357ffdd3cec31a2d42a3f02f2d8e5e38e9c937a3153c7", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file1\x00']) kcmp(r3, 0x0, 0x0, r4, r5) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x4, @perf_config_ext={0x9, 0x4}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pread64(r1, &(0x7f0000000000)=""/24, 0x18, 0xffffffff80000000) sendmmsg$inet6(r1, &(0x7f0000004d00), 0x2f, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x0, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0x6}, [@CTA_TUPLE_MASTER={0x44, 0xe, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x24048801}, 0x4) 23:18:07 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x34, 0x0, 0x0) 23:18:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xed00, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:18:07 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5f, 0x0, 0x0) [ 2084.890782] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2084.892499] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:07 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xea, 0x0, 0x0) 23:18:07 executing program 5: r0 = openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x7f, 0x0, 0x0, 0x88, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xafb65a5e9945446d, @perf_config_ext={0x4, 0x10001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x98a) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {r1}}, './file0\x00'}) ioctl$TUNSETOWNER(r2, 0x400454cc, 0x0) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000080)=ANY=[@ANYBLOB="caa420936e71e8e80d9f0154e43e8a31e5e16f07fa9540e7e0b253d83b401a736f0bf0bc9f4c", @ANYRESHEX=r1, @ANYRESHEX, @ANYRESDEC, @ANYRES16=r1, @ANYRES32=r3]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_io_uring_complete(0x0) signalfd4(r5, &(0x7f0000000140)={[0x6]}, 0x8, 0x1c0800) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001d000103000000004fd305f906000000"], 0x14}}, 0x0) unshare(0x48020200) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000001, 0x40010, r6, 0x8000000) 23:18:07 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x59, 0x0, 0x0) 23:18:07 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe5, 0x0, 0x0) [ 2084.913134] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2084.914168] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:07 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5a, 0x0, 0x0) 23:18:07 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe6, 0x0, 0x0) 23:18:07 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xeb, 0x0, 0x0) 23:18:07 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x60, 0x0, 0x0) 23:18:07 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x35, 0x0, 0x0) 23:18:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xf000, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 2085.054794] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2085.056402] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:07 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x61, 0x0, 0x0) 23:18:07 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xec, 0x0, 0x0) [ 2085.097907] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2085.098904] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:20 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000240)='./file0\x00', 0x80000020) creat(&(0x7f0000000280)='./file0\x00', 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r2, 0x2285, 0x0) write$binfmt_elf64(r2, &(0x7f0000001e00)=ANY=[@ANYBLOB="7f454c464f600500000400000000000002003e0003000000b50200000000000040000000000000009b02000000000000faffffffff0038000100f3ff0101a3bb51e57464090000004000000000000000ff7f000000000000060000000000000006000000000000000500000000000000050000000000000000000060ff7f000002000000000000000700000000000000db180000000000006f00000000000000ffffff7f0000000007000000000000001e564753e51459f42377a4a4892f4e4c53db77962d0049a65842530b7b76d3b3c0325a6c989cb25066463867a2b230ef2e3722ed1dcddcf81ee8b3dd15149def3ef45f7fd4538a00300072177ccab771398fa89067c484d56653f2dcb2eef7dc8717ddc0b75500c64d40538f0e2c12342ebb38acd2d2c8c48cf5babebf44066a2bb82af1394b5018835588971d35cac0a6eef437919e673c5f7e8d4392c70d55d2fc6fb48429229eab8c17b6fff0bcbc063d4cda7155799e8b2cf4e6500f26cbdc8dae7f26b94c3a3238941458c1b5766b3b6cbedb5e3550c7cad7f36fd2d3a4a327000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006711e42acb3971cef4814ee80d0ea62cb3346420a1c87f280a557b81e94125b679ffdc38b3b879de22866ffd35bcc7a7b7d736dd653b6b80edb5044de38eb7d928a630d6d2726ede4f7524335422fbf833c46dd23cd927"], 0xb92) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000580)=ANY=[@ANYBLOB="0100000001008000180085005529311faa54defc329cff6528a1dc43571e3dd2c9f134687a3df19fc9d00ed24583a6dd53af76065d0501806f3c6bec4f964ae0eb4782dfb0e8ec848e698c448873d20023d7da32bb73078e4efeae1e12c8dad9d1d9b1ee7f35cf3d47ee845be981af99410b14497346b9e437fcfc996c1f35f946e1363b386fc5d68722f42acb14bba358a8c5d1e6274d501786af8bf6432957afb1a0f313fe8df3917d57b11215b8adae52af90905d6b069862d0ff96087f05fb932700771070f4a5f84a4df5e8a7f0bd9dc6c17112d16312b8070120ccb52367208e0ec65f214ce4a5026dd4c61c4e52ba94d7add24d5b0105000000000000008926035cdacf25e0eadcdd5c9c73ab5cbd1f42078e4494f4e44d5af7a11600f193ce3696a89a8e01838bec8d947567c89b8ae4e0a4a14aa89a62ef911459e989dc990bb160d0afab06189c90598cc88a210afa81d57984cc1188c94ad2faed807c72125e968058856c68982afce3c2c1b17d80ae935b82f0462cad725da33578016e70d831035fc49af323076d68090cbe2620bd9ae24abe102ccb4811551dcefd68683961714a31fa9c55da0f0eaab206d9b9adbeb9e9fe1a285e5447770b921e95e71c0fe9168357ffdd3cec31a2d42a3f02f2d8e5e38e9c937a3153c7", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file1\x00']) kcmp(r3, 0x0, 0x0, r4, r5) perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0xdb, 0xe0, 0x8, 0xf7, 0x0, 0x101, 0xc800, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x2021, 0x8000, 0x2, 0x6, 0x9, 0x10001, 0x40, 0x0, 0x323, 0x0, 0x3}, r3, 0x2, r1, 0xa) 23:18:20 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe7, 0x0, 0x0) 23:18:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x62, 0x0, 0x0) 23:18:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x34000, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 2098.429343] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2098.430399] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:20 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5b, 0x0, 0x0) 23:18:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x36, 0x0, 0x0) 23:18:20 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xed, 0x0, 0x0) 23:18:20 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(0x0, 0x0, &(0x7f0000001140)=@IORING_OP_READV=@pass_iovec={0x1, 0x2, 0x4004, @fd_index=0x9, 0x7197, &(0x7f0000001100)=[{&(0x7f0000000dc0)=""/26, 0x1a}, {&(0x7f0000000e00)=""/206, 0xce}, {&(0x7f0000000f00)=""/209, 0xd1}, {&(0x7f0000001000)=""/243, 0xf3}], 0x4, 0xb, 0x1}, 0x81) syz_io_uring_submit(r0, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x6000, @fd_index}, 0x80000001) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000cc0)=@IORING_OP_READV=@pass_iovec={0x1, 0x2, 0x4004, @fd, 0x4, &(0x7f0000000c00)=[{&(0x7f00000002c0)=""/141, 0x8d}, {&(0x7f0000000380)=""/173, 0xad}, {&(0x7f0000000540)=""/98, 0x62}, {&(0x7f00000005c0)=""/113, 0x71}, {&(0x7f0000000900)=""/190, 0xbe}, {&(0x7f0000000240)=""/6, 0x6}, {&(0x7f00000009c0)=""/183, 0xb7}, {&(0x7f0000000a80)=""/177, 0xb1}, {&(0x7f0000000b40)=""/148, 0x94}, {&(0x7f0000000700)=""/6, 0x6}], 0xa, 0x4, 0x1, {0x0, r1}}, 0x8) syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0) timer_delete(0x0) timer_create(0x3, &(0x7f0000000000)={0x0, 0x1c, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000040)=0x0) timer_gettime(0x0, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x4, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x290d) timer_settime(r2, 0x1, &(0x7f00000000c0)={{0x77359400}, {r3, r4+10000000}}, &(0x7f0000000440)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/bus/machinecheck', 0x6281, 0x19) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000000)={0xc92bfb053a14a5a}, 0x0) clone3(&(0x7f0000000880)={0x20000, &(0x7f0000000640), &(0x7f0000000680), &(0x7f00000006c0), {0xd}, &(0x7f0000000700), 0x0, &(0x7f0000000740)=""/224, &(0x7f0000000840)=[0xffffffffffffffff], 0x1}, 0x58) timer_settime(0x0, 0x0, &(0x7f00000004c0)={{}, {0x0, 0x989680}}, &(0x7f0000000500)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)) clone3(&(0x7f00000001c0)={0xc8182300, 0x0, 0x0, 0x0, {0x34}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 2098.446349] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2098.447406] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2098.459889] sg_write: data in/out 352299/2920 bytes for SCSI command 0x0-- guessing data in; [ 2098.459889] program syz-executor.5 not setting count and/or reply_len properly 23:18:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x37, 0x0, 0x0) 23:18:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x80000, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:18:20 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xee, 0x0, 0x0) [ 2098.505148] sg_write: data in/out 352299/2920 bytes for SCSI command 0x0-- guessing data in; [ 2098.505148] program syz-executor.5 not setting count and/or reply_len properly 23:18:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x63, 0x0, 0x0) 23:18:20 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5c, 0x0, 0x0) 23:18:20 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe8, 0x0, 0x0) 23:18:20 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r1, r2) setsockopt$inet6_tcp_int(r1, 0x6, 0x5, &(0x7f0000000280)=0x11, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4000050) [ 2098.582933] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2098.584682] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2098.604968] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2098.607211] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x64, 0x0, 0x0) 23:18:21 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x0, @local}, 0x80, 0x0, 0x0, &(0x7f0000000480)=""/199, 0xc7}, 0x0, 0x40018000}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000700)=""/222, 0xde}, {0x0}], 0x3}, 0x0) syz_io_uring_setup(0x54e5, &(0x7f0000000680), &(0x7f0000fee000/0x1000)=nil, &(0x7f0000fec000/0x14000)=nil, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000d00), 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0) ftruncate(r4, 0x1) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48ed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffff7e9}, 0xacf4ac9b71142221, 0x7681b961}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r6 = open(&(0x7f0000000340)='./file0\x00', 0x900, 0x4) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) sendto$unix(r6, &(0x7f0000000800)="61909f1270cc8f58d0bf76dc58ebcb8a7b6ff703aea7db0c4996f2d3bab6851fea2c21ca5ecabcabce4bd83fd12a511e2b5c4070a67c0f0baafa6621ba1e67f3a8e78f0f31d99d16674f36a9af2b414d0b12c2473dcc4ccd5a0827b4f7fab963e3802a151a2d855445d00e9af4f2eb794c5fc52530ffede53e481b34caeac85de0e13205df347bcc8e65e569585256d7deb56f8461f6a06cd47910589257e9cacde744cc0423bf5982b3a38c1b28daf537cfb7ae81dcf9a865e01991c1ba15d634add4e5696ffe93153bb7e9ef0f055b6adf06ed0b2e67f79a21edf550b123a8eafec5597ac81e0eefb5ae6609ac56046c8f4ba832107061d3e5e856670406c1f3f1ad088b5bc8c8c5379608842d9dba5f1805692136d31fb3c24609845e36df02b7010468007fdfc3b4a525833d94d17ca5faadc67833c850b74a1f7914760c85975d671a0598d7897e94e48a5da4645c6b36e3c1c2bf1b7b2cc73b3fe33d70b9efd6ba0fa4cf881abe08cb38623f92a4a19f01f2bce9e18b359291643420ed46e105ed6dde976d0c58cc38d7a98f49c3a39e62c91ffb596eb728ead7497c13cfbba9b100dd1f9f7077b604d0dceb4f52e1aff62d89bf84dd7e18a76fedd52ea200de0acba7786e097f4b32af01ebaa54f7765d3efc8efadae3d6ba8113a8234eeda67c2e9f5e238238a1a2628d08f0dddea766320fc538b92d83bf66dbd5f4f7d5390cab0b80395daf9432877b4b0d559933ed07a9a753b91f2b6e6249df2f7315e71723a4fc958432b5b192eba66afbbe0efa97fadeb1dcf6e3c0bc00258cc6c55cf31136e3784355b79868a488d4c859b5c6a696687a0751e75826a77706f4fc7da7af501a90daf2081f270a6db8dfb1f28462eab0181f0c92c281bd8229bfc56cfeccaf68b72d647463bbb5534b4a8651ab6a7cea4167727986573f9d373052b3d03b663562a9a561d815189688259202e67e4cab7aa7982baeff8a40cfcf7cf6c923b3dd0554ec190c995a67228d67260e09b98cb6b625b4151c775ecc8b86fd5591b9c91c5fc04c2f0dd7ea87d8be720872ce0b329d929134fa4c57d5d721abac89f16848ec5cb99fe840d10dc4af84bae8a4b4e51a774156ed9d517fba297f9c5c053cbc8f71091a7e68a44a0e7903f3458a9b96b672280562b5939068c01789c3b508cd668b5dec6c1205911c116d8f038197b65d2bab1f9d6e657bc6756141216e5f2db19d5a6b85c461d61ffa669fdd8270cd5320fb8c7d5ee96f70e1b65b85e2c973cdc4311600158efecfb97333760077b86e7783ed7832c1d8e3a7ee6bb0025373bffb5704e3fca3f9a367357492fb81b08e70e0a0bb53895078fc4d118b4ed5c539af6363113e1de5706f7ee9860c94693ae77d7d41ba48ae03935493eda026990f825e8bbfabc021702ae8c6748c1338d488aa24798aebba42817072e6916e7ba954976111e59baab68618d835497546c60404298cbe6f730da2b94f626113be6465a9f057d947a5773086bd99ebff17a0662b8b2e268bf337b5f63292a3ad1dcf58148a926aa5716f10264a9988eec1fbea4bc3c84207fd66551d199b83baf566f15e329ae87bbb15f96369eac9c2184ddc0cbdb464f3d5ec07118943d918f40008d18d7824c8e52e7edb4d556394a66ab084ee1625a255c32bad846a5978ba0d2510ec9101078a31986e9402197d5bc5a6537dab5b0398f6210ee5c4ac8b5ba3979008ab290b68016a81b0fc3b66f5d2cb72e4209368ddabdd6d4a99eec4c2cdae4b393394069235543fbf0fd7e28d0c8908b5ca5de3f07423fb242daaefbcde3560c03c1012114d4568eebf910c1513d40296ec51b46b26ad503b8b134fca33e0119d83f4e0fcda34b1c309ef18c9e3187bc667b6a5d32c7586177763085fd7ed95396318ae64b2a9bd68019ed64bb0608c0ed7ea3f7d931bbcb03b02d0da1eb48a3304994fcbacea1006bd5069d56da7474bd0eb6836e49496c06f2786518957f78a2659ae024ff0fa5614df70ce66280e34420bb531a645089e025e30fb32c79df1011cb6be6631bbb0060110d5e6b945ad5af77cce0093da900261472ff92011d8420d3223925cc0ec68347adf7c9e230e6695997b4ab8c60692c5af33b904e272faaf9137971e10e44a10a63239519cc36cf56dea3a23c0f0c1634ba189638decb26d568657aa988d20ae5b7e2dbed61c14c5608a0d9a57f33c955745c5763813d4093625daa597d648207d89b1b05d5258cba2e3902fc79e642f88274c41a43b7228d715fd143cfba48a9cdce882110fc34ed3f0e6221ca3fa6f19809f47c19df47394f604abf3f2fab14897de22dd17f1730d5d6d663a7268d10ece3a17979f241791e0676a5130ab6f3e26b8b5e326b1b24de5b745228dfac2fc3f277bb3a19ee87d2441cc8fa127f0202ce67d8b653308191d14844a5634c1f777c645ecdf96d6b292c763fdc45ac479950c05ddc63d36e31e2aa3e604c680297ae84e2b9b322f7ac7fa26051c6a266c19e43ef2f9989c04556244a37a3dc2cbb3584a3d2dc5747f9e82a9b7c2093fbe1047dce13947b6054ca7668f5c3aac0afe15bec782451f2e62f58f4a532ea38a2911385b58a73de6e10248f030c40ce24b38fcea90e75f5ed837cfefd67546bd94b155f76e9855184b38f83969a593477a1248434e1fd66020364e10dc3506852d55a1deaeefa8debba454e67f05497b7b77efc0610bd170e8911f294361809bf2e7b5ddff55c9eabd55ed82c893b4cf16134eee463f5f16ff8f75ae232bd10dac9fb3898b8bde65103ffe7dcba3f8cb3ee070b18fff82d4c508248b08a69e96651e0e90bccbfe0d97265e246dece01603ed048f031feb38320f25fafae3374f90a3f6826ea7e760200c02c5087a9b229fe1812ff4154e5a6b871ef5a97c4e98b26d9df7982542427f325d39ba23516eb83059b5234779d998a96853f891b48b869c39cc2d17de9b791abc96dd18ded7442df3aa550739747d00122c3b416b3f1c9cd4c05785544999fbf8bfb03ac1e747f73e41aadcefdc70f6d086591800127539e964571480606ebb8d414d718c4c4aa48db5b2b826ceb9603b2a2fa082d22d2cd542192daeb5011758bd8e73e9a8e7348bf04f272cdfe8d292e827533090b798245db2951250fc21ab19a9924551acf461517dfe20d56abb33f0777cec8faa61be87a2030ddf422c4296f3d9b56dd07cb6adb5d35cde7401788ed0dc2b06ceb8d02a41b66dd1f07831b3f4bddf76760b57982157240ca2ed9ca4ecf99ac7081c6ce662fd2e6c6ff0d1742a6b74c55ef7597d8e6fd8d40ae32f21937f9de67abd0e1ff2592a98043c8f6c1a78bb2f73d5c8d5fe5d92a5959f20d8000485f7bb8220ec42f10c8ed7c2a38d6afe0c1f9766da0285cb05f3cc43b3bac9f0f9d12f23d8788960e23c84d7852dc00522fe2733006baa7643e256fd05e070f0fcb65d8300e65df09e08d101506cef3b82cd0b2a176629798c86ecd0062f33d4317d593c2bf988a5407818e10cfc8ebb9baaa300db737c88f532864b32874eaf1873a74ed20f4026dcdb79bea2b3f6c1f86807992120927474f571615586f87474a854855ab5027fbd1a346284402284ac411a1da71769a0cc6c60652655dec6ca8c152a95e22400bd344ca16b6748e5c4d9a778cdfce6e5d1f474937cd91bc801d9e46d8715488c7c6ffa69089c0e7495a0d47e4d113fde925da72a36894f51c84bd26a58377ce6beb3b2986428539b2624d93cb11401914c7815f5b74d09b996bf8c355e7327c80e8425297c6ede1a5eb10188d9fcbf023a7ae5ed2a7ebf7591a99b60ff2e838812bcfd1293e3f94ec740e4512d55ed96641c08e32e8cad5a7b9f6adfeb6eec7ec32582e590b769f4bb7875987ed6d67782b06fe96765148ecd10e38c643287fce863ed138c7ff9dbfc6317350485c767f5953cb5e9d15379942694dddc3b4d4129750dc91fe3fae21c5cdcdf76aadd2f5ea6edc64bab94531563d93f7a59ad7bf0c98e0c7ecfe824187781767b13e044d527f08092e2e434756e3a660070fff3c41420b62a6fb3d135d1559a1a3de8a56bf17172f8d879397a6459a5a98ec7acaf82d5d9dd2b462fc73e572902798ea1f260a04e3c5021ee622e414623141230fdbb69e76ae1b87d7ff4b6e5b2ece2ff9c1868544b10ed7b01d96e10a8cc55e99b3eb7745945f67aa5057e6335fe8b162ea75b1deb94e77f4682c2043e7047fa243bdfac71988aba79130545e17139f1718f69359f59a862c6ea9c4d100736b8b30688f416286b368df443e4f80fa9cadf3f61f3f4fd70f5925ae6171b6175666fc6978d21d80dd6479f50ab4306b4d9c7164513f852b82b5f759808d9ff4f1da87687f9c2d9662ffdb864b5b2f7e1a3ae7714c094cd7f0097bfc65385bc39bd204fe5923388a4dd9c7c085c8693e574e83675763d22e428798a57af501dbca6bf9f53f5b31a5d257a958200bc122e94190fe7fc2fbcf111bcdc68ec0b267a4bd63e020bb68436e5c80aa70f4209f9e424714fe5c186aaba5663613efbfb795f6f968170f15a85831cd658bc21e8aae7464369edfea996bfc6776fd69ab2e44ac9e13fbf453f2f0da320bf7419400294723a3196fa7a522079064864b90939487696b9e6a37e740613c873754acf0a703398f3b372d69efde0285542137b98bb86dd52f5d7ed4c373576ab146d08f7da8277aac519cf338875b27f3b192f8477ff49fbd5cb624773a4d50d17deaf76d2ce1760ef5fd667333fe145c8e839f4ca079c8aa1408da97c64aff4cad94d232e525c05cf64870238033059e498d4d40ee9f5ff945a370400845669ce592e4c1b4dac669ea1486d728954d4fc5a6a8d1f5da71c66cc17e009893d53e400ec6b4f72c6be94ee9bb8ab540371a88042fcbef8452879557457e08bacfe7c7be4a0e450e00979496a93ffe8757b014ae995596a1c1d461944d95efd1da171502854d7ab6a307c10662e923ce566e2892b70ff50db229b78b2f8d11430ebfb519c08d560deeb05f691f976e082d81c419fb9a6afea0d4df8695143025f8b8b409f91c663e1fa3e89be6c93baf87ae984b5031c1562241b5ea38aad9b7bf860ad5320f507687f9b2f73c40d5e40231d1f14682ad8570c7618ca0df42882c63ed89103d40a68907e9fb0833bd64ac70f2c4eb392f5eae926a7715e49d754dc9deb4dae9b252f09f8e7126364751d5e43cda94bf592d4a5287808776b2bed0986f43c0d3c967268b0344c1877c94f91d9a039a98b9f5859f21d927855285d60f83b65b7e4f46dbb659c399dd16ae35c4e99388b5f84a3d6bc94a68f0e956a763813797eae6952184c020a56953b660aad98ca742a15ad76e600464cf69ce4f4a9eb830f95709fc1e321236c4e34766fe6f6cafb776ce24fdc5f7b14164c383ef904eb8700e918d80bf78e2817bb7136263e25e95ba7a3a1407db8cb10b37a6d94298649765747f81e95b0c304b3e4dfb169e69b978cc14e2219a37ad8d5d2b66ded29859cc3cc0a7f4db6c8ee1d7ec5d9ba704d8ab15c5d676cebe8b8b2815e34182428360a9fb002f6dbfad4fc5690f6cc6fc4aee52104d55a2e86073a83343df3447b1a0cf2c404ffe03cb74d71b6f2bfe80614d82114a93edec87c26be1a6a26c368fce8a427bd7a1fcb7c868241f8cc0f74a0daf402159da1392128d4b2b67ce653d80cea427704021819626967d1a2a199dc5685b8e464e214dfd38e4a0a99041ae7f1d4416482b9f2a1fa0e8c75ece84107da9919", 0x1000, 0xc4, &(0x7f0000000380)=@abs={0x1, 0x0, 0x4e20}, 0x6e) 23:18:21 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x38, 0x0, 0x0) 23:18:21 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5d, 0x0, 0x0) 23:18:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xef, 0x0, 0x0) 23:18:21 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe9, 0x0, 0x0) 23:18:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x65, 0x0, 0x0) 23:18:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x39, 0x0, 0x0) 23:18:35 executing program 5: r0 = syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = dup2(r3, r3) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}, 0x0) io_uring_enter(r0, 0x76d3, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, 0x0) 23:18:35 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(0x0, 0x0, 0x10, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000006c0)={0x0, 0x1, 0x2, 0x1}) write$binfmt_elf64(r0, &(0x7f0000000380)=ANY=[], 0x26c) r1 = openat$null(0xffffffffffffff9c, 0x0, 0x2480, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="00000000000000002e2f66690100000000"]) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x1, 0x1}, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000080), 0x1, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='smaps\x00') clone3(&(0x7f0000000200)={0x44004100, 0x0, &(0x7f00000000c0), &(0x7f0000000100), {}, 0x0, 0x0, 0x0, 0x0}, 0x58) dup2(r2, r0) ftruncate(0xffffffffffffffff, 0xffffffffffff0001) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ftruncate(r3, 0x5) 23:18:35 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5e, 0x0, 0x0) 23:18:35 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xea, 0x0, 0x0) 23:18:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xf0, 0x0, 0x0) 23:18:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x400300, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 2112.986031] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2112.987021] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2112.989360] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2112.990298] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xe0ffff, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:18:35 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x200, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x48020200) [ 2113.111655] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2113.113281] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2113.140420] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2113.142123] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:48 executing program 5: r0 = syz_io_uring_setup(0x386f, &(0x7f00000001c0), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000240)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18}, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r4, r5) open_tree(r4, &(0x7f0000000040)='./file0\x00', 0x89901) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000180)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index, 0x0, {}, 0x0, 0x2, 0x0, {0x0, r6}}, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = inotify_init1(0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) inotify_add_watch(r7, &(0x7f0000000140)='./file0\x00', 0x10000128) 23:18:48 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x5f, 0x0, 0x0) 23:18:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0xf0ffff, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:18:48 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xf1, 0x0, 0x0) [ 2126.102794] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2126.104501] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:48 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3a, 0x0, 0x0) 23:18:48 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x66, 0x0, 0x0) 23:18:48 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xeb, 0x0, 0x0) 23:18:48 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x76, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x55db, &(0x7f00000001c0)={0x0, 0x6acf, 0x8, 0x2, 0x294}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000240), &(0x7f0000000280)=0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r1, r2) syz_io_uring_submit(0x0, r0, &(0x7f00000002c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x100, 0x7, 0x1, {0x0, 0x0, r2}}, 0x8000) syz_emit_ethernet(0x3e, &(0x7f0000000100)=ANY=[@ANYBLOB="0180c200000099aaaa00082c0020010000000000000000000000000000ff42ea84a1d8287ab7000000000000018f00907800000000"], 0x0) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x6359, 0x4) dup2(r3, r4) perf_event_open(&(0x7f0000000140)={0x6, 0x80, 0x1, 0x1f, 0x9, 0x85, 0x0, 0xffff, 0x8621, 0x4, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5b, 0x2, @perf_bp={&(0x7f0000000000), 0x5}, 0x1000, 0x0, 0x3, 0x5, 0x8, 0x80000000, 0x817, 0x0, 0xc9a4}, 0x0, 0x0, r3, 0x2) 23:18:48 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x60, 0x0, 0x0) 23:18:48 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x67, 0x0, 0x0) 23:18:48 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xec, 0x0, 0x0) 23:18:48 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3b, 0x0, 0x0) 23:18:48 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xf2, 0x0, 0x0) 23:18:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x1000000, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:18:48 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x61, 0x0, 0x0) 23:18:48 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x68, 0x0, 0x0) [ 2126.268497] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2126.269463] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:18:48 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4347, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000300)={0x1f, 0x0, @none}, &(0x7f0000000340)=0xe, 0x800) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x30040) syz_genetlink_get_family_id$fou(&(0x7f00000014c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x4) syz_open_dev$vcsa(&(0x7f00000000c0), 0x7fffffff, 0x80000) ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x35}}, './file0\x00'}) r6 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) 23:18:48 executing program 3: r0 = socket$inet(0x2, 0x3, 0xff) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xab}}, 0x10) shutdown(r0, 0x1) sendto$inet(r0, &(0x7f0000000040)="e1c97353f72cb8b170622cd1648fd630d7209e7d", 0x14, 0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000000)=0x6351, 0x4) dup2(r1, r2) setsockopt$inet_opts(r1, 0x0, 0xd, &(0x7f0000000080)="f608369801fda757ea2ce0fdef4254f58ab3718aa875d060a066ef224c3a7a7c9c8ee4af6eb9acd4b8b19cae1af6a40d48fa46bab21d9d901aef0ecda50a0f150dea34cf368d8e6bce613144a81db9e92e519d90ddd7d6505315e43d2c1fe7496d955cb48378575af23c5dfc838d6815270204e5ead6dfc2b5faf34914084e449d746fd6f86d98c59c", 0x89) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000540)={0x100, 0x0, &(0x7f0000000340), 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000500)=[0x0], 0x1}, 0x58) [ 2126.285456] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2126.287082] netlink: 'syz-executor.4': attribute type 15 has an invalid length. 23:19:01 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xed, 0x0, 0x0) 23:19:01 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES32=0xee00, @ANYRES32=0xee01, @ANYBLOB="2e2f6670c8ef696c6fc1fd807d2f7a0a5aa51e11175827c2f98eedcc32d8d804b742771490c8fcc351d0f2462ad453bfa6a10eaa8b4a5e24543c55f0417364211c2f3b8e4c9d23422b2cda05e7c3eae15bcf8025f3fb637beda741898baee3307b37a7193e3b9e6042d9fabd53b7249ecf762f8ec915d46046606f629af71b2a7a41c2777303a8c65821a77a4722694c2e7a224c1bc0bf57f60d7ec0d8b3893c241ca453e57e74eb787eb7411c43d8147daa4a3d4af6166c383d384506a9c4584caec2bc09a651977dce2f0cf7255fcab2674214649c7d87190b40e5af77bd390317f7757c938dbc8230902933ab5e3a745902b047eed1161a8ce25f706d605ac9e3427707727b10fcb35fc243c34fd5332950907ceeb6f42cf6f6d60abdbc95f361edc4e67901198b53e680d86f8405bef2a1b2986b10698ffe5cd97c2226b5225d7a53cd377fc037ba1806"]) mount$cgroup(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x21c1054, &(0x7f0000000300)={[{}, {@noprefix}], [{@obj_type={'obj_type', 0x3d, '])$.]%'}}, {@fsmagic={'fsmagic', 0x3d, 0x7f}}, {@hash}, {@euid_eq={'euid', 0x3d, r2}}, {@pcr={'pcr', 0x3d, 0x38}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1/file0\x00', 0x400400, 0x100) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x30, 0x1c, 0x1, 0x0, 0x0, {0xa}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x9e'}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@mcast1}]}, 0x30}}, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file1'}}, 0x10) r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000000040)='.\x00', 0x2000003) syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f00000002c0)='./file1/file0/file0\x00', 0x7fff, 0xa, &(0x7f0000000c80)=[{&(0x7f0000000680)="95167f04e2ad73d1fc7e14d5ad256042f9e92ee87118982279e9a1be674d135b294a4a50d0a31a368f22137ffa7b219837802fe48c0603e3d902a100cba0e631e38c30afeb71b3e1d6564763059a5e0dd6f65468117a9424d2e26ca16cb48de4266b38cc4593d49356683da6f953e5574eb6df9930f9ba291c81203bbea23c0928ea4f7ba436c519ea274732a7ac0501ec84e77c7da1014539c716de1fbab410b24093b00e965bc5daf5353530ea624c673860a20b5cbbc57e4abc23f8b94c2241d271e53b4c99540290b4e5d6fbcde7027089ab0508ff678ce95227158cfa1ff1cab7ef5cbede7199d89310fce63eff6e8fa589d7", 0xf5, 0x101}, {&(0x7f0000000400)="6f8a62354d2ee87ff2503b61d927dada6bb10a26df7cc7347e65172652689453c66fec84338d0dc654b452b477ed5c8b903e88034f3214ba8475", 0x3a, 0x1}, {&(0x7f0000000780)="0f3f780aba9370377f1b801ce03c6a01280add498367100f835706e510793c893de2363db5d774148b40fc5dad64e427908cecc45a74c0dbf7fda297b7c8466fa616a5aded18f0d16eb358a53cdf1187bb7e1362cd33e55309f1fea5f27de4f7fb1858bc24b4c3a8ab099214c5a0dcc45b61051d69a864879d383e16356d6948faca35676c9a31bb8678e68cd1879436d43b4c135795b30ad2571a88296169898a693301b3deb0673adbe5eb036f035d113a7ead165fca1f383b7d1a0b176e614efc22ef67cc9ac55a49e08b0f941af164b6592b2338a63b87439d4f9e0d54db853d5d0c5f5436b8832409c80500ff642ffeebe00d0a2f", 0xf7, 0x7}, {&(0x7f0000000880)="930a5175421b55f62bf142c4a33128d1e6ad1503469e901ef5df667f69573e08765f963f89e12b31dae10b016cdb9235d97e8226101fafcd70978d75e1bbc5fb773f50dbd73d95fd8ef66a1910229233eadea627458a39f31bd4ab71545971ddc6426a47aec24e3ee7c729603862aa8ddcf2cdf26cc0ce9f48e87b8e763480792ec1eac799d263fc7df7dd0676e4108952c097b1aacf9765555ad70798214a73c49e5ebe8ac8b78d5accf4fa9e4d2fd5676b750e51af7f54e0f6a1", 0xbb, 0x4}, {&(0x7f0000000440)="0f52ce2fbbadbb8ff92e71b34bf57abbc8865c", 0x13, 0x8}, {&(0x7f0000000940)="050383c8e03c3237283e6770d1fa3e18f8822699db3cddf6c6091168539e456d7631dd91fb1f56fab5da3dcbe8a186e26ac02ab1f99379e01bcbf3cb7c41a87d44bb5d624170104b5074870f11461bc858913218742769bc1e05a960b040f83254d570e6fc486b075a9d2c752225e942edce17508bb6c8542a0951508203fc7a61179cf02af91e1f31001da92b9aef2b8d3495dbdfef4c4891322a5e4e6a1f2f4549dbe716", 0xa5}, {&(0x7f0000000a00)="b3d42877eb239864a1bf4ed68bf34623d774f5809e2ead56f8f8d73c5e97e78837c30e30add5015cfb7f1c712058fb9de064bdf39f91ca14cc6283cecb766442fd8c", 0x42, 0x2}, {&(0x7f0000000a80)="7f74146f37d81f3458c83744a620b43e7486feeec95e2c7f0ed82a32d78b18feb4777f4a7fd31a7ba45158a121e48f2365a511f779e8c2cf8d7a2a587aa1e0ee0c59d4a7cc3908ea20dd04fd75d79912488f9bcf83978d91d78a8809534f7754a527697774ad2d4a998ab818f69f86f3fa64c7c87e5ae018346402fa59d6704a2c", 0x81, 0x5}, {&(0x7f0000000b40)="2cfb9871b889aa5bdc2c0a7080007d42c4c89fac89e9839e40fc64bec11f1389911a5982cb3d0b3b752ed62abd6404405a6c8c0bd87fb5669940e624dfef08d941490a32b11f10a4f29a251421f1d41a428e05a2306297349f201dc6988b035ce2", 0x61, 0x7}, {&(0x7f0000000bc0)="66c7cb346f97e26409c4f6564a1ea6079a55f08f9915ad2b781a7668963093a96c460de6d3335517115f3f1c542f7374d52630ce862fb3875716714b7d4b4fb65d730247010c2ee7709ff0a5d0f74bfb9974f7c176cdc9b8718f6cee6438c5f3fd5e27046379f498e44e4eb7486b5155dbcfec60ca4620eed57c908c8d1c30b487dc4fa7dfe47f2889b1823b3e907ac2d1f12bd0dae6ad7f5da1db34d8ea", 0x9e, 0xffffffff}], 0x20000, &(0x7f0000000d80)={[{@huge_never}], [{@smackfsdef={'smackfsdef', 0x3d, 'L@&^%{.::$^'}}]}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x3}}, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) sendmsg$nl_generic(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x30, 0x1c, 0x1, 0x0, 0x0, {0xa}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x9e'}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@mcast1}]}, 0x30}}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000001) 23:19:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x2000000, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) 23:19:01 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3c, 0x0, 0x0) 23:19:01 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x62, 0x0, 0x0) 23:19:01 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x2ff, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}}, 0x0) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) syz_80211_join_ibss(&(0x7f0000000080)='wlan1\x00', 0x0, 0xf, 0x0) r4 = openat$cgroup_type(r3, &(0x7f0000000000), 0x2, 0x0) read(r4, &(0x7f00000000c0)=""/21, 0x15) 23:19:01 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x69, 0x0, 0x0) 23:19:01 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xf3, 0x0, 0x0) [ 2139.219244] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2139.220927] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2139.233741] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2139.235399] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2139.271192] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=535 sclass=netlink_route_socket pid=11268 comm=syz-executor.5 [ 2139.274485] ------------[ cut here ]------------ [ 2139.276027] wlan1: Failed check-sdata-in-driver check, flags: 0x4 [ 2139.277672] WARNING: CPU: 0 PID: 11274 at net/mac80211/driver-ops.h:172 drv_bss_info_changed+0x554/0x5f0 [ 2139.279724] Modules linked in: [ 2139.280421] CPU: 0 PID: 11274 Comm: syz-executor.3 Not tainted 5.10.236 #1 [ 2139.281915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2139.283730] RIP: 0010:drv_bss_info_changed+0x554/0x5f0 [ 2139.284877] Code: 49 8b ac 24 a8 03 00 00 48 85 ed 74 3e e8 24 83 8b fd e8 1f 83 8b fd 8b 54 24 04 48 89 ee 48 c7 c7 a0 de 95 84 e8 05 ff 24 00 <0f> 0b e9 c7 fd ff ff 4c 89 ff e8 5d 87 b7 fd e9 97 fb ff ff 4c 89 [ 2139.294480] RSP: 0018:ffff8880493675d0 EFLAGS: 00010282 [ 2139.295697] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 23:19:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)={0x28, 0x1a, 0x69844ea0a6ddcd11, 0x0, 0x3000000, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0xf, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x0) [ 2139.297247] RDX: 0000000000040000 RSI: ffffffff8129ea03 RDI: ffffed100926ceac [ 2139.298943] RBP: ffff888046f00000 R08: 0000000000000001 R09: ffff88806ce37b0f [ 2139.300518] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888046f00bc0 [ 2139.302096] R13: 0000000000400000 R14: ffff888046f01da0 R15: ffff888046f01d98 [ 2139.303641] FS: 00007fcf467b8700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 2139.305587] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2139.306854] CR2: 0000000000000000 CR3: 0000000048a64000 CR4: 0000000000350ef0 [ 2139.308431] Call Trace: [ 2139.309039] ieee80211_bss_info_change_notify+0x9a/0xc0 [ 2139.310233] ieee80211_ocb_leave+0x1ed/0x340 [ 2139.311206] ? nl80211_parse_mon_options+0x477/0x6d0 [ 2139.312342] __cfg80211_leave_ocb+0x1d6/0x570 [ 2139.313345] cfg80211_leave_ocb+0x4e/0x70 23:19:01 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xee, 0x0, 0x0) [ 2139.314279] cfg80211_change_iface+0x843/0xf90 [ 2139.315361] nl80211_set_interface+0x67c/0x8f0 [ 2139.316370] ? nl80211_notify_iface+0x180/0x180 [ 2139.317401] ? nl80211_pre_doit+0xa2/0x640 [ 2139.318332] genl_family_rcv_msg_doit+0x22d/0x330 [ 2139.319404] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2139.320866] ? cap_capable+0x1cd/0x230 [ 2139.321750] ? ns_capable+0xe2/0x110 [ 2139.322594] genl_rcv_msg+0x36a/0x5a0 [ 2139.323432] ? genl_get_cmd+0x480/0x480 [ 2139.324310] ? nl80211_notify_iface+0x180/0x180 [ 2139.325339] ? lock_release+0x680/0x680 [ 2139.326221] ? netlink_deliver_tap+0xf4/0xcc0 [ 2139.327202] netlink_rcv_skb+0x14b/0x430 [ 2139.328111] ? genl_get_cmd+0x480/0x480 [ 2139.329000] ? netlink_ack+0xab0/0xab0 [ 2139.329865] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2139.330869] ? is_vmalloc_addr+0x7b/0xb0 [ 2139.331788] genl_rcv+0x24/0x40 [ 2139.332486] netlink_unicast+0x54e/0x800 [ 2139.333384] ? netlink_attachskb+0x870/0x870 [ 2139.334368] netlink_sendmsg+0x90f/0xe00 [ 2139.335282] ? netlink_unicast+0x800/0x800 [ 2139.336224] ? netlink_unicast+0x800/0x800 [ 2139.337159] __sock_sendmsg+0x154/0x190 [ 2139.338037] __sys_sendto+0x21c/0x320 [ 2139.338898] ? __ia32_sys_getpeername+0xb0/0xb0 [ 2139.339937] ? kmem_cache_free+0xa7/0x2d0 [ 2139.340883] ? _cond_resched+0x10/0x30 [ 2139.341750] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2139.342906] ? call_rcu+0x435/0x9c0 [ 2139.343723] ? trace_hardirqs_on+0x5b/0x180 [ 2139.344695] __x64_sys_sendto+0xdd/0x1b0 [ 2139.345594] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2139.346730] do_syscall_64+0x33/0x40 [ 2139.347582] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2139.348727] RIP: 0033:0x7fcf491f58ac [ 2139.349558] Code: fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 20 fb ff ff 48 8b [ 2139.353499] RSP: 002b:00007fcf467b6f80 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 2139.355200] RAX: ffffffffffffffda RBX: 00007fcf467b70f0 RCX: 00007fcf491f58ac [ 2139.356778] RDX: 0000000000000024 RSI: 00007fcf467b7140 RDI: 0000000000000005 [ 2139.358329] RBP: 0000000000000000 R08: 00007fcf467b6fd4 R09: 000000000000000c [ 2139.359916] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 2139.361476] R13: 00007fcf467b7140 R14: 0000000000000005 R15: 0000000000000000 [ 2139.363043] irq event stamp: 2131 [ 2139.363844] hardirqs last enabled at (2141): [] console_unlock+0x92d/0xb40 [ 2139.365709] hardirqs last disabled at (2150): [] console_unlock+0x839/0xb40 [ 2139.367608] softirqs last enabled at (1436): [] asm_call_irq_on_stack+0x12/0x20 [ 2139.369569] softirqs last disabled at (1383): [] asm_call_irq_on_stack+0x12/0x20 [ 2139.371540] ---[ end trace b8adcabebb9b9018 ]--- 23:19:01 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0xf4, 0x0, 0x0) [ 2139.392223] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2139.393998] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2139.402783] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2139.404490] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 2139.412244] loop5: detected capacity change from 0 to 135266304 23:19:01 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x63, 0x0, 0x0) 23:19:01 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x3d, 0x0, 0x0) 23:19:01 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x10044001) recvmmsg(r0, &(0x7f0000000000), 0x6a, 0x0, 0x0) [ 2139.502409] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=535 sclass=netlink_route_socket pid=11295 comm=syz-executor.5 23:19:01 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xef, 0x0, 0x0) VM DIAGNOSIS: 23:19:01 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff822df41c RDI=ffffffff879f3180 RBP=ffffffff879f3140 RSP=ffff888049366f10 R8 =0000000000000001 R9 =0000000000000003 R10=000000000000000a R11=0000000000000001 R12=0000000000000020 R13=fffffbfff0f3e67d R14=fffffbfff0f3e632 R15=dffffc0000000000 RIP=ffffffff822df470 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fcf467b8700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=0000000048a64000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f97e8ec97c000007f97e8ec97c8 XMM02=00007f97e8ec97e000007f97e8ec97c0 XMM03=00007f97e8ec97c800007f97e8ec97c0 XMM04=ffffffffffff0000ffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff8880472df688 RCX=1ffff11008e5be01 RDX=1ffff11008e5bed2 RSI=ffffffff816c10f9 RDI=ffff8880472df690 RBP=0000000000000004 RSP=ffff8880472df5b0 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000032042 R11=1ffff11008e5bea7 R12=ffff8880472df688 R13=0000000000000000 R14=ffff88801a379a40 R15=ffff888047a3d700 RIP=ffffffff81301d0b RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=0000000045e46000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000