4cfb5f3f3b08bb164553d09fe45a213117b3b95dc3ea4c09e6b82cf809c9eee2463d59016f17ca7ab43a477bd178a15b10a5b915fc40caee3e296fc7927101d2131b8f3a2b15b6a44b853141faacb23c4f6b4fc6b5843b276b6970760641294064a5338026ba5ec6a041225b77ce10c1ccdedea8fd8b0f86699d0376791b633c0ea174461a880793c24bb4d0fb0e25c7bc82806c61629dc81dbeba1da31425942755bc48294fa69cff1b4f24cbcc417e2eb3ce47aab5cab60ec9c0d8bf4b0b3a16ebc64a180856d82b567bd132d0e2178e148bec328db1709f911f5ac0b28e5930ee2b9c730c2f465418cec3e6a91b7181aca2093fdc2357eba79927066bab5e9d3fd13188f37adbddc327893bb0e74c0d3de682dc6e06266a49fbc6f0673fd53b04db1e3ba17acf17755f06a7352ac92c73e4f992cd0e6e2d9caf635fe74f744f690626e18ea9b6062f3ca814ee806fe71bf9d7cb2bb31b3bbf0379f70efd648483cada103306c38e05ffad6c76a6b8f66a77bbbb7a5f63031b850c2abeec9795840a261d23eee98b3f02baf1f9aa41a2e409628a6770b33fb99ff37eba027df08f4dd5e07641370697781126bb4aeb1c7bb2558f1a05cc0b5b6e6785ad0ee74cd86629340f2e17b1ab441dac755ceb0d244223b2dbe667a70141046455923ae75a7a939cb726f60baf27e526da5164abd99e72f6b9631c8e96b3a31103b978b4c599de2cee1008cbfcdfc9831b9cac5e8ab2444596fedc1b3c716eb68583d0fd906d7e6978e54bfde20ea115fa6627d5b0f622304d04a594e0461891e2c7b8e3cd55ac04815e000858cf8e009ffebeba185562ce77d8bbd276f2e54536a3cd5b364b24e07632087f1c5ef7c4184015183dd19eb46c4ced8baafe09775b68ecf65f6be6c385e5039d5a976674dc0a0d3d5e9a0676e8021d02faf6952c03cbbd6d322e2478311bcc38710b8aa020f651d94045f36a2b9dbc90870d8e625ffbaf90400be91fedd0a61d3db6d625967ecbb61b8153a4338587b4c521bd391fb16b8c717a5cbbca6fb8a36bd24c129a2d5ebd67c6ebf62a8f44a4b5bccaf94c6e88ba5821c7c2ad565237cdbb8f7f5281e83c730d3483e7942ed28cc59f048e45b39814c4ca5cac7f2a22870db44fa8ad01e5797ca00c1ae984dd0d3cdf639443a706015d792e5f8358ce63a43cb1bd54595585d6858827d949a7917fc5f9bbfe8bfe8b49de563943b67f0a003e963c72b10b41b91782f6acac426ad35f6ef3ed7b29e34c0d302f2b5452daa1a54e92148550db490eb3c1e402a04cbdf74dc440496633858b95109e183c4f931b73bc63b2c95719e9503b5c478b4beaf299ad958ad5a41a563660ef1bb290247a050908f21a07fbc7536f40e3c1a239d185122e144fc0419e87932d10c6b77013b6d351645f85e3f4c42c8daf62435f410625082dde0b4db752475195ec2cd6e38634377b047cbda0e1d87951ad9625313c8e39ceb092ac4143a20f55da16aa7214617952d7da4887964304162b738b7209e1d3846c501d09673310f52404e263a9c4f8ff80a4845422816c01ff8206b5307b26091eff63f363a830a546876b02e186584d16a0df9f6545155ee2f078c6c41a0d704178c012907832aa9e511be949d52bc33c20058c4a34d4c034a8f34388164af842a6875d8001c1ec6b6fdace974c72fa61bb9643f36dcc609f3f24e8421789cef9148bfa5f9243cb63da33bf0ad9b2adb8a732cec2734e7ac6b099abc56df5ff4175fecf4d3872ee3e6908bead9f1f6b62e9c6b87689a0300bcd4cac177280ce967dba5c35efe8c6107dde0f720c76e16e13feb7d2fff3f21ce9bb493381e3c7bb0055cd8ec28e969f646c5ad7bb49ffea41f65084d939b41afbd3d381c5dd05d44236f441f5fbb7720dcf9e1c374090fc234c1333e677b5bae0dfeba0184db357a26c46f188e3a3dfab018617c253528c2c23e7db07c703220c267f913739f061db7b2c3be47f47e5f0a4b86f612be2f9be18cc3d79fd0fa7db308f7d9d8c21c4899933dbdd9d9323e8e5a500dc6fa08e293c0f85695b798ddb35c47a85d87185bb99ec8d47143b6aaf7dcb14c4d89510a23c1ee10c3e96363739a2b2f854dc9104b472fdedc7a1456855e83dd9e346da9a84a291314b132afc505672fde8859ef8655bd904a1ec7faed8b0688b255a25a0671a97822774020b6067ad07874c85787a3518c20ba6823163b0424c73fddfb6d7a93ccfa64038d935f17cf5cf99b02be07de3a1e9f06b9b1f8ab6e32a3c9bb8470b20cf956dfad14ec5b314551e9c49ea9e5a957c53e281d4562fe793523005434e1f7aea913a04ec4e04519113f5286d7799ea5da129dc8e3ad10a8a11daaa53016f4ffaaacb6162beaa42f5884306c77fff4e7f21049a3eea44768d0cc648ddcbc547ef8d253aae262026e58e9fe21cafb7b60e9200e8ee175ad2d2ef12554b0f31a2a6072bd36641e512351a0dd0c4cc8713a6cce752107377debb80fca6810ea7d2be0c5a38bbddfe88d235fd51e804b4632da68305bae7a2f5f84a41354c68c99575412ba4872ad7f25a2e7eb1aab6acdb5d8b4e45ba7b415fa53ff3b8473ca8673cc2572bdd291e383bc573ce8614e1afade4b94187e3909c51327386e4570793d1e5bdb847370d47b1c0aa56147ceb1985b5dbc8e0c0c239f5c3329af1bd8e4e87894d9dcb07d803af4e5285c2d2009e0179f5a65fb3f95e517b55fb78e240d39e789d0db00000be005e5401aea5076af77ca88b0f8ef5eae3e1bb8f19fb6677042a11d485eef28239d4bf329fdf44a8fbbf3826c0c5e8738971aac3d9f7a77ec930ae27587f4e94c334ca9d8186e3b0ea8bf7d09bd5a301053ec826ad024684235ea827d19e10f3f0800a95da6cec4575d1f53fedbcba6e39505f29617d6e0fecab81b8da357d7b677df5db21c9afedd0efe0996fabffa0876ad0aac08bc2eb6183c277e86d63963c4644a82b352a7018823abd041b03018f166ff86117563cc2d8d109980ae17911f03ae8e2bd6bb97041849678afc23291d7710160ac0f028d97b13c308dc859868b3bacd01a8f99f509caa15e1d444c018f052a3effa1b6ee4a433ba7dcb9c8f811a736796c842ac40a03bc8866f33aea9c069b0ccf74acc8f25de750c2934b09803b962d6490d2daf6abe63aa5c685d469da0280bf4a2f4a25c41464d51779878e9a184b73d2051fe30d2c623979c8b69def1d9ee0d6ee5ba5fd6a8f4628a89948359fa6ac50b5a537e8d7021614ae00c6d8d861afb4cbd29b1c93560de3afecd9427bc919236c91ed846fd03518406a89d330ea536c55e50cc346db44ce34ca854b956747af69b858e5d2fb604c2f2738ecd5b6d317d88c62baf68af2a3d5477c78580d158a73e355ee9bf14af0d9b353257741ac52e0fa9bf61bb150a21c5100891bc81d775c9ddbdd7ba771ed7d897a3372e97881cc6c5c35a7da7c558011755d8b4f20af5f9b978bdb1f38691b0b7b988b9d70f0561081b24ae395aea4fb84e22b17e7e90a5294bb3eb822fc991e3c2b2d53bbb3186c189476ee02b975d436ffacd4915d5ba93fdc23d86e3368e4ed7a12fa8c47707dbce0bd2c62e78a270aaf8dc2a64bce5af4310ce975310c9a54d74f9b0d1364dfb71c7eb604a84e82bff968b7a658a08b1ac1dd594e816d1187ad1c637097ec9d4014ecdf1ed9db75251754c7ce0456e1ecdd6f2c8e55c36392bbe8a7bdcbd2b85070b7711c543caf21deb73293188dba71a2a8a34550ed35a6a5e9c56b25671f650ec8d16eb66847a93e4730f19a33c0db3555b7b101298721bb49a78af8e8e06043c5d91b1829b3de225eb813f89a4ea70939c2dd7dd4a6717dbea2955d62287ca123d5f0a17b0b36548b49093a70a7a5183afab5c8408c7c9642c716fa669213d0ebbc807c731449e8fb37e355b82236c9e294325ebaf4e9613e9c76484ba5fc6b83f082372b7a9c13f37f8eb70b7a817979242f9dc2163da5ac5d375314c0b8eb81cf8cc03a9cc5faf4b42befee5b8b9d47147c9a8cb86cb28a27f1d592d65f3f36b270b808fbabafe8804585b7dfaa6c771658e780796442b6459eac500cef476ca54526ef1b992252850863611aa13772cd85ba6503880a3066f76efb28d714f8b686e54db678126ef2e8d7c744a3c4defde9af10f22aea18aaad477f30942210aa75e5cbbec2c7229146f4b131d6434f36153a3f52a0a3d931cffc750d099d943c66b2c5511ec97ad43d0930b81718926ed6da64de30ada627abea251c9db0d98b9cd2195105986e604e7398327f8f786d99fe05fd57bcd273b9afb20457de946ee9c270204274b05f3bd5e3d331c78abc599d32a71327a1647fe4c78d3cdc6d0ec2c499570858cd944631b5a97be793a4cc25de76b7e34ea067345c06f0028b59cde27eb3b809971b755d8ec2a2730794e5d9ace675ce9a74d7c5f374b06798d9fdd31e9b18f2056c916d07543dec30d1d641b133e2d8bd5fa86d4328271fed8765d43d150cf0b1e6bf97fa05eaa46e4737f3f6c5639485ef9ad575076980a3fdd7c52436197fa1e6bf04396c1df35e9ef049495e6abb6ed05d29ad11b28db45b9a51e9613157e67c4a5db6e6afa230d98d43e86bf6f89ee6099428a5c6dfea01253f120e1c77ee97c1dfbb0041f3788a8cc6694b0c5f3ff9692763f88645689375c3b1d41fb664e66c53fe691d91a171ecce68e1ae012745bcae0e6084659d8b6dd4a8790b9e60ba9ee09c6ca567c712d7134105fd5b2fe49eacd3c97a67a414214f4a285fb32b31f61f6682d0e296cda878e75824f6a61d53b1037b2e366399dc0154390a694e292be33084ee398bb877cfe94c30c55f4cbfa62db03fbfbbbda210de772ee79cd93f86c8dec57e346a11e29c99d78718b3cc426e49451156deff40ff92754c14db6552a52f73d0a6fcd5583e9878cfc530931f0118a37a9893c5df54d270cd307743ce345e49255b4a05ff65617b61cedddb45768dfba858c7becb0a508e65fb87bdc0e8cc6aa5ddd3b046213ce825129bef41004f3252adfe6048752c023ef086ee1a693a3bd57b8dcda5165287f8e834e2e15107f6a1ce0824a22f77bb18e5545efd66157916c46455d2b2d926a1c61c94c3fd2a2d7ee363e4f064569e5bbb6e6826ef4358f2d54e12273c91d53226e4e1b823ce616541808018a929dcd545e1e347943532b8f2cd270eb87750bbddbe0df3607d514b385e7d0116f1a4fe69957e755f99a7c36487e38087966a7d97f41d8b9db8d150c8025c80a644a36e929e114b1510bc4cb64cb89c3765611fc0ec9168c765870cbaa4dfe3e3578a8e3c569d9a633f04d45c7ee5771347bb3e1cd8d496f65b7e26acb11e430462523d487e75d55b613269ef90cba5906de51455965d32d8425d1e93b598e47c3abc9a1bd1901", 0x1000}, {&(0x7f0000003940)="280f19e37a9a6efe7710f4da09b3c1bc7f02105efb71647ba6e75328299c800aa378b5b5c0d0e167059feeee887932cf56317f9a377d0cf41053987ec4fd44f2d95f9702a4e3b70b5de551495cc2f7598b1864b01d3fb5c484a188348d021315002d72e5ee90a472af42b028fe1a8189ad03460a1cf87b405c1667cae9a5015e5186e0f61ce17044cc4e2f842523eda015bd785c72da8e74995af9e13841e6eab781e708b33e8db4b497bf65f14c643572fe6825e1cd531ceaf38ecdfd1edb59f02c52264b930242cd9cafc0cbb5a92eec0920e8fc3fe322f48175c6fad65cbd9b290c", 0xe3}, {&(0x7f0000003a40)="cdbf97ae114c0e41e90829948eed1bb4805ba09efbae902524c12f40b790dc77cf50a81caaee0913140a8db24b77d8c8c17ad27e8531bd4f97541133a3705451881b9794c50780917c3b9030f3a26565d8c8c7bd1bcbfd143fdc2d336d83fd4b4c8f463a128d8fc9f06a1cb8459c8af7a4dafa655333f0f066b4b044f53f028368355307f0b64a9d827e31e1afbc07e60c560104889fff5f7213f6f448a3354a8ae55dbddfb309bc48d84d88c52f", 0xae}, {&(0x7f0000003b00)="56ff8334b2f21a597cce699f9ad03cf8e19608a915637428fd3ecf89e99245db5a0812b5f3df34a08fc49fd0d91068435edac6d46d0404f3ef0d76142237baad522867f49616c550256534", 0x4b}, {&(0x7f0000003b80)="75a58bfb74c34e80d66371c91b4ed4f5a0f804a9c19026fd5f4daed48d6018b0910a9157af67123b077e958cd98db5cf12f078336d8684943d04624f54a1a3e90d44755ca00ccea023067abfdd4588a09b77abf01f7b225c36a5a3da8a3caefb6c44290d2122eff8813a10c6688cfbcbc1f616300353141761ac1979369cc036f9f61bebee3f5de6b1ace5b7c1a2f0b067fe0e1ca62f1953caa825f6e796708de94e11f5f0f31018312fc945758e7f21413e9b39f63ca4b14eaf2138e48a6a13b56da83b50cc9075ea73e594321abcda86017c831f3c36177689282bb1b5787937b88a9db93bb40e61bd4d920aa9edd2", 0xf0}, {&(0x7f0000003c80)="754190bd1305624575ee6d3004a8fe7aa058eb19b9036665e3dd91f9337eea3fe6f555fb8f67c01af3b12301128254ac9b682681726194bfac3db241e504aef585e67c653116616ec1df00d949d154be14e32e523a3d6cf06b703d9de2cd2f39f6d16607a4fce0a2a3cbc780366e5b0f5a016b8963463fce38687758637cc7e4c809cfb3141d436a517df969729b119e33daf15d272c6b3accc5ae7488f774", 0x9f}, {&(0x7f0000003d40)="20fdac7d06be195b31f742398296a3e1adafabd0063956ea89fcd565b216cf11bbf025580e5dfdb2f88bca6ed085d64b83cb6da2b8ccda7d801562b78f670d8f84bd81db9f24298a721c3f42bb548373d686d499f5bb0adb6dbd5e868db98f25583a148074b441dbadde375d71065d55", 0x70}], 0x9, &(0x7f000000a000)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee00}}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, r0, r0, r1, r0, 0xffffffffffffffff, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee00}}}, @rights={{0x28, 0x1, 0x1, [r0, 0xffffffffffffffff, r1, r0, r1, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [r1, r1]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff]}}], 0x138, 0x80}}], 0x3, 0x1) 04:55:13 executing program 0: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x442, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0xa}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') readv(r1, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/4\x00') ioctl$FIONREAD(r2, 0x6801, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000001980)) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x173000, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000040)) writev(r1, &(0x7f0000001780)=[{&(0x7f0000000340)="114794565a28014b1aa229776f6e2ad43e84718f0d95bc1c97189f1b1a0a733eba00a9b4090a7087e943e6009c9f5ea093a4b9dd8798ef644ea2b74f30e11681faf45a7d94fc412d7806c9ba1d143737149caabf064dfc2552f78487b55fd44211af00aeb5cf352d7cc90c7886971876f089cc2b989c86371f300cc4c7d334ca94af533b9893aac644169e8811d81870204981afa98cba8b0af11ea48852ed698495d00f8da7ff4cd9540dc6fe848c388dff75d6ea", 0xb5}, {&(0x7f00000014c0)="3b03ff22318e8d029c82fab927627c984cb0acd279af7beaeb809b6aaddbb34f73367ed0fed45a5f5d63812b2dc3e9e5196d7c36767b0f7cf55b669c87e9698875521e31c7ea34466b55f030ddda1cd1b44658a858c5c10fa5f301761d7303af45c298bffd3eca02a6f9e9ade3edaf93baab2d255a7eff1a6ec61f1002cbeca7fcb8e3b2366673b6f16c5b3e8aa66cf4fafdf9f020482f2fbfa02b48243d667b219bdbd26895380307fd47b10bbab8f30bb68f7694a6ac4fc95ee408e771a27ec79e0652", 0xc4}, {&(0x7f0000000400)="f53a9370fcf0300548d20d0a5d1f6052de3e4c695d773411807570707fb2cfa0674e6dca0a0dad6e0b9111ed824ea3cde0c7c91a69982fc36ae9e9394fa896c39074eb11787ef4d5202b9778859095e6f191c5fb848e5faee114a304a1975faff3eef097c0462d8f28cabe98a23d9a6cbb480b2b426fcf45ae532c6a11fda34dad77be20723ed69a6a318727fcf9dd9c54", 0x91}, {&(0x7f0000001640)="ec853b49383eefa8c50fb0507156e3a33a44831cab23972ed530ec51b4e0414e5739a06b0ebf07471201747aca842d28b07fec0ab6092b79001b327d4fd629854ec0aa94bcab4aea3661a2fe407754f686712588811d4b124a4192697688788c5547c7d74f0caad2aa8108e467507312ed1257f98cc2ad9ea3f28b52249af470f795df9453", 0x85}, {&(0x7f0000000180)="3b3e35e14dd399c9fd59b8618a873e2b8d93e907b504f82dd0580ad2c1031599a3e222e6de90c878d039ce5d4034f661c0e6c10cb4194016aa15052cf451385c4059c4607aa0e50193173826f3f8b32b167aafcfd03c709f414c01b899", 0x5d}, {&(0x7f0000001700)="20f42b04f051191ab8e96e1b1f0261f3699589dcdbaded940aa0bd9ad66e31a9588b86e038d664f8ac4f02d395e8ebc121758a9a3cf2f24d5115f8d28fe1a1682ca98a4cae18626d7b1b2286857b3b3dbd8e10f17026eac9b099e8758009275c41eb50", 0x63}], 0x6) r3 = openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x80, 0x0) preadv(r3, 0x0, 0x0, 0x401, 0x0) getresuid(&(0x7f00000015c0), &(0x7f0000001800), &(0x7f0000001840)=0x0) stat(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r5, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0), 0x300020, &(0x7f00000019c0)=ANY=[@ANYBLOB='tr\x00 s=fd,rfdno=', @ANYBLOB="39a09c516d222c0b712915442eb741c4698933233fabfdf5fb459330ac7a2072eb4c9fa56c0e19d7df0554af2986a087d711d38867cad429de2848486c01a364bc6b4733", @ANYBLOB="2c7af870ed34b7f805000000000000003de9a87e4e2f6e6f3d", @ANYRESHEX=r2, @ANYBLOB=',msize=0x000000000000007e,access=any,uid=', @ANYRESDEC=r4, @ANYBLOB=',dont_hash,seclabel,fscontext=sysadm_u,fowner=', @ANYRESDEC, @ANYBLOB=',audit,\x00']) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x100000, &(0x7f0000000440)=ANY=[]) mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x20) unshare(0x48020200) 04:55:13 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff0000000000000000"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:55:13 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x22, &(0x7f0000000040)=0x4, 0xfffffffffffffef1) 04:55:13 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) ioctl$TIOCSPTLCK(r3, 0x40045431, &(0x7f0000000040)=0x1) dup2(r1, r0) 04:55:13 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40c4}, 0x200000a5) perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000240), 0x0, &(0x7f00000002c0)={0x8}, &(0x7f0000000340), 0x0) 04:55:13 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706000aff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:55:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)=ANY=[@ANYBLOB="010000001800000dae000000", @ANYRES32=r0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000000c0)) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 2793.429388] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2793.429388] program syz-executor.7 not setting count and/or reply_len properly [ 2793.464118] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2793.464118] program syz-executor.7 not setting count and/or reply_len properly 04:55:13 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd07060025ff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:55:13 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f00000000c0)='system_u:object_r:hald_keymap_exec_t:s0\x00', 0x28) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001580)=ANY=[@ANYBLOB], 0x14}}, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) write$binfmt_elf64(r0, &(0x7f00000004c0)={{0x7f, 0x45, 0x4c, 0x46, 0x3f, 0xe1, 0x8, 0x7, 0xfffffffffffff000, 0x3, 0x3e, 0x8, 0x2d7, 0x40, 0x1d2, 0x8, 0x8, 0x38, 0x1, 0xe2, 0xfffd}, [{0x4, 0x9, 0x7fffffff, 0x2, 0x400, 0x8001, 0x7ff, 0xfffffffffffffff8}], "dad0d85f2d834802eaf59186f33f033175c977c9397ff01d521566ef52b9c74702989dab04fa4e41646c1f30d6cd30835681a417ad99ab1220248033aeb71a5dbadad91ae5db5e73c73a9697611712504ad2f428da1a815d106e4b7d597fcaff32bd5e337e997985d314fa4e6ed63c924005f20ac549150ce2e9dae1d5b0d6095db899813f1d59819095a1cbae0c2ec8c5594b02be5690c2cbe7ba9660ce9fcb134f1ecdc2894fa0bf8b440f8fd7460a", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa28) signalfd4(0xffffffffffffffff, &(0x7f0000000380), 0x8, 0x800) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/raw6\x00') unlinkat(r2, &(0x7f0000000240)='./file0\x00', 0x0) bind$bt_sco(r1, &(0x7f0000000180)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f0000000140)={[{@delalloc}]}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200), 0x3) 04:55:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)=ANY=[@ANYBLOB="010000001800000dae000000", @ANYRES32=r0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000000c0)) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:55:13 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40c4}, 0x200000a5) perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000240), 0x0, &(0x7f00000002c0)={0x8}, &(0x7f0000000340), 0x0) 04:55:13 executing program 2: syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='ramfs\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x300b4e2, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8914, &(0x7f0000000140)={'syzkaller0\x00'}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_udplite(0xa, 0x2, 0x88) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00'}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000180)={@loopback}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x5, @private2, 0xfffffc01}, 0x1c) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000000)={'wlan0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1004, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8914, &(0x7f0000000140)={'lo\x00'}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_COALESCE(r3, &(0x7f0000000340)={0x0, 0x74, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010027b6203e0000000d7e00000008000300", @ANYRES32=0x0, @ANYBLOB="6d6e09ca044e459fc78ca27728297fa689f9108b8ef0c96627986bfba2c209000000000000b22211d6cc3f97cd895030adcb9295ade00853ef088e1fd6d3d8554bb81c3261e804728fab2b560d1d3c03b4b091ee783049520b04223af6a5e190"], 0x1c}}, 0x0) ioctl$sock_SIOCSPGRP(r3, 0x8902, &(0x7f0000000080)) [ 2793.722659] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2793.722659] program syz-executor.7 not setting count and/or reply_len properly 04:55:14 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) fremovexattr(r2, &(0x7f0000000080)=@known='trusted.overlay.impure\x00') bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) [ 2793.807441] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2793.807441] program syz-executor.7 not setting count and/or reply_len properly [ 2793.986162] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 2794.021177] EXT4-fs (sda): Unrecognized mount option "tr" or missing value [ 2794.066233] EXT4-fs (sda): Unrecognized mount option "tr" or missing value [ 2794.084399] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:55:31 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff000000000000000000"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:55:31 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706026dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:55:31 executing program 2: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000700100000f000000000000000000000004000000000002000020000020000000d1f4655fd1f4655f0100ffff53ef010001000000d1f4655f000000000000000001000000000000000b0000000004000008000000d2c201001203", 0x66, 0x400}, {&(0x7f0000010100)="000000000000000000000000d0a9da48497c4915a7449265c083aec0010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="0000000000000000000000000000000000000000000000000000000020002000010000000000000000000000000000000000000004", 0x35, 0x53d}, {&(0x7f0000010400)="03000000040000000500000017000f000300040000000000000000000f008551", 0x20, 0x800}], 0x0, &(0x7f0000013800)) openat(r0, &(0x7f0000000040)='./file0\x00', 0x800, 0x27) 04:55:31 executing program 0: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x442, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0xa}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') readv(r1, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/4\x00') ioctl$FIONREAD(r2, 0x6801, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000001980)) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x173000, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000040)) writev(r1, &(0x7f0000001780)=[{&(0x7f0000000340)="114794565a28014b1aa229776f6e2ad43e84718f0d95bc1c97189f1b1a0a733eba00a9b4090a7087e943e6009c9f5ea093a4b9dd8798ef644ea2b74f30e11681faf45a7d94fc412d7806c9ba1d143737149caabf064dfc2552f78487b55fd44211af00aeb5cf352d7cc90c7886971876f089cc2b989c86371f300cc4c7d334ca94af533b9893aac644169e8811d81870204981afa98cba8b0af11ea48852ed698495d00f8da7ff4cd9540dc6fe848c388dff75d6ea", 0xb5}, {&(0x7f00000014c0)="3b03ff22318e8d029c82fab927627c984cb0acd279af7beaeb809b6aaddbb34f73367ed0fed45a5f5d63812b2dc3e9e5196d7c36767b0f7cf55b669c87e9698875521e31c7ea34466b55f030ddda1cd1b44658a858c5c10fa5f301761d7303af45c298bffd3eca02a6f9e9ade3edaf93baab2d255a7eff1a6ec61f1002cbeca7fcb8e3b2366673b6f16c5b3e8aa66cf4fafdf9f020482f2fbfa02b48243d667b219bdbd26895380307fd47b10bbab8f30bb68f7694a6ac4fc95ee408e771a27ec79e0652", 0xc4}, {&(0x7f0000000400)="f53a9370fcf0300548d20d0a5d1f6052de3e4c695d773411807570707fb2cfa0674e6dca0a0dad6e0b9111ed824ea3cde0c7c91a69982fc36ae9e9394fa896c39074eb11787ef4d5202b9778859095e6f191c5fb848e5faee114a304a1975faff3eef097c0462d8f28cabe98a23d9a6cbb480b2b426fcf45ae532c6a11fda34dad77be20723ed69a6a318727fcf9dd9c54", 0x91}, {&(0x7f0000001640)="ec853b49383eefa8c50fb0507156e3a33a44831cab23972ed530ec51b4e0414e5739a06b0ebf07471201747aca842d28b07fec0ab6092b79001b327d4fd629854ec0aa94bcab4aea3661a2fe407754f686712588811d4b124a4192697688788c5547c7d74f0caad2aa8108e467507312ed1257f98cc2ad9ea3f28b52249af470f795df9453", 0x85}, {&(0x7f0000000180)="3b3e35e14dd399c9fd59b8618a873e2b8d93e907b504f82dd0580ad2c1031599a3e222e6de90c878d039ce5d4034f661c0e6c10cb4194016aa15052cf451385c4059c4607aa0e50193173826f3f8b32b167aafcfd03c709f414c01b899", 0x5d}, {&(0x7f0000001700)="20f42b04f051191ab8e96e1b1f0261f3699589dcdbaded940aa0bd9ad66e31a9588b86e038d664f8ac4f02d395e8ebc121758a9a3cf2f24d5115f8d28fe1a1682ca98a4cae18626d7b1b2286857b3b3dbd8e10f17026eac9b099e8758009275c41eb50", 0x63}], 0x6) r3 = openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x80, 0x0) preadv(r3, 0x0, 0x0, 0x401, 0x0) getresuid(&(0x7f00000015c0), &(0x7f0000001800), &(0x7f0000001840)=0x0) stat(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r5, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0), 0x300020, &(0x7f00000019c0)=ANY=[@ANYBLOB='tr\x00 s=fd,rfdno=', @ANYBLOB="39a09c516d222c0b712915442eb741c4698933233fabfdf5fb459330ac7a2072eb4c9fa56c0e19d7df0554af2986a087d711d38867cad429de2848486c01a364bc6b4733", @ANYBLOB="2c7af870ed34b7f805000000000000003de9a87e4e2f6e6f3d", @ANYRESHEX=r2, @ANYBLOB=',msize=0x000000000000007e,access=any,uid=', @ANYRESDEC=r4, @ANYBLOB=',dont_hash,seclabel,fscontext=sysadm_u,fowner=', @ANYRESDEC, @ANYBLOB=',audit,\x00']) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x100000, &(0x7f0000000440)=ANY=[]) mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x20) unshare(0x48020200) 04:55:31 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40c4}, 0x200000a5) perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000240), 0x0, &(0x7f00000002c0)={0x8}, &(0x7f0000000340), 0x0) 04:55:31 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd07060025ff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:55:31 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000002a00), r0) sendmsg$IEEE802154_START_REQ(r0, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000002ac0)={&(0x7f0000002a40)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CHANNEL={0x5}, @IEEE802154_ATTR_COORD_PAN_ID={0x6}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}]}, 0x2c}}, 0x0) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0x70, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x4184}, 0x8000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r3, r2) 04:55:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)=ANY=[@ANYBLOB="010000001800000dae000000", @ANYRES32=r0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000000c0)) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 2811.799536] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2811.799536] program syz-executor.7 not setting count and/or reply_len properly [ 2811.818419] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2811.818419] program syz-executor.5 not setting count and/or reply_len properly [ 2811.845716] EXT4-fs (sda): Unrecognized mount option "tr" or missing value [ 2811.889314] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2811.889314] program syz-executor.7 not setting count and/or reply_len properly 04:55:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)=ANY=[@ANYBLOB="010000001800000dae000000", @ANYRES32=r0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000000c0)) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:55:32 executing program 5: r0 = inotify_init1(0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4004}, 0x0, 0xfffdffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, r1, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r2, 0x107, 0x11, 0x0, 0x0) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6, @multicast}, 0x10) 04:55:32 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180)={0x0, 0x4ac1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x200001, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @ipv4}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a64485f108d23b", 0x7}, {0x0}], 0x2}, 0x0, 0x4000000}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r5, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$BTRFS_IOC_GET_DEV_STATS(r5, 0xc4089434, &(0x7f0000000940)={0x0, 0x6a, 0x0, [0x5, 0x2, 0x200, 0xc5, 0x6], [0x3ff, 0x5a748186, 0x81, 0x7f, 0x8000, 0x3, 0x5, 0x8, 0xfffffffffffffeff, 0x4, 0x6, 0x2, 0x400, 0xff, 0x80000000, 0x80000001, 0x2, 0x3, 0x30, 0xffffffff80000001, 0x8ed, 0x7, 0x7, 0x1, 0x3f, 0x100000001, 0x20000000000, 0x8d, 0xf61, 0x3, 0x4, 0x1, 0x4, 0xbf, 0x0, 0x0, 0x1a7ecd34, 0x43, 0x0, 0x4, 0x5, 0x2, 0x8000, 0x6, 0x7, 0x400, 0x5, 0x55c3, 0x2, 0x7, 0x8, 0x6, 0x8, 0x2, 0x3, 0x800, 0x1ff, 0x4, 0x6, 0x1ff, 0x348, 0x2, 0x6, 0x5, 0x100, 0xffffffff, 0x7, 0xffffffffffffffe0, 0x81, 0x2, 0x1, 0x20, 0xfffffffffffffff8, 0x8, 0x1, 0x0, 0x6b3c, 0x2, 0xfffffffffffffffd, 0x3, 0x1, 0x800, 0x0, 0x1, 0x7, 0x0, 0x8001, 0x3f, 0xfff, 0x9, 0xe0, 0x7fffffff, 0x7fffffff, 0x5, 0x9, 0x0, 0x8, 0x2, 0xb0, 0x35, 0x78, 0x9, 0x6, 0x4, 0x8, 0x9, 0x100000001, 0x6, 0xfffffffffffffffd, 0x5, 0xff, 0x3, 0x10001, 0x7fff, 0x6, 0x5, 0x4, 0x7, 0x7bdd, 0x8000, 0x934]}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2812.114763] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.116001] blk_update_request: I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2812.118119] Buffer I/O error on dev sr0, logical block 0, async page read [ 2812.121568] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.122843] blk_update_request: I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2812.124978] Buffer I/O error on dev sr0, logical block 1, async page read [ 2812.133300] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.134447] blk_update_request: I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2812.136737] Buffer I/O error on dev sr0, logical block 2, async page read [ 2812.140838] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.142031] blk_update_request: I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2812.144155] Buffer I/O error on dev sr0, logical block 3, async page read [ 2812.146356] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.147759] blk_update_request: I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2812.150001] Buffer I/O error on dev sr0, logical block 4, async page read [ 2812.155319] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.156623] blk_update_request: I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2812.158923] Buffer I/O error on dev sr0, logical block 5, async page read [ 2812.163291] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.164535] blk_update_request: I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2812.166601] Buffer I/O error on dev sr0, logical block 6, async page read [ 2812.174356] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.176236] blk_update_request: I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2812.178688] Buffer I/O error on dev sr0, logical block 7, async page read [ 2812.180469] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.182774] blk_update_request: I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2812.184948] Buffer I/O error on dev sr0, logical block 0, async page read [ 2812.187628] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.188854] blk_update_request: I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2812.190936] Buffer I/O error on dev sr0, logical block 1, async page read [ 2812.192496] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.194911] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.196436] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.197788] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.199200] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.200585] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.202018] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.203370] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.204749] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.206040] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.207318] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.208612] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.210259] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.211891] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.213690] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.217229] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.219230] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.222185] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.224774] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.226403] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.231130] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.234447] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.237933] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.240168] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.245503] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.251517] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.258554] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.260480] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.263568] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.268122] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.269705] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.271514] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.272930] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.276894] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.278150] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.279535] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.281134] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.282441] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.284934] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.286234] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.287539] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.288993] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.290280] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.291586] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.292824] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.294113] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.295591] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.297382] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.299315] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.300911] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.302233] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.303588] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.304971] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.306287] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.307756] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.309076] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.310568] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.311937] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.313229] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.314516] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.315922] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.317231] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.318665] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.320092] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.321391] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.322769] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.324133] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.325777] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.327105] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.328431] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.329816] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.331138] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.332515] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.333842] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.335174] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.336526] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.337905] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.343881] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.345472] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.346849] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.348148] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.349465] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.350756] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.352026] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.353329] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.354602] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.356261] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.358647] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.360462] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.362536] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.365591] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.371664] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.373523] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.375180] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.376604] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.379545] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.381168] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.382437] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.383694] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.385166] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.387855] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.389553] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.391312] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.398692] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.400335] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.404180] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.406216] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.408263] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.411235] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.422170] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.424205] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.426240] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.430205] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.432098] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.433670] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.437104] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.438768] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.440355] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.441811] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.443838] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.445264] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.446544] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.448664] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.449979] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.451565] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.452881] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.454752] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.456481] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.460691] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.462470] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.464343] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.466667] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.469223] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.471441] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.473271] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.475510] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.477249] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.479254] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.481159] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.482505] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.483860] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.485154] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.487174] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.490623] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.494114] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.497689] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.499364] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.503411] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.505551] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.507573] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.509307] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.510987] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.512567] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.513929] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.515340] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.516620] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.517950] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.520186] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.524295] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.526928] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.528804] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.530804] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.532567] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.534397] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.538239] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.540420] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.542051] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.544153] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.546213] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.548003] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.550000] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.551361] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.552710] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.554096] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.556168] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.558116] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.560569] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.564477] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.566276] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.568497] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.570694] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.572381] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.574475] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.577395] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.579180] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.581297] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.583144] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.585179] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.587310] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.593550] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.596347] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.598693] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.600548] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.602524] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.604225] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.606174] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.608262] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.610701] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.612562] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.614462] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.616307] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.618337] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.620535] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.623138] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.625518] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.628280] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.630826] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.633465] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.635500] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.637286] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.639347] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.641129] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.643444] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.645249] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.647359] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.649152] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.651144] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.653437] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.655197] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.657293] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.659258] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.661240] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.663209] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.665224] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.667244] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.669410] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.671294] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.673196] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.675250] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.677257] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.679370] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.681298] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.683265] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.685332] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.687273] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.689224] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.691236] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.695494] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.697300] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.699130] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.701336] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.703140] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.705151] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.707251] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.709236] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.711274] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.713269] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.715421] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.717278] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.719225] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.721538] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.723233] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.725276] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.727263] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.729282] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.731184] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.733254] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.735283] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.737231] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.739129] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.741148] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.743131] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.745271] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.747359] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.749245] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.751256] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.753203] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.755245] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.757244] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.759258] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.761275] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.763364] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.765221] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.767280] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.769217] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.771289] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.773204] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.775281] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.777255] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.779291] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.781216] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.783234] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.785135] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.787201] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.790153] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.792320] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.794353] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.797444] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.799317] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.801314] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.803197] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.805228] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.807205] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.809164] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.811215] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.813186] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.815162] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.817131] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.819304] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.821148] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.823611] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.825594] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.828639] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.830464] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.832252] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.834417] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.836139] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.838570] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.840618] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.843881] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.847297] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.849169] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.851646] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.853356] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.855260] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.857365] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.859229] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.861422] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.863687] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.865520] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.867435] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.869272] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.871618] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.873422] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.875274] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.877641] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.879359] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.882127] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.884772] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.886423] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.888641] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.890510] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.892439] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.894262] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.896673] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.900630] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.902414] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.904516] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.906705] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.908619] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.910360] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.912239] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.915328] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.917534] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.918986] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.920380] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.921771] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.923138] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.924482] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.925964] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.927683] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.929540] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.931089] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.932357] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.933964] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.935270] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.936584] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.938082] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.939686] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.941228] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.942850] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.944374] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.945944] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.947320] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.948945] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.950412] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.951978] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.953339] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.954953] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.956378] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.957946] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.959347] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.960983] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.962250] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.964034] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.965995] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.968094] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.969597] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.970937] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.972375] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.973629] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.975031] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.976390] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.977797] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.979144] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.980454] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.981861] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.983290] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.984655] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.985994] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.987464] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.988877] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.990223] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.991569] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.992897] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.994190] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.995544] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.996877] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.998358] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2812.999670] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.002342] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.003699] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.005129] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.006433] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.007923] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.009385] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.010813] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.012347] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.013936] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.015567] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.045580] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 2813.047592] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2813.048971] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2813.050302] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 06 00 00 02 00 [ 2813.105466] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=1s [ 2813.107626] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2813.109005] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2813.110341] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 01 00 00 01 00 [ 2813.155323] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 2813.157253] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2813.158619] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2813.159942] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 06 00 00 02 00 [ 2813.209484] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 2813.211449] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2813.212824] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2813.214133] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 02 00 [ 2813.216127] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.257616] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 2813.259572] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2813.260960] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2813.262266] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 02 00 00 02 00 [ 2813.300491] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 2813.302420] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2813.303798] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2813.305113] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 06 00 00 02 00 [ 2813.306868] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.309151] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.358546] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 2813.360518] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2813.361890] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2813.363218] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 02 00 00 02 00 [ 2813.443715] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 2813.445667] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2813.447062] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2813.448384] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 06 00 00 02 00 [ 2813.450110] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.451769] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.508348] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 2813.510300] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2813.511690] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2813.513972] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 02 00 00 02 00 [ 2813.515907] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2813.559764] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 2813.561745] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2813.563117] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2813.564441] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 02 00 00 02 00 [ 2814.250861] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2814.252524] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 04:55:52 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40c4}, 0x200000a5) perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 04:55:52 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706036dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:55:52 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x2}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000c40)) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="1800ee00120001e4b3aeee63951e7da56c997dd701010000000000000000000200040036807ea8a358ae5bdc64784148922bca86c36d7d052eb8cc56f931c2aa2adf7178975eaf9a58749770de418c5387a73ccebad3772f4924edaf62a709d46cae0141d1608dbb7291fcdfece1b7f58186b3d9af6d64d443ea22e5032987be68f782b82c6174094fb395c855a7cdc7c480322c6d5f758039f5ae092a1254b49d1fc272b3b53cb7ed8ec6ee870a586e33681923a33998ca8312c270bc4b18f4cb51099b66c8eaa4340ee992627002ec2f5535703f3e88001efc8a072807f5d3fb8d88a3081725915f06ac000000000000009431526615a1cb73a8c775059836555a1359ccb0bb53639e0fb29013690e100242333e76a8abe91a9846fd76ac6c6bdcb2097cab1e0de158548f9b0000000000"], 0x18}}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/4\x00') getdents(0xffffffffffffffff, &(0x7f0000000240)=""/72, 0x48) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000180)={'L+', 0x7fffffff}, 0x16, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x173000, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x50000, 0x0) sendfile(r1, r2, &(0x7f0000000200)=0x2, 0x100000001) r3 = syz_open_dev$mouse(&(0x7f0000000c00), 0x4, 0x2) ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000d00)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="00000000000000002e2f66696c65302f2e2e2f66696c65302f66696c657dc7553000115dcfc5767d61f81e748ab833b14671b809aa0443dd8aac79512cf9f618272c782a8ffe4a97a1cdc9122cd9eeb874886be207ac25c52c0b9a8fc174c3e0b99c878fe2720d82dd06ed984e958d9bedd778e977c3938c"]) statx(r4, &(0x7f0000000980)='./file0/../file0\x00', 0x7000, 0x80, &(0x7f00000009c0)) r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) readv(r5, &(0x7f0000000900)=[{&(0x7f0000000800)=""/219, 0xdb}], 0x1) mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x0) mount$bind(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x17810, 0x0) recvmmsg$unix(r2, &(0x7f0000000780)=[{{&(0x7f0000000380), 0x6e, &(0x7f00000004c0)=[{&(0x7f0000000400)=""/158, 0x9e}, {&(0x7f0000000000)=""/46, 0x2e}, {&(0x7f00000002c0)=""/33, 0x21}], 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="2000000000000000010000000189ce1f", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="18000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x110}}, {{&(0x7f0000000640), 0x6e, &(0x7f0000000740)=[{&(0x7f00000006c0)=""/83, 0x53}], 0x1}}], 0x2, 0x40000020, 0x0) unshare(0x48020200) 04:55:52 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180)={0x0, 0x4ac1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x200001, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @ipv4}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a64485f108d23b", 0x7}, {0x0}], 0x2}, 0x0, 0x4000000}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r5, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$BTRFS_IOC_GET_DEV_STATS(r5, 0xc4089434, &(0x7f0000000940)={0x0, 0x6a, 0x0, [0x5, 0x2, 0x200, 0xc5, 0x6], [0x3ff, 0x5a748186, 0x81, 0x7f, 0x8000, 0x3, 0x5, 0x8, 0xfffffffffffffeff, 0x4, 0x6, 0x2, 0x400, 0xff, 0x80000000, 0x80000001, 0x2, 0x3, 0x30, 0xffffffff80000001, 0x8ed, 0x7, 0x7, 0x1, 0x3f, 0x100000001, 0x20000000000, 0x8d, 0xf61, 0x3, 0x4, 0x1, 0x4, 0xbf, 0x0, 0x0, 0x1a7ecd34, 0x43, 0x0, 0x4, 0x5, 0x2, 0x8000, 0x6, 0x7, 0x400, 0x5, 0x55c3, 0x2, 0x7, 0x8, 0x6, 0x8, 0x2, 0x3, 0x800, 0x1ff, 0x4, 0x6, 0x1ff, 0x348, 0x2, 0x6, 0x5, 0x100, 0xffffffff, 0x7, 0xffffffffffffffe0, 0x81, 0x2, 0x1, 0x20, 0xfffffffffffffff8, 0x8, 0x1, 0x0, 0x6b3c, 0x2, 0xfffffffffffffffd, 0x3, 0x1, 0x800, 0x0, 0x1, 0x7, 0x0, 0x8001, 0x3f, 0xfff, 0x9, 0xe0, 0x7fffffff, 0x7fffffff, 0x5, 0x9, 0x0, 0x8, 0x2, 0xb0, 0x35, 0x78, 0x9, 0x6, 0x4, 0x8, 0x9, 0x100000001, 0x6, 0xfffffffffffffffd, 0x5, 0xff, 0x3, 0x10001, 0x7fff, 0x6, 0x5, 0x4, 0x7, 0x7bdd, 0x8000, 0x934]}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:55:52 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff000000000000000000"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:55:52 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)=ANY=[@ANYBLOB="010000001800000dae000000", @ANYRES32=r0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000000c0)) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:55:52 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706026dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:55:52 executing program 4: ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) [ 2832.242424] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2832.242424] program syz-executor.7 not setting count and/or reply_len properly [ 2832.261158] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2832.261158] program syz-executor.0 not setting count and/or reply_len properly [ 2832.276820] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2832.276820] program syz-executor.7 not setting count and/or reply_len properly 04:55:52 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)=ANY=[@ANYBLOB="010000001800000dae000000", @ANYRES32=r0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000000c0)) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:55:52 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40c4}, 0x200000a5) perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 04:55:52 executing program 4: r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0x2, 0x3}, 0x6) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0xc23) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100e1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r3, r2) 04:55:52 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706046dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:55:52 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) kcmp(0x0, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0xffffffffffffffff) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)=ANY=[@ANYBLOB="000000000000000100000000514b10cc08dcb75333a5ebee28ee11c59fc176aa364017b8c3985eb47fe72e7b4ce00db97f38d4e3fc566f59b35396e0240adbf82dd4c7e5363e0e101d6ce0bf4c13f6c8432e995a54a5b2a8fd5bb4713692f6713e3d54b7844ee1a18f57b09f190c371be23ee4235a59441984a72d4550ce22c1c93e35b4baafb563baf4a4c2639429e9ddee6c20c475207d7ddcd484429f05e4400f1ed41c2caac187b4b42083598fdb218664cdbc03f836555e79877b0f09bfc0f56fac6cdde4f9ebd5d64fde292ded65b59764a1dddb26cc47", @ANYRES32=r0, @ANYBLOB="000100007f0000002e2f66696c653100"]) copy_file_range(r2, &(0x7f0000000000)=0x80000001, r3, 0x0, 0x4, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file1\x00'}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r4, 0xc018937a, &(0x7f0000000300)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x100}}, './file1\x00'}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_loose}, {@access_any}]}}) [ 2832.404854] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 04:55:52 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0) execveat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000380)=[0x0, 0x0, &(0x7f0000000300)='security.capability\x00'], &(0x7f0000000440)=[&(0x7f0000000400)=']$-\x00'], 0x1000) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) ftruncate(r0, 0x1000003) r1 = socket$inet6_udp(0xa, 0x2, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r1) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x40, 0x9a) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000280)={{0x3, 0x0, 0x0, 0xee00, 0xee00, 0x51, 0x1}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x6}) newfstatat(0xffffffffffffff9c, &(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000340)='system.posix_acl_default\x00', &(0x7f0000000880)={{}, {}, [{0x2, 0x7}, {0x2, 0x2, 0xee00}, {0x2, 0x4, 0xee01}, {0x2, 0x1}, {}, {0x2, 0x3}, {0x2, 0x3, 0xee00}], {}, [{0x8, 0x3}, {0x8, 0x3}, {0x8, 0x5}, {0x8, 0x4, r2}, {0x8, 0x1}, {0x8, 0x4, 0xffffffffffffffff}, {0x8, 0x3}], {0x10, 0x5}}, 0x94, 0x1) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000180)={{{@in6=@empty}}, {{@in=@broadcast}, 0x0, @in=@local}}, &(0x7f0000000100)=0xe8) fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2={0x2000000, [{}, {0x8000000, 0x3}]}, 0x14, 0x0) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)) socket$netlink(0x10, 0x3, 0x0) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x8) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(0xffffffffffffffff, 0x80089419, &(0x7f0000000480)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x4, @perf_bp={&(0x7f0000000140)}, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffe00000000000, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) 04:55:52 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff000000000000000000"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:55:52 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)=ANY=[@ANYBLOB="010000001800000dae000000", @ANYRES32=r0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000000c0)) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 2832.508153] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2832.508153] program syz-executor.7 not setting count and/or reply_len properly [ 2832.542180] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2832.542180] program syz-executor.7 not setting count and/or reply_len properly [ 2832.630171] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 04:56:12 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) fallocate(r0, 0x0, 0x0, 0x1000002) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r4 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f0000000500)) r5 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x71ee, &(0x7f0000000080)={0x0, 0xc112, 0x1, 0x2, 0x1aa, 0x0, r0}, &(0x7f0000600000/0x3000)=nil, &(0x7f0000717000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x2, 0x4007, @fd=r1, 0x5, &(0x7f00000001c0)=[{&(0x7f0000000180)=""/20, 0x14}], 0x1, 0xe}, 0x101) 04:56:12 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40c4}, 0x200000a5) 04:56:12 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706056dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:56:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)=ANY=[@ANYBLOB="010000001800000dae000000", @ANYRES32=r0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00']) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:56:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x9, 0x0, 0x0, 0x100000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2c4000, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x4004f506, &(0x7f0000000080)=0x1) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r3, 0x0, r4, 0x0, 0xa1, 0x0) ioctl$TIOCSPTLCK(r4, 0x40045431, &(0x7f00000000c0)) 04:56:12 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:56:12 executing program 2: syz_emit_ethernet(0x52, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000f40080c200000086dd6096153f001c3a000000000000ffde000000ffffdd8ead759d"], 0x0) 04:56:12 executing program 5: syz_open_procfs(0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x36, 0x3}, 0x40000, 0x0, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000380)=""/251, 0xfb}, {&(0x7f0000000480)=""/102, 0x66}], 0x2, 0x8, 0x6aa12b08) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) readv(r2, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/213, 0xd5}], 0x1) dup2(r2, r1) socket$inet6_udplite(0xa, 0x2, 0x88) readv(0xffffffffffffffff, 0x0, 0x0) r3 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) ioctl$SG_IO(r3, 0x2285, &(0x7f00000011c0)={0x53, 0xfffffffffffffffd, 0x0, 0x0, @buffer={0x0, 0x1031, &(0x7f0000001240)=""/4108}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_io_uring_setup(0x4d4f, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)) fcntl$setlease(r0, 0x400, 0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000002280)=ANY=[@ANYBLOB="7f454c461f50050103000000000000000200060004000000be010000000000004000000000000000ec00000000000000030000000002380001002000a302020033fa2f0183c8b5c2b18f1254aa9c3ad3be67a5da661deb6d703b69546d52cfbec4787708a792b58c2e95c8485d4f63babad31624f6e6376fe4937feee67339cf163f7ec9d78398a902b651e8b86f1451eee23964082dd00c55750389856bcc33e73692e23ea5fd06f0127a9fccfb5acf533921335d7429203de34d9eb5a1b47c03973aabdb4b3e44a6cca01c5447bf4d7656381f6cebd9409c9e98d71009fea9a07b55c37d1145c84dfe7c85db1cf542e8f0f88c4b1a86d1edc83f8245f27612d86c99ee2931082ecaf0f3a18ff84443f45075a7fbee044ac47c92ee9d32f6894e7a9c6e62dfe4c53ffbf588711d4700d0bc5034fde36041973abace4b161e12b1e7a8846f91be82c78d7d7b192d1284418e83f889f10391c1a0e6c35bf6af8f8878545335fc4676485725954193468558a5c4a76922a86d3908a608fe6362e483e08aaac9e95b0d21bbf7fa29c679902e9402bd5ea55998a7d5f2dca4984774b11d367ea475bd8845f0fd0879978494354db91a2ae96f32512a886d37a0b1df25c86bdd93492f7c44cdd1930580f9ae4ed4a4f0f9ff4c7b07a7da6f9dd3a82f8a6b6e8177ccfa72e3b7db757b0434b069df12c34c5a339b7cb1743c2111a7dc899a4db6431b3df7ef003b4ea21fdca4cb4d82c825510249880e565b38f75d0f73703aa64032f19bdcc33508b5372067ca261c1ef2b756b1736f048bba7c03d3ea03f9da86d0b0278d52ec736392107a7594e955bcc73c16cc57351cdd865671c7acb85fad1547dfdbac779848755ff483178ac78edd9e00bc323156a8d8006dbfb67e4baf3a29704f896df4811de80e082eed9374855ea5d0bd8ec2c03805a2725fa68d9961532bd2c908ec0ba51c0f2973cec591f9205ac319af65ad54fda17fa2bef4847f57c2010fee00e440474494b1f601a5dca77edffe87a4aa2977e0e6bdb93770e7e5bfb4d6be1aee66aa2bc7336e24d25f84698634a6beafe00d6181763588c6d6e09e68b098abcf04504cd9908b6030e3e73951bf537570d67d50ceeb8b6515c407a4fd292aaba2f845d466abf0000000728d39759a4512b4e0c1e31fe99a2f387fa3aff0f4e0a8afbeecc4e38f45f00da19df0cdd53266d9a4e9e60f831387c4f60606c0f8c51522ca4ac23d54b34db2600b5c6e9a15cb3fffae6e2086eca773a2defcb2baa274f0d9d12a10ea7b2f0f7cc1ab0a57b90ba02f9af5b0b25d24320725324e38a8f0d2bc4730f5572f7ea0f215cbb88c64e3ba35a5887ec604c1d76f68b1e8aef0f9f4da5547444a27172dec90cba718ed644724cb241f5cc0ea00e9c83ad7f8b16a24baa674e87a17dcc9808c94a6b362b335da5b48feb212998fe8c959843d2055337443af3a916072360831c9f01ed04b80e37614446d1eaa605f2b06225259f66984cb2572dc846562400e4cd898c77e4b27cf3fd42c07738b8c554515eb154a46654aa1f5e236f563d4fc55242d16f24f8b48861199d3603204909e2b1c7752427d6f3769d7a8648a0d7e145d1c30bc73313dbbfde395eca6c9d48a3e79a4fd24164e003d751f77c4c3d423eb714bdf370a14987eba4c1c1aa52edf066f256149d47c686a152e464483f3e8550545c580cdc14351d5d943aeb9bd124555e160d82c9be33e57c8f962990bc68ff962419d3c19399c9a0a4d552cf912b2d04549a6ba85c89ab8e970c62d051b7613782ff452569d93bf08cf4504ce17c3430cb9e9abe208e9ea7452d5f4e66d2f15dfc9f90940b7f1031193c578280b4513fa51dff474fd769f0001d06a88dea94c6c4a21f4e40af3872e2976ef03adf8fe67f7f4138aecd49af557a7e7c0d67ea90cd5023cadeed0fc1a429b65d81172c9b6486c564ff1a18c4ecf934c5bc2cfed6d6b2f0ba73f09bf28024798e84ca474af57cc87b369d888052dae8ae9bd246db124a1d30643e0e525de6388a66469e07eed7c27d8e9cae494f00501b4b2f28e331b675095742d8038f99107c0489ca3b7a6d0dd3b5c591d14d9f11dd944ffedc8843fd4de5586b348a2ca8caaf641be08df02494771f2a73a39e74bddac70d7034d6ed808be718b8ba5b7f7235d4af5b46a45c00be201767a3e75cd82951b851a7c229b9391f9e2df4ea81d3930954642cc5ac4b159a4554a365ee99784cb3014e41a1917223f31213e14bf5303f68616ecd7b59b986da6bc0984bfedb5c0928e4fc14e98c70c29ce6a9b57215236f1e01406cb2ccbbf1c7dfeb8b0a9462f1d2916737379a24b97f6d29ab8be3846344fad797be44006880a50d1866c145418003cad129c9e7f22cf6b774f80ccf319d08521f7f8335ad334b026ea9a3f37c913837e1a53f4611c2712603c6a8c5a571841997caeb1a5eaf369364d04a3dd82e204e39f6fb2ada509bba2c5a717bda4ebec9a8dd41ccba52a0c659fb095678d9e40ea16e2c52c3ec355df162ae41b95384adaeb4173d4a0d2d028abdf786290bb353806045db8dab929f733e0c8eafde6f2a9bd7ed2e9c2dc42e8b4e3c829f787e00973fd4df3aea29f6358fc4a55107aba9fa0e2b2db28a2e76b1adac9166fb60b3e2d522e577576020d53d6b0f8cd4c78faa35782b2817ca45f81c4506716bad91e47831dcfd1af4277e0bbef592a6f08569e01409fce04403d23976884b37e70a15e86d7c734b1803fd4346513bb10f44f37fe7039757a76523826fe75ffefd3c1cee6c82f7515d016fefb0d09ee117fd9ce0cf480afecba5ebcff3979c7c3474d41bbb770ceec3a011e99a9188cdaaf8b9708473bb2d3b7458c82cc856fc88dc0a1d1b501f0838e950c031a75e67a1a67c200acaac02fc85693c81d724fb09f9db65f6ef30c9963d7e9f37c1b1a368c1273625d7accb4aa46d077dfb5b38125c6871304853164a7cf92ab258732d78a2a50e5f0f42ee88aeb40056c21585de893a75e533d66ce5ade8e7725bfcbd9fbcb4a1054a5d1b4eccf90e9f23613496f138e35506591cf25c298b15a97aae3149ecfa0277319070e2c0f6587206d0e89226ec04172c00c190091268dee9b9f56263df7f37e843d36402c8af4f8a20ad143e8fe0b9a08df15ce738a5def5613f59eee9aa5e4ad73ce81c0452b2a330585f25270578b768287721cf4466dc9753dc33182c23f7a1ebec16e33edc118c887c12835886a0a1e4a06c55875e656f5ea84b8d42b8836a1a9792f4c3be38869f835bbb661c9d1d29005c12023748b904a1c4b680558e675cfb0dc8cd0fefe1f1a2b82260f038387566fede83583a19f1cb39ba3deaab03eca467f2813b22573c1a10c15112fb883c7a01524210159a57fd3d41a32f30f36f705be07dab57a001202d0a8c82f5ffaab1fb059d3f01c06f22c92611e1241d3b8d9a561db521f8aec889c1d93d616b96a672859ba989a27ad2a04209b6a14a87833da5b3dfda5a6de83796b4e69f4864b8917dd82c1441a05759a6ab18c16ac3f9792c4f273aa2f323c210c697794efebaf3daf9e55993c5b23f4920f2690b7bfaa0a8479f9ec3a179c490949f7f1fb5e93f5d447a9d10c18bfc0996efde48170832dc4ce75d529b6b96b8104a09e07b7a8743c5629f50842c641b03711b68b304c04fa9aea38d2dd8bd802d8d3442177ee4a85a45dd8adabb134ca61c2d63acde3f2ba6ea44c2e60bd8551a5ce2d3fd3d64a999df92c40db84a2b9bfd15f81da5b68329670b2f9433633420e3e8c720ee0f83a23f4ec061286652e2295e309407c968f0f877142cc7a4096e74f77e8a24a84cae90e29a9b43c6d8c11c1bfa0a4ab6c947b12f683bb5588575e02386e8606aa001a08d7a0722994cd11201de156dc720914960bb42e94aaebcf425b3b6ed848ed5b9c56bfce01dc497f837ea31bfa14c4d00c64235fcae43505d033a9b750d198731498426054933d87ce35273b8a1deacceab4a25000becb3376ddfa4fe40e8ab42489cbc8a5541066b1146d8877ed9f668a2f7bfa9537993bad933dfe4d404a67636075960e0d9a4252f203e3e6213746bd26606ed3e7bc346ce02141933b68a0c49a37b31992b0dadb70d7b80223857d26632576963b048391a3ef869b7b8ba72101fc168e9e389af5b45c23ea6dc9392113063295ac7431a61c3a792e64cc13b0278ef6681d1e41988e412f2272977d0f82eb4bc0517ebcca458740bacf8e96d4b875578f70bb4b6d393074450d84b59409e9a243d15cfc701ac900063546f9319cfde0c0f5c8fe111613151439243f7b2743486a1e7020953ce90a4453ce5d6b34124d63ea80a01978abdc92ab0e9518bb77c6dac0e1a77c5480b05268a0ac1104ba18ea6b6f574a231c91e2a800fe5f54bb07e9b1bd88fba1ff1cc5278cf500c78a9fef2847c0cc6553e808d2ba43549e7711e0185791334e5096d9ba69e118ca3e1f2f6d56ba18ed51a56e5709dd75ee51f01e9a975178e327802d3f7aaf732ea6ecb8467215391cd43c8b961576e0f4de88ee91770cdf172c4a6d6f122711cebfb8675f0e3708e1ea1d6ce8d27160de874b7bb9c3ed6ed7611879bc1091aa505d6fed7a11501b4b20e3a9ed66fe49cefbac8ad17efad7e0471043a8ac6d803179a19b1c6f0771f3f1e07a5b45979644ce6b7469782057dc1875fab95e9ade23336824db7fb6f73032e036e19477d9cee153eeef67d6bb4883d888ffb28792c6176cb92da05aa7d101c55daa5c235c7c36b7c5334ec2d63ab1b38692f5dacf049c551e22bde4333141069ebdf9318af7985924265584242d17f3761ca3b9a046cedc96fecba51e9f25c65a89dbb3c3865395bb1a3fddfaa0cc97133c35b3f90b2e6640b6f6442f014965e66b9e6ecda604deee293b2451821fa8771b227dd5fe79d6558bed9688d3caffe3fa126ca5b6cf4d713d929f24937a182a227d58d489970b9791a0de2c939f5d4690643bfe3a36f4cfc6f3abf1fda2f40bd2bc5f349588ff45e58a4bc36c74af3304317e36b9528da8cdb11c7ca2990e1af48aa963a9f5f5f96ad1963f9875a7b629dcd1325c32b554709cd134b3fa7867769b64056fa39ac8457ed89206b6bc09fc44c00c485a20555c7072b7a4421c8e5db1926a56aed2b5a6f3438bd44cc8c79ca62eff0e7fc398678d800000007ef0a8014d00e763cd6b71893f04c547909f52ae4fc7355e89545dd98b86c61b7a470bdc43536f98584fd305aa4c52ebf0b4a41fdeb3f76b832148a0a802b7fcea650331c6fac3a6cb698e18646b124e84fb5f23f4371952174d676b05ed1a07184f79d3ccd587ce998c906cfff5deac6769cf91d462b1ff855c87b03b757e0c8285c6bea3b6aead659abc7e3a1d0636bfc8485d5274ab757ddeced31bc2d04c8bdb7e71a1905eca204c6034102ab4ab7af83760737cd509d37c45e68b592d074c08cea299e1c3068213c45d16e385c753875245146b511ce3c6bc5b9a4f0b98"], 0x1040) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f0000000500)=""/126, 0x7e}) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)) fork() ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) [ 2852.664301] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 2852.689295] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2852.689295] program syz-executor.7 not setting count and/or reply_len properly 04:56:12 executing program 6: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:56:13 executing program 2: move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) creat(0x0, 0x0) creat(0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x1c, 0x0, 0x0, 0x0, 0x0, {}, [@typed={0x4}, @typed={0x4, 0xb, 0x0, 0x0, @binary}]}, 0x1c}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x24, 0x29, 0xc21, 0x0, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str=' '}, @typed={0x5, 0xb, 0x0, 0x0, @binary="9d"}]}, 0x24}}, 0x0) 04:56:13 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:56:13 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:56:13 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706066dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:56:13 executing program 6: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:56:13 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x4}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) [ 2852.990884] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 2853.050064] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2853.050064] program syz-executor.7 not setting count and/or reply_len properly 04:56:13 executing program 6: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 2853.139208] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2853.139208] program syz-executor.7 not setting count and/or reply_len properly 04:56:31 executing program 0: r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r3}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xa30}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:56:31 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0) faccessat2(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0xa, 0x100) execveat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000380)=[0x0, 0x0, &(0x7f0000000300)='security.capability\x00'], &(0x7f0000000440)=[&(0x7f0000000340)='U\x19kAW\x9cTn\x80@]$-\x00'], 0x1000) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) fallocate(0xffffffffffffffff, 0x41, 0x4, 0x80000000) ftruncate(r0, 0x1000003) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) perf_event_open(&(0x7f00000005c0)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa7, 0x3}, 0x46064}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x40, 0x9a) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000180)={{{@in6=@empty}}, {{@in=@broadcast}, 0x0, @in=@local}}, &(0x7f0000000100)=0xe8) fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2={0x2000000, [{}, {0x8000000, 0x3}]}, 0x14, 0x0) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)) socket$netlink(0x10, 0x3, 0x0) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x8) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(0xffffffffffffffff, 0x80089419, &(0x7f0000000480)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x200000000000007}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000002c0)=0x80000000) 04:56:31 executing program 6: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:56:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:56:31 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000100)={'filter\x00', 0x0, 0x0, 0x0, [0x8, 0x468000000, 0x1, 0x6, 0x5], 0x7, &(0x7f00000000c0)=[{}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}]}, 0xe8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x48601, 0x0) r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r2, r1) 04:56:31 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:56:31 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706076dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:56:31 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = gettid() fcntl$getownex(r1, 0x10, &(0x7f0000000840)={0x0, 0x0}) setpriority(0x2, r3, 0x80000001) perf_event_open(&(0x7f0000000100)={0x4, 0x80, 0x8, 0x40, 0x20, 0x4, 0x0, 0x0, 0x100, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x4, 0x4, @perf_bp={&(0x7f00000000c0), 0xd}, 0x20, 0x1, 0x9, 0x0, 0x8, 0x1, 0xff, 0x0, 0xf605, 0x0, 0x7}, r2, 0xe, r1, 0x3) r4 = gettid() process_vm_readv(r4, &(0x7f0000001a40)=[{&(0x7f00000018c0)=""/31, 0x1f}, {0x0}], 0x2, &(0x7f0000001ec0)=[{&(0x7f0000001a80)=""/93, 0x5d}, {&(0x7f0000002240)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/121, 0x79}, {&(0x7f0000001c40)=""/163, 0xa3}, {&(0x7f0000000300)=""/231, 0xe7}, {&(0x7f0000001e00)}, {&(0x7f0000001e40)=""/9, 0x9}, {&(0x7f0000001b00)=""/46, 0x2e}], 0x8, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0}, &(0x7f0000000200)=0xc) process_vm_readv(r5, &(0x7f0000000500)=[{&(0x7f0000000240)=""/69, 0x45}, {&(0x7f0000000400)=""/149, 0x95}, {&(0x7f00000002c0)=""/31, 0x1f}, {&(0x7f00000004c0)=""/12, 0xc}], 0x4, &(0x7f0000000800)=[{&(0x7f0000000540)=""/171, 0xab}, {&(0x7f0000000600)=""/216, 0xd8}, {&(0x7f0000000700)=""/224, 0xe0}], 0x3, 0x0) process_vm_readv(r4, &(0x7f0000001a40)=[{&(0x7f00000018c0)=""/31, 0x1f}, {0x0}], 0x2, &(0x7f0000001ec0)=[{&(0x7f0000001a80)=""/81, 0x51}, {&(0x7f0000002240)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/121, 0x79}, {&(0x7f0000001c40)=""/163, 0xa3}, {&(0x7f0000000300)=""/231, 0xffffffd6}, {&(0x7f0000001e00)}, {&(0x7f0000001e40)=""/9, 0x9}, {&(0x7f0000000180)=""/46, 0x2e}], 0x8, 0x0) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x7, 0x40, 0x80, 0x0, 0x200, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000000000), 0x5}, 0x400, 0x7, 0x5, 0x8, 0x6, 0x5, 0x800, 0x0, 0x1, 0x0, 0x3}, r2, 0xffffffffffffffff, r1, 0x3) close_range(r0, 0xffffffffffffffff, 0x0) [ 2870.961230] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 04:56:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 2871.032382] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2871.032382] program syz-executor.7 not setting count and/or reply_len properly 04:56:31 executing program 0: ftruncate(0xffffffffffffffff, 0x0) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000640), &(0x7f0000000680)=@v1={0x1000000, [{0x5}]}, 0xc, 0x1) r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x100, 0x8, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2, &(0x7f0000000500)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r1}}, {@posixacl}, {@loose}, {@version_u}, {@dfltgid={'dfltgid', 0x3d, r2}}, {@version_9p2000}], [{@fowner_eq}, {@dont_hash}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@measure}, {@smackfshat={'smackfshat', 0x3d, '\',\'A'}}, {@seclabel}, {@pcr={'pcr', 0x3d, 0x33}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@appraise}]}}) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x80000, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r4, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) sendmsg$nl_generic(r3, &(0x7f0000000440)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)={0x240, 0x2c, 0x1, 0x43c, 0x25dfdbfc, {0x16}, [@generic, @generic="5148ee97e2ab113f9a2b5074be48cc956582f824b91818ce463ea217cb2efc6360cf3110eb03c419784d77d3005e5135d7311116200f4920e975ea57f8bed6b087e32ce7b96ad5f1a55bf0dea8f614cf1e9ca26b42dccf214c5925e7c6865e58c1a9d3ada3805d0af270cbe67667192ed4c202f165ae5e6af1c9bd7dd92a89c34e9d74eae541fb78c3024222", @nested={0x1c, 0x1, 0x0, 0x1, [@typed={0x4, 0x50}, @typed={0x8, 0x1d, 0x0, 0x0, @fd=r4}, @typed={0xc, 0x8c, 0x0, 0x0, @u64=0x3856}]}, @typed={0xc, 0x83, 0x0, 0x0, @u64=0xffffffffffffff01}, @generic="94b85143e74b88af2c7bfbb54968d225dd4b154a53149ca0327a70b523fdb821febfa27be62f74a1cbbb54cee9f3702aaeb09d85711add8b51205a8fcaf7979ffb7f9ace33ff0d4e2709611dab6bdc5d3bedf068e74a3553cb3e791f63afee5ef30faf5f40aa4f8c89c48f9dd0b66efcbea5dd4300afb6cddbb0a3b312b64aae", @generic="e78592686f89de1772c9b3d1338004cad48bb3cd2a15e14d239342db1c7c95d38690904a77cb6a6ef316a1e5b7ccafc8941e93b9e1e457e314d1a3deb01a405c4d9e76f4f36d74398bbd0d9c0a275584334a349ce377ac05efea0eccb11596d414f5d42593d521aaa1f672336a23ac69606b94a3b9334cae405b585509d4c06c3ea650c97fb4b8af1d6e9f1219f6b4efbd53617e3c44aacddb0e52226c779292fa25bfaa095cddd6bb424a84c76357b870143818bb5f0415fe59f280d42b68b4bad7d7928053c80c749b76f82482cf1f3366d4d31729c51e5bebc3e597ee77f074a060bc212bbc2bae5b6562944b730cc71ad8b9be23c65d"]}, 0x240}, 0x1, 0x0, 0x0, 0x4008010}, 0x2400c010) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0xc, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) 04:56:31 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706096dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:56:31 executing program 6: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, 0x0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:56:31 executing program 4: setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040), 0x4) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 04:56:31 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:56:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:56:31 executing program 5: r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='tasks\x00', 0x2, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000040)={0x7fff, 0x80000000, 0x5, 0x4, 0x1, [{0x80, 0xc783, 0x8, '\x00', 0x5}]}) ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428) write(r0, &(0x7f00000000c0)="64945229909965bbdea8510abd472466ad5fde4b83013d14744f1963bb1b2d3d8533d78bb275d068e15d0bafad7b9417ab7cf98e0ea169994c341a67d974e34a5d3f9d0492075503dec7b8f1ca19c3cf6addf041ab6078c0426248969b92af693f54926ae2b85515cd54e8bb19acc0f2223044cf71818a704cf44d83c405b2ed34ee7dfb5e80e84617ed4bc9c851a937524868b348b661eb47214a91b9c768639804cf377755994cf69ef9f0756f6fb116cb139237b4cc853648242b69c1853d16dd2166c78338c4047ae36f86977d16efa8ada9b31771bffac1edb183b9551bf50411ca0055f4796febfdc8bad284867abddb103a581d9cb7cc3785a81fc1b0b35c39d8a65bf3484c133cc77f0ad2c52588048787cde6e30d31933526f35369c2ead3ef4268af00cb15b34d8448e4511ed26221ce48de77bd5dd1a571793f8a50ef8eb04c00809434c32ad2ace832d9ff43eabb1fbe5f6f702259f29c3fcb55ae4f5a5d4e6c56ea3cffab1ec89219fcbdf3c2e8642657e1a3961df72db4c7c056b44b5baf3b2f313bb98b413cf14ddccbb8ed4c080ea053ff7724ad1b043d35a6c29fa8da7f5ea96e100317ee7fe29fe3ea2b7548d13b29b7793d6ae5f1f003a6ee1242a14a8986ac3a027ba98a6c088349b8b71f5ca230ee11fd362f04428003c832a489b072d5b1934b92f68e06e6b99cb31bd022ad433b7e29f287a7a38f6718acca533063b065b2a0a009cac9aaa9193040f982d6dc805ddf6c6a542203ee59c145bfa67e9ab4bcb4fd413ae16fc22087c6da1834cb6210b9caa5b24e21e654145844752b17eadd98140435717fe582eca4b52356862c6b196597daf2966d516c7a54847a3e17c22c1739c0a578b58c9bde5f8b81cb395563673af5d09e30947f745d348e393eaf46cb72c2cc733d4f4359fd19d57c65562164b5203bab1c68bc7f545e117f1ab868efc7dfd4a71296034b085240a00cb6a79faa9ee922f475550e2d9de7087e9f345717a5e41333ebbd83c32cbad67afabec6805c77a0f60145163708a3b91e3adac588d83c95c86c7c7b5aeb9cbaf7fc24055a5ef29feb88d42a70696ea3e1346e9e61f659ba5b7aaae47e20b69af989dd0a628f08e087ca7ff7c33146db5664cd6503e86a12ab9c02745c3065785ca26d37b69755d674d3eb881cce91a3b75fd8739c2938c9dfc2644fb16212e2e321634133c6e524dc1e5b9200a96ba29a6932997069a0171f72d9f4473a678770abf7530b8d296863897cde460e8b4ce0eda3e8af1f46ee7193b54ebc3cac4c971054b844b24c1d62cb008f597dad093f9028cd4ce7f93aee0623db3db3ce82a174aa052e923482f76df451b85f3c7da0b8d57031c39ba715b65eb934857e8b9f9b96620cdf653ac77f476dbff35df690063cfab8cd394259e44d4e24d75ca33142e8f5cac60ee257681456fbb8950acafa1313853cfed58a17fd1cfcac93251c1e9f549052fa00a86dbc4c2e08a663d5fb058694ce978b2a3f829f53666235ec539bfc6a46686edade408c25cf05170ca73564c6bd7d0f7327eebbaac912cc22e0525f1a40b9a0e18b8cb87f1513779484c26c0cfd708e3d0c5f5414d785eb007ad59ded936d8e70e0b7989bc6d51c4325a8398decfdec88ea4f56f67ad9ed5c9ab7489afe402d4385ebfac3e85396292f2458edb632329f4e70b5b2af04d97558f6bfa83f7e678c5a817760b7f2e544cd8be4c5d30be90f924b53dc392b76d3041f10660261cb3b952abceec3bebd3ae5670925d852a28a0bd84486956fc34cb26af11bf37855aa1663a2ad3656765b9a31afd49f6d21795bb31da83b59a1c1729abeb26e5ef24adf252bb9e4b512c55176b6f975662eeb66f18078e8de205d93c286e30c6e8e8c7056b9a7f61f806fc71923d5a7dc30da565a9b78c189fc1331ad8fc3b85d699747525f25186cf301917fb35674fb141a8c700bd836af0c01728f24fb14ddf759bc0423865bb2dc50cddfd98558a5192b735514c9013f31beb15c5fd0e3c371bf74726b25871e904d350d5472d3c720efa8d49c5cd6ca37b88c71571ed2da0e50fbe1705f1d529e43a7f1662948569dd9664fc9b2c83f62903c219671ef3c6e728b70916168860b6476eccf2fadf1d35ff1e3e7f89b0f55cd8e9dabbb71f5b56e8a9a32c2349faf547480b7d9142e675ccdf2a1567bb9f7eb069f5f420921658e6dad6b7ce5b9fa5996e2cc814d1674a8a9995ab1386f54ae5bb482955faf2ead33d4b174d5df6f27998e7a531c4ec872dabe7a91039951c257bce4e9e4893498efac55540ecc54f7274432cbc18ee88095644f0cb93e8812a0e510065074a382d7d89e137f99840807f924f2939f0837db5c5889e8909f30ebca4a20eec77ff76c007ae3ce184bd9f415231d4ef23699ae2f1d34375441719f9428952b73a9ac7c6054b16f4e5fbc7af97d548e61181bb050f647e40952191845dff996d7c77d91ffea8f87e483873976ae836fdbc558c2e2660c3b56e3a61bbe87ce70da34584aeba7cf4c313985f1e78a61eda49503df404de2c60e14084a3428f6577bbbc2dd4552594861fec577eb65334df331f7d9c18aa5a75b8cfe79a749cee3195209d365871d6ff5a93a1564d95be8023a3986775b46e4992b21918ba96dcc71f9ded67c6bb1e87af5ebf40791835705038f4c0c5591adaf8dc692e5f6a129b4d9c8a5c01e33c1cb03d98857df856c7e5f0a73575087f29ff717ca8ddc3061222c788d95044ea8690066490f9ff1fc1ea2d65207783c6ccb2b7c8683d8dc7bb78a7eeb0e5436a02a55d2f153eb9c90408e351c87398a617c4fd24b9ef5923286bbd51fd3d651fac15920f9f2cb389eaf033bd2a5c8ebceb9a334e499479246e09b39cb2d07ee2acca418b370315b9690c9dc2de7487d9a84eac6f649055d3cfcf590e54f9f6b356551bcfab15e714df5552111a6f81a98abf23ae60d5d5570bb66bd686a23f22cb3bf02eb49d6f6bfb67843edbb5e222dc5c238d7c1204b519d70c5d4b93a8fe593eda0a14965bd9c33cec7d077d2e76ae066fc8b54499ba5bc93713cb8893a4aa70923a95e6644b79e5c8262007156a315795f8d0aed3e359a2c92de25cc256662c790a644e1f87f29950636082607e8f92b58232ef9837b30b79182a75b8708c0c252c0b84e9a6a63381fe33a1a0e74293cf6b8015a3c1034c3650dba9bb824e68457cb6f9188323abd9731775cbfe199f144ea4312b9ff1ea76f3b4d8996031992974a07b696847d794a68e8613f426c3e43addb065dcf3f3c463d8199b7cbfa4064bf749d94be5417a5e1db978474887f6a02d9abf4491472e720fb367fff1b332bb19591cc313514289fcf775e490f59dbc1721746d0f40fc32f958baa54664bb42062220defe7a15005219b019efa9c37d5ca40bc3957f5ab0d23d01b4868a5dde7f087968ed7b46d32c75e3196d6a683caf22d4a5d09a730e7e91ee14c4d4f8fc46766d5416fd4b20a3a6bb0be9283581c4fb2ad6a79086b83a2b90f82dee51f5fb4b250897fc0039ed838093695875537b759784e432cdddf016edbd97803c54e9887c7bb703e37bd5d428e581bfe4ee4a79ff3ab5eb34b2c35c60528e1ff3b548a350fd8a1f4f977b489f5612e96181b22e4314e0efb6458bd1e0269983f2f979878969e5d7458cd760cfa331bcc8b03b406cf1b79293679b82c9145cea8785ccd114aa34c4f448de8e70438a35018c4f827d7accc6edf55a7bda22bed280d4cf3ceadd79ad13caa7712252e3f2d42fd26bf5f0ae478869fa58dd167efb696e9333b8eb28f780752053d69c63aa38ceb4445f752f4941cd756b98ae456d991cca1e8ed01d54d95eb460c4ba70f852750e4b2b773b234a86b45c95044ac3325a2810d4ee13840d8e3568924efe8da7074a94f570d1cf0fdbc271283b040b930b39efb1116aac58ede515811f153d891cf3bd7bd61e7031d5c8983a8f01faca492c5a01f1d4065e953533dafff543a22694d0db03f8f3277a1d23b92b6248157d069bc4e95862edf9f73cc932ba68ff731f2d588ca61c38213692f30e0b77297fa943d380ad8115aaed5770e2b361393bb6f8611684bbb8b92167fea1eca3b9a207b8fac552517d7c8b7e6000e6931d6e952509ded13e00ebe442fde206ea3ecb79bba7eb3218a5962372a0259e659b870942785a32476990388843d85fa6654217c10762d661c34eb4fb4029a3e329b04e3e8b9e110987c2a76f061b2f3c4a68973f2a29e14023aca0746674be0e408efe33e47a5d7e34dfcb371d18c95c6c161fb40de2ec28923c41a58a95957c38422e1e8591abedbad78fc33a55e40e29cf83611182d36990d57c73a423b7478c8f444720a9825ace88c0c63c08de47499d71b9e9630ff93d04fdadb72283d79b80e2ae20a91c1640de00e4ea50c2f6bdd90b9b990f9099880df55f7874cdf06573f9a87e897bd233d9075dba0f02a72671df17e5eb25d44323f1b0ce119b4e356bd04adddbb518a7095e7b950984d99c86f61e9eefb626bae85ca3f63faedfaa6a1bd6ad5f8dd5703118ec970d0025eb68582decbd1f3690381ea8dbde0d5122b4d4954bc439b4672dca9f1e0f0c34c7e8ed291bf54b24d43f43d9c1fa0df35c1cc49d2fc86179ba1e057d8ad570177cd3b2b71f0d61ede3652391c380c2f21b106a6f392d2c3df61797ea53dff33e88f250bceea2f6753c6f38548dab4e4683281aaee84ca61de055221187fee6e991b4901935442d8fe8f3e153052a86855e8432773acb320fc50f8625d8cb2e16d2d570a3cf8b55750425f391f3ff9e4c03b1867761b77fc27f40a62fde8a7f883981cdfbaa429fca77791cd24daf52a4ddbb52ba2beeee5d4e6057aaec3059a0bb4bf7a524263e9302ae3617ae5f72745cbba44eab44fbee47e17b4fb201b6d85f53bdff675ae093706d9899df4a7e4951a250c9347178d7efb1a01d5ab881b7032a6dcf5a9e25b720f29c2a9ff49219935d0df707ed235c10b87231bbc8e44ccec5c86c7851d1170fdd90a5a3193b0bae76263b014144cb7e1bed777a1327284432d161d20f9eff7cbb02e813f7c31ceed730dc5b0fbc7e47d3de4e7facd798af2a5734d8d99cc9ca80c99896360d27789fe8748382b2626fa43b0e7bde76e2ab6e48305a16e3d44c16a500bb7e47665900f406457b79104c83f92de7e80db81b8712a80a351110a7fbc45a4395c1fc077dd8fea52cad5e53383f48db2bf6ac425f753c2d2bd82b624c0e1ecd6007f531adfa184e304c8f71138310787146205d58474d4e3bde83fc3d30e3c47ff21c4c490c2c78d32d247c87bb4298d1f194cb20ba36b45a45cc0be1726e2ee606b712d3753bab1fa6dcb08f6e313424ce3ea0896bacd6be03ee447d6c68716aa88eb6eaac75cbf637514818ca27b2b33f2664069402f82087e5039cc4b945877459ed28c82d361bc3f62d374a10e7102c8b05dbf04cd1963480bd8bbd90387da033a563b7870d3a4346e7d00e546e165d79fb2b470771f570a5c78345fe8f4ed0920305dd816d8644d9ebe3f108e0beacc058b9cdd2a93bf0b57f84d876d9363e90e026360af4a052f165da1d4c592a7f63a097870e32c2bc8642449b447361b1553074c6aff75f3bad2ae861d6e9fb76eadab251b9a3a3a550b564a5871006bd59e1d3dfa8f4cdfe5dc4a26d1f7e34082bae1a44a67f18ad949d895a08f1fb86df401dead615a2b7942c638c6eae7896b1f31a789961e9a2a97ae6970c90a6a91aea44c816e1d2ac4bd", 0x1000) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, &(0x7f00000010c0)={0x0, 0xad0, 0x7}) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000001100)=0x1) sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000001240)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001200)={&(0x7f0000001180)={0x70, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffff}, {0x6, 0x11, 0x9}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2db6}, {0x6, 0x11, 0x8}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000001280)) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000012c0)='cpu.stat\x00', 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(r1, 0x11, 0x2, &(0x7f0000001300)=""/4096, &(0x7f0000002300)=0x1000) pipe2(&(0x7f0000002340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f0000002380)={0x6, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0x2, "c0da83868d5e6a"}) ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0xd0009411, &(0x7f0000003380)={{0x0, 0x8001, 0x1, 0x0, 0x5, 0xcf, 0x0, 0xffff, 0x1f, 0x1, 0x0, 0x0, 0x4, 0x7, 0x1ff}}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000004380)={{0x0, 0x200, 0xd1, 0xfffffffeffffffff, 0x56, 0x9, 0xffff, 0x200, 0x7, 0x3ff, 0x7, 0x7fffffff, 0x1000, 0x9, 0x1000}, 0x10, [0x0, 0x0]}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000004400)={0x5, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x6a, "a739e79c350447"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000005400)={{0x0, 0x800, 0x4, 0xf027, 0x50f3, 0x100000001, 0x7fffffff, 0x3, 0x7fffffff, 0x52c, 0x10fa, 0x3, 0x100000001, 0x8, 0x1e}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000054c0)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000056c0)={0x26d5631d, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x81, "5e5da6ad05c916"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000066c0)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f0000071ac0)={0x100, [{r3}, {r4}, {r5}, {0x0, r6}, {r7}, {r8, r9}, {0x0, r10}], 0x1f, "b262eb5c5fd8d7"}) [ 2871.342059] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2871.342059] program syz-executor.7 not setting count and/or reply_len properly 04:56:31 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0) faccessat2(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0xa, 0x100) execveat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000380)=[0x0, 0x0, &(0x7f0000000300)='security.capability\x00'], &(0x7f0000000440)=[&(0x7f0000000340)='U\x19kAW\x9cTn\x80@]$-\x00'], 0x1000) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) fallocate(0xffffffffffffffff, 0x41, 0x4, 0x80000000) ftruncate(r0, 0x1000003) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) perf_event_open(&(0x7f00000005c0)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa7, 0x3}, 0x46064}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x40, 0x9a) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000180)={{{@in6=@empty}}, {{@in=@broadcast}, 0x0, @in=@local}}, &(0x7f0000000100)=0xe8) fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2={0x2000000, [{}, {0x8000000, 0x3}]}, 0x14, 0x0) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)) socket$netlink(0x10, 0x3, 0x0) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x8) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(0xffffffffffffffff, 0x80089419, &(0x7f0000000480)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x200000000000007}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000002c0)=0x80000000) [ 2871.403618] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2871.403618] program syz-executor.7 not setting count and/or reply_len properly 04:56:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) syz_io_uring_setup(0x5f49, &(0x7f0000000040)={0x0, 0xf0cc, 0x2, 0x3, 0xfffffffa}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000100)) syz_io_uring_complete(r2) 04:56:31 executing program 5: semctl$SEM_STAT(0x0, 0x1, 0x12, 0x0) 04:56:31 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd07060a6dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:56:31 executing program 6: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, 0x0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:56:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 2871.689621] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2871.689621] program syz-executor.7 not setting count and/or reply_len properly [ 2871.769388] SELinux: duplicate or incompatible mount options 04:56:32 executing program 6: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, 0x0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 2871.786123] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2871.786123] program syz-executor.7 not setting count and/or reply_len properly 04:56:32 executing program 5: r0 = creat(0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000100)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x10001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = epoll_create(0x3) dup2(r2, r1) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000300)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000cce3c52b000000000000000000000000000000000000c11ef092b356025ee6a897ab4b2e123ead12bab94eb3c757acdcfd37fd74997ef597a6d2a63f61836ea02c524582f6fd3f2570fe9dc57508f6c6eb39f0b477cd69b08951b68ab24373f29205f7e7d76bd44dd74a373cb706dcc5691f9150d14feee1742fbd4651b2fa043820b885f029401c3d5a1309fa0fc3cb6299a2eb1087a566fb453da06bb7428fddc0f4cb1585d72aba9e7f503d0631502ca24257f22cc1d0693f7b3cf20757e3dc2fd8f45386beb4ff9a84d1346c08dd0a6a04658e18209ce908c453a02ddb9ea98164a79be5f8fc68c739f45a6748efe8f9691b8914dc647ed39b8eb16eb7b57ba07f5a1fc16d3df57c19e0b07c9aa8a27c85d0a695889c782a"], 0x48) socket$netlink(0x10, 0x3, 0x0) unshare(0x48020200) 04:56:32 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:56:50 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:56:50 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000100000018000000a5f7230497a3104c3a3a10127da74afb674f397b94dc30ddd54fb5cac85e07ab61b7fda8b2798235907cf54c8d24e44ffb78baa637e58eec8c420b8a842a9838ea35bde12f60db3e2ba797dba6453ddbcd0d6033f8e1a15b54feebf4dfa9ca9f0823ca668233a76bc7", @ANYBLOB="f2b502e1feb95639e4aa359f43b1ee00c39997ea4564b9c9dc62994f8077fbb95551ca75c92216c440136cd8228ccf757e7b02f3ad47335539516b5998e2e6ccfc59e482f8e9c2e2031e8a6cf028d698e4b7abf385ce75a1d836ddbbd073a06dfb5cec3a051c8f03ab8aaa92b63ee7b27d7b99803392001120508463498e89656114774fe9484b005ef0f06f7fe59e9c78773d8bf60454836476aabd998d03e884c954da128e62f6de1b07a23b155387dbf8a77d3c18dab435c1638df78dddd312067fef83009324"]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000001bc0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) geteuid() r0 = syz_open_dev$vcsn(&(0x7f0000000140), 0x81000000, 0xc00) ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000180)=0x6) openat(r0, &(0x7f00000000c0)='./file0\x00', 0x200, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) fchown(r1, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), &(0x7f00000002c0)=0xc) 04:56:50 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd07060d6dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:56:50 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0xb, 0x7) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xf88c) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, 0x0, &(0x7f00000002c0)) shutdown(r0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540), 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfff) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000600)={0x0, {{0x2, 0x4e21, @private=0xa010101}}}, 0x88) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001800210c00000000000000000a00005bc1170008"], 0x28}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x2c, @multicast2, 0x4e24, 0x4, 'none\x00', 0x4, 0x0, 0x7b}, 0x2c) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000001540), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000000)={0x1c, 0x0, 0x301, 0x0, 0x0, {{0x5}, {@val={0xeac}, @void}}}, 0x1c}}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) unshare(0x48020200) 04:56:50 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:56:50 executing program 5: r0 = add_key$user(0x0, 0x0, &(0x7f0000000580)="49524e8a474522926c19f6e8298b05366bbe94c5a2860fec6ceb7237be46f69153cbc4c47795aaa4bf2c39cdbfaa2639b40e2e38cf2ee3d372aef8e5340c60582fd3b3c5c3a2589d50f160b2796256f6e9f938edd9e3bf8e80d3165a5163cc1633345f12cb66ae3d1cdf4766afe0d90b5705f34801247ae0b7f1b106c321b323d309e99a6cb992b023", 0x89, 0x0) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$keyring(0x0, 0x0, 0x0, 0x0, r1) keyctl$search(0xa, r1, &(0x7f0000000100)='user\x00', 0x0, r2) keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffd, r2, 0x1) r3 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) add_key$fscrypt_provisioning(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x3}, &(0x7f0000000400)=ANY=[@ANYBLOB="03000000000000000102030405060708091a5d016080720a0b0c0d060f101112131415161718191a1b1c1d1e1f242122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f40"], 0x48, 0xfffffffffffffffa) add_key(&(0x7f00000000c0)='dns_resolver\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000340)="a407c3efc1edfab7037255db440500824001767ee5522ccc6b4a4c358e2f414cae835269010f99ea715085731fa8ad0600", 0xfffff, r3) add_key$fscrypt_provisioning(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)={0x2, 0x0, @a}, 0x48, 0xfffffffffffffff9) add_key(&(0x7f0000000000)='pkcs7_test\x00', &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) 04:56:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) flock(r0, 0x8) dup2(r1, r0) 04:56:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:56:50 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 2890.533869] Invalid option length (462) for dns_resolver key [ 2890.538428] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2890.538428] program syz-executor.7 not setting count and/or reply_len properly [ 2890.554241] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 04:56:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 2890.571380] Invalid option length (462) for dns_resolver key 04:56:50 executing program 4: creat(&(0x7f0000000040)='./file0\x00', 0x80) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4028f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x7) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) [ 2890.633470] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2890.633470] program syz-executor.7 not setting count and/or reply_len properly [ 2890.881926] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 04:57:10 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, 0x0) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:57:10 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:57:10 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_ADD(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x0, 0x408, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x400c0dc) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/block/loop5', 0x8000, 0x100) dup2(r3, r4) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r5, 0x0, 0xa1, 0x0) openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x98a) r6 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r6, 0xc0c0583b, &(0x7f0000001300)=ANY=[@ANYBLOB="00000000fffffdfd0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000feffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e18f3835023f5b3b1ab5ef114656c07d33f4486a667121fcc64e224d7be04b3b99c6a90aade7b4ac50aa8f0baa857a391d6929acc2c2413bb84c3fdef115b9385cfbfe18911dd6b5055cde977505603a5411b872f832408f9baeed6b777bee7d8fd3aa9b0994205d439"]) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0) 04:57:10 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd07060e6dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:57:10 executing program 0: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) open(0x0, 0x2800, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x34, 0x1a, 0x878c5bf8df414e27, 0x0, 0x0, {}, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @nested={0x9, 0x0, 0x0, 0x1, [@generic="997c0000a6"]}]}, 0x34}}, 0x20048040) sendmsg$nl_generic(r0, &(0x7f0000000540)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f0000000300)={0x1e0, 0x18, 0x100, 0x70bd26, 0x25dfdbfb, {0x1d}, [@nested={0x79, 0xe, 0x0, 0x1, [@generic="904d5d2787161b28c59b0777928027b18631016e29dcd96172eba765c0a81f37e5075a196677fa0489ba56362e2395b4f6113a32a58c6165896cbeaa1e", @typed={0xd, 0x85, 0x0, 0x0, @str='^}}}.^-\x8d\x00'}, @generic="6e71e30d98ab48143360f550f048febd21957c72b16d4b631fcb25ff245ae9de", @typed={0x5, 0x20, 0x0, 0x0, @str='\x00'}]}, @typed={0x14, 0x5e, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @remote}}, @nested={0xd2, 0x64, 0x0, 0x1, [@typed={0x59, 0x11, 0x0, 0x0, @binary="74fde70434475ccb7157b49a30dae9b90b5d032b0f4ad8899075ee38ccdfe67a947f1c2ac588d52cc961d898fe0e02051a0f561df734f3c81a6a974cd2175d9ccec89f5e6031b47a1e2a5bc7cbd8e24bc6ac195c14"}, @generic="a57f57ed59e98fbd77394d19df597b7cbc14dcb30cbc8ace23fb299396379b0988e3", @generic="6c9008588869f8f239ebfbc5450fbe0b015b0c790c8e033b7e484eb8b5250ceca3e1fdd345f8e65e3d962f416f9db0a9a1d0ce9170087694b581cf349772d9ca7cf07f78456d18e2ed6e7ab5efe5f72d"]}, @typed={0x8, 0x6d, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @generic, @nested={0x5d, 0x37, 0x0, 0x1, [@generic="06ab043052a3e107b6524677c80951f0f939ccc7fdceeb3b73fa389ce030e8027133beddd23ed5b2de3e9dadce67ab7c9174e1336d568d269a66dd6289628ac5668f8bebd518208e45a1f8c71842822d543595f960", @typed={0x4, 0x22}]}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x24000011}, 0x20000050) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000240)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x3, @local}, 0x1c, &(0x7f0000000040)=[{&(0x7f00000000c0)="3b3ed49cb12a261db8b963405a69b7c2fd0a0167dce87b09ab47f00e5da21c09f2cd5aa2af8f5e11649cce6f84e38b7f4ed57145898ffc7bf4b14280040ff1745f787b4e18148d74f711fdcaed1caa5b9f4037fc8215968ca4db4dca5290d49167b217daf5f9bd7758cbd3db4b91b2bb2790c33209", 0x75}, {&(0x7f0000000140)="132610cc3393e4c44d5e4cc7d89dac466615d3e16203a0b73b498029052a0dffd0728aa6d6efe78df5babcfe9419fc0a2490457af7872435626804a76fa185469705b814c2128f7e5597f896db29917ff6c1fb0cc629bc92017772fb88f880b17eb218146b5a67ae78cd186cc7001553e0a4ca6f9f69ed4a73cf920cc3bc7ca4861701cfcb80a190a9054c3e15f77ee5b43f7ccb7a09060f470346c181405a23e4eac2934e6ade2fb1974baf1dbb3b69", 0xb0}], 0x2, &(0x7f0000000200)=[@rthdr={{0x28, 0x29, 0x39, {0x1, 0x2, 0x2, 0x81, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02']}}}], 0x28}}], 0x1, 0x4080) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000180)={0x20, r2, 0x11, 0x0, 0x0, {{}, {@void, @void, @val={0xc, 0x99, {0x1}}}}}, 0x20}}, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) pipe2(&(0x7f00000002c0), 0x84000) 04:57:10 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:57:10 executing program 5: r0 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "f038779de021f8c8c974dd89170cf2579d1fa459ba726003d07140eeb342b87ae631f7a548867a29f29fd1637ddac658a709b49b093393d0e1c7391515c7ab7c"}, 0x48, 0xfffffffffffffffe) keyctl$chown(0x4, r0, 0xee01, 0x0) keyctl$setperm(0x5, r0, 0x16020228) add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "f038779de021f8c8c974dd89170cf2579d1fa459ba726003d07140eeb342b87ae631f7a548867a29f29fd1637ddac658a709b49b093393d0e1c7391515c7ab7c"}, 0x48, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$keyring(0x0, 0x0, 0x0, 0x0, r1) keyctl$search(0xa, r1, &(0x7f0000000100)='user\x00', 0x0, r2) keyctl$set_timeout(0xf, r2, 0x8) 04:57:10 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000140)=0x7f, 0x4) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r3 = fcntl$dupfd(r2, 0x0, r2) sendmsg$inet6(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000bc0)='+', 0x1fc0}], 0x1}, 0x0) write(r3, &(0x7f0000000380)="071e9f7358ec922343d9786f7c2147c81e6890a8016fb53a5ffc4951d0a6a9f38dda8a9bae8f6f3750405ca0111cc8069cb8ebd8c8564cc6aff4e3631e4eb8ebf43b0e3a61bb5878257df934ab1c2df75a49f4d39cf7effe02c00c95f02860e708", 0x61) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') readv(r4, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1) r5 = syz_open_procfs(r1, &(0x7f0000001540)='totmaps\x00') syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f00000014c0)='./file0/file0\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x173000, 0x0) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x100000, &(0x7f0000000440)=ANY=[]) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd_index=0x8, 0x1, 0x0, 0x0, 0x0, 0x1, {0x0, r6}}, 0x8) mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='io\x00') unshare(0x48020200) [ 2909.891116] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2909.891116] program syz-executor.7 not setting count and/or reply_len properly [ 2909.951522] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2909.951522] program syz-executor.7 not setting count and/or reply_len properly 04:57:10 executing program 5: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105542, 0x0) fsetxattr$security_selinux(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = gettid() r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0xfffffffb}}, './file1\x00'}) process_vm_readv(r1, &(0x7f0000001a40)=[{&(0x7f00000018c0)=""/31, 0x1f}, {0x0}], 0x2, &(0x7f0000001ec0)=[{&(0x7f0000001a80)=""/93, 0x5d}, {&(0x7f0000002240)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/121, 0x79}, {&(0x7f0000001c40)=""/163, 0xa3}, {&(0x7f0000000300)=""/231, 0xe7}, {&(0x7f0000001e00)}, {&(0x7f0000001e40)=""/9, 0x9}, {&(0x7f0000001b00)=""/46, 0x2e}], 0x8, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4308, 0x802, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x4c20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40006}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) 04:57:27 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:57:27 executing program 5: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b8000000000000b80000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010600)="ff4344303031", 0x6, 0x8800}, {&(0x7f0000000040)="88001700000000000017cb617b60bbfe7b085800080000000008007809140b2a3a08020000010000010100535007", 0x2e, 0xb800}], 0x0, &(0x7f00000000c0)=ANY=[]) 04:57:27 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, 0x0) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:57:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x7fff}], 0x0, &(0x7f0000000240)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f00000001c0)=0x5) sendfile(r0, r1, 0x0, 0x100000001) 04:57:27 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:57:27 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x101480) setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x2, 0x4) r1 = accept4(r0, 0x0, &(0x7f0000000080), 0x80800) sendto(r1, &(0x7f00000000c0)="8ffb2c7bd4bd51c810f8a085336e57a84a8779d0e03e5ca3a24cd67252cd226a7701ed0dc5885675312c4fb8db464c88966102ca6a11fc1ad8c0702eec761c0a389ece3676751ce83deb4e291ce9b23bc7b95250ad1ace483aae3c379e92c65e9b04", 0x62, 0x440c0, &(0x7f0000000140)=@caif=@dbg={0x25, 0x7}, 0x80) ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, &(0x7f0000000280)={0x1, &(0x7f0000000240)=[{0x4, 0x68, &(0x7f00000001c0)="a32818cc3c147e95eb6e5e45168624bb1a3fa89f07064937e5372d3de5b2f3ae2207a09839980d460ccc31ba67864ecfcad368f5137f743f4ff29e5223a61fe1c7400cd90c5ba154a49f08efc8954b96c07b9e4e621f173f688f4f23e1cb46bd6da7abe539e3cd6a", 0x0, 0x1}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000380)={0x0, 0x0}) perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x5, 0x9, 0x3, 0x11, 0x0, 0x5, 0x40400, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f00000002c0), 0x2}, 0x1128, 0xffffffff, 0x101, 0x3, 0x100000000, 0x3f, 0x9, 0x0, 0x400, 0x0, 0x4}, r2, 0xa, r1, 0x2) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000004, 0x10, r0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000400)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x9) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000440)=0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000480)={0x1, r5}) r6 = creat(&(0x7f00000004c0)='./file0\x00', 0x80) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r6, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}}, 0x40044) setsockopt$inet6_udp_int(r0, 0x11, 0x8, &(0x7f0000000600)=0x3, 0x4) syz_io_uring_setup(0x4a6a, &(0x7f0000000640)={0x0, 0x60c2, 0x1, 0x0, 0xd1, 0x0, r6}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000006c0), &(0x7f0000000700)=0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r7, &(0x7f0000000740)=@IORING_OP_CLOSE={0x13, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r8}}, 0x54) getpgid(r5) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r6, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x40, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x4000000000000000}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6e}]}, 0x40}, 0x1, 0x0, 0x0, 0x4010004}, 0x4040841) 04:57:27 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706306dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:57:27 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x501142, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) ioctl$TIOCGPTPEER(r1, 0x5441, 0x200) r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r2, r0) [ 2927.061181] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2927.061181] program syz-executor.7 not setting count and/or reply_len properly 04:57:27 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, 0x0) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:57:27 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0xa0) syz_mount_image$nfs4(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x80000000, 0x1, &(0x7f0000001340)=[{&(0x7f0000000340)="a0a1106dd31d0415bcbbbe6549c3b574fef7ffb3b00f9dd91b87bacd1e59de4b08ef54de8fd1e272fb1c4a82e52dc448b2608cf5800e53e39d2267870c3bae2f178fd0ddbde7be5323d78c33e497a4f03d76ff59a9812a8f6fa414fd2c85540959930f62004ec97699a3bd7463020f7adbf2037f85d6cfbe268b4a4011a61ff52e638abc0bb80a1ff4ffcce18b0e19aad73e936ac02b7df3cf4b631cb8d73a836c33e78fd91d6d7dad30d12472db96acf3dfeffffc84642ce653d784fdd90af29ba2313114d20593f23f1b4727abd37b229fdb002385fc0b12fe153bc2b399db23ac89d51af636ae010a1619300c9983d670bcf2c1012675fcc8867502d76cc37cf504f4e97b340e3679bc7f9a690a0b0701ec12ed67bbba33d89f49fa4227bb80dfd144954f94166643874d817f0dac8b6b23500511a39380c3e1b86f0ac107b7a541ac0989451cfad341ba877b6bc3364beb7144d7fdb7e87e9627fecdc71bfdc485ef534e7e8b08afd60cbd2e89c7dcc1699a290447d3bf53e802c0dba57206739255392e4471abb7b60d9f0865d5b1bbbad24a5814d16ae4daffab0c49c94eccb28cd35851b344d21722a9609bfd9ff9e8becc8a404dbd6ae12c70bc4374aa46ba90ae37e63d40ab8f031ed540b1725f65d1101fa4b40dcabcc3eac70d1f83a073ec20c48a946f9d6ec4491dff9f0296bad63fa3b0ca99212e3c61394d84c4d15aeeab673642f009db44b2d110980b3c0fdfb7a88adb8b13e800ecea687a0e02ea5e32b4e52ba7f95797b166c797d50577bfc18f639e413edc1e21759aac11f5ffe3f4572fdb495aad7357fba718830a924e4bff3fdd65482607439dbf0c6446b9be8f49edba73a7e4e0ebb342c512fd7736fef1279912c27cf5669c7992b6319ff96c0b7743f009d6ce2f842458d3926812638c12e293133ec3494e387d65829977b908ab37a8f618be9650fd86404d265b0efee8c15758d044a8fe6af591ae5be80c9500daf17bde442f7f371e66aec640677df50dc98aeca1aa3ecb6e14fd1c71891a3f98b4d9ab47d20471e55d160a34179eb85ae0d2ba279b84a16cd2e92594f3ac205dfb6a45a017f8e64164b4d057730f941c95c78dd91dbcc4ab3a3c6d23b2bc3c7d1aa75b10abbf658a19e9030ee32fc0f82abc34194b4a42ea435eda91b6f83e65a957580d2abbf9701dcde8c0e51bcc2ba3cfcfb04bc3bf240e87fe7bca800d765622c8c1714ea8c60d5158a6254a04219213f0df22136ec2a4e4410d8592078ddd9a0ffe74734804feda81a40a0f9ff706d1c246d9f08cdcfd153f729ca8a80cb5d5cdc63eb4116ec950f3dd4fb7c094b63f1e168b5d6cfb4bc53c79a98c89f0702e658e7232c646b6fa4985ec5469c02dda7d9e1fd5f23d91f904ff6eabeea1c57f988ba90f147c2acecf66c99deca97c8ed857541bcec0b210a3de8d6851fc2df8f5638736814065baa8f11e34f9ddc7dc97b65d5b6c90871e447e8e594dd5c725cbacaf5e6e360ba00e7d4356714947d76a45d7b9dee82a8dd523d26ec3309598817e374aea4481fe35193566c2d886d793b9467840be4277bc93281b5ebc347f1382815c5bca601d67b623545b99893f22b4abd9c8b6c9f7af8a5b0b76ac1ae9aaa146eaab43c71ca4029ce83149ccbab831730f2059fafdbe76fc39eae852b445194181090fe68f638b71db860d55dcdd1164fec076b4820f83273c71333b9b1f09c9cd237ff8c3fc3b6ad0269cb2ed24cb2aecc57c7856f3b591639759c904a9ac23442dc6d0fa0b678b818e82b40442e1dae18d7afec346896f75d5949f944d6fa752a20e0dd86bb1dc752aa954fe3c9e62f12c12efc1a3b5871f0eea59a620c6369579d33f4e5fabfc84671660b4c675ea7acc83332712979882ee2522f21e3c4a499e3cfe35c2edc18bc8a4034fc01c03d9b6bc2ea69229c556c4bd42cc78abb22cbaa47212cf2fa3bd38f484c158303f46079607ce4119725fd17640e44fce731064e2a0cc0693b91c03a1694f03f5ec88d5efa2a2ae5afadb4edba024c7e3ec6d7f3d27e2bea392c9648eb8216490dd00a61897e50a2d0b7e51dd301d9d4e5f0cc5cdc70d2935ce2b5d03462b7a411d3890c76339d081ce725e0337c2ec993e72f0c357f9fbfec4305b9e2a8c4a829db0202adb106ca810348d445882ca8196ec4f56cbf2a195402f0a8bd3bdaad9cc134dedd44a52143d66659bd8ba8cafd02838e20d39468f09f0df3cc5d645409c28d30bcc434dce57eb252c95f9407085fff6f752038edc35842b6bb4fb4972581809504ca1144f561387f69cf8b3475384191c77d698b15ebf348b9ad982d5061ebd42c3b6915e89f192001a4f6e078ead7c1237154b8470e4a9194dab2a278752f88f6f76f0d8017d4c9939eace3b40d6cd56edd8bce3c1bdb3d4b233de0d5b2d2bc2b5e476e7bff086990dcba3e6ec39cb0736fe9b2e826717db1d53d2492727c38ec57698854045d778ecf1cdc12cc87c58e4073c6d6a00bb2abdeff35fa85fccebc11570f737af19ad5270a58c03a7bf07b93e9cdd849742e32035942f7f576204d9da75c8d2b1634526f3c774a7ef9245b0d086bce563031888fc85b69b95a5b13901efd7f3a149a9406e836885c9efa405d8abd94fe56dd930d7db1a511279f5ba988dfd510a18cbff016af1c5fa271729b852f0c480bcdcf4d89615397f9709dd1a8b1fd16caa8d31baa0b86b7ff1fd9022628ee2f007f2b4e1c558815b31b03a49ace3075f09cc0b6ce87470268ff6c53263b164ca2250e8fa06d114f793fbfc8001823a857bf6a02adf903a15d19dd484131aa4f7e50a5b65fce32cf4d0d2d578180e8e53de58c06d2145598c0963", 0x7f0, 0x1}], 0x2320081, &(0x7f0000001380)={[{'rpc_pipefs\x00'}, {'.,]'}, {'\x04*(!\xb1\xf9}:\\\\\xd6#\xdd&}[\x9a--'}, {'\\'}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'rpc_pipefs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xffffffffffffffff}}, {@subj_user}]}) pipe(&(0x7f0000001400)={0xffffffffffffffff}) openat(r1, &(0x7f0000001440)='./file0/file0\x00', 0x0, 0x1) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x0, 0x0) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0/file0\x00') perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000f703020026bd7000fddb076010d41fa0a44100002e2f66699d65302e2f66696c65300000"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) umount2(&(0x7f0000000080)='./file0\x00', 0xb) 04:57:27 executing program 4: time(&(0x7f0000000040)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'team0\x00'}) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 04:57:27 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:57:27 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 2927.169350] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2927.169350] program syz-executor.7 not setting count and/or reply_len properly 04:57:27 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, 0x0, 0x4000) ftruncate(r0, 0x1000003) dup2(r0, r1) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2, 0x14, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x0, 0x2, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4c845}, 0x4040010) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x2e142, 0x0) syz_open_dev$vcsa(&(0x7f0000000140), 0x80000001, 0x212801) io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000140), 0x1) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r3, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x88, 0x2, 0x8, 0x0, 0x0, 0x0, {0x5, 0x0, 0x7}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8100}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8809}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x401}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1f}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}]}]}, 0x88}}, 0x4001) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000"]) syz_open_procfs(0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000340)='wg2\x00', 0x4) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000180)=ANY=[@ANYRES64=0x0]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x44a02, 0x0, 0x0, 0x7, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_script(r1, &(0x7f0000000300)={'#! ', './file0', [], 0xd}, 0xb) 04:57:27 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706486dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:57:27 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 2927.540206] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2927.540206] program syz-executor.7 not setting count and/or reply_len properly 04:57:48 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:57:48 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:57:48 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd07064c6dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:57:48 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:57:48 executing program 5: unshare(0x48020200) unshare(0x48000000) unshare(0x28060880) 04:57:48 executing program 2: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/hid', 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001d80), r0) sendmsg$NL802154_CMD_SET_SHORT_ADDR(r0, &(0x7f0000001f00)={&(0x7f0000001d40)={0x10, 0x0, 0x0, 0x42b00008}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, r1, 0x4, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa2}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa3}, @NL802154_ATTR_SHORT_ADDR={0x6}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa0}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0x8005}, 0x0) 04:57:48 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = dup2(r1, r0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000040)=ANY=[@ANYBLOB="010000003309000018000000", @ANYRES32=r2, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000080)={0x6, 0xfffffff7, 0x2c3, 0xfff, 0x1, "3c9b19dd680d82d33f56e5f1032625ea49edd7", 0x0, 0x6}) 04:57:48 executing program 0: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = dup3(r1, r0, 0x0) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000080)={0x0, 0x1, 0x6, @dev}, 0x10) getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000300)={@remote, 0x0}, &(0x7f0000000340)=0x14) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000380)={{{@in6=@local, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@multicast2}}, &(0x7f0000000480)=0xe8) accept$packet(r2, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r6 = socket$packet(0x11, 0x0, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000080)={r8, 0x1, 0x6, @dev}, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000540)={'wg1\x00', 0x0}) r10 = socket$packet(0x11, 0x0, 0x300) r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_add_memb(r10, 0x107, 0x1, &(0x7f0000000080)={r12, 0x1, 0x6, @dev}, 0x10) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000580)={@rand_addr, 0x0}, &(0x7f00000005c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000700)={'erspan0\x00', &(0x7f0000000600)={'syztnl0\x00', 0x0, 0x8, 0x10, 0x4, 0x4d7b, {{0x30, 0x4, 0x0, 0x20, 0xc0, 0x66, 0x0, 0xfb, 0x2f, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@lsrr={0x83, 0xf, 0xab, [@private=0xa010101, @initdev={0xac, 0x1e, 0x0, 0x0}, @local]}, @timestamp_addr={0x44, 0x34, 0x32, 0x1, 0x2, [{@loopback, 0x6}, {@remote, 0xff}, {@loopback, 0x400}, {@broadcast, 0x40}, {@dev={0xac, 0x14, 0x14, 0x12}, 0x1f}, {@loopback, 0x80}]}, @timestamp_prespec={0x44, 0x44, 0xda, 0x3, 0x0, [{@broadcast, 0xfffffffa}, {@private=0xa010102, 0x3}, {@rand_addr=0x64010100, 0x9f1b614c}, {@dev={0xac, 0x14, 0x14, 0x28}, 0x81}, {@multicast2, 0x5}, {@broadcast}, {@empty, 0x1ff}, {@local}]}, @lsrr={0x83, 0xb, 0xb7, [@remote, @broadcast]}, @generic={0x88, 0x3, '\b'}, @noop, @timestamp_addr={0x44, 0x14, 0x24, 0x1, 0x3, [{@empty, 0x2}, {@broadcast, 0x6}]}]}}}}}) sendmsg$TEAM_CMD_PORT_LIST_GET(r2, &(0x7f0000000d00)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000740)={0x574, 0x0, 0x10, 0x70bd25, 0x25dfdbfc, {}, [{{0x8}, {0xf0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xef13}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r4}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r5}, {0x1bc, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xff}}, {0x8}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x1000, 0x9, 0xf1, 0x3}, {0x81, 0xfa, 0x7e, 0x9}, {0x5, 0xd5, 0x2, 0x4}]}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r9}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8, 0x1, r12}, {0xe8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3c3}}}]}}, {{0x8, 0x1, r13}, {0x130, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r14}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x574}, 0x1, 0x0, 0x0, 0x10}, 0x24004800) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000000)) [ 2948.709428] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2948.709428] program syz-executor.7 not setting count and/or reply_len properly 04:57:48 executing program 6: syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, 0x0, 0x0) [ 2948.780482] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2948.780482] program syz-executor.7 not setting count and/or reply_len properly 04:57:49 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) [ 2948.809659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16164 comm=syz-executor.0 04:57:49 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, 0x0, 0x0) 04:57:49 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') pread64(r0, &(0x7f00000001c0)=""/4107, 0x100b, 0x0) mount(&(0x7f0000000040)=ANY=[@ANYBLOB="bed7179c5a050f6c"], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='vfat\x00', 0x0, 0x0) r1 = syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x5, &(0x7f00000016c0)=[{0x0}, {&(0x7f0000001280)="5fa3303b9a803364f7412e6b82791b5d84177b5f465b136e48dcd4d427420b8b4f4132307439babe42c9e611755a4b4af1215266f6007b93aaa439d76ad9c6e0fb66930e78979cd03953128057b9ad", 0x4f, 0x2}, {&(0x7f0000001500)="2b6e8eb0d902cde0633cef07ad11b6777947986100245af3b47131644ab0d65a8f821c481645a0e25f19b4cf63073f984b25c95ffe8cfa7b96b09fb770fb101f36eb5441883de9f11228e8800965eca7558d397fcba78a537838594d5804b94455ff8849f72b9907d8e26eca1910f87297d384f60f222d6ad42d0bf618df0e08877a24e680f0b310543319739e7bc292a4dbbc4ff46810c7bdb23219a8c2e0ede38d885b9d3af495b3846128e9947877e6b3184564c53bb7dcf3fcf7691ea170283cedb56702530f25864a8d28ef49903a7b9ef80a6e1c974ff3b57dee43581d265b1074a3", 0xe5, 0x20}, {&(0x7f0000001600)="729092ddb06293791e1e1da50e7bc78f5e58c7e7d7415b9ddd7b9d5d78641f9874026a5fee2ea5b79e245db0fd78fc46226e68e90602f69e9a191d6fa4b55c9d31ebd4a85485cdca6ee83242230ee041996e6c", 0x53, 0xfffffffffffffbff}, {&(0x7f0000001680)="4d653d37cefad854e75b737675adb15dd2151f07ea1efdc09fc0feb92e0bb71b2ae111e7d5aa35b81bac336f818d32f1abc4406d9d448e5ea832ab35e5b8cc", 0x3f, 0x1000}], 0x208400, &(0x7f0000002e80)=ANY=[@ANYBLOB="646d6f64653d3078303002003030303030303030303030352c6e6f636f6d70726573732c646f6e745f6d6561737572652c736d61636b66736465663d2f6465762f737230002c61707072616973655f747970653d696d617369672c736d61636b66736861743d2c646f6e745f686173682c635c6e746578743d73797361646d5f752c00a2c9042bd35621872c849d2afb58f83c98ca90d7f66039bd38310d6ac4083c5cec026626337f8641c34aec50357a54a223"]) rename(&(0x7f0000002e00)='./file0\x00', &(0x7f0000002e40)='./file0\x00') ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000002f40)=ANY=[@ANYBLOB="00000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff030000faffffff0900000000000000080000000000000005000000000000000100000000000000000000000000000000000000000000000000000000000000d30800002ac000000700000000000000020000000000000001000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f298cf55f928448cdf7eb01e04ef781f9be79e403f4bad0710d080c5d50b0ec830dc1c755869210533348b118e517ebcb9b920bc4e5155e8f2b63c5bad3f9806ff62395ff05b3e9cc6fa48b3b98e64181a3bcfc87e39dbdd994e8a9c7cfa17cf167b7b692a9c50ce89db76ad07dd8b22a2a254200000000000000000002c519b7a4b56b19d29a7b48518ee64431f181777fe8d65b99ba99a92f768e9e51a96cda1a7840cd24bce9aee48a1fd82190e588d1010310ef45aa6927848d552696c0807c643fa6079c099474f2831cf878fe91beb9277d3d20694e7179fae598fc2ea60aef8d8e2867b584e0f60c10ffb2494f1c67e437ac77926b43392d42d4acbacdb1ba2e10c6a2477c62037fe7ecb4d325eab9276d9ffa1962cfb94b7427742801e1b9b1800a5f4b061a87dde985012a7b517a30a7ad7f47ed7d116ec11376e1225a29589f1cb580c5faf4a070000000000000079c35d234569df58794ed750596ffa3b8c582dc720b117e6e3153f32bb26f864f50e90b977b108982eb147ae68e9a6433f8bb8d74cdfa7babbe5c95a584b4bdbc42d7ea9960c3d7905b587790b"]) syz_mount_image$nfs(&(0x7f0000001200), &(0x7f0000001240)='./file0\x00', 0xfa, 0x1, &(0x7f0000001380)=[{&(0x7f0000001300)="1854ea75d78c4288b3b6b1fc18640c3a299529eebf3d9863b9ec75c9fcea24ed690c4c9e09fd05377521c27a5617722705d8d043b20717b9cb5ef68acc0ff853a8cce2acdc94368c253b4631fc62878b92422d1bdb6b49a472b68c0967a7712829685211503af9135f73efc476b034", 0x6f, 0xfffffffffffffff8}], 0x100a, &(0x7f00000013c0)={[{'iso9660\x00'}, {'&/^:-]%]\'{\xfd%([.&\\!.]*\x97'}, {'!,-'}], [{@appraise}]}) ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x127c, &(0x7f0000000000)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001b80)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)) readv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000001740)=""/97, 0x61}, {&(0x7f00000017c0)=""/3, 0x3}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000001a40)=""/101, 0x65}, {&(0x7f0000001ac0)=""/55, 0x37}], 0x5) 04:57:49 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = fsopen(&(0x7f0000000040)='ramfs\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x7, 0x1f, 0x0, 0x45c, 0x2, 0x6, 0x96, 0x3f, 0x40, 0x26c, 0x7, 0x0, 0x38, 0x2, 0xa4f, 0x8}, [{0x6, 0x23cc, 0x4, 0x80000000, 0xfff, 0x0, 0x4, 0xba}], "6c6cf243e975c4b798c90c7ad9f18f458a1635cb53", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x88d) r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r2, r0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0xa1, 0x0) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x8100, 0x0) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r6, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40040140}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000326bd7000ffdbdf2501000000000000000941000000140018000008007564703a73797a3000000000f645105c6ba9e37ed745c4f6e68723ff75a700dcbd0fdbe6246845eadd6e47389032fa97e4eae99efe5ef9f396a23e814b4c591bf5c076138a6ea1a5863c859bbd89f3d6e939ad97bffc9aedd14ab11c11ac9013ff260de7d352d1ef9e865710d1d52f31829a61e471f8b4b7050000566c9ee1989c85655953e83f17cee26c0511551d407accedc2c96d2f0fca7bf779bdfc8132fc08390d6261e3630cb29def"], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x8880) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r7, 0x10, 0x70bd25, 0x25dfdbfd, {{}, {}, {0x14, 0x19, {0x3f, 0x800, 0xde, 0x8}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x8080}, 0x4008010) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r3, 0x0, r8, 0x0, 0xa1, 0x0) bind$netlink(r8, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfd, 0x40}, 0xc) 04:57:49 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706686dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:57:49 executing program 6: syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, 0x0, 0x0) [ 2948.973500] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16164 comm=syz-executor.0 [ 2949.077171] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2949.077171] program syz-executor.7 not setting count and/or reply_len properly 04:57:49 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000080)=0x90, 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000700)=""/4096, 0x1000, 0x0, &(0x7f0000000140)=""/118, 0x76}, &(0x7f0000000300)=0x40) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x9, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e24, 0x81, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}, 0x1c) r1 = perf_event_open(0x0, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x6805, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000002ec0), 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000001b00)={0xa, 0x4e21, 0xb49d, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000240)=""/69, 0x45, 0x0, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) recvfrom$inet6(0xffffffffffffffff, &(0x7f00000002c0)=""/8, 0x8, 0x2, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000040)=0x7ff, 0x4) ioctl$FIBMAP(0xffffffffffffffff, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x0, &(0x7f0000000100)=0x9, 0x4) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="cf", 0xfffffdef}], 0x1}, 0x10044001) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203692, 0x0, @perf_bp={&(0x7f0000000380), 0x4}, 0x0, 0x0, 0x0, 0x2, 0xe1}, 0x0, 0xfffdffffffffffff, 0xffffffffffffffff, 0x8) recvfrom$inet6(r0, &(0x7f0000001e00)=""/4096, 0x1000, 0xcd08, 0x0, 0x0) 04:57:49 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, 0x0, 0x0) [ 2949.161276] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2949.161276] program syz-executor.7 not setting count and/or reply_len properly 04:57:49 executing program 6: syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, 0x0, 0x0) 04:57:49 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:57:49 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd07066c6dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:57:49 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$incfs(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x9, 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)="2f4abe770c77af0c060c1acc194f9a8fae8443e9cc6a9c7c3682aa81072a4789fdfee4bcf413d131c9bcd2b90fa7feabc4783df50e4c61c87958100f61582109e2dfeafd686b3a10224cc2537d2aba7cdf7d6080c340ad71d1cb14935a00b69c2d0035cab203c4f708d3884d4f6ece6abecf80750fb482c2214cef60498382af739da177fa5498f04f4a4c5e1feb246fba342400a0c43042529b3be356b3bbba78dd320aba44f2fdd5594175f5f42d4fb8b7563348dd812474d91b9776364d4e9bf3bc9c0f27c0cd165ca2efe3", 0xcd, 0x6}], 0x2a000c0, &(0x7f0000000240)={[{@nouser_xattr}, {@noblock_validity}, {@discard}], [{@fowner_gt={'fowner>', 0xee00}}, {@fowner_eq}, {@smackfshat={'smackfshat', 0x3d, '},/$'}}, {@fsname={'fsname', 0x3d, '!*-'}}, {@subj_role={'subj_role', 0x3d, '\x00'}}, {@fscontext={'fscontext', 0x3d, 'root'}}]}) r1 = openat$sr(0xffffffffffffff9c, 0x0, 0x301800, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0xa, &(0x7f0000000080)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000)=0x3, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x2f, 0x0) 04:57:49 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, 0x0, 0x0) [ 2949.545294] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2949.545294] program syz-executor.7 not setting count and/or reply_len properly 04:57:49 executing program 6: syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) [ 2949.642270] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2949.642270] program syz-executor.7 not setting count and/or reply_len properly 04:57:49 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706746dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:57:49 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000340)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x4000, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r2 = openat(r1, &(0x7f0000000000)='/proc/self/exe\x00', 0x80, 0x90) sendfile(r1, r2, 0x0, 0x100000001) read(0xffffffffffffffff, 0x0, 0x0) r3 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) r4 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x200040, 0x0) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000300)={0xffffff7f, 0x0, 0x9, &(0x7f0000000200)="4ee327a473f665be59"}) write(r3, &(0x7f0000000180)="dd8975d9d2eb389518e6d5ece8f722e079e9ec8f10122e84986aee763238801c24194552756d9bae3023bb6c959f570655f3ab442d7f", 0x36) setxattr$incfs_id(&(0x7f0000001840)='./file1\x00', &(0x7f0000001880), &(0x7f00000018c0)={'0000000000000000000000000000000', 0x32}, 0x20, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000006440)='./file0\x00', 0x8000, 0xd0) bind$bt_sco(r3, &(0x7f0000000040), 0x8) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) io_submit(0x0, 0x6, &(0x7f0000001800)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x6, 0x9, r5, &(0x7f0000000380)="10c8a4f5544f205e0bcc8060a2c743b5e096b04f1ee85f2c686c87f0cdd68efb7edfb2a1e2ba8a6239463232bc2b89f7d87a255667761230fe2f5e4bdb5ce2fd3cf8fa36a61ae30bcb50d666ee38389b5323c564b26dc09aa79bd223d756bb07e0477f51b07e1f4899e12cb037a6800cb099947e9e75eb26e98b369015446643bd2d2f97ea44ba2abda5b7edad57be3f7e6f828b143dfafd52c8b9c7e1356b9a337c4859ac54", 0xa6, 0x1ca, 0x0, 0x2}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0xffff, 0xffffffffffffffff, &(0x7f0000000440)="d7775ac7eedd41b28a7d34ae46bfa482a951eb09a39480c51a525ab396bfb7e174617ddb7de7cb0e8b6a71b228fd66e2946e253c467473a9def12576c0f372b56486f492f8594f987cbbd5f9ba59955363f5f4bb1cdc19691c108ac385450a5f49ec41e6e6c52c5d57ddde7a5562451b3a073eb792bbc14bbbea67784e79cc950e5fd6e9af5c2554fad7e9da45e9649db3de4da6c01d526c64f6565b4585436f2863bda55466783b7e74ca2f0b4f6b8a70ef1499e1946c802227d7a2", 0xbc, 0x7fffffff, 0x0, 0x1, r4}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0xfff, r0, &(0x7f0000000540)="0140723e4d7029db4df59489f2c6f77f4f7d3e378ccd2fd5542cae332039c8e0b4d676a134f21abf8ea89afde380d7f021a6edcb35602b197211d10de5551e6e55adb2cee4c48e4be871ffad54314c6fad396c3b58d19c7f22f93585309fe6931ca1c7bbe729bf2fdf3fefa0c1af7596bfc80937ee27d1272fc194c3a635d3e5824bf0f8", 0x84, 0x9, 0x0, 0x3, r4}, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x7, 0x4, 0xffffffffffffffff, &(0x7f0000000640)="f409112c1b97cb0170a64b14d452e02b0588e552dac4d4bb6e580b8bc3e6948817436c6eaa69f01af4289c46f35e034915f5cc97609fb63cd57bf1d401db35780e1017354eb78d0e03c2794ccf871967b87c4a918f837129fd1b9d30923bc34144681a2c6a4ef0a7624d6b79e481a838eb6085fa2b7d939dc9e50318975805cdedb306e55fcc315d4610bcc8306e6683f00b9006819e3330309eda0c48d0fb793a6b96bbc62bb8604e5534e5c40933bc34984d7318bbd5c527b042964e3149307acec9ca16a7322c05151b0db0ee5072cfc9ecf43dc260cf49431cf836f831120078d33a47f115ebe0e30dd290a9afa3d3b595e81f742edecd098a13257cff1426ee4f98be5189145c58e68e51e9ae0944acbecd385bf190b460bfe352bfdc396744203176ce90819f43123b2132031c40d222cad691fc63a9a54bc4cd3ea87a3c71990e32085f0250f1ac534c5b5047a7273fdc5384be382ae002347ff949255fac8112a0e774d0270abbd57b1fd5ccac43279805d8516ab04519e38b143b5cc8e3c9e9a053b3931ccdaf9c5b163ba6fd1a124f2d79196b6f35bfd81135b119ee464721ac1d4332ebbdd03a0551725aaedc37e1b1b7903d6c4093759fb29d806e5ac99eb492169d9a36c8f01f8a3c74c0a6fb6c04073b34f0b45b795e3c5c5d418e1152f03a28fcd78a45c337579d2f2e072279adfc306a941deb79a295cc6e79077ac50b842692b53f31204510ff319c35fcdbcb72a39608fc9dba063c7d77ca00580ab5f801c98e5805ce12a991e1876f3e4d427e0a11c7f65fa921b97f73291340fe01ddad10970dd514fd69ed48e69ff63991421110f4aa6521a3f1ec4451b8535a741e852fde75f4d6875f244ead44fe5cd775a3e22932957fbc0fa8ec1019b1d201f5f245934c8b0d428f5d5051947b2988568f880e0da1b177908f49b6154f6107bb871c2ee9828f5f2a9c699639d7d6a41d47404e88ed6375c893b6c2c808a130a15ef28ad8ba78f747ea88e0f355f41b4730e0829e4f5f4924582928c78c5a3936658145ad7c8ce8c4c04c69d29492f0236a599ab2978d9432d1d79bc4c3e9a5665c7fbfc902af82d5510107c67b9280e04a4e42f7d57f528e4079ff65001382fe9ea9ab23094da857ae4d41b7f496cd15c74a0caa503cc643bb915a5aa9853e5869eaf4d5c9ef53d05d5228befc607330bb7a192220fb90fc7d14363538b48a1b566e69db38b70a51fa30f110858cb565ae39909d59469663998c92ce75742a68f643253b6db7b1bf2ce8be32e38764fe599bebde11584bea099ac2eba2ad32e858e079ba60ee0cc8d73670f6f1a2e5c6f3b1fd311d0188a84ffc15174c77be18ee6e4a095e69834b953ffaea600e79810c0f37a4bb458c33a3b26caaddf547cfda4cae323aaa7684ca56433b16bad452a2d5b704868ec19adeae92b0f340af345556166bec9cdf068c7fb3d2a674a035a3c8c0533fa2622055c05cd0653025977de5840ae8f50a8e030120fbd2041bbe338f5d079d688a04b5f0db520ae4d0f5119ed5516e87936373e9997cd457816fc2fe07e04e6b85203ed75aa38407e499c270b94b43650b8f2e1a4a331004272eb15f6a06953ff388c9c5304a1a3b84b72e3c91966b6bf0284520fbd11bb8f23479be3a85e58e71303355fcff31e565110ef1a8c1f30ec23832f039b82434f044f94d8adfdc04dff80d28efc45065c06af5d126f108a461adf7fd40147323ed61fb17a0e0891a792c37a558abbc62036cc79f5cc3b1fdd4ea84f547e7d4654bd758e85a50e3b13a05cd816b939c1d755b6fd0be3a94e5b95e0474e86a87975ef775a3df04cf626572bd4f48bc74d616ff282ea07acb37e94da936b4b1c5817755780083d36a311963b72bc9ad560b3b8040783dda93852c4a511ec26fe5fa073b4eac506ddf03ba653b0eae5c6579bdddef82c80a90d140d721469ed63605e82fe804688fcb95f44b092e804a469302c5d75d8374543e96a2d50a7c25e0e8504b013be7e1d232aeabbaa07ba5575a115c1f6e940375395fcf835b14f95fa415218b2814c9bc830b3f4d6825716daf4f46b36228c397e656da29fe38755006cb6fa3866f7f389e08fb3989cbb6889e8ce3a421530e983adaa514f6d73c3320605d08b27e6e1cfce8de8446e0e995074da3b8d2a3ba3ef079123c3e775c3681e4690d6c02dc3b1d8e095a198c35e246b04c65c0ad3d6e53adfab1b739a9caee57230e60d35cc0586a8dff15e091a60c5051a22732bd7de0b6e4b9fb67df682a5edd56f87dc36955200bf9e4ceb5b0942f5d9165183d09be0a46e5eee154d105af61a6afd507acf2f196977d1603065b9d65146c0f5084d523f74d2a29524f62523555356520dcde434b92b15d8609b0dd62ead78d566966962195531c4ffdd8c9d35a274ee36efa599da6defe9900443ed8914573572fc713395a989b367594dd01a61e68be028b6f209f594853b0d5befaac351ddbeb28c74e1c355be76f7bd305a2dfa6389d096b0dfb11f5082199326f4eb073717dde351acebdff051e854b47f142b17fbf1ee8863b2b02c8c2f7ecda3b345e0a809dcb85079b2e0058cfa8ab6406a03658e87fe59f0a63f50bce5a1fc36b23855a9542ee8347fcb5f6f1e4a93afc78166eb8e58366248e03fdde85cead143211a822b32480e14f564d0e8ca401706ae89f6f31c7952dab552be704d790462aa13e963f9acc4b2edb857eb11566974079819e38db2316d87f5e8ae292ae920ff9a60928946a5521428111eb2c0e3a446c5923cbd13043b082c9bbb6b9562232deb4afd17be444b5349ee97326ddf9d53eed24131d68dae2e2c9775ab45f2992bdfc992d442a1c7f283b0020c0359317ef0e99d481ee97dbb24180d7f27336e21b72fcd8ef69100a55ad36babe98637a2ff5881e8383f42e6cb46dccfea91905496615f8128574a052cf8e679060abb496a98998050fd351b69ee4b34dccb7153871338d93dc774697166c2b62d141d940824273c735643192bc44959c7bdeb7b606e8cb21c2de81c585e147933bb0f06e2f372c0d3e0c16319cfe5bf164afaed93b4d6ae27fcfd67543830a133864a2eaf9a9243fafaddcd5e8d5cf533d9954be593883f2d68af640aabd67388b2b55784ec6142179390bd1d7b06f7d9227774e2b636ab0bf12988287791c5c682c2aded1a54668f9fa48bc903b4f8793ec4a5914101c6048912d32441cadafeac4496f9b3fe5c0f688a288d919630a97c2ea8055a4bb69d40ae7d88b0b54321ac1195116cb9a7fce68aa0b99eb0f4c030bbaaaf609c2791b1f2aa301916e721c12d808d4d535986ccdc851278e8813c57d879fbf70d7b53a6abac13171ea552c73f0b242dc4189a5d180673148dc7a1345b3561eb85c428534694f17088b86df2d5e76d5ef6f074dc4a744bc72bb82c799bb710bfabc33a86c0d6f0044aabff805e606c1ba320aede3c5e1439ea2cd7f5be9fc7f3c98a786ac62d3c6cd7f0a4fb5afc3773fbcea16658ef41e2f8b154dbd3dfe9b02ea9503c88f59e0635570edfc0f17bd5c2b00de6b67c3698c50ada393cd6975104012b428d6cd3a4151b51ed366ccf84dec3f7720118cbd27ae5b41f9bef078c4d44f1517ca249ac5467245db2f43a32175ecad858db19341c4aa554ca0ce00e8467ec4839d48f40c12ec46d84aa7ce0a262a53fe01f41b5b46cd9bafcfd4a1011a60b4ebf60452484ebda6dc6d953994f1c54c161dfc4109645d8c0e8f62ae1bcbab9aaf272d9eeb0674dd8d74a8de3d3be037b3a11dbde30635a0e576c48cce01f47ced1777d224021c2e7b3064faa4ffcc06fa22ab54b49176760d3e573a4f4e0e81337bdb4e6f00730f589b6b3ff303cd0cb83e1f175b6afae8066cb5ac42607ec8972b14d666c3c6c63e2c6c35c71028a11af92c573c54b91f9bd64a64273fabcfb4e0ab4674a08912467dc612994fefc090fdbfa30a948e4e7391bf047b3fc3ca6d60bb492560398796720db78de64e8821e9a1d40942d899bd295ba70ed235fe4507142ab09e2dd67f2b717346503f790c402d844393a5d990325fb8ea6a6ebc81314610c90a3092e51e6b1386c210e85773cf1eb553e580915cc339f5fec6d034eea808963b7e1fa55fa52d499b9a1344bbc018ae370a8098376bb2a0b657ff6257a2af2b55234778ed4b9ac2676dc1443f3f055a37c79ab51bf0d5d1593a36c0bc541d3e09beea67bf80347bd8f3e0019bac242aea13b8c2afba249c36880175075627a3e24928467d41a51b4aad4270dbe88692e88a6081af3767f2fbb995ae89fa7001fb4cbe06a2970496312c8e94962449e9421fe4fb43fd02aa41d69c2364c38d2214e443fe3708fec066562959627febd53badf7c5950e0fa122e916177ac9042a7930d5a9d4e7b8d30eb0a0660971a17b5d41c0a4e8a081b45905674fd97b6fd5f9b2793f5c2aaca52ae28ecd0dee6dbf254c2a50d59730e8d6d828b37b0d95642799c0b0d400e4afe1ab4c5ee581eacd4190cbbf73608e74c75f1db18dafcc2b9a7ee3ca3f0675d8cb0a55015773fdf5f9f1d3174c8f4db5221b58b84991875318dea4074a5484c797a65054bdfd5e829c95cc79c96e9c002673a3072e3a982b9ec7a12d6b8df85f7c6d3ca393c4392ed8822f9e0b0910a610c69b59e7ae0c88ae170691e6a9dc66be01b4b75adeae0278725afc5ddce653a5b3600a70e493495c5178806782f106774d8edb427c1ff71cfdeaafb4e34b5f3e2eee546d38e5ae9c01eb2331cad620cac4031044d10659e399cbabf3380ff77edd6480124fe6420470873e6afb39d1a41a96640f7c85036447250afe60a6ec68f450ef895613cdf9ace39d5e8d2516365ef911545017d73cc156ea0b7c0eb6e4e0f154730f3188fa1810f631e7a6dfb3406b5edf11f360d0730e152af8f0e047878b8647683c08268cd6f28360160fc60b73cc876746db39986f01ca844a828d68da3efcc5949901bb3b2c1ff7b7379a3ab85ec747e8d0361e5fd8991e2eaeb77bd0944542f08f5220fa1ceaa6cc7714d20bda98ed08435048cc2281bb7b35a1f4c2700c781db8c062da197d9158bf4685b4fcb6940f7e5d1514273b8b1e288e79c396316a1f0241444368f159ff950c809fca3cf4cbce39fc839a5b98bcd1d95f738d0bb4d301a6a29f6d42f8cf41240d72fba55c382862e96bca3c6da67ba8403dfa289c9e9ae7a7465d13fd200c42924eb26e752c4f7bf07178ab6d2e48ff4d7673db597a9008126a2ad1c3501d668447fac5148a8fcabbbcf996b39b00e41b9044d94ee7ec1249b36a40d79d1ac3d6559875b527625450ddac89b348ece7eebfefda1dcb6e74fa484401ae332b2edac7c0c0e792d52acc7baf8cad6b7f97b8ec450d9472824e19e99fdf0ef6fab90c7d27074338ea80253847ac375bee936d8a546c20412021f4501677058213dcf149806e6afab94e8ddca3881a927f32e98ce3364ec0ad45fe4380b534eb9a96cb1c565a6b98f88470e34f7201000f5ca8da8778497c79e5408e694437ff7ad38e17ce6bbab74b74009ffd4a284b74f48517e2e039a6957ada69d34d2d731ec8361c80764894bb97d257fa405e5c5e3b31e6bceb5324c8516714a342828ef90c035dba45e1b35e2ad3bd5d62e0bbcefbcb05594aab578eff52f927f4d0843f1a7a7f9fc15f524b343854b1cbe6c3060f13c6deef8983210f37ee3b39afc97e4ae1ff1340f2f5082fcae454c01065180c1f2e3acff26f8ded3ac2ac97338c1fbf0216cb", 0x1000, 0x9, 0x0, 0x3, r1}, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x2, 0x87c7, 0xffffffffffffffff, &(0x7f0000001680)="7c83f2bb1886f15fe0f83787a054fc8323fa445e54637a37ba20771e7eb4a84845ec01bcabbd13435c3509f0d633f51d31109564e758f075757d4b94a12f655b27f78ca2b11cb157d0bc5643a10a9eb056262cb8dd52183f297efe9e69e61cb1756b3647fc6a905e8b59bceed15caf157622b9197a8f3b608e120d0f7b8f3acc75b5c4b59756d42bcfca2ef06f9c417cc22123c1f231c3", 0x97, 0x4}, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x3, 0x6, 0xffffffffffffffff, &(0x7f0000001780)="21436726f94e702ebe6ec8631c69b8e7c6186df12e9e2851eb4b3729d9e853bfeb382008a78fd90d96f4", 0x2a, 0xffffffffffffffff}]) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f00000000c0), 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x98) pread64(0xffffffffffffffff, &(0x7f00000034c0)=""/4099, 0x1003, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r6, 0x0, 0x80000001) 04:57:49 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) 04:57:49 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:57:49 executing program 6: syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) [ 2949.888090] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2949.888090] program syz-executor.7 not setting count and/or reply_len properly [ 2949.946063] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2949.946063] program syz-executor.7 not setting count and/or reply_len properly 04:58:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) 04:58:07 executing program 6: syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) 04:58:07 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x6000) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r3) write(r2, &(0x7f0000000240)="01", 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) accept4(r4, &(0x7f0000000600)=@xdp, 0x0, 0x0) ioctl$EXT4_IOC_GETSTATE(r3, 0x40046629, &(0x7f0000000080)) ioctl$BTRFS_IOC_DEV_INFO(r4, 0xd000941e, &(0x7f0000000500)={0x0, "19728eaf6e22add0a2ec6e80d76ae06c"}) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x10) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r0, r1, 0x0, 0x20d315) r6 = socket$inet(0xa, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f00000004c0), 0x3) sendto(r6, 0x0, 0xfc, 0x0, &(0x7f0000000140)=@nl=@unspec={0x0, 0xff00, 0x0, 0x80fe}, 0x80) 04:58:07 executing program 0: r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1, 0x0, 0x1}, 0x0) syz_io_uring_setup(0x4, &(0x7f0000000740), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) pipe2(&(0x7f00000000c0), 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r3, 0x0, r4, 0x0, 0xa1, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r5, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r5, @ANYBLOB="c4790000000000002e0700696c653000fba4dfd4ad0a787074160bcae761b1251aef40f88cd2997fc5d126b1b4d24fd0c3c02a0297eb89c9c15fc193e93ad2850be7b9d038092dfe4b3f90672107f4e59115b4f365284b851f52aba1a2c561f18f506d24aae3126aa4e8904f5f180e2513fa53ea5da97c31d9077cce48abaa61c75def9b3dd08318e83913d99d03b3514169dc5a16e183d1345b0a359dd1bb47911efc63f3f1abf764e143ea6100000000"]) openat$random(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r6 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ftruncate(r6, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 04:58:07 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000001900)=[{0x0, 0x0, 0x7fff}]) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) dup(r1) pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xb, 0x5, 0x2000000}, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000140)) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000740)='/sys/class/drm', 0x970c7917c8cb9e10, 0x2) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0xfdef) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000001c0)=@nl=@unspec}, 0x1) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsu(&(0x7f0000000280), 0x0, 0x8241) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xe, 0x1}, 0x10000009) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000004, 0x4000010, 0xffffffffffffffff, 0x8000000) newfstatat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0) sendfile(r2, 0xffffffffffffffff, &(0x7f0000000000)=0xe72, 0xffffffff7fffffff) copy_file_range(0xffffffffffffffff, 0x0, r0, &(0x7f0000000180)=0x18, 0x5, 0x0) ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, &(0x7f00000000c0)=0x1) 04:58:07 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:58:07 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd07067a6dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:58:07 executing program 4: r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r0, 0xffffffffffffffff) [ 2967.360137] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2967.360137] program syz-executor.7 not setting count and/or reply_len properly [ 2967.403415] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2967.403415] program syz-executor.7 not setting count and/or reply_len properly 04:58:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) 04:58:26 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) futimesat(0xffffffffffffffff, &(0x7f0000000080)='./file1/file0\x00', &(0x7f0000000140)={{0x77359400}, {0x0, 0xea60}}) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1810c1, 0x0) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0) readahead(0xffffffffffffffff, 0x0, 0x6) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="af", 0x1}], 0x1) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x8000) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1, {0x4}}, './file1\x00'}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_setup(0x3550, &(0x7f0000000240)={0x0, 0xf36a, 0x2, 0x0, 0xd2, 0x0, r2}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000002c0), &(0x7f0000000300)=0x0) r5 = io_uring_setup(0x5204, &(0x7f0000000100)) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x5, 0x0, r6) syz_io_uring_submit(0x0, r4, &(0x7f0000000340)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, {0x2000}, 0x1, {0x0, r6}}, 0x4) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f00000001c0)={0x0, r2, 0xce5, 0x9, 0x75, 0xffffffffffffffff}) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4000006}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x2}) 04:58:26 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:58:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x3f) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x22000, 0x0) dup2(r1, r4) 04:58:26 executing program 6: syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 04:58:26 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd070600b6ff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:58:26 executing program 2: syz_open_dev$sg(0x0, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000080)=0x90, 0x4) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000002ec0), 0x4) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x50009401, 0x0) openat(r0, &(0x7f0000000140)='./file1/file0/file0\x00', 0xd5080, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$FIBMAP(0xffffffffffffffff, 0x1, 0x0) setgid(0x0) sendmsg$inet6(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="cf", 0xfffffdef}], 0x1}, 0x10044001) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f0000000040)=""/42, &(0x7f0000000100)=0x2a) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202692, 0x0, @perf_config_ext={0x0, 0xfffffffffffffff9}, 0x0, 0x0, 0x0, 0x0, 0xe1}, 0x0, 0xfffdffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000200)) recvfrom$inet6(r1, &(0x7f0000001e00)=""/4096, 0x1000, 0x4000cd6f, 0x0, 0x0) 04:58:26 executing program 0: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqn(r0, 0x0, 0xc8, 0x0, 0x4) r1 = socket$inet(0x2, 0x3, 0xff) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000040)={0x1f, @none}, 0x8) r3 = socket$inet_udplite(0x2, 0x2, 0x88) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000000)="0183ae40f3fdac402b01fa055e4299bd37dddcc8", 0x14}], 0x1, &(0x7f0000000200)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty, @private}}}], 0x20}, 0x0) [ 2986.175630] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2986.175630] program syz-executor.7 not setting count and/or reply_len properly 04:58:26 executing program 6: syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 04:58:26 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) [ 2986.241273] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2986.241273] program syz-executor.7 not setting count and/or reply_len properly 04:58:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 04:58:26 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706000aff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:58:26 executing program 0: r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000000)='.dead\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="5a4b64983bc4e9f531fde2291a3d1f59b208d68929cc11fda7ac4638732e58ade98200", 0xfffffffffffffc3d, r0) keyctl$search(0xa, r0, &(0x7f0000000140)='keyring\x00', &(0x7f0000000a40)={'syz', 0x3}, r0) r1 = add_key(&(0x7f0000000740)='id_resolver\x00', &(0x7f0000000900)={'syz', 0x3}, &(0x7f0000000940)="c36aa90d7a9ee4fede586f678697f782b15e14d49ca738bc13eb8b69e539051ed8c3622b0bf18f92b29ea641fffe549c70d49380db8be84505d70d794ac1057f660a0d3a399af0a34c3fc63c7393aad7eb82770673bf218d7ff2ed1176bbcc48278f0734c1511a83ce858935d3449bc8cfc0f33122edec8fdfc6128a2566fb1449e4b6decbee6c9118664f19bea2e437aa4c6e603f3af7f3580ce14fe9f409dccb849d505d3da3bb4da2236d9a6591cd844ddce1aadb033d6cf227f64b832e97ed84e7d590ed4c523ed7bde7b71e", 0xce, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, r0) r2 = request_key(&(0x7f00000008c0)='cifs.idmap\x00', &(0x7f0000000780)={'syz', 0x3}, &(0x7f00000007c0)='/,\x00', r1) request_key(&(0x7f0000000440)='.dead\x00', &(0x7f0000000480)={'syz', 0x2}, &(0x7f00000004c0)='\x00', r0) r3 = request_key(&(0x7f0000000500)='rxrpc_s\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)=')\x00', 0xfffffffffffffff8) add_key$fscrypt_v1(&(0x7f00000005c0), &(0x7f00000006c0)={'fscrypt:', @desc2}, &(0x7f0000000640)={0x0, "56d9bbe4d400113be6ddd1a219d0d989f6eb3191757a3d36ba8e8a81f3c7401d36667f6687ef6acadb03752621003583b765e15ba3b0b728faddd07cdad0ac45", 0x3a}, 0x48, r0) add_key$keyring(&(0x7f0000000600), &(0x7f0000000700)={'syz', 0x3}, 0x0, 0x0, r3) keyctl$search(0xa, r2, &(0x7f0000000180)='cifs.spnego\x00', &(0x7f00000001c0)={'syz', 0x0}, r2) add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$join(0x1, &(0x7f0000000880)={'syz', 0x0}) [ 2986.437287] device veth0_vlan entered promiscuous mode [ 2986.565085] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2986.565085] program syz-executor.7 not setting count and/or reply_len properly [ 2986.594619] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 2986.594619] program syz-executor.7 not setting count and/or reply_len properly 04:58:47 executing program 6: syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 04:58:47 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd07060025ff0043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:58:47 executing program 5: setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000340)=ANY=[@ANYBLOB="0a01010164010100000000f106000000ac1414aaac1e000100000000ac141444ffffffff7f00000100000000"], 0x2c) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r1 = syz_io_uring_complete(0x0) fsetxattr$security_evm(r1, &(0x7f00000002c0), &(0x7f0000000300)=@md5={0x1, "13b1c06fa176cb84845495f98c78cbc3"}, 0x11, 0x2) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) syz_io_uring_setup(0x4d4f, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='net/route\x00') syz_io_uring_setup(0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x5, 0x0, @fd, 0x0, 0x0, 0x3ff, 0x0, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xb2f) pread64(r3, &(0x7f0000000540)=""/4089, 0x1016, 0x6a00) 04:58:47 executing program 2: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000780)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x3, 0x6007, @fd_index, 0x80000001, 0x0, 0x0, 0x8, 0x161adb73a975442, {0x1}}, 0xfff) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = accept$unix(0xffffffffffffffff, &(0x7f00000007c0), &(0x7f0000000840)=0x6e) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000880), &(0x7f00000008c0)='./file0\x00', 0x8, 0x4) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="7573726a718c6f6a613d6c64656c61646c6f632bfe"]) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='net/anycast6\x00') ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000180)=ANY=[@ANYBLOB="0179a6ad74474a94748fd27a7e0000000100e0f145a552a5d7ce3289cba6fcb7b403b133a3d89249268453beb3246de9ded23329eaa4375a8e391932190a4182272559e42f98a5e10446340e27f0482bec7cb4732614d6697aebde8928468fc47c6667c8d17666db3fe257b28e068559", @ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000002c0)='./file0\x00', 0x4, 0x3, &(0x7f0000000600)=[{&(0x7f0000000300)="e3eb1ae90b6978dc1020", 0xa, 0x17}, {&(0x7f0000000340)="47ee3cf05fdfd59dd96a9bf2f3e6aee49c2fb02ffc4b97c4d8efd6f7e7c67125ae9d6f372da5b56dcbb085c1391c4cbe4096e219ac6b4a3cce50baf5808b5c66552591427fd9aec5db171cb14dd213e693fec05e664bf331386394d67b0dbfef66ac1ceece26f924f14a847b262d7625db835d7fc3feae46b80e27fd8a549a15c98509cf31019709d564996515b40265ce5ec736ddbdf68d410fe4d6f4838fe3cd31ac25684b56cbd0a868c72389f60843b14d530de95a722e00cf4ee5bbff15710afcbc0cf55d184bdd9058e314300d1eb0", 0xd2, 0x1}, {&(0x7f0000000540)="975eb281d515ae253fa4d4377741df0dc7ced45b3d64d420cefc145094c83dc984c5c334595419d957d3cd9546c908a8445a368fabfb35bd922665c947339489128ba39982bfbb7b91caa34258774dc892f2c27113e4737a82019552487ec429759f8fd4ebb88079fe62ac7e7d9cf2a4a1216548e4eb2a5a11f7d8ba267a385fa0ddba3d93b1e72ee2453c81c722b5a11109c3cb1dc9a14616e762c443ba22095e861ca4ea29aeb392b5910f", 0xac, 0x401}], 0x1140060, &(0x7f0000000680)=ANY=[@ANYBLOB='iocharset=macgreek,uni_xlate=1,dmask=00000000000000000000001,shortname=w,showexec0x0, &(0x7f0000000140)=0x0) r6 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r6, 0x0, 0x0}, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r3, 0x0) syz_io_uring_submit(r7, r5, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r7, 0x0, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x1, 0x4000, @fd_index=0x9, 0xfff, &(0x7f0000000140)="e9f0c0d29a0d6046314139214d0ff2b478bd5f2e027cfcd205d48df7cc95b6b1f4ac26d62a2e9179ea78a39e941231ed44653a5fc2863e77e4972fa343fee0eece67ed861c962443f49178a82e0f5d48310c40b813fbf2ab242b66c804d1a9e60dc484b18b349d383698b8d8a5f38ca3713cc6577c5b3ca066d2426b170078bcf843a85665008687d9f4319d87d9feb81f07eb3716bb0ed7fe1d3239fe7f0b7b6aa618a49bdcc0389b3f9df5e15ee7cea1fc244a2c3f81ee91", 0xb9, 0x3f, 0x1, {0x0, r8}}, 0xffff) 04:58:47 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x0, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3007.213374] device veth0_vlan entered promiscuous mode [ 3007.315018] hpet: Lost 1 RTC interrupts [ 3007.338217] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3007.338217] program syz-executor.7 not setting count and/or reply_len properly 04:58:47 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) ioctl$TIOCSCTTY(r1, 0x540e, 0x2) r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x0, 0x101}, 0x0, 0x2, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r3, 0x0, r4, 0x0, 0xa1, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r5, 0x0, r6, 0x0, 0xa1, 0x0) connect$inet6(r6, &(0x7f0000000280)={0xa, 0x4e23, 0x7, @mcast2}, 0x1c) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000140)={0x0, 0x0}) r8 = open(&(0x7f00000001c0)='./file0\x00', 0x38140, 0x180) perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x6, 0x1f, 0x9, 0xfc, 0x0, 0x6, 0x3a320, 0x8, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x717e989c, 0x0, @perf_config_ext={0x3, 0x7}, 0xd000, 0x40, 0x4, 0x7, 0x1000, 0x5c, 0x8001, 0x0, 0x800, 0x0, 0xd3f2}, r7, 0xffffffffffffffff, r8, 0x3) r9 = openat$full(0xffffffffffffff9c, &(0x7f00000002c0), 0x10000, 0x0) connect$inet6(r9, &(0x7f0000000300)={0xa, 0x4e21, 0x4, @remote, 0x6}, 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e22, 0x10001, @empty, 0x7}, 0x1c) dup2(r2, r0) [ 3007.367414] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16346 comm=syz-executor.1 [ 3007.432465] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3007.432465] program syz-executor.7 not setting count and/or reply_len properly 04:59:07 executing program 0: r0 = creat(0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x10001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = epoll_create(0x3) dup2(r2, r1) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) 04:59:07 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x0) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:59:07 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r1, 0x0, r2, 0x0, 0xa1, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000040)=0x1) r3 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r4 = open_tree(r1, &(0x7f0000000080)='./file0\x00', 0x81000) bind$inet6(r4, 0x0, 0x62) dup2(r3, r0) 04:59:07 executing program 5: syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@sack={0x5, 0x12, [0x2002, 0xac1414bb, 0x0, 0x0]}]}}}}}}}, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 04:59:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x0, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:59:07 executing program 2: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x2a, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d2f4655fd2f4655f0100ffff53ef010001000000d1f4655f000000000000000001000000000000000b000000800000000800000052470000620100000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e33313930313834363600"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000005566cbb705fc4d7ea1c5dfc95b00bfe3010000000c00000000000000d1f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="0100000000000500110000000000000000000000040000003c00000000000000", 0x20, 0x560}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x480, 0xc00}, {&(0x7f0000010a00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x1400}, {&(0x7f0000010b00)="00000000000400"/32, 0x20, 0x1800}, {&(0x7f0000010c00)="00000000000400"/32, 0x20, 0x1c00}, {&(0x7f0000010d00)="00000000000400"/32, 0x20, 0x2000}, {&(0x7f0000010e00)="00000000000400"/32, 0x20, 0x2400}, {&(0x7f0000010f00)="00000000000400"/32, 0x20, 0x2800}, {&(0x7f0000011000)="00000000000400"/32, 0x20, 0x2c00}, {&(0x7f0000011100)="00000000000400"/32, 0x20, 0x3000}, {&(0x7f0000011200)="00000000000400"/32, 0x20, 0x3400}, {&(0x7f0000011300)="00000000000400"/32, 0x20, 0x3800}, {&(0x7f0000011400)="00000000000400"/32, 0x20, 0x3c00}, {&(0x7f0000011500)="00000000000400"/32, 0x20, 0x4000}, {&(0x7f0000011600)="504d4d00504d4dffd2f4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7033300075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x4800}, {&(0x7f0000011800)="ffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300"/1056, 0x420, 0x4c00}, {&(0x7f0000011d00)="0400"/32, 0x20, 0x5400}, {&(0x7f0000011e00)="0500"/32, 0x20, 0x5800}, {&(0x7f0000011f00)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x5c00}, {&(0x7f0000012000)="0200"/32, 0x20, 0x6000}, {&(0x7f0000012100)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x6400}, {&(0x7f0000012200)="0300"/32, 0x20, 0x6800}, {&(0x7f0000012300)="0400"/32, 0x20, 0x6c00}, {&(0x7f0000012400)="0500"/32, 0x20, 0x7000}, {&(0x7f0000012500)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x7400}, {&(0x7f0000012600)="0200"/32, 0x20, 0x7800}, {&(0x7f0000012700)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x7c00}, {&(0x7f0000012800)="000002ea0100000001000000270f240c000000000000000000000000000000000601f8030000000006000000779b539778617474723100000601f00300000000060000007498539778617474723200"/96, 0x60, 0x8000}, {&(0x7f0000012900)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xattr2\x00\x00xattr1\x00\x00', 0x20, 0x83e0}, {&(0x7f0000012a00)="0000000000000000d1f4655fd1f4655fd1f4655f00"/32, 0x20, 0x8c00}, {&(0x7f0000012b00)="ed41000000040000d1f4655fd2f4655fd2f4655f00000000000004000200000000000800050000000af301000400000000000000000000000100000004000000", 0x40, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d1f4655fd1f4655fd1f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014000000000000000000000000000000000000000000000000000000000000000000000000000000000000008081000000180000d1f4655fd1f4655fd1f4655f00000000000001000c00000010000800000000000af30300040000000000000000000000010000001900000001000000010000001e00000002000000040000001a00"/224, 0xe0, 0x8d00}, {&(0x7f0000012d00)="c041000000300000d1f4655fd1f4655fd1f4655f00000000000002001800000000000800000000000af301000400000000000000000000000c00000005000000", 0x40, 0x9100}, {&(0x7f0000012e00)="ed41000000040000d2f4655fd2f4655fd2f4655f00000000000002000200000000000800030000000af30100040000000000000000000000010000001f00000000000000000000000000000000000000000000000000000000000000000000000000000027951c99000000000000000000000000000000000000000000000000ed8100001a040000d2f4655fd2f4655fd2f4655f00000000000001000400000000000800010000000af30100040000000000000000000000020000002700000000000000000000000000000000000000000000000000000000000000000000000000000077475a5c000000000000000000000000000000000000000000000000ffa1000026000000d2f4655fd2f4655fd2f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3331393031383436362f66696c65302f66696c6530000000000000000000000000000000000000000000002247ea9f000000000000000000000000000000000000000000000000ed8100000a000000d2f4655fd2f4655fd2f4655f00000000000001000400000000000800010000000af301000400000000000000000000000100000029000000000000000000000000000000000000000000000000000000000000000000000000000000401f9fd3200000000000000000000000000000000000000000000000ed81000028230000d2f4655fd2f4655fd2f4655f00000000000002001200000000000800010000000af30100040000000000000000000000090000002a0000000000000000000000000000000000000000000000000000000000000000000000000000001dd000b4000000000000000000000000000000000000000000000000ed81000064000000d2f4655fd2f4655fd2f4655f00000000000001000200000000000800010000000af3010004000000000000000000000001000000330000000000000000000000000000000000000000000000000000000000000000000000000000006b8b381d00"/768, 0x300, 0x9180}, {&(0x7f0000013100)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x9c00}, {&(0x7f0000013600)='syzkallers\x00'/32, 0x20, 0xa400}, {&(0x7f0000013700)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0xcc00}], 0x0, &(0x7f0000013800)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r2 = accept(r1, &(0x7f0000000080)=@phonet, &(0x7f0000000140)=0x80) bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r3 = syz_mount_image$tmpfs(&(0x7f0000000780), &(0x7f00000007c0)='./file0\x00', 0xfffffffffffffffd, 0x8, &(0x7f0000002b40)=[{&(0x7f0000000800)="7ca9cbfae899aec0c8ae5a0d656f91ff237353d3909d8056ce4545b7dc4d5c0b58763efc2fd30b365f108416ddf37ce73dffd3d507a72a3c66e11404ce2218d1721e910259e06d58df574f817c543e1a963205ec011e385e575b742ddf7a2457c2a7fc47953e42c2c9e28862327cf9dab78dda78bbd8ac1d4b7d28ff85294bb3b810f454e75a816eeb78f0f1b3691bfc45855e0fe009ca39edaf5baabfeeefa0435cc37c401f6626901472aa684372144bcd32400832a7db78c412f700edd7c99f86a00362f5d67dd7e4d8436a2f11fe2b345114806d1f84a9ce2de3ab3c5a383bd48cd2eca53a4ec30b4f1934c367d5767557628a1e7c446fe663b354d28230d8d2ff7d3b0d20818e5c5e66548c889cdcdac944fd1928c3017a77175a7943e184768c1d44de6fb1c5265750af54ace6f93dce037c6e25a9b2461d8503ee209b7ccc45dc1adfd293e9d8a46971baed9642ce9d2f49a0c2be5baca8f419147b91ce8a4b968f5347a7835849400796178f6c8d5d6bf7d452c3a4c1bccb4d4bf3bcf017df43134e61c31fa936cd55178645532d47615c64c76d4afb7f6ae5e29ed5f56176b70dd6dd79e3fca9dd5e9c36eff01762e145d0c69dff79d689e016d7323e4ffe025d6550816aa8e890ce3e8dd122ac7a4accd0a505b73ac2bc73818d4c575c178272131cab9a6e6e680bf3a7746c537143d8153845eb3fa6f297de3196720dfd47c5147a3fd549fa0fb088e4318073713f50bc4ba34e32f39dd1d10f2c7437b9bc0ede7673aba36c5f6ba5fef9628efcd3f29d274894aa46c52099e42a495758cf0b16f1fffe10968357ea788eb18b0c7b2c0d7ef41eed8a5536b6f5693f0ec985c9f7618b6cb6b90e64aa149f04225ddc3410a915ecc90f258e64a17006aa898d3f020bb2d429d89abfc93331bcc3ede6ea3d8bc7a533ae05ef6de9f864e530a141cabda6c5997cfbbe24fc3507fa4d77d6453435d4582a885882f4f896ec5ff71f87928f7f87dc0906daf18fbf18c7b9da0a839bfe92a86eba1af246e2160161a54d3f917da72c76258e7ed2d1b66cf78b3c4d0a5bf5192e57fb93ead12fcfb2633f3bc9595ee90e350af27d64a44d057a6deff303e840fbfc875183b72077d434263a228826765ecce2cf3a60c54b392a2e622041d886189bc6de39cdee61e9782ceceb53e4c47b88876f5b9fa0bae3ed875b60e661c3ea56da1b5160b00848894d8e0c517d53dee1bf53d2440953c69ff2ba6305e3cd1487a88c9816913fa2baa3c26f3b441abf7a3a4b9aaed5ad05fb64acbdf9f1aedb88e065b0fd02a007c6bdd0759f4a9d1fbfdd032bc701157941048919526d8e950f3ab5cbbf5391dcca1dedb88d1d99311f70126085f45856cc724b36513b532955fa97e1a69f5bdb083bcda245355ffd854060467429785ec66cbb8a8cfc111158c4647334476e7ace69b5310604d377cb8dea84023311158229dc3a4330e8ca250d3c31cc62a7aa6bcaee599cec780f3a8a587430316b43a5da2bf15d4ae3e9df5a2e27977848be4d46dafd8eb041920c433a4a8c3f313afeb071d72af9d65c59ba1ee1699de880f768c631a9e07074733a0b9bc5d2f05804d5f0dc3f451a24aff1ebc80afdc662a416656507724239ba85a1ee261264313fe2ec561a82093a585e6594f206a4b91cec64aace8f7506c6016e163b097dcd1444b2ef62299fd3d6b546433a9087de70a38ff5cf0c7bf34024d9baed1d2fc5ec7432da829d432796c0e0180b0e819759d8251f6029d513f2882b54a594864618930273d6f33a4f6a6e38c42ba4cbb9298313802409f8d03555f96c6e81bf44c0039e8a89318d2cf9bf868171612b319d15b85bc21f3aefa5169cfc49941c81b4ee66edec445a32292cd03a8b32931090e46ca9988ac108785e2d00dd046fd4fb9b5136f2a7de998e9f2d0c7a5cf294793a7acb3514080c674c378286b6a362ede65bca19eadb6dfbc5bec2bc3ca6247e3ef87803b5a4e7077f2b4b8d5637f0900636a63e8e8adeff98be6fdc88fcdd5e2ccd403bdffd92c2c7ba0535adea9240774d4a0c927acce0e153cfc74352071aa351046cb60881922a888b4d8d5626d12b0694d99c20029bccbcef4c2cbfea69afe46e1e9c5cbd62e15b8fedb8137dfc05961e110e045ef357382856459c4c04e909a2bd7313f92c6e9a00c5401d0dbeb29c65edb29e080beb20b9bfff5e8961adbb2ca72362ad9c0b200b75c9b8f8a3e84c0a9716488fe93df7439ca56f24bd8291ab224c41e073897244640390597d4b6ef8a6aa9b1accdcd161484b7e3d3eb1cc573ac61eaa2678242f408c7174be5575bdfc1ede2d1aa47d04e52d610e2ddc40f7b692f915f75439eef428804bfea92f55c3e69f834136a6c3c3d61485376b03c4567f2096213ae34baf0ec2fb8dcf03f73a123c574de0a923a21e2de1fa07a8f72b7d06ed06eb7d18a1b79b56dc0b80904a87dbb8727ef2928914effa3c36900d061cd6da883dbae302b15effcc5506fef028d7b51cc7754e959272306a60b064ae8714ca60616e7332d413b191b7d96bcc5c47eaaf73b2d4904d1f8eb04da86b7269a6de2ce5a50dd7eec54bfe94873dc9eb4af96e7d242b1af76011d0c908ac336d293b1714919cd722ec88b8bff5679f5c9bac4eab4e9de82fbdbadc90cc92019e7bd16fc6493fe307903f40dc3b5688c8f2176aacfa95916bbd0e8a77b138dc360d8444b7a1c79802af16fd93ca2c3c11c42342c88ec420873910306a53c8e084ef17e26e3684c833aa0f2088a1f66b3518af364f465ea7a1a33b35089b390c421fa3a4846330da45811bc856d2c2e107ea01b2c4ae395548dc1a95d4838445ee6ee2379eca80e8c005800173ddcf9c91fad67347ad976bff8ebc2c9a9541ddeeba997dd6ccabfb7f24b3a7b7abbcf72853f4acb33135b784db2e54e2bb4622d4ddda1537ffff61e674f0bab7e18108936b42abe9d4f23a97d82efae202a5da26a8addac90c12e42e755c1766e71aba37cc1d92503de8e2746ef171c162b2dbb356c81be9ab14de063d7b6c79f6b945a0a786bd8f80083f4291f1ecfc09e379eb758f238ab8705e4a6461f7d681484e25c5f6c13bfa3d6d08266c998e3fec787df137adb40cf3c8b1e0b65c9e63f9727c9ebcf4b3d07ed04771e8c0ede0dcbd89df3f285a7e86ea19166190abc59757ea7039482289495d3b53aef7094e8954db1de255ecb3a362d593dac4c42a466be472af18de628e56fd453ceb0537334ebc271c1057925da52dfa1c8c2f92cf531a46087a26fa6fc928611fba50afd639fd1659e029ccd3ed52dbb839d57205cdfd8d505807ca881450e1b0264bc5e89ddf6ef47f65ccd7a39897a58300e0f3ceb1dbc5755017a2a4565edfbdc7cb95a2cf022c7f01c36fbcf525ffa84b2d2e0f229e063ccdbd3c61fd95edc814e56822ec7fd36b629d58f6048e8f85743ad2cec4e5e30d47b6d267bf5b352a0082b4b67860dd0b53d8d25f5990df2b8ef5de49142a3fe3fb52f523856bbd4628316597ed4d0e823df3b3866086b2c5fb4469a5b0a149ec22ef10f2a828a1d842e3a2ce656fb4f0e9e9214b0d525041c1358a9a18ff5faae4b1d32a9be6c345178d0acb5afc541e4f622ac1010c66c58dfca269676c5e6b57b53aff4869302427699e1173bdea8cde56d4b44a4329758d1291dd24ffc91e8f63211bc96d708dbd59b7f33ce0c4ee2288b34819d1e224031a617998b5e13b2dfd38d63154c33f1942bee2884b589b41fb1322c90905976883c2bef5c4aee0b0367bf498247ae263915003edfcb33d3ccd1f22d5ed4fa4aa96eefb8e2e2abd4055d7efcf328971881a14f97772bfad19599b00dc1b739c121b3dec8295f32d483cba46ce4a02a18e41d092a0dd45288f0f30fc6001d8373ce277063f740b9e034632f6175172aecedfbd551a3fc4d4a4924e5a57091f77598a32c7935c30efeb26572a7279ebdf80aeae078b50ac14b7d879850b514262a910ff876a16f107eece337133eacd54a569b92c48a794b9eadea05416aafadbeabfc18981ac050c1627b41008f83b32c316666cfa0754b5d132c5f6afa43135b804c49c65ecf9a350b0dfb08e55bce85b37691ea1b4c538ce8aa266d14ee1f3d2e896d82890c67f96b1c43b83e8c456463fbdc0d44fa4d8ac8324ced0515d4f54695f4e903d55bb08c4e1700486149b6a9233cd6a82ae908918f86f8774b689517be8c6d43ce710c5bcfef15fbcd93a68a8bd0ceeaf14f4f1b8f9b06ccef34dcfbd50f231a61a12e6cb712e924ec9ed1da405638613e06e3b5b3c3684a6d7e7e9a1ad823afe4c0c8b77fa0db68c3420f90e40ab27716784c8be86b1ba52a57ad45ef8c331cb34a766adfbfff1c9976b940fa8edd578992efba25493f8e5b0c8980f0e69cd9293b6a9fad0487cb7823cbf8c8d26f8369deff53773c1625939fd684db07f6b5ab13967a55c61dc72ea49c2c3cf1f99ba0a49067b72e1bcf51a4ae4fea0d18a00201cee0889ebcf0272085d70fa0996121da4d66a650e7fad5e5268d71de2bf9d6d333bce9fed3b40de1aa80c5d9b2e552b7744bb0dfa41e7aa17b5cb0bcc824cbedb8dc2ee2ac44ab4cfcc105d70122dd8290cd8dec7fb655441be2a66b2d09d8fc52b6cad92d4e6b057df1fc03eefe5e456e005ee461be2f374830ba09491b1d021c3124b0c690d186001fd9b25f5faab66662678d7292929463b36fac3401a9eb0c1820554fbbdf333bba5f199a177f4c4b797a95c00c900d44e0b16e862e0179d742d996ce56b947fa8566429a992673849f75528529b2edcc6f1532182292589164d62e63b4e38b9ab17553ccf186e6911e02a68b21fd5935ac24a3a368ac1f91739eda5cb8a49c0b39e2be9781eb90afb8e5c9f95c9de5cc81ef97cb69c1e34cc8b7b6d07bbdf2268ce4418e913533e6501c54e916d76961e6da9c38728f87c28236c9c50fecf064f1ee9ad8148848c653028c079a53e86b862e98501d8ad6edad01361b0c0bb9a817cea3b0175753c494f3a7de3323504c03e6d517b44a0ed1bc175f3cd2f7d5d06b7d90a1740415a39bc82d2811f9769dbe9c46f61dd0a71226418d794026491eef843e972550e9069ba337122ef0bc2f00c98223fbc8ada8f28c53baacab61e79536f9cfb424e52f8b1641d13bd527d2055d89f28f69ef2b044040bb587bc28ea079c7a93eaaeee479cfe1d38e0c80c18a4db870704bfd5160de01c314a8b69a302af1fb3d0b9bd9c6ccce58a7b53e2cfc207f87c0cd56204ccd7d95618069de95645f1b2538b146c404cdec640b8486f194db0729b4dbae4c262a1c17bb63859ee8c427d9271fef79a0429916b48b304f0f073ada1657395ef1bf8c2ebae9bf6b26b7f981f7d83d940df930e0e1223729e5ea9d96fa9b10be83c75bec24dde111eda9ca7a6bce5a928bcb7da7747322812835b57d51bcf1c28e6461d35ee637a395ad69d3a061749002c133de84422bc55ab1386011b3afc164c0858d246eae1b14a870724136ae07e6fe01d9e3e392919e7014dcb63116543bece2b2b1d547bbb7bce99d45c0518291b2d35decdf75fe4cadd95319b6f714df0fada2c1384b10a3d7dfefbc8776cc06ae0e6321ed975b9ea11ffca6d2eeb35d9b2511efbfb3834ecb18be3451f5a59f42a7485f4cc8f3c78c81bd8dda161ce26872cfefa6460c5551dc8e1055e9b0e2a15c1970f10fba328c2cc3f8c8938e43fd0b3db2bfb512fd9699266ab6002f28eb0c2a04876b9f02f211bb7534a0e54ad", 0x1000, 0x2}, {&(0x7f0000001800)="b648bd2cae0fb3d037cee334586c4cbae161c4a023e40815c50cb5a97d975112c004a4db6281ff45e85fec5bbba6c663bf5caf4ba9e1e75d62dcd4f883c59ea690ad89fc3e648937942f3a8ed707294f03c6cca8122e2c56723c109bfb45f10324fe418e269ccde7163fedc395f83d3f2bddaba4457e693101b030996fbcf0a2ce3c33a4c20429a4bf12e9e6ee0491492c7d3988d658a031fc14aa9c50972ce455e6544d1c66df4f53ec6fa39c1b5111d314a729d5f663", 0xb7, 0x442}, {&(0x7f00000018c0)="0bb2c9c6253d5feb5e68f50b12083b4c5d2188b61b6c7c2b5c5f4c00b213aac3dc9285fc28f604caca4c06bdfbbe5928567568c9af2cdacbe5c9c83d31cdffe2e275a7cbbf8a5b3274270637a0953f6829e40ae792d11572f949996db25ad8fd5ff4369f1b7f0d3e5678fd5d828741866da5094ff8701b3eaa4b9af7b25932e2587c2dce8221c7f070ebe61cf663fd506a1c32ad494dc6ad52f1876ce82503ebaa6d888dbb57e80d4cb458cd2457745f7bd45c5e43c4b4", 0xb7, 0x3}, {&(0x7f0000001980)="9816c917b1bb8e7f96443e9874bc2b119bb6543e4edebe1b75ac17e52fd0d0b6dcd134a24df3b6d70f1219b2e9d67ab114e5", 0x32, 0x7}, {&(0x7f00000019c0)="1d7e178cf717d7ccdf6ce8032fee1f7f8c9b877f280cc39f094c3d4e3837722e59c58b7c7abd1c45b84b58e9ff22dbd65c118e7e25766cfebcc2a600b3e75ecfb61be94701f62faa0ab339bb8723092105406abd95cc6e45c7fdbb52492d8db0e35f73216a9766eb5d300ae96983a1fc2b339059a96856839bc99e81c0d700bedef132a4f9afb261aa18d4516951eafecc014b9411b1a28854fe0fcf77dd", 0x9e, 0x3}, {&(0x7f0000001a80)="0ead1a460e97ca42601a859490864af4b9a30765b04a906d96d01cf5c2f532ef1f361879035736dd5e89ad141b8f3082ed73f2f4c614c193a3ebe17318361b395bd2a2483f507db368f6b0a5e7a6bd36fa20b9a29ddcb47b1f0c494c23b4ae2ec77d", 0x62, 0x1f}, {&(0x7f0000001b00)="dd0b41ad85355703a98a112e82981f202fbc34f73c18af92dc3cf0ff5361dc324142ab79800b0749c3f2d42e429f53d7eb07aede16525ac2e41010c3669337b1bc25bf8563520702bfb2dd0fb2eb826fcab771189c6af825507ac68277878d790f4b547e3473d3b3487eb9c004d5ffcc588a80910bbd1319602e4f9baab6dcca892af7f09fb808dbb720809d01962cb6e395c989c6dfb0856bc9a6da8f01390a43d54596bdf74e16432a197e5d14768c7ede29f4fd4f91a0665ae7e9abeca30e736ec053b57661bc851f0ca72e4d79c75860b586e3dc1f564a70f3e343b56bdc525eff52129d58230c6572fec7012ea302976f13a55cfd0b640f266a6fd3081a95007b82d2863cdc52e783901b19e299f352e768bcb7cd6ecdc13ccdbc022f645fc731f0234eb465e61a8bcebe6fd7894a27727c4a37e8d87d653fc7e519af66f19ef18459c766406596c86f4510325530d3b2b79d3b1fe66fa8b60cfed16a0e0a52379a24600902718dc8ffbaeab5e63e9ac7ce3b50b98bfea168b9e2e0ab5cdde709a60778bbcfdb062e0382088593e67272f9e6ce62138ff0dc08c00ab731f74d525f5635247782261bef081db21c69b7f7b02d23e2ab464d138302fe10a1c00e37d35c53d22d6a05dba7c1abab8200a612b90267d80cd5597076f9194c45c8a3f4c7378664735459406ac11b84191bb17a6161bfb79e32a430b45ee186c33489e263cc496363bcafa094003ff0fedd8b336aa1089eb5dfaa1e60eea4c6f6b4828369562faac234e182d070a8e3a27d95e36a4bf5f1fca537983f37b41f7d70f0e4a9776af18b765a19bbe7f262fb89a64c1f4cd79e7966976e1c9db0d00f60728137ecf43ec87181d639a51df29acb3f4a73b3d4f2e53e628d1b61961cf729ea1448da439a7c7ed3d0aa5936b896648bc61ff8613a9fe0ecca9597baba42b9a5f8d54cedd122c56c008ef3437a82e86966efc94e5a75f249a893769596c168be352b2301d62b2a000e185801ca692c40a043906f6d335cb9a0855d9d7635acf896b1710a428f2c56f7710c25d030da922cbba6e80bcf3dfa34d06cfa25c8ef61473759afd5fbc94b238dc8d56e04a15e7ddfb25eeacabda3994b81a44e646c9ddee8e103c523d4ec514cae676b1e566a0867457585f43328c5c685db8535007de8f507a419fe6218355f4065582215df038a057576559a9dc5888ff00cf7fc04291ea689b3f161e92789357f49c36247da3deeba620c8aad4e933bd4825162fc306dc2673ad800ca314b8a381f661e9c675e7fc21b17e1bd9bb5c4089ca93455101fe75fa1a036a85b0fa5c90fea156b5d95116bd441ca7b79fe605e5185d41f038a4fd250cc03ba48627d2c7cd55c308c717bdc8dd5cc93b9f1f8045ea85035e7a7bb4c3f49398bbc238ee3305ca71ef17c80d41ed180095eb77bc456c77e2df183f0cb5f8ef659ea3ced1e178f7fe611755b3b5a1c49dccf258bd9762e13d831da33858b54cf994a5af62c264e0a7e57e050b90f9b7d44624a66fbad34c14b3140edaae9da4d739386e10af5a0e77bde49b5bf434ba292cc9441c6288cabf742cfd368d832053b31c6c87feee982306fcb27443e939b7f4a162efb75fd46e6b1316d987c97ed0d7dbf3c1f7600e745677c63b364df10980a68ffaab690560245dfc9714e9272fb7982a72604265081745df685d90837a4c5f9bf76d96f5c97a249894f3445c2a1b41f1c52f81dc41e93b75f41b88f2f90d6a9f89a23a6c0717867b416590ba89c3e1227b09bc2341655df09f6ec1f35032054dd4825e902a0f43d6a52f6e43e809752fbf6463e30e41cbad14b4152d79eec60d184e07f4db51135773266851c57f527275642a36fb31bc24aa1b8e80d701ea8f76c62d346a030c9eb93493cf174b56e70362b87c6ee07d828f97a26d58243008007d3e4012fb337f88bba0c97c51f9569afcbcaeb29d7f42dbd3395d59e86b26a16e35b86611951ceed68137fedccf97e9a1acc674e4df7a7f38dafc0b2d3039bc154777dd03b6f207cb1c6f745f84ace58cccb6f5a8c4a543fc6e82f37830873b41d012b79a01be6aa763af25f2efa7809393bb637d49103ec5cbef21034f0f49fa45a19f48c551e991ab95a60db61e21800414228d0f82ad02e3ac94352021bc45ad01744363c3fab9622c89113c61dec333b545f3505a83e93c15fb87ff7b04c7b1b5e346e6b8d2217440c20006a8c4d593dafda278d1204073318d548ed2c85ff93d8565bd70f89eaf273ca94ad8c27c909f2371cb09d0965c945502c3132c6fea9b5b771f7a488877080bfbe311e979652cb12a50e7353a803e966eaab6fe0dedfa21d040b79b911032e20f87ddf9164eddadd42690bdd88e558e13832f42bcedb17998f3aa190cedb235438b50d90613cf35b19f12e64c75458c4da3911f7e577c2b22960b32c71cb2461fe4b87619da0319b44c85f243d12b93d765cf6ee067f226868422a808449cb70d0710f6b9f8ca08171ef0983782a5264c9db0b99a857448807996a7862a03642c6f9281feaab518ca22cc218b4cec78d8ad33cf65c8fd2f6a8bf55dc83556214d89b4aa86a3f39f1ebcead45b246d5e3caf904b0f319ae2841dba36b0fb0cf57e8709ec84733a92e3665cdfba91ff5931f72f5b110cbaae775860294eda34adca2272879052e8dd1724343e5da5f0e6c2090b5ff16e408dc481c41dad9c55bde8e1202b2834d93bee04eac32a11f734dc9efea4165aa8e0aa72dfc54197a5a0d50a8691fb395ca1f71b7331cb7a35d6754b9bce075626ba693127de9715e19785a43e9ddc1d0a19aa6571de7c2476aaa1468616bbd24024aec13b5c838bcff8536f4f710ba6dce6f5f0f36b72f45fc9f746b3264e31c5cdcf0926bbb4970704aaf9733d86418b1d1d35bd8306192d8b94a39ae46211624f1a788d63953a62ef68702dc763213c7a788acabb19b76669705cc3aef038334c5470967c7fe0da7b145ad1205f236427e216bacd1a6d9f422590335f9985e78df6a7510641e71b1095a3c5e28ed652adfec1dc596564d5cc9d45274a3946362fc3dff665b2ae77f0fd7acde0f3cc6be2f6a5a20480df29ba4ccba9702455ca4ef95efd7962415ea08fa5517b34b57e2abbb4437611e5fca863f836e67c8684c3b161540bb8d38621b9873505333407510b5076526ec5ac40424c924c7bc64eda5a520112feaf1686227f3fac659970244b4f8f03eae909e37b82b1fc5ecd2065eaa01a004925299355481fb94a0d67875cd1ef6330fa2354a84c08f194f27cadb3186874afc85f3d605d29b4be752b169b907ad144b0ce4a4537ef0e3f5547b30eab22c30fb67e736081437da7ba304a5b5508ce0f25072708d5046ba5c37be49178be40e72dc1bbb1c82221fa4eaeb1a0c2d8ec432e5fe3bdd9632bbb8c05cd39e42fa48ebb96234651ffbdee3ce554dcaea4519a100ca4a09dc5dd228ebef000b0ec630f9dd4983146b83df36ef8ada5463ea81b61aa9097af007287ef53e5832bed92505683b6cae67fc73965639bf7f5afb1a1a9ca582ac4d7367373c1cbe2df6e13feb48395316277ba8155023cdf35252b34f5e3e315211355f71e7a1a971b14d0ab8089eefdf224bd25ab7f17815de1d58a7f0b9eeee116270f70c7d0b874b076792281b8f8e6e9e51e9f1c171324f6e4a92662f073f673d586fe99d9e7c6fcfe5d14b921b984a8fab50c4c3db3f206a5c76f8065ba13b781af6d77ff537200bd651629b2108c028abd30d0891a4f0bc45a14b9666f4cac94436c9dc92a3e366e16b60db863eba0c64ce8067e47f4af496be52506700a00efe6217939c5731b1442649b10ff71be150086b69116bb7e06d09edffa38649641c3eaecff54f64c708f267230346d919f48da9d52b76f7542f73623210bf220b90d7f95276bee5b525029aab7c2f8a5caf2ef66b87184d3fef3186ec050dae29c004b93fb9bccbe876c93a66398769c481b654935deea9136c69828fdd724e8a143aa7f3088d5699aa900a0c52613f6596b06c1c3212ed71f4c2572d3f58b3365ab5d6976792447e583bfbc957fb3a2e97ef722d52966dae7d756f834b46b70f7b7d57226edce024fdae0f2d5bdc9dcf19f16e4d4d132e541a7886ad20e297da78d29ee839182c3bb9ca94229b389015b096e732969950f7b2ee4f052e052f9d02b94ab05197ac7beffea688597c387a89a267bd49ede412a39598ba3e603ed63e87c7b4819c4fc6524925a91b26a969090629c9db22de29faeef1a3019a7894d1b4e97d736d713f40e9d696972fbb01ee5e2c461c6004fe5725cce4b4588d5c859b1ef67695df7e38cc7a0a0171918d5faf8f93931ca74d9f907244e0298e914377f5acc51bc7cf19d4a5ef3e456fc1206a746672628971b346358db8a0d5a79cd2cd2b4929f42c5c3dfbaa4466d45b4babd9a48ab9e5f8ceb6792c1b6931999f7f911b9f03e4776685135e626e928a6a336ecf384cfa38cced68fe1c6d3f0ec6256e7ad5991b95e64393153c8e80e8c36a940f1b888676cd20fa9c610376e885993485ae066835c8fd816a9d7894daeec77c25f0720108f1e705012a95f4537061225cf569f9ba630630b9c2ff89e9a94b8f5859725995679de08b9ee5efed9fd2e2bb6cbe88bf945bc978e1bca6dd63521ccefcbe6207fe92393e97373dba6306f2c99e4e124825a0d7dcdcd03add65f0042f622e754c8726cc1e904bd5adcb0e7f84e3f8e4b04006b4758ab942821fed4c2122bc70f7437b07b5ae6050ff9919bdeb255817af734df2b2bd42fc84d5933d54439769e35ee32901b8f290945f04ea926056a25bc1081cb2b4842eb350f312ee09491650e1e815f1d1b1f8a6c51226775d8ee5a5c9d6faba605cd2d5bf3341a08dc30a10573d71d36eefc4db9e9a01fca25f07dfb1c9e951979b310dd8f7c7861b1cb4e6ab3880cdb05588105746e9ea02d096ffb7011560dec8640e44deaf707023be1433e9b3519c5ad902bc4834c97186ad125ffcbf7bc42efba08487047955bdb63baee360f87e105aa996ad026e65a9395105a41b93bad0b1c75ccac43bb78261b5ddbd5a153d1aa678642ca586ccb2f4c895adcfe8443ab5dfb3f5d75aa7c122df9e31aab610034e1437096ac08f93fcb0e019129ee56a613f5ec560d94b29576ed43f32a70b4a9f821ff389b4ea2315a2b0d8ed2b724980ef44ef987eaf08a441ec334cfddc4216712a46a0d70ad1182f2586d8533740731911397898d9e6ff99ebfe63b25a35036ea78d5e8bca81f0674d53e8b53a424a1086773e8cb58758d6952bf504bac935d08d6a13668900931a6cbf97e33b43dff243c6152237fc0962ec1fff32cd1dd72a33b25884098bb9a458c7fff0e01c439c6c51574f51f8fd7b325999217f3a17813ab90cb37fbef27e382f4efe7012eb487013d3f2e067b12a390aa64528af2421297f26b9a5b03dc4bc0e771d15c70450c4f485fff825475c6575386ecd342854b196b144193081b63b68aa8b72b7e0b16654d7677ef19bfa421a57aad62224c545518ffe285e727c0fac1c0e77452704732422ebe25f6f9dc97cf67e7648f64cfdc3737b7793b8e448a1a9d7b71ec5365e7767c2947ac85baa2c3c87b488400c32ce249ef1f19573e7deb020f557bad801e4e2a22333654e4a7754a0a7cad7aa14710a9fe358e319deb2dea989e87c86c49f591cafa050750381b1689433e9a4046a3d73b11da1d239e6da5f8e9ff2965e7553e648149c11e2c99a6ddfa5f8e2366e4d", 0x1000, 0x9}, {&(0x7f0000002b00)="ab31bdb048f079013f28d033a49eb7b9fdff53f923428e5afed5c377", 0x1c, 0x8001}], 0x90, &(0x7f0000002c00)={[{@huge_advise}, {@gid}, {@huge_within_size}, {@nr_inodes={'nr_inodes', 0x3d, [0x25, 0x70, 0xd]}}, {@size={'size', 0x3d, [0x34, 0x65]}}, {@gid={'gid', 0x3d, 0xee00}}, {@huge_within_size}, {@size={'size', 0x3d, [0x6b, 0x65, 0x70, 0x34, 0x7, 0x70, 0x33, 0x37, 0x30]}}, {@huge_within_size}, {@mpol={'mpol', 0x3d, {'prefer', '=static', @void}}}], [{@euid_gt={'euid>', 0xee01}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@fowner_eq={'fowner', 0x3d, 0xee01}}, {@obj_type={'obj_type', 0x3d, 'ext4\x00'}}]}) r4 = fcntl$getown(r2, 0x9) getresgid(&(0x7f0000002d00), &(0x7f0000002d40), &(0x7f0000002d80)=0x0) r6 = accept4$inet(r2, &(0x7f0000002dc0), &(0x7f0000002e00)=0x10, 0x80800) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r7, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r8 = gettid() process_vm_readv(r8, &(0x7f0000001a40)=[{&(0x7f00000018c0)=""/31, 0x1f}, {0x0}], 0x2, &(0x7f0000001ec0)=[{&(0x7f0000001a80)=""/93, 0x5d}, {&(0x7f0000002240)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/121, 0x79}, {&(0x7f0000001c40)=""/163, 0xa3}, {&(0x7f0000000300)=""/231, 0xe7}, {&(0x7f0000001e00)}, {&(0x7f0000001e40)=""/9, 0x9}, {&(0x7f0000001b00)=""/46, 0x2e}], 0x8, 0x0) r9 = geteuid() fchown(0xffffffffffffffff, 0x0, 0x0) r10 = getpid() shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000280)={{0x3, 0x0, 0x0, 0xee00, 0xee00, 0x51, 0x1}, 0x0, 0x0, 0x0, 0x7, r10, 0x0, 0x6}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000002f00)={&(0x7f0000000180)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)="af501d368d6318701858279fc9c5419e6e9e825d084cd8b96987985a13c60368002d32daf915f918dd21b18f18e69f8b3ad4d03bb6474d142a63df0815792bff75ff0605b73c99bbc8645c66952792758716c6794a2cda272839c87690b78aad1da14242ada599d90998bbf8", 0x6c}, {&(0x7f0000000680)="c328cab5a2863fa4912b777c31364c9bf950", 0x12}], 0x2, &(0x7f0000002e40)=[@rights={{0x24, 0x1, 0x1, [r1, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r4, 0xee01, r5}}}, @rights={{0x1c, 0x1, 0x1, [r6, r7, r0]}}, @cred={{0x1c, 0x1, 0x2, {r8, r9}}}], 0x88, 0x88011}, 0x4080) 04:59:07 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0009a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:59:07 executing program 6: syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, 0x0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3027.667733] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16377 comm=syz-executor.1 [ 3027.678494] device veth0_vlan entered promiscuous mode [ 3027.700322] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3027.700322] program syz-executor.7 not setting count and/or reply_len properly 04:59:07 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x0, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3027.796314] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3027.796314] program syz-executor.7 not setting count and/or reply_len properly 04:59:08 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x0, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:59:08 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) wait4(r0, 0x0, 0xa1000000, 0x0) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0x0) add_key$fscrypt_provisioning(0x0, 0x0, &(0x7f0000000640)=ANY=[], 0x48, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) clone3(&(0x7f0000000ac0)={0x17412c500, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 04:59:08 executing program 0: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f0000001500)=[{&(0x7f0000000140)="1f", 0x1}], 0x1, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r2, &(0x7f0000000140)={0x1f, 0x0, @none, 0x0, 0x7}, 0xe) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x6, @any, 0xa41}, 0xe) bind$bt_l2cap(r1, &(0x7f0000000140)={0x1f, 0x0, @none, 0x0, 0x7}, 0xe) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x2, 0x0, '\x00', [{0x65d, 0x7, 0x6, 0x100, 0x5}, {0x9, 0x5, 0x7b5, 0x6, 0x6, 0xfffffffffffffffd}], ['\x00', '\x00']}) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x8020}) close(r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r4 = open(&(0x7f0000000080)='./file1\x00', 0x40140, 0x111) connect$bt_l2cap(r4, &(0x7f00000000c0)={0x1f, 0x3, @any, 0x8, 0x2}, 0xe) pwritev(r3, &(0x7f0000001500)=[{&(0x7f0000000140)="1f", 0x1}], 0x1, 0x0, 0x0) 04:59:08 executing program 2: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x2a, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d2f4655fd2f4655f0100ffff53ef010001000000d1f4655f000000000000000001000000000000000b000000800000000800000052470000620100000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e33313930313834363600"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000005566cbb705fc4d7ea1c5dfc95b00bfe3010000000c00000000000000d1f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="0100000000000500110000000000000000000000040000003c00000000000000", 0x20, 0x560}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x480, 0xc00}, {&(0x7f0000010a00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x1400}, {&(0x7f0000010b00)="00000000000400"/32, 0x20, 0x1800}, {&(0x7f0000010c00)="00000000000400"/32, 0x20, 0x1c00}, {&(0x7f0000010d00)="00000000000400"/32, 0x20, 0x2000}, {&(0x7f0000010e00)="00000000000400"/32, 0x20, 0x2400}, {&(0x7f0000010f00)="00000000000400"/32, 0x20, 0x2800}, {&(0x7f0000011000)="00000000000400"/32, 0x20, 0x2c00}, {&(0x7f0000011100)="00000000000400"/32, 0x20, 0x3000}, {&(0x7f0000011200)="00000000000400"/32, 0x20, 0x3400}, {&(0x7f0000011300)="00000000000400"/32, 0x20, 0x3800}, {&(0x7f0000011400)="00000000000400"/32, 0x20, 0x3c00}, {&(0x7f0000011500)="00000000000400"/32, 0x20, 0x4000}, {&(0x7f0000011600)="504d4d00504d4dffd2f4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7033300075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x4800}, {&(0x7f0000011800)="ffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300"/1056, 0x420, 0x4c00}, {&(0x7f0000011d00)="0400"/32, 0x20, 0x5400}, {&(0x7f0000011e00)="0500"/32, 0x20, 0x5800}, {&(0x7f0000011f00)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x5c00}, {&(0x7f0000012000)="0200"/32, 0x20, 0x6000}, {&(0x7f0000012100)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x6400}, {&(0x7f0000012200)="0300"/32, 0x20, 0x6800}, {&(0x7f0000012300)="0400"/32, 0x20, 0x6c00}, {&(0x7f0000012400)="0500"/32, 0x20, 0x7000}, {&(0x7f0000012500)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x7400}, {&(0x7f0000012600)="0200"/32, 0x20, 0x7800}, {&(0x7f0000012700)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x7c00}, {&(0x7f0000012800)="000002ea0100000001000000270f240c000000000000000000000000000000000601f8030000000006000000779b539778617474723100000601f00300000000060000007498539778617474723200"/96, 0x60, 0x8000}, {&(0x7f0000012900)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xattr2\x00\x00xattr1\x00\x00', 0x20, 0x83e0}, {&(0x7f0000012a00)="0000000000000000d1f4655fd1f4655fd1f4655f00"/32, 0x20, 0x8c00}, {&(0x7f0000012b00)="ed41000000040000d1f4655fd2f4655fd2f4655f00000000000004000200000000000800050000000af301000400000000000000000000000100000004000000", 0x40, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d1f4655fd1f4655fd1f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014000000000000000000000000000000000000000000000000000000000000000000000000000000000000008081000000180000d1f4655fd1f4655fd1f4655f00000000000001000c00000010000800000000000af30300040000000000000000000000010000001900000001000000010000001e00000002000000040000001a00"/224, 0xe0, 0x8d00}, {&(0x7f0000012d00)="c041000000300000d1f4655fd1f4655fd1f4655f00000000000002001800000000000800000000000af301000400000000000000000000000c00000005000000", 0x40, 0x9100}, {&(0x7f0000012e00)="ed41000000040000d2f4655fd2f4655fd2f4655f00000000000002000200000000000800030000000af30100040000000000000000000000010000001f00000000000000000000000000000000000000000000000000000000000000000000000000000027951c99000000000000000000000000000000000000000000000000ed8100001a040000d2f4655fd2f4655fd2f4655f00000000000001000400000000000800010000000af30100040000000000000000000000020000002700000000000000000000000000000000000000000000000000000000000000000000000000000077475a5c000000000000000000000000000000000000000000000000ffa1000026000000d2f4655fd2f4655fd2f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3331393031383436362f66696c65302f66696c6530000000000000000000000000000000000000000000002247ea9f000000000000000000000000000000000000000000000000ed8100000a000000d2f4655fd2f4655fd2f4655f00000000000001000400000000000800010000000af301000400000000000000000000000100000029000000000000000000000000000000000000000000000000000000000000000000000000000000401f9fd3200000000000000000000000000000000000000000000000ed81000028230000d2f4655fd2f4655fd2f4655f00000000000002001200000000000800010000000af30100040000000000000000000000090000002a0000000000000000000000000000000000000000000000000000000000000000000000000000001dd000b4000000000000000000000000000000000000000000000000ed81000064000000d2f4655fd2f4655fd2f4655f00000000000001000200000000000800010000000af3010004000000000000000000000001000000330000000000000000000000000000000000000000000000000000000000000000000000000000006b8b381d00"/768, 0x300, 0x9180}, {&(0x7f0000013100)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x9c00}, {&(0x7f0000013600)='syzkallers\x00'/32, 0x20, 0xa400}, {&(0x7f0000013700)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0xcc00}], 0x0, &(0x7f0000013800)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r2 = accept(r1, &(0x7f0000000080)=@phonet, &(0x7f0000000140)=0x80) bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r3 = syz_mount_image$tmpfs(&(0x7f0000000780), &(0x7f00000007c0)='./file0\x00', 0xfffffffffffffffd, 0x8, &(0x7f0000002b40)=[{&(0x7f0000000800)="7ca9cbfae899aec0c8ae5a0d656f91ff237353d3909d8056ce4545b7dc4d5c0b58763efc2fd30b365f108416ddf37ce73dffd3d507a72a3c66e11404ce2218d1721e910259e06d58df574f817c543e1a963205ec011e385e575b742ddf7a2457c2a7fc47953e42c2c9e28862327cf9dab78dda78bbd8ac1d4b7d28ff85294bb3b810f454e75a816eeb78f0f1b3691bfc45855e0fe009ca39edaf5baabfeeefa0435cc37c401f6626901472aa684372144bcd32400832a7db78c412f700edd7c99f86a00362f5d67dd7e4d8436a2f11fe2b345114806d1f84a9ce2de3ab3c5a383bd48cd2eca53a4ec30b4f1934c367d5767557628a1e7c446fe663b354d28230d8d2ff7d3b0d20818e5c5e66548c889cdcdac944fd1928c3017a77175a7943e184768c1d44de6fb1c5265750af54ace6f93dce037c6e25a9b2461d8503ee209b7ccc45dc1adfd293e9d8a46971baed9642ce9d2f49a0c2be5baca8f419147b91ce8a4b968f5347a7835849400796178f6c8d5d6bf7d452c3a4c1bccb4d4bf3bcf017df43134e61c31fa936cd55178645532d47615c64c76d4afb7f6ae5e29ed5f56176b70dd6dd79e3fca9dd5e9c36eff01762e145d0c69dff79d689e016d7323e4ffe025d6550816aa8e890ce3e8dd122ac7a4accd0a505b73ac2bc73818d4c575c178272131cab9a6e6e680bf3a7746c537143d8153845eb3fa6f297de3196720dfd47c5147a3fd549fa0fb088e4318073713f50bc4ba34e32f39dd1d10f2c7437b9bc0ede7673aba36c5f6ba5fef9628efcd3f29d274894aa46c52099e42a495758cf0b16f1fffe10968357ea788eb18b0c7b2c0d7ef41eed8a5536b6f5693f0ec985c9f7618b6cb6b90e64aa149f04225ddc3410a915ecc90f258e64a17006aa898d3f020bb2d429d89abfc93331bcc3ede6ea3d8bc7a533ae05ef6de9f864e530a141cabda6c5997cfbbe24fc3507fa4d77d6453435d4582a885882f4f896ec5ff71f87928f7f87dc0906daf18fbf18c7b9da0a839bfe92a86eba1af246e2160161a54d3f917da72c76258e7ed2d1b66cf78b3c4d0a5bf5192e57fb93ead12fcfb2633f3bc9595ee90e350af27d64a44d057a6deff303e840fbfc875183b72077d434263a228826765ecce2cf3a60c54b392a2e622041d886189bc6de39cdee61e9782ceceb53e4c47b88876f5b9fa0bae3ed875b60e661c3ea56da1b5160b00848894d8e0c517d53dee1bf53d2440953c69ff2ba6305e3cd1487a88c9816913fa2baa3c26f3b441abf7a3a4b9aaed5ad05fb64acbdf9f1aedb88e065b0fd02a007c6bdd0759f4a9d1fbfdd032bc701157941048919526d8e950f3ab5cbbf5391dcca1dedb88d1d99311f70126085f45856cc724b36513b532955fa97e1a69f5bdb083bcda245355ffd854060467429785ec66cbb8a8cfc111158c4647334476e7ace69b5310604d377cb8dea84023311158229dc3a4330e8ca250d3c31cc62a7aa6bcaee599cec780f3a8a587430316b43a5da2bf15d4ae3e9df5a2e27977848be4d46dafd8eb041920c433a4a8c3f313afeb071d72af9d65c59ba1ee1699de880f768c631a9e07074733a0b9bc5d2f05804d5f0dc3f451a24aff1ebc80afdc662a416656507724239ba85a1ee261264313fe2ec561a82093a585e6594f206a4b91cec64aace8f7506c6016e163b097dcd1444b2ef62299fd3d6b546433a9087de70a38ff5cf0c7bf34024d9baed1d2fc5ec7432da829d432796c0e0180b0e819759d8251f6029d513f2882b54a594864618930273d6f33a4f6a6e38c42ba4cbb9298313802409f8d03555f96c6e81bf44c0039e8a89318d2cf9bf868171612b319d15b85bc21f3aefa5169cfc49941c81b4ee66edec445a32292cd03a8b32931090e46ca9988ac108785e2d00dd046fd4fb9b5136f2a7de998e9f2d0c7a5cf294793a7acb3514080c674c378286b6a362ede65bca19eadb6dfbc5bec2bc3ca6247e3ef87803b5a4e7077f2b4b8d5637f0900636a63e8e8adeff98be6fdc88fcdd5e2ccd403bdffd92c2c7ba0535adea9240774d4a0c927acce0e153cfc74352071aa351046cb60881922a888b4d8d5626d12b0694d99c20029bccbcef4c2cbfea69afe46e1e9c5cbd62e15b8fedb8137dfc05961e110e045ef357382856459c4c04e909a2bd7313f92c6e9a00c5401d0dbeb29c65edb29e080beb20b9bfff5e8961adbb2ca72362ad9c0b200b75c9b8f8a3e84c0a9716488fe93df7439ca56f24bd8291ab224c41e073897244640390597d4b6ef8a6aa9b1accdcd161484b7e3d3eb1cc573ac61eaa2678242f408c7174be5575bdfc1ede2d1aa47d04e52d610e2ddc40f7b692f915f75439eef428804bfea92f55c3e69f834136a6c3c3d61485376b03c4567f2096213ae34baf0ec2fb8dcf03f73a123c574de0a923a21e2de1fa07a8f72b7d06ed06eb7d18a1b79b56dc0b80904a87dbb8727ef2928914effa3c36900d061cd6da883dbae302b15effcc5506fef028d7b51cc7754e959272306a60b064ae8714ca60616e7332d413b191b7d96bcc5c47eaaf73b2d4904d1f8eb04da86b7269a6de2ce5a50dd7eec54bfe94873dc9eb4af96e7d242b1af76011d0c908ac336d293b1714919cd722ec88b8bff5679f5c9bac4eab4e9de82fbdbadc90cc92019e7bd16fc6493fe307903f40dc3b5688c8f2176aacfa95916bbd0e8a77b138dc360d8444b7a1c79802af16fd93ca2c3c11c42342c88ec420873910306a53c8e084ef17e26e3684c833aa0f2088a1f66b3518af364f465ea7a1a33b35089b390c421fa3a4846330da45811bc856d2c2e107ea01b2c4ae395548dc1a95d4838445ee6ee2379eca80e8c005800173ddcf9c91fad67347ad976bff8ebc2c9a9541ddeeba997dd6ccabfb7f24b3a7b7abbcf72853f4acb33135b784db2e54e2bb4622d4ddda1537ffff61e674f0bab7e18108936b42abe9d4f23a97d82efae202a5da26a8addac90c12e42e755c1766e71aba37cc1d92503de8e2746ef171c162b2dbb356c81be9ab14de063d7b6c79f6b945a0a786bd8f80083f4291f1ecfc09e379eb758f238ab8705e4a6461f7d681484e25c5f6c13bfa3d6d08266c998e3fec787df137adb40cf3c8b1e0b65c9e63f9727c9ebcf4b3d07ed04771e8c0ede0dcbd89df3f285a7e86ea19166190abc59757ea7039482289495d3b53aef7094e8954db1de255ecb3a362d593dac4c42a466be472af18de628e56fd453ceb0537334ebc271c1057925da52dfa1c8c2f92cf531a46087a26fa6fc928611fba50afd639fd1659e029ccd3ed52dbb839d57205cdfd8d505807ca881450e1b0264bc5e89ddf6ef47f65ccd7a39897a58300e0f3ceb1dbc5755017a2a4565edfbdc7cb95a2cf022c7f01c36fbcf525ffa84b2d2e0f229e063ccdbd3c61fd95edc814e56822ec7fd36b629d58f6048e8f85743ad2cec4e5e30d47b6d267bf5b352a0082b4b67860dd0b53d8d25f5990df2b8ef5de49142a3fe3fb52f523856bbd4628316597ed4d0e823df3b3866086b2c5fb4469a5b0a149ec22ef10f2a828a1d842e3a2ce656fb4f0e9e9214b0d525041c1358a9a18ff5faae4b1d32a9be6c345178d0acb5afc541e4f622ac1010c66c58dfca269676c5e6b57b53aff4869302427699e1173bdea8cde56d4b44a4329758d1291dd24ffc91e8f63211bc96d708dbd59b7f33ce0c4ee2288b34819d1e224031a617998b5e13b2dfd38d63154c33f1942bee2884b589b41fb1322c90905976883c2bef5c4aee0b0367bf498247ae263915003edfcb33d3ccd1f22d5ed4fa4aa96eefb8e2e2abd4055d7efcf328971881a14f97772bfad19599b00dc1b739c121b3dec8295f32d483cba46ce4a02a18e41d092a0dd45288f0f30fc6001d8373ce277063f740b9e034632f6175172aecedfbd551a3fc4d4a4924e5a57091f77598a32c7935c30efeb26572a7279ebdf80aeae078b50ac14b7d879850b514262a910ff876a16f107eece337133eacd54a569b92c48a794b9eadea05416aafadbeabfc18981ac050c1627b41008f83b32c316666cfa0754b5d132c5f6afa43135b804c49c65ecf9a350b0dfb08e55bce85b37691ea1b4c538ce8aa266d14ee1f3d2e896d82890c67f96b1c43b83e8c456463fbdc0d44fa4d8ac8324ced0515d4f54695f4e903d55bb08c4e1700486149b6a9233cd6a82ae908918f86f8774b689517be8c6d43ce710c5bcfef15fbcd93a68a8bd0ceeaf14f4f1b8f9b06ccef34dcfbd50f231a61a12e6cb712e924ec9ed1da405638613e06e3b5b3c3684a6d7e7e9a1ad823afe4c0c8b77fa0db68c3420f90e40ab27716784c8be86b1ba52a57ad45ef8c331cb34a766adfbfff1c9976b940fa8edd578992efba25493f8e5b0c8980f0e69cd9293b6a9fad0487cb7823cbf8c8d26f8369deff53773c1625939fd684db07f6b5ab13967a55c61dc72ea49c2c3cf1f99ba0a49067b72e1bcf51a4ae4fea0d18a00201cee0889ebcf0272085d70fa0996121da4d66a650e7fad5e5268d71de2bf9d6d333bce9fed3b40de1aa80c5d9b2e552b7744bb0dfa41e7aa17b5cb0bcc824cbedb8dc2ee2ac44ab4cfcc105d70122dd8290cd8dec7fb655441be2a66b2d09d8fc52b6cad92d4e6b057df1fc03eefe5e456e005ee461be2f374830ba09491b1d021c3124b0c690d186001fd9b25f5faab66662678d7292929463b36fac3401a9eb0c1820554fbbdf333bba5f199a177f4c4b797a95c00c900d44e0b16e862e0179d742d996ce56b947fa8566429a992673849f75528529b2edcc6f1532182292589164d62e63b4e38b9ab17553ccf186e6911e02a68b21fd5935ac24a3a368ac1f91739eda5cb8a49c0b39e2be9781eb90afb8e5c9f95c9de5cc81ef97cb69c1e34cc8b7b6d07bbdf2268ce4418e913533e6501c54e916d76961e6da9c38728f87c28236c9c50fecf064f1ee9ad8148848c653028c079a53e86b862e98501d8ad6edad01361b0c0bb9a817cea3b0175753c494f3a7de3323504c03e6d517b44a0ed1bc175f3cd2f7d5d06b7d90a1740415a39bc82d2811f9769dbe9c46f61dd0a71226418d794026491eef843e972550e9069ba337122ef0bc2f00c98223fbc8ada8f28c53baacab61e79536f9cfb424e52f8b1641d13bd527d2055d89f28f69ef2b044040bb587bc28ea079c7a93eaaeee479cfe1d38e0c80c18a4db870704bfd5160de01c314a8b69a302af1fb3d0b9bd9c6ccce58a7b53e2cfc207f87c0cd56204ccd7d95618069de95645f1b2538b146c404cdec640b8486f194db0729b4dbae4c262a1c17bb63859ee8c427d9271fef79a0429916b48b304f0f073ada1657395ef1bf8c2ebae9bf6b26b7f981f7d83d940df930e0e1223729e5ea9d96fa9b10be83c75bec24dde111eda9ca7a6bce5a928bcb7da7747322812835b57d51bcf1c28e6461d35ee637a395ad69d3a061749002c133de84422bc55ab1386011b3afc164c0858d246eae1b14a870724136ae07e6fe01d9e3e392919e7014dcb63116543bece2b2b1d547bbb7bce99d45c0518291b2d35decdf75fe4cadd95319b6f714df0fada2c1384b10a3d7dfefbc8776cc06ae0e6321ed975b9ea11ffca6d2eeb35d9b2511efbfb3834ecb18be3451f5a59f42a7485f4cc8f3c78c81bd8dda161ce26872cfefa6460c5551dc8e1055e9b0e2a15c1970f10fba328c2cc3f8c8938e43fd0b3db2bfb512fd9699266ab6002f28eb0c2a04876b9f02f211bb7534a0e54ad", 0x1000, 0x2}, {&(0x7f0000001800)="b648bd2cae0fb3d037cee334586c4cbae161c4a023e40815c50cb5a97d975112c004a4db6281ff45e85fec5bbba6c663bf5caf4ba9e1e75d62dcd4f883c59ea690ad89fc3e648937942f3a8ed707294f03c6cca8122e2c56723c109bfb45f10324fe418e269ccde7163fedc395f83d3f2bddaba4457e693101b030996fbcf0a2ce3c33a4c20429a4bf12e9e6ee0491492c7d3988d658a031fc14aa9c50972ce455e6544d1c66df4f53ec6fa39c1b5111d314a729d5f663", 0xb7, 0x442}, {&(0x7f00000018c0)="0bb2c9c6253d5feb5e68f50b12083b4c5d2188b61b6c7c2b5c5f4c00b213aac3dc9285fc28f604caca4c06bdfbbe5928567568c9af2cdacbe5c9c83d31cdffe2e275a7cbbf8a5b3274270637a0953f6829e40ae792d11572f949996db25ad8fd5ff4369f1b7f0d3e5678fd5d828741866da5094ff8701b3eaa4b9af7b25932e2587c2dce8221c7f070ebe61cf663fd506a1c32ad494dc6ad52f1876ce82503ebaa6d888dbb57e80d4cb458cd2457745f7bd45c5e43c4b4", 0xb7, 0x3}, {&(0x7f0000001980)="9816c917b1bb8e7f96443e9874bc2b119bb6543e4edebe1b75ac17e52fd0d0b6dcd134a24df3b6d70f1219b2e9d67ab114e5", 0x32, 0x7}, {&(0x7f00000019c0)="1d7e178cf717d7ccdf6ce8032fee1f7f8c9b877f280cc39f094c3d4e3837722e59c58b7c7abd1c45b84b58e9ff22dbd65c118e7e25766cfebcc2a600b3e75ecfb61be94701f62faa0ab339bb8723092105406abd95cc6e45c7fdbb52492d8db0e35f73216a9766eb5d300ae96983a1fc2b339059a96856839bc99e81c0d700bedef132a4f9afb261aa18d4516951eafecc014b9411b1a28854fe0fcf77dd", 0x9e, 0x3}, {&(0x7f0000001a80)="0ead1a460e97ca42601a859490864af4b9a30765b04a906d96d01cf5c2f532ef1f361879035736dd5e89ad141b8f3082ed73f2f4c614c193a3ebe17318361b395bd2a2483f507db368f6b0a5e7a6bd36fa20b9a29ddcb47b1f0c494c23b4ae2ec77d", 0x62, 0x1f}, {&(0x7f0000001b00)="dd0b41ad85355703a98a112e82981f202fbc34f73c18af92dc3cf0ff5361dc324142ab79800b0749c3f2d42e429f53d7eb07aede16525ac2e41010c3669337b1bc25bf8563520702bfb2dd0fb2eb826fcab771189c6af825507ac68277878d790f4b547e3473d3b3487eb9c004d5ffcc588a80910bbd1319602e4f9baab6dcca892af7f09fb808dbb720809d01962cb6e395c989c6dfb0856bc9a6da8f01390a43d54596bdf74e16432a197e5d14768c7ede29f4fd4f91a0665ae7e9abeca30e736ec053b57661bc851f0ca72e4d79c75860b586e3dc1f564a70f3e343b56bdc525eff52129d58230c6572fec7012ea302976f13a55cfd0b640f266a6fd3081a95007b82d2863cdc52e783901b19e299f352e768bcb7cd6ecdc13ccdbc022f645fc731f0234eb465e61a8bcebe6fd7894a27727c4a37e8d87d653fc7e519af66f19ef18459c766406596c86f4510325530d3b2b79d3b1fe66fa8b60cfed16a0e0a52379a24600902718dc8ffbaeab5e63e9ac7ce3b50b98bfea168b9e2e0ab5cdde709a60778bbcfdb062e0382088593e67272f9e6ce62138ff0dc08c00ab731f74d525f5635247782261bef081db21c69b7f7b02d23e2ab464d138302fe10a1c00e37d35c53d22d6a05dba7c1abab8200a612b90267d80cd5597076f9194c45c8a3f4c7378664735459406ac11b84191bb17a6161bfb79e32a430b45ee186c33489e263cc496363bcafa094003ff0fedd8b336aa1089eb5dfaa1e60eea4c6f6b4828369562faac234e182d070a8e3a27d95e36a4bf5f1fca537983f37b41f7d70f0e4a9776af18b765a19bbe7f262fb89a64c1f4cd79e7966976e1c9db0d00f60728137ecf43ec87181d639a51df29acb3f4a73b3d4f2e53e628d1b61961cf729ea1448da439a7c7ed3d0aa5936b896648bc61ff8613a9fe0ecca9597baba42b9a5f8d54cedd122c56c008ef3437a82e86966efc94e5a75f249a893769596c168be352b2301d62b2a000e185801ca692c40a043906f6d335cb9a0855d9d7635acf896b1710a428f2c56f7710c25d030da922cbba6e80bcf3dfa34d06cfa25c8ef61473759afd5fbc94b238dc8d56e04a15e7ddfb25eeacabda3994b81a44e646c9ddee8e103c523d4ec514cae676b1e566a0867457585f43328c5c685db8535007de8f507a419fe6218355f4065582215df038a057576559a9dc5888ff00cf7fc04291ea689b3f161e92789357f49c36247da3deeba620c8aad4e933bd4825162fc306dc2673ad800ca314b8a381f661e9c675e7fc21b17e1bd9bb5c4089ca93455101fe75fa1a036a85b0fa5c90fea156b5d95116bd441ca7b79fe605e5185d41f038a4fd250cc03ba48627d2c7cd55c308c717bdc8dd5cc93b9f1f8045ea85035e7a7bb4c3f49398bbc238ee3305ca71ef17c80d41ed180095eb77bc456c77e2df183f0cb5f8ef659ea3ced1e178f7fe611755b3b5a1c49dccf258bd9762e13d831da33858b54cf994a5af62c264e0a7e57e050b90f9b7d44624a66fbad34c14b3140edaae9da4d739386e10af5a0e77bde49b5bf434ba292cc9441c6288cabf742cfd368d832053b31c6c87feee982306fcb27443e939b7f4a162efb75fd46e6b1316d987c97ed0d7dbf3c1f7600e745677c63b364df10980a68ffaab690560245dfc9714e9272fb7982a72604265081745df685d90837a4c5f9bf76d96f5c97a249894f3445c2a1b41f1c52f81dc41e93b75f41b88f2f90d6a9f89a23a6c0717867b416590ba89c3e1227b09bc2341655df09f6ec1f35032054dd4825e902a0f43d6a52f6e43e809752fbf6463e30e41cbad14b4152d79eec60d184e07f4db51135773266851c57f527275642a36fb31bc24aa1b8e80d701ea8f76c62d346a030c9eb93493cf174b56e70362b87c6ee07d828f97a26d58243008007d3e4012fb337f88bba0c97c51f9569afcbcaeb29d7f42dbd3395d59e86b26a16e35b86611951ceed68137fedccf97e9a1acc674e4df7a7f38dafc0b2d3039bc154777dd03b6f207cb1c6f745f84ace58cccb6f5a8c4a543fc6e82f37830873b41d012b79a01be6aa763af25f2efa7809393bb637d49103ec5cbef21034f0f49fa45a19f48c551e991ab95a60db61e21800414228d0f82ad02e3ac94352021bc45ad01744363c3fab9622c89113c61dec333b545f3505a83e93c15fb87ff7b04c7b1b5e346e6b8d2217440c20006a8c4d593dafda278d1204073318d548ed2c85ff93d8565bd70f89eaf273ca94ad8c27c909f2371cb09d0965c945502c3132c6fea9b5b771f7a488877080bfbe311e979652cb12a50e7353a803e966eaab6fe0dedfa21d040b79b911032e20f87ddf9164eddadd42690bdd88e558e13832f42bcedb17998f3aa190cedb235438b50d90613cf35b19f12e64c75458c4da3911f7e577c2b22960b32c71cb2461fe4b87619da0319b44c85f243d12b93d765cf6ee067f226868422a808449cb70d0710f6b9f8ca08171ef0983782a5264c9db0b99a857448807996a7862a03642c6f9281feaab518ca22cc218b4cec78d8ad33cf65c8fd2f6a8bf55dc83556214d89b4aa86a3f39f1ebcead45b246d5e3caf904b0f319ae2841dba36b0fb0cf57e8709ec84733a92e3665cdfba91ff5931f72f5b110cbaae775860294eda34adca2272879052e8dd1724343e5da5f0e6c2090b5ff16e408dc481c41dad9c55bde8e1202b2834d93bee04eac32a11f734dc9efea4165aa8e0aa72dfc54197a5a0d50a8691fb395ca1f71b7331cb7a35d6754b9bce075626ba693127de9715e19785a43e9ddc1d0a19aa6571de7c2476aaa1468616bbd24024aec13b5c838bcff8536f4f710ba6dce6f5f0f36b72f45fc9f746b3264e31c5cdcf0926bbb4970704aaf9733d86418b1d1d35bd8306192d8b94a39ae46211624f1a788d63953a62ef68702dc763213c7a788acabb19b76669705cc3aef038334c5470967c7fe0da7b145ad1205f236427e216bacd1a6d9f422590335f9985e78df6a7510641e71b1095a3c5e28ed652adfec1dc596564d5cc9d45274a3946362fc3dff665b2ae77f0fd7acde0f3cc6be2f6a5a20480df29ba4ccba9702455ca4ef95efd7962415ea08fa5517b34b57e2abbb4437611e5fca863f836e67c8684c3b161540bb8d38621b9873505333407510b5076526ec5ac40424c924c7bc64eda5a520112feaf1686227f3fac659970244b4f8f03eae909e37b82b1fc5ecd2065eaa01a004925299355481fb94a0d67875cd1ef6330fa2354a84c08f194f27cadb3186874afc85f3d605d29b4be752b169b907ad144b0ce4a4537ef0e3f5547b30eab22c30fb67e736081437da7ba304a5b5508ce0f25072708d5046ba5c37be49178be40e72dc1bbb1c82221fa4eaeb1a0c2d8ec432e5fe3bdd9632bbb8c05cd39e42fa48ebb96234651ffbdee3ce554dcaea4519a100ca4a09dc5dd228ebef000b0ec630f9dd4983146b83df36ef8ada5463ea81b61aa9097af007287ef53e5832bed92505683b6cae67fc73965639bf7f5afb1a1a9ca582ac4d7367373c1cbe2df6e13feb48395316277ba8155023cdf35252b34f5e3e315211355f71e7a1a971b14d0ab8089eefdf224bd25ab7f17815de1d58a7f0b9eeee116270f70c7d0b874b076792281b8f8e6e9e51e9f1c171324f6e4a92662f073f673d586fe99d9e7c6fcfe5d14b921b984a8fab50c4c3db3f206a5c76f8065ba13b781af6d77ff537200bd651629b2108c028abd30d0891a4f0bc45a14b9666f4cac94436c9dc92a3e366e16b60db863eba0c64ce8067e47f4af496be52506700a00efe6217939c5731b1442649b10ff71be150086b69116bb7e06d09edffa38649641c3eaecff54f64c708f267230346d919f48da9d52b76f7542f73623210bf220b90d7f95276bee5b525029aab7c2f8a5caf2ef66b87184d3fef3186ec050dae29c004b93fb9bccbe876c93a66398769c481b654935deea9136c69828fdd724e8a143aa7f3088d5699aa900a0c52613f6596b06c1c3212ed71f4c2572d3f58b3365ab5d6976792447e583bfbc957fb3a2e97ef722d52966dae7d756f834b46b70f7b7d57226edce024fdae0f2d5bdc9dcf19f16e4d4d132e541a7886ad20e297da78d29ee839182c3bb9ca94229b389015b096e732969950f7b2ee4f052e052f9d02b94ab05197ac7beffea688597c387a89a267bd49ede412a39598ba3e603ed63e87c7b4819c4fc6524925a91b26a969090629c9db22de29faeef1a3019a7894d1b4e97d736d713f40e9d696972fbb01ee5e2c461c6004fe5725cce4b4588d5c859b1ef67695df7e38cc7a0a0171918d5faf8f93931ca74d9f907244e0298e914377f5acc51bc7cf19d4a5ef3e456fc1206a746672628971b346358db8a0d5a79cd2cd2b4929f42c5c3dfbaa4466d45b4babd9a48ab9e5f8ceb6792c1b6931999f7f911b9f03e4776685135e626e928a6a336ecf384cfa38cced68fe1c6d3f0ec6256e7ad5991b95e64393153c8e80e8c36a940f1b888676cd20fa9c610376e885993485ae066835c8fd816a9d7894daeec77c25f0720108f1e705012a95f4537061225cf569f9ba630630b9c2ff89e9a94b8f5859725995679de08b9ee5efed9fd2e2bb6cbe88bf945bc978e1bca6dd63521ccefcbe6207fe92393e97373dba6306f2c99e4e124825a0d7dcdcd03add65f0042f622e754c8726cc1e904bd5adcb0e7f84e3f8e4b04006b4758ab942821fed4c2122bc70f7437b07b5ae6050ff9919bdeb255817af734df2b2bd42fc84d5933d54439769e35ee32901b8f290945f04ea926056a25bc1081cb2b4842eb350f312ee09491650e1e815f1d1b1f8a6c51226775d8ee5a5c9d6faba605cd2d5bf3341a08dc30a10573d71d36eefc4db9e9a01fca25f07dfb1c9e951979b310dd8f7c7861b1cb4e6ab3880cdb05588105746e9ea02d096ffb7011560dec8640e44deaf707023be1433e9b3519c5ad902bc4834c97186ad125ffcbf7bc42efba08487047955bdb63baee360f87e105aa996ad026e65a9395105a41b93bad0b1c75ccac43bb78261b5ddbd5a153d1aa678642ca586ccb2f4c895adcfe8443ab5dfb3f5d75aa7c122df9e31aab610034e1437096ac08f93fcb0e019129ee56a613f5ec560d94b29576ed43f32a70b4a9f821ff389b4ea2315a2b0d8ed2b724980ef44ef987eaf08a441ec334cfddc4216712a46a0d70ad1182f2586d8533740731911397898d9e6ff99ebfe63b25a35036ea78d5e8bca81f0674d53e8b53a424a1086773e8cb58758d6952bf504bac935d08d6a13668900931a6cbf97e33b43dff243c6152237fc0962ec1fff32cd1dd72a33b25884098bb9a458c7fff0e01c439c6c51574f51f8fd7b325999217f3a17813ab90cb37fbef27e382f4efe7012eb487013d3f2e067b12a390aa64528af2421297f26b9a5b03dc4bc0e771d15c70450c4f485fff825475c6575386ecd342854b196b144193081b63b68aa8b72b7e0b16654d7677ef19bfa421a57aad62224c545518ffe285e727c0fac1c0e77452704732422ebe25f6f9dc97cf67e7648f64cfdc3737b7793b8e448a1a9d7b71ec5365e7767c2947ac85baa2c3c87b488400c32ce249ef1f19573e7deb020f557bad801e4e2a22333654e4a7754a0a7cad7aa14710a9fe358e319deb2dea989e87c86c49f591cafa050750381b1689433e9a4046a3d73b11da1d239e6da5f8e9ff2965e7553e648149c11e2c99a6ddfa5f8e2366e4d", 0x1000, 0x9}, {&(0x7f0000002b00)="ab31bdb048f079013f28d033a49eb7b9fdff53f923428e5afed5c377", 0x1c, 0x8001}], 0x90, &(0x7f0000002c00)={[{@huge_advise}, {@gid}, {@huge_within_size}, {@nr_inodes={'nr_inodes', 0x3d, [0x25, 0x70, 0xd]}}, {@size={'size', 0x3d, [0x34, 0x65]}}, {@gid={'gid', 0x3d, 0xee00}}, {@huge_within_size}, {@size={'size', 0x3d, [0x6b, 0x65, 0x70, 0x34, 0x7, 0x70, 0x33, 0x37, 0x30]}}, {@huge_within_size}, {@mpol={'mpol', 0x3d, {'prefer', '=static', @void}}}], [{@euid_gt={'euid>', 0xee01}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@fowner_eq={'fowner', 0x3d, 0xee01}}, {@obj_type={'obj_type', 0x3d, 'ext4\x00'}}]}) r4 = fcntl$getown(r2, 0x9) getresgid(&(0x7f0000002d00), &(0x7f0000002d40), &(0x7f0000002d80)=0x0) r6 = accept4$inet(r2, &(0x7f0000002dc0), &(0x7f0000002e00)=0x10, 0x80800) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r7, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r8 = gettid() process_vm_readv(r8, &(0x7f0000001a40)=[{&(0x7f00000018c0)=""/31, 0x1f}, {0x0}], 0x2, &(0x7f0000001ec0)=[{&(0x7f0000001a80)=""/93, 0x5d}, {&(0x7f0000002240)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/121, 0x79}, {&(0x7f0000001c40)=""/163, 0xa3}, {&(0x7f0000000300)=""/231, 0xe7}, {&(0x7f0000001e00)}, {&(0x7f0000001e40)=""/9, 0x9}, {&(0x7f0000001b00)=""/46, 0x2e}], 0x8, 0x0) r9 = geteuid() fchown(0xffffffffffffffff, 0x0, 0x0) r10 = getpid() shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000280)={{0x3, 0x0, 0x0, 0xee00, 0xee00, 0x51, 0x1}, 0x0, 0x0, 0x0, 0x7, r10, 0x0, 0x6}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000002f00)={&(0x7f0000000180)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)="af501d368d6318701858279fc9c5419e6e9e825d084cd8b96987985a13c60368002d32daf915f918dd21b18f18e69f8b3ad4d03bb6474d142a63df0815792bff75ff0605b73c99bbc8645c66952792758716c6794a2cda272839c87690b78aad1da14242ada599d90998bbf8", 0x6c}, {&(0x7f0000000680)="c328cab5a2863fa4912b777c31364c9bf950", 0x12}], 0x2, &(0x7f0000002e40)=[@rights={{0x24, 0x1, 0x1, [r1, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r4, 0xee01, r5}}}, @rights={{0x1c, 0x1, 0x1, [r6, r7, r0]}}, @cred={{0x1c, 0x1, 0x2, {r8, r9}}}], 0x88, 0x88011}, 0x4080) 04:59:08 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1404, 0x0, 0x0, 0x0, 0x100000005}, 0x0, 0x0, 0xffffffffffffffff, 0x60be548042c2f3b4) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x58, 0x81, 0x99, 0x31, 0x0, 0x1, 0x88, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x20, 0x2, @perf_config_ext={0x7, 0xfffffffffffffffb}, 0x8000, 0x6, 0x5, 0x3, 0x80000000, 0x8000, 0x6c, 0x0, 0x2}, 0x0, 0xd, r2, 0x8) r4 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x100) ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000000c0)=0x2f) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 04:59:08 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x0) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:59:08 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x0, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:59:08 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff000aa9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3027.966972] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16399 comm=syz-executor.1 04:59:08 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0x0, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3028.080405] device veth0_vlan entered promiscuous mode [ 3028.116169] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3028.116169] program syz-executor.7 not setting count and/or reply_len properly 04:59:08 executing program 0: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f0000001500)=[{&(0x7f0000000140)="1f", 0x1}], 0x1, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r2, &(0x7f0000000140)={0x1f, 0x0, @none, 0x0, 0x7}, 0xe) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x6, @any, 0xa41}, 0xe) bind$bt_l2cap(r1, &(0x7f0000000140)={0x1f, 0x0, @none, 0x0, 0x7}, 0xe) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x2, 0x0, '\x00', [{0x65d, 0x7, 0x6, 0x100, 0x5}, {0x9, 0x5, 0x7b5, 0x6, 0x6, 0xfffffffffffffffd}], ['\x00', '\x00']}) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x8020}) close(r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r4 = open(&(0x7f0000000080)='./file1\x00', 0x40140, 0x111) connect$bt_l2cap(r4, &(0x7f00000000c0)={0x1f, 0x3, @any, 0x8, 0x2}, 0xe) pwritev(r3, &(0x7f0000001500)=[{&(0x7f0000000140)="1f", 0x1}], 0x1, 0x0, 0x0) [ 3028.189995] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3028.189995] program syz-executor.7 not setting count and/or reply_len properly 04:59:26 executing program 0: pkey_mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) syz_io_uring_setup(0x1a4, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000017c0), &(0x7f0000002a40)) 04:59:26 executing program 5: get_thread_area(&(0x7f0000000000)={0x80000001, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 04:59:26 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0025a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:59:26 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) fdatasync(0xffffffffffffffff) r1 = openat$incfs(0xffffffffffffffff, 0x0, 0x0, 0x34) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) openat$hpet(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) signalfd(r0, &(0x7f0000000180)={[0x80]}, 0x8) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000340)) fallocate(0xffffffffffffffff, 0x4, 0x9, 0x3) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, 0x0}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f000005cb80)={0xfffffffffffffffe, [{}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {r5}, {}, {}, {0x0, r6}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}], 0x7f, "9656c75f04ba4d"}) close(0xffffffffffffffff) fsetxattr$security_ima(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)=@sha1={0x1, "7974f51f91a9b545415542171451ae3688c80f7d"}, 0x15, 0x2) lseek(r2, 0x0, 0x2) r7 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) copy_file_range(r7, 0x0, r2, 0x0, 0x200f5ef, 0x0) 04:59:26 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x0) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:59:26 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x0, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 04:59:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0x0, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:59:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0xd6, 0x0, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15c3e1b9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x2) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r1, r0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$TCSETS2(r2, 0x402c542b, &(0x7f0000000080)={0x6, 0x9, 0xed, 0x0, 0x2, "96faa0d9c0e49e2ea885b4a1db9d518a168e60", 0x5, 0x7}) bind$bt_sco(r3, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$FS_IOC_GETFLAGS(r3, 0x80086601, &(0x7f0000000040)) [ 3045.920191] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3045.920191] program syz-executor.7 not setting count and/or reply_len properly [ 3045.920726] device veth0_vlan entered promiscuous mode 04:59:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0x0, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:59:26 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}}, 0x0) 04:59:26 executing program 0: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') pread64(r0, &(0x7f00000001c0)=""/4107, 0x100b, 0x0) mount(&(0x7f0000000040)=ANY=[@ANYBLOB="bed7179c5a050f6c"], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='vfat\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001c80)='/proc/key-users\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001c00)={0x1, 0x80, 0x0, 0x0, 0xb0, 0x8, 0x0, 0x7, 0x200, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x400, 0x0, @perf_config_ext={0xbac6c40, 0x40}, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x570, 0x7fffffff, 0xdd, 0x0, 0x80, 0x0, 0xc51}, 0xffffffffffffffff, 0x10, r1, 0x0) r2 = syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x6, 0x5, &(0x7f00000016c0)=[{&(0x7f0000001240)="9af5dfe0235ea465b84f7548255c", 0xe}, {&(0x7f0000001280)="5fa3303b9a803364f7412e6b82791b5d84177b5f465b136e48dcd4d427420b8b4f4132307439babe42c9e611755a4b4af1215266f6007b93aaa439d76ad9c6e0fb66930e78979cd03953128057b9ad", 0x4f, 0x2}, {&(0x7f0000001500)="2b6e8eb0d902cde0633cef07ad11b6777947986100245af3b47131644ab0d65a8f821c481645a0e25f19b4cf63073f984b25c95ffe8cfa7b96b09fb770fb101f36eb5441883de9f11228e8800965eca7558d397fcba78a537838594d5804b94455ff8849f72b9907d8e26eca1910f87297d384f60f222d6ad42d0bf618df0e08877a24e680f0b310543319739e7bc292a4dbbc4ff46810c7bdb23219a8c2e0ede38d885b9d3af495b3846128e9947877e6b3184564c53bb7dcf3fcf7691ea170283cedb56702530f25864a8d28ef49903a7b9ef80a6e1c974ff3b57dee43581d265b1074a3", 0xe5, 0x20}, {&(0x7f0000001600)="729092ddb06293791e1e1da50e7bc78f5e58c7e7d7415b9ddd7b9d5d78641f9874026a5fee2ea5b79e245db0fd78fc46226e68e90602f69e9a191d6fa4b55c9d31ebd4a85485cdca6ee83242230ee041996e6c", 0x53, 0xfffffffffffffbff}, {&(0x7f0000001680)="4d653d37cefad854e75b737675adb15dd2151f07ea1efdc09fc0feb92e0bb71b2ae111e7d5aa35b81bac336f818d32f1abc4406d9d448e5ea832ab35e5b8cc", 0x3f, 0x1000}], 0x208400, &(0x7f0000002e80)=ANY=[@ANYBLOB="646d6f64653d3078303002003030303030303030303030352c6e6f636f6d70726573732c646f6e745f6d6561737572652c736d61636b66736465663d2f6465762f737230002c61707072616973655f747970653d696d617369005a000000000000736861743d2c646f6e745f686173682c635c6e746578743d73797361646d5f752c00aac9042bd35621872c849d2afb58f83c98ca90d7f66039bd38310d6ac4083c5cec026626337f8641c34aec50357a54a270"]) rename(&(0x7f0000002e00)='./file0\x00', &(0x7f0000002e40)='./file0\x00') ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000001300)=ANY=[@ANYBLOB="00000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff030000faffffff0900000000000000080000000000000005000000000000000100000000000000000000000000000000000000000000000000000000000000d30800002ac000000700000000000000020000000000000001000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f298cf55f928448cdf7eb01e04ef781f9be79e403f4bad0710d080c5d50b0ec830dc1c755869210533348b118e517ebcb9b920bc4e5155e8f2b63c5bad3f9806ff62395ff05b3e9cc6fa48b3b98e64181a3bcfc87e39dbdd994e8a9c7cfa17cf167b7b692a9c50ce89db76ad07dd8b22a2a25420"]) ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x127c, &(0x7f0000000000)) syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001740)='./file0\x00', 0xfffffffffffffffb, 0x5, &(0x7f0000001b00)=[{&(0x7f0000001780)="0c7fc3f690bf91cd54376b0cf5f6899238308c8c48a8fd99e90674547350f55e1362f33a0b12a27c8f5cc10df4b33a557f835b3be76ed3dd4f6e726d8f0956cfd0b7a2cdae88c3caee8388926a9cffb069f99cc871ec39ce0e172e8e03015df245d647f206d2e3144b3bcfa29bc469844007e3d3de8b9e6c532547eed8e4d4fee2350d8942e0821cfdcd062bf02d22c4be55e24562d487540bc3d4df831c00817a3d4e568f0323798dd447a2e1fe96c781c38135e5f7b731e88e27d9f008a82f280c8d205a0cdcca88ad8fea22cd8935f8dda1f328b8addec1a8175a80342efcc4", 0xe1, 0x4}, {&(0x7f0000001e00)="6e6e4d806ad288af72307d32dc4be59e83ee67027341895dcb3b6179a26f4ab1a75e780f666c320acb4e1ca2c0e7ee0c422fbb69d1908b73b50f4caa4fc3c48dad52205c219af442a173f5339b46cb13001d0916de055e6eeb35889c13c349770dc38fe48ad571b11095a3375deec9ae5a859b2b7e3904265e51f0e0ab3af0e73ee2cf70c6cbd3af9920ca5e456927ef8f80694b89620c6aac2e831017831aa628dabb118725cdeef03e8dda82afca27ee0ae090585c5e50157727c5fd65158706be7f4361e27ebf101096a5c1cf10c29429defdd62f795669f7528fa9c649159f556b57b166e4a22577906f1bb4cb46cec66e2ac0a0919dc29873e03e8750beda664f4da4b4ad71b0f8b26d7070e50675875591133349992288d7ef89c2a9f1707042745e6592a01d942e93cfcbc5a06ea287782ee22d194dff3e17eab79c8e9394399d0cf34c255b3f759e8cd78d9bb4591a4b135d86212a03b6d382e7d5e4bcbeb6a798324fb7513881e2f308fb861ce0aacd60a0b67d30d48b33f7eebb1ee5c591912207cc3c57ebdd3888a8d4daeeb23642c1bb2ae7118d5bd671e8e5b74c508d5dffc4b88cee086a6b7eeb6069159a474b1bddf49da5930b3b63467ab9ab769d4b2c580cc849b24098b23733249f344d8344bed5c49557029d77a4e45bfe64cc79c23fb3b95d4cca301b48329d3ae744443c8564c6d73301d2509dd0c813d4f15e57e3654ff3a4ded6b4c6db5b82ae45d269a53528affe4f417093e972dabd293790a9faca5ca4bdbde740f49180984a337c0694baacabb5899fac964d4dfe8ca945b81825f6eff366d097965e37aaefb9d13bf01163813db0483c7dfb0901da851d9c0df952a835931f678659d323c029e822901bf2b3b123513dbaa3e494ef113992aa82cc4d764b1be5fbfe4da12f6221ad7a814ca4952dfb4d36822d0e0e58dcb5fecb5b07c0f61c3dfbe6d555676b635e32a4c176a57d2ec8626e2da47fd1208c8f053249cb682a2df5d43e47a21b85317f6b193992ebd3a31e71076ea4134f186d6fe460b647069f9473dc67af56dbceaa60e8e05de2b436ee5a77f6f9cb6909745504640e84811ac5bfd3f4644abbb5337ac71a6adc3bca4ee11a02f1a7b5e864453946a3101081567e9cb8baff6609ff63c2af346783315694e6ebeffb9960a8ba323d1bd03e6bf26413bc284d49d756dabe6acf32ed215670c486f8946d7fada00a15eead202d42f3825f93edb867352f812998bf55c859f7ca15981e8e7bc3aeaf214681ef17dd29456b0c1ef367acf7820a646103b8748e92873f3b556ed3d6c1c243220489e9eadc475922b662d729ce11db42def222b7a48bfd009eb21584dc42599886294e7f4ed872e071d70abfd9be7cc257e54bdb9acfd8c422516ed756f7721b94a87d0d243eb065cf79ff7ffc4036282fec56e0c469c5ae1b945a9868524bdbcd149f03f5bf4214a95ea71ae90fa071cbfcd47136704091a3c87e7d2c07b31c136fefed15688536658bacfa9d3be31bb5f4dd54e269327c3f1ac35cb08de04fafb5ce917b2b2f2c81fe2780ed340f6b6e0f340638051b7f31af27497e9d4184f8c97dd81e0a596239a3a85c9f59575f400aa01db0ac972396b33292d43ee780004a59d98f144914252336705964abe62e85642b27d21552d60c8da3e6757135f89916ab3982411176457f3757fe728b5e8285f3ecb6cc77bec35b29d204a4fbaa644cf5db64b4e6232fcd07378d66abd540cc33133de9ab721b5ad70c500a97a752e3997cc931fa729dd3ba7bec246e69ca2aab1b33968d1bce445a87bd3652652ad22b362bd5280c4d381b0f0ed07aa43082cda8759063a13863da63b578ca9ec0d012b8d88cc5c2223397b6bff386bf32e1f65bba7bd54ed3fa915a5383eaba4968b9bc92bf0d4aea7bac3d0d7094859e10468874f79935f5542be5fbb9918633ce07fb9c4fd635642aef64e8797c4e46aa98da0fb10e4a9de8e1a3426a68e097893cd66aacfe2d9616f54109a56ab156de40c57f10e275cedd69ad7535e95121e977e74f205f2a2ce64b0db6a75f574e09db323116af9024e6894d46ac93b8a175085280a385dff4f3dd536ac3fac3035c160b73834361e6dd7d297d0f56c2b369119e205cdd131e13dce271b10d501ce17621bc0587684573947dbf0e28f752b506f375554ceff2f8136b62ff154587e276b6332c73db22d2145e68a657a3f2afd1a51a55023aacf83d98df77cfafea9b6be2909daf1730f98a8e29db872f3d3f06340c204b4e4d53f7d1917bb2d6102a2c228241daa2a582e3ff89e93ea925a20605ca89a0f7dd0f3e3b856d858d5aa404783b2ef39fb3e256f717048cec3e33c0006045179af698851c875d1f5dbeec6ca608e7ec19f1f2c7822258552080e75a6cf5ab91e19d4eca9dbce0a3f88528217d03ce510e517664e84e3aa028d42727e58c944f52388085e3a4a6ed9e58bf25b4eaa43a381187c71b3aeac3441dddeb2b5488a866975737e1d4633ddc26df90e4b37232e9a0c1fa5253a7aaa666c81bf863cd7ccce87ccb93ef4a6daa7c46a2bdc0ed140f4b1bca17105daa7a917cbddb6b194fa3a92a09a2c5147c976f25c30e8ec6c81e9583058da3771f2293841835138a0f4ceaeb7576b297455259e85a39cb993b1a93a8dab408e4e1dda83c6058f8ab4e28dac092f2cf038d6e2bf24a7c962d2bd95bb772f3b44f0c455d6c5cdd0501f016d24b9816ea9ec4becd358f7a7b3593ea9488f2d9a0711869c577a8ff661631d6949d30d5f3b6def331c66fce638ee18736c833c6574d66d7c78d23becdd904b63840db4d62cb89e6d36c0137979bdeed3b1a24c84d0c87842795969060e8d2d04f07c9d1c1a59b1a235ea36a3b37fe77430004ac17beb55fc59ec7df04129d5fcfeccfb0fab2fef9af41fa4d0f125da0b372c9123f83030f208498226045cc0902286f34db0b21add6a888315eaf7a3680265387b21bd7300181c4e36a6cd9e7317265763fb1c73c040aa6d43a9bf354c07f693485db8f980860dbd08f17892d12a6133db41d2968c01ff394846b8670faef1ffb9826a6801efd9865d19868d7d29850526b84fff6e1c94eed7b0f5dd9c1f272cd01fdd36a9b9ac784e13e8b59835553482894f29a2b4040b8d659789cb9be315f049537cc39580486be977404b934dcdac07ccc065fecc078b7988f37f351eeb7c71a936c617caf35d585c137ab256d6a4570933b9e784d01c3c31689eb2916c61b017dca9815cd199bc60e9ec18cbab63b87e71ccaae5521eed634d41eea9adbd320d72787e15e65962038556eb82d215ccf463983c79a7dde90ca44a91f9f503f8bc1d3ddb90715128db80827ebf0f7fe0f916578569d5679a82cc5b91de9582e041f0309a1b668dbd18c12587ff3850bdeaa1d9cbda427d549dcbe249a5e97bbe57efa5eadd40e2f9a0491e40f14be16a6e10c272b9ab6fe5bd726f4ca8ba6937bf9fe62788a00030d85d48c5937c527e9580d3534d6e11789184061673630f165f44a92d68f699397eb6a6cbd4c9f8bf7e0b3626783dee1760a68b8084022382dd8a90b60ddd64b0231a6229115ad84fca90ee8971099c95d789ad71d3ed72fbd1992a1b5aa239561f3eb7ca1080af7e2714c2e27f6544f64fad5f60ef3917ec8aba6e9a4b20b592fb18137e97380af40220ebf22bf4ba1b04500a37b40b248f165d69a6b996acce5599b064fbab9739e2e2b0f14b87e591291651fe6a04fbd9cd671698bf3fd256578dcbf6c1ce2086fff6c121cff561b4e9b9e52dc8203a69077cd7ee18aad2afeb810992fbc0c6d636eaf590d280a8f56ee8c43ffe645bf986bc576930481e870c14d65a591c7aa9d21ce38fd6bdfc18276ba5968e8cfcd88c5299c4dbe03f3be9d55f47e919ff1105888cffe5c006482b6e6029364cdbe888f4585facf5bb07ac65cd33c083703017bc625bf79ffe6a9dcf298955f17ab586744a9b01bf1d755b7fbf02a66676b215745d3e26e817c0dfeadaaad010c9f2eaeaba432adb5ecc368b30ad2e9b30d4acf0a93aa1c6aa3e867a4d325a13b9a43ac848b6e5795d162e7f12610e58522dc2d044fe76c5c2de36f44c51d15d6bbf069c741dc2d534468b152f2d99cdbd6a5b9a120beace2d35a3a96c75948ef03df97864d7081957753a3095780fdded2ecc9fa94185e693ef54262303880fc982e364b6960233a97485f167733f7e45451fee31b14e97e2914357a6b4ffdbfcbcaa12a6fef6647b14d95cf394deef4ad78a661e74175934cd07cc1f053164c846f0bb736a30d8c9b69149af617517b749f94b6701fb1cdb687a0ba265ee39bb3fd00de3eafc07c0d6c7d694ccf5a870104659c797f91337bf0961863265b57cc5f6cea1b624c011868786b6af74d8c037fe1101228108f2bf62b21bc4af522e0e6f4da6b7180686dd48f8936e9d225384451951b9b0821f249fdbe0e64e814423c6fcfb9f90a02be21cfece6ce270cb92c3d97ef38317db83e3ea761e56b1aa4814ba245d3ca061184db71803bdaf73025ed56a80dbc2246bc534684973246d037c363652d832b4e989149b1eaf1f39ac65a456021df7d4d29ad7efc1882b4812bc3676e0f110fe4a2f1f5e78831052fca36b3466e4581954cece8acbb5094842445244372ee9f9104e015f1ad6083aff31f64c55eae9de389f5579add5d1113df650b4a75a0993e78d50660b8268e39d4cb39dcaa8f81ff8326d6d1349f270fc72d02ea388285f118468b97f5c64c6824e83be87863b184cf4f7bfecec40b1593c5670be283c109f252ff5dc482f8245cac199ae470671149c7271e95007e7e9f89fa45378ddf77a945ede874cb53369a8142b2287a8710bdce7a9ae7dbc63b67d7e2ca9ded1d4020f2487a4b997965738cdf4c623d6eef7829af972177753adda978c4ffa28e852dae7a57691d5423fe3c124bd28ab10fbedc5766c7c1ace4038e9c228d7523e5fe7ba05899f4595a3bcde3261bf1e4691f38b94f2f7834e5c6518424c804bdd439554368a99a22804e1fda3ca2db2d95d466114d71a9f8b2e63e88c5e89945e5429f6d8b92c2b26211c3812033f3caae74f241555e78f158daff3a2842f240cf94535f24bf284c9fb52914435fcbcf556dda36deae414bbb73db1edff605fe1a986a4693504a38aba9493586bdb03a48aaad795e416035f5243bebc95b617dd38fb213f7781c0182e43c0379d76a08d00dc2a81443cc97b3a2859ca5fe2992ef88283971e774de461d78ea0bdb2c19136c42ae936f6d7a5f594ef750cdcaaa427e0260986a47afb98c72c514cc2195d783ecbcde3f7d609192cdf50b56d449d2deaac3258dd47ad9219a7dd4530b2d6224a6dd86c4b399dba5de12b7f12103694591b8f52926a85ad31cf991e1eb4a7a287fd9db9af06a5a43b28408c0ce2ac5261d18fb3f6543bf0d2b9eaaa466e66e93c19c860e4744de257932903143d86da06adac98663a8bc8f8e46a96ec3888cbb7dff1b7453ac71e5d96c8632fe5dd33683cce33f31f03edad7a07c8d93e88810f00423f0615d1811b593aa2757eeb21eb00d3284cf990ac05d179558dd6001f966844896a02cc9afe7263bfc5c5b2016995a9dda9034bc9bdd6d1508afae623f03270836f389720b8484cc8f9c360b666b9f72166891d60c72e8dcc134dcf40aa521f599e8c54f4286b8fca1ac983f1c70d531aa92b4fa12d57f1e85dde506a15844ab00540fe2b104641ac2714b4e546c20281f3d190c67842a000000", 0x1000, 0x2}, {&(0x7f0000001880)="28d96c9f6185034ce1f9346f717728a3d743f8ef13699655fd579271dde8a27d83dfbdec4a464da94e2c1fc74ce5ea3419357a68a17fab099f4d8216acf7a559b90941bb496e0d13b20ead2b98c1e1ffe5a9b596d4fb90bf160e625f93313a47d13e8d37e4d77c639d8916d2792a287d7b96e6a2c46fdb92d5c79ef20663a55f056baa75287409fb855a8898acf555588a4370e33fe1f2c42a8607cbb1c9fb4c7808df254ca798babc631a07ca46cc859677526f9f33bb410b417cc9e5e0b8e0c9e1d24b5db512f83c433d3f076ca71e9d9a129b6baa8b45008f66aa7ca602c58519fd4245567faf7a7d4818cd6e2edbc92c1fdf", 0xf4, 0x246}, {&(0x7f0000001980)="9002009095999c725b5fd5f83f9fa28e7ff38d93201c58edf7c860ad1bc947f464e58116c15880a6368c60532cdc44bb9265a311b338c66ce1cb7ea1374d2a708bc7badde91343465dbdc1906f8580f2885e4fe32fe9151c8b07a594faf8a5c141bbda7f9a20f017ad15c8d6dc8c24ba4f524310a3d0f6f2021b0d41effc410debc4038add2a80eae80d23070a775fa6cd7f288ccf5232b7024fa5f31d102568725474fe971d5425bb5e4b5d85649fe74cc730b73ad06426", 0xb8, 0xd3fc}, {&(0x7f0000001a40)="87d8b087b0e94fec33996b7c0390c6124eb06c551e13298e94209e4101d22b66333a3f641a91b281fcebc2cb923f5c6360a932fee133edc5832df67a0c7256e30020a951a6b1df679edc7de7ec24307516f82670a9e5443b962d1c94ac34a0e9267ce66b9b74b0c50259b309636539162ca97553937bb6aae63011e2e613d710a465c31a777046e54013839c7edcacefd91b0220abcb8832b6f07f0214e6b138bb82906f19686d01", 0xa8, 0x3}], 0x2000000, &(0x7f0000001b80)={[{@numtail}, {@utf8no}, {@shortname_winnt}], [{@seclabel}, {@context={'context', 0x3d, 'unconfined_u'}}, {@uid_gt={'uid>', 0xffffffffffffffff}}]}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)) [ 3046.012337] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3046.012337] program syz-executor.7 not setting count and/or reply_len properly 04:59:44 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000015c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x100000000}], 0x2802008, &(0x7f0000000240)=ANY=[]) mknodat(r0, &(0x7f0000000280)='./file0/file0\x00', 0x1, 0x10001) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x40086602, 0xfffffffffffffffd) chdir(&(0x7f0000000040)='./file0\x00') r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fsetxattr$security_selinux(r1, &(0x7f0000000000), &(0x7f0000000080)='system_u:object_r:syslogd_var_lib_t:s0\x00', 0x27, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x4) r2 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x60000, 0x80) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), &(0x7f00000003c0)="8aa2d51e0a1edfa91a68404d8f95b5116a966ef1f8dc7a520ecc83c862e4d66f2687cd8650d547f9cb24", 0x2a, 0x0) openat(r2, &(0x7f00000004c0)='./file0/file0\x00', 0x600100, 0x102) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000240)={0x0, '\x00', {0x4}, 0x1}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) openat$hpet(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0/file0/file0\x00', 0x0, 0x8) setxattr$incfs_metadata(&(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000400), &(0x7f0000000440)="7830be11017beaf8a6b6e0efc27daa0195033f640f5d067ad71f6dd2d5ac9802ad0ce1b2e521d7f098b834ef8eb79e61e05214fd431452e2143a1372f78f62af093cf80b20097ad1ffa2b8a1011e7e5e734d7c93efc9a159c9c07953867db652a8ba649fcc60", 0x66, 0x2) sendfile(r3, r4, 0x0, 0x100000001) r5 = syz_open_dev$vcsa(&(0x7f0000000500), 0x7, 0x525a81) sendto$unix(r5, &(0x7f0000000540)="b26a2f2af8338da372e2c41092a95a17a64bc29c83af6100492e136d1ee75464bceaa9ed44edc8d0dd576da684d9c43261da8f960d99702b0e67ea820277be6254bbfffa2e0f5389e2650a69df60db456e2857a95479843565e65ef611d117dc0572a542a9d4b37bf19e5543f06257470bbbcd461fa8dadbdb3b6d47ac43417ceaa7b02a252b2af66c70b003fff75ccc44ae5ae20063b5306b055324e19825f2e39b7523849939ea7cd3092eb5edac43abf6f16e97c475cae8934745540faa75ccf4c122af5045859189060836ce0c5745e98bc1fa03e3acfad7d8309934d08a8fa1f2162adcaa870f33aece937dd4363e9acd4e3cb4ea8cdf6d5adf6fb6e54bdb2d05ca2d52a8e29cb5d66857ab9bc807dac6b281960fc0b1679e99d8bf838c60f5437426e4f2916a7d3a46714c4b4776b459169cc8b03220052c79e4a35a21e4b5ed237f16d0f87f0945a0ddf518bd29be8ddd8fbd760579cd0dbf468034b7d65f3721108378efca045dd883f9d4f05cd7282fa48b9e9035a8dad1560a00b0912d5fa265a7910069ce32898abcae629ff67a2c261a78d634f316bb2435f0b8a1d0fdcd75679ff1480eb575c2dab7931c219eb55ec1a080282e313571307faa977e87bc2a74d9b309bdcb41c5fb9d923695d35fafaf7010edc52449e463e9a827211444b7127f96476c83da11f37177b18047765584f2bb2de6ceeda9a44cf7ef0beb7ecaabdf77674f9fe58ce975a55140455ed496cfa2515146b845fe7c9eec9196e80ec1df750132238b4814e42c698eaf1d9d9a42e0bfeb7d2d06b472e47cc8f0d133aeb4e4bd33001f5cc81354c857f5387bed2957d9b8d68d9552e4ca2758e885101c61e8e73dde9f69a098db0398fbbbd17184c11edd727cbfd75d91da05c56d1c6c5c7be8a34f5eab1a3d628b20c36c3cd6d3a06754503401491e021d9ef0a83b7aa45b3c3e5cf61c007b5fe1f97a5146f99d05d8a705c646dab6bc06c1644889113c911f7d722298c8788a6564c4a765054fb4ef770578850778873ae7bff98bdaa5dd819dc9244041302e57810314a86c43ea9b9a90647236e6551227a4cc108e6f6e8f371484da56e7f8eee17982434076c80aae94f4f4375f42991363f4ae191c602b58597d865256c287785291ecf16eda4dda63bcbf199f74cd5ba5d9f9482252146dba11abdaeab07e4a172d861d3b9351171370d54113ee82cd22228b23cfc60db0202d38311beba5ed0b6a1c20dd125085d7b65eec2cf8d0470d21a0c303ee3f5823e3c80b1fd445341c6135cd9e7d80141c3301063c2117784442830dce52a9adf52e2a190747c0ab7c7f66b27f1d2849fea37650b851be191b8ad4bfe86709357f88c01bca13942ff109d327a1723af94fc92d99790ab8c4062a4ef606b98322009034336a177db414e61404b0dad19859ed5931fad2ff544f797c475e8cf95010533e2aca0277b1dc028db00e979dc06d85b45a007e76769da4f61cf38085d6f05aef92ca96d76d7312a41f2a092650a13ee170fb7de39cbc09a46b88b646d0b474b0319051f414d1fa5deb035038e25b64b5f7d2dabc6ac8e1d86595a2e2f1fda05a4ae7652fc82cf7b95ac521185468662cb5d0077d3cd61a2cfb95de4573101fcb431896877f64abbce3a4c2d9bc862a973aef9b9c35064f10e9b15cb0813378fc155b05790db1bf30ac65a80a7f3a8b800fe42ea0a9318d9cc89b665a06e967430e2bbceabad4ecfc598106447bb13f5f1eaca519599c0d7530a289158958fae36afc042a7b31430021966e0dd35602da533587b56e5d5060b85fec192e8e75eed491dbcb79a696731a4c3733fe17572df5e7d0c4dbf96513c9412d140fe2064e2de565e33b1d03a946d0e3f78a4f75626719047e9667feec4afcaba7ef75e27f129f52ffe7b06476e7562350d73427aa9686a27899e0e189cd5a93874c6636ba9defc0bb35ec0b214f2da05077e5f2d7b98d817892bcda11d5bbf17972d2efb98277577fd0cec20b9ad6e2b8a930d0386ab7e5f12d595df4de35b83094cd310582eb6de6b4628c6d4b7d0274c4f109ba0f03ddd39c303ce3ff7372582bad72bc9cfb8a1cab134dad79dbebec31bd48547007fc03f8db74b0ff47c05f685f7a4a7ff2f1d935bbd2db14ad239e31bd59011f8c137d6fbeb450cf733f1b0302811be19af63332eec302e0d5883618d104c6a62650f4e6047b555c81566db287d772f8087b00b5e4cd8db53b7b2763d8109fc8379d2aea666bf9b0ff5405f81b84a9cc7f97b9927c7b029d24cd4301ddcf1479e49ea74e602dacd4734f74602b73517499fd54549b6d929764f753f5d21b90ba1c663759dae32815cfb37641d1d584a14f64efeba561f93bdfe1421bb0b45fb4005af33cd9722e94511cb36d1de102c9bcacfac327b749f82f6e9b8cf88328d85ca7d7af963bf203ed5ff472644c54a27533a5ff93e997a9218bc7c092d9288ca478c6f3c63f494258215ffc51898b6d068e7c67a3985854c2217de693f6b5391b8f27df84cbbb8c705ea4d2aab96f5c2405212f2fee61b5787ebf558e8390000f3a9f64bf8a8c9d46308f1f7f1512f262110ac9d301d4d763c6d11ff1e6f61f9d21d59dc35afd303f50057f5ebc7a9bcd62195b2d678c901e0d285cfaf5d7de54350516e3dd33628a3efcd177cba4a555b0184de4d347f80ba74e8cb7596838455dd94dbaaf37d3c5790736fb21497520ffa2545c842af9f8c63ec5b7343c9ea6cdfb56ea92abf6e787d1b7fe30c6ff06ff42a4a1505a84b8a1f4e894c878886c3445dba4b084a38bb6bb02c2b220189918ddc4bab78a20a33ed6d9643b05e123edc662daa5bf529a9bfe99af4b5c9fe4234894b5d1da1f2511ca8fcd8af34352f8bbd5c497778e0cf3b54b179979a0a701438a6cf216398fe52296db65c9723af8a1516b12eed428d0aa6cc84b1f8c8a2ce6b3b26c04678932624c68d4851aee6509e63e83011b98c32f31993c66e8117756916f9e6faa53dd82c3d960dc06af4bd2d7107d3700cf3a102ade16d671d58767f3dae5bd09eac056cdd63d71caf54a971dc93a30c94f7859d5642a5170b44512bd1b4764724feddddf469ae981134be908bf5634294dfebf594a6000bb35606077d1ed2fd0c42b89ae8712aaab9eae4ea2d14d24cdd32d021f5be63d1186c089e1493748e89adeab8d1e536d3c7ed072b7a8e3cd5ad3197fa8aee9dd554512d96bc3d3e19f34ddb6ae4e0fff5dfad8602207e4662b3bd97fe871cf54b0ef4dbbe38c0e8fa6fca87faece4071d6487fb0d9c65ef50498835786e32f073fa6e0f7353b03bb0f60ef913d46f0d8c304511facf2fbaf5d88e82fb3d5f3418ca86bcdac7f96d7c43c15a9c3274f7681773957db5d2b2be009f8af2d7d48bc010cd17a01c67133af7f8f8f9fad6f17e6ac75ec267e6683043979e0d5e2e930d3dc00136a1e9e12938f21974bbc5a49ef928ae3d5181877a3c2556c3c9cc136b7e32ca616704ce65336755ab94e213f55f13a764355044fb90ec0fd00792bb7ff5bb6fc33761946307521b9ba78c31f826e5f0e4490800b0e61a115a7af67c98e3c2024ce3bd2dcc62112df37dceb8884234068c4fe6fcac8270695b4de140e065d3c7d017261681ecd30c114b0e958c0e53529609410b11a5db7aa4161ef580aee25446b91517f98426f5dbcc2e8102b2d6c43d1dafa5656ab5e894188a390bde74de6d57ecd1ad46e5278fd3ec936948564419144f624e4b7f261c05ca0ef1e83bbc3c4cd7464bbc52b8f8b9247bbf7f9ad22e513b5455b802afc58eaccfba21293289e9283cd0d379cc648a968031f39e5e651ed20baaa56bf52318822425b67e91b527487c3cb814518459c78c8e602b503b694a84db68d479f38d0259214dd582e5129120e397a648ed33deaf6ad49f2d4c56da6e295a9cef61de4ca34d4c8811d298cf4f35afb3f815c4298e8dcd92529e4256ffc29c4e06b2997dda7bde483b83ab12d3f8ff4b0b41cc788bfadb4abdf4f4e972f3c4bcf4f1cfaedfade816e167397ddf94cf90945c895ce2cd7da61dded4e5eab52b2c2180ca5a03e563d07d707a5bb9a8a33610dd85088008a96476fedb9e4f956aeee3ae9cc927926e14148cea0d39c208c36a02f01cd77389d33958a23c278fd3e1cb272ba998661d7f0e35de8cfc4a64b11674349c390fff3323f1b9942e056f5674f9b3cebf5ac8a069265e8c5e4f7c0ff827980fea3ba94bfc4797d9f68ccc43072958d5979d4b77cb7ca28c757cc451de64ca8e70b3f89c97eadb8ad1747b25a3a70bc6dbed2ad5d5cf3637f3972b6401ab2772eb9c65eab5635420398b6b0677b1e1d7850cc08803c9a300bc2329e1e9aba4ad73298f85bc60e3f00e74d50f1b02d477e881b63b0de556895c7a45e048ac7e01a70693d90b2a6f4a2eb5bee0eb0f4305e5d68f7fe3018bf2a24cc6591f9f5f72e246197a6cbd5767084c190c816ebec5f8f5dc61349e14f2203c6866f02ebd324525f5b0ba1dcdf51eefad83778011f59d7655ee29f26dba25abb6c9cd8745bcac5b3cd1ac2bd583e266f05d552f0e6d980774cda07bee8b4164fa86e648d65727f7a11cc98d65b0daa9be921c0df1a701c2675588391ede25a2df853bb04dc48507281d962cb7f6e22d8f74175d119a3891dd2b267113086ba4ee379a3e4d8c08cf7b793af4a131d2a90310872a2d5ba8a20af7afecabd06cf19fbc8ad1796e55f52820c37d0427dc150793d576adfddeb10f027acf0204d3a62b1dec4ee183d2cd10d38764bfb4b2b707355226f9115ee39ea5bb93e9be7fde79a6f6bf28d193b368d21e25588bc54e9add0bb91d39eeb09e44fe07c03b5ff787145e4dd74ac0c4308a66398797e5e4e96d58cfcd9cd03d4cd717e39bad89de7031dff0dd04b31b2c63bcfee8586f50c7d85a87e15992102baa4216779f2c959d112ada378e76316bfbcc8c1a3e20ac53de3583020df9960bc599a38aaf82d36d18a51c1ac91a8ba5a0ae2a65465df994aaac6769e62aa276364374b9a44146ee95e85bf94aaa37d5011cd015311dcb0b53314dfcfce6c17fd4af99710f814ea8fb482f2a178741edf74f37b6a25d3934a6d5e3b7010b916ce3ad65f979a4a066d608aff52ea1c75d96fd4659d3895edbceb4e815cd60fd92f6a2bdacb35bde1b18d08999e4bdc4ce54190fc42349dad4f158d896bdde643b7c9bb13604beef208478b06680537e464ab5d1f7deb024f6a22722c5cfcc770f4e7fbcb2d4022bc53209d6d1749364164801872dca5348bf6b311306c2db329b0f7548f19aa535a9e777a9fac39fab8a9857a98d7feb35a22e8fe9a0207442a2a089e17e4a6a891343fce2b55723ef56c5d36798999f2066e4a8b701b84f7079cfa31bd48af204c35231f21416316774225228f8ac0b41a433c4e6b981522f05758d0b6b56a60851e19c17a524e497ee3962055a4ba93fe0c50939d62be9fea776306e05dc453cbe706723a84c0833bf0310555cdba724248e331a4a3db08ee28418005eb5786786660cf2742e9cec76ddeb53ff8f6c6efea2330dd53286c8cc6e30b4e02124e9976fc2d246eca306850ee9afd91219b68305fb16ae35415270b109b7e6db74db42d2e108b6988ced5a86b33f71758b1951175902f820583209c1ebfb359da8dcefb62a69f49a764404a934cdd4b6d93002b5a094d3e9842df078a027e4dd776259f07c572460f4b4dd08da0179542f53f67c13ca8f858470c66ea97f0512781f6236e585cbc4c36be436c", 0x1000, 0x48801, &(0x7f0000001540)=@file={0x1, './file1\x00'}, 0x6e) 04:59:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x8000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x3) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 04:59:44 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b0d, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x80400, 0x0) r4 = openat(r3, &(0x7f00000000c0)='./file0\x00', 0xa4081, 0x88) sendfile(r1, r0, 0x0, 0x4000007ffffffc) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000005, 0x2010, r2, 0x8000000) syz_io_uring_setup(0x3167, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r8 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = dup2(r8, r9) syz_io_uring_submit(r6, r7, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f00000001c0)=@sco}, 0x0) r11 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x0, 0x110, r4, 0x10000000) syz_io_uring_submit(r6, r11, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x2, &(0x7f0000000100)="e5f6d804fa64c385c8f0cae342b99b729a1b92a04bf89ce5ba158cd93266e9d49a9f8a52e6df96ea82d8e0d840dc0b17360f61643ce32b075bfcb49ddf21ef7237ffd8edee39b55924da91a4295ecbf16858fdb025e77ca0728d3e5bb89f14823fd122d10729a39b9f5f375ffc0245d6e7a09864a66f25c53f4d0a25a2b741c4ed29ee1b699c3b794b9c667c", 0x4, 0x0, 0x1, {0x2}}, 0x10001) r12 = syz_open_dev$tty1(0xc, 0x4, 0x3) syz_io_uring_submit(r5, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, r12}, 0x1f) r13 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) fsetxattr$trusted_overlay_opaque(r13, &(0x7f0000000240), &(0x7f0000000280), 0x2, 0x1) 04:59:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 04:59:44 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0x0, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 04:59:44 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0243a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 04:59:44 executing program 5: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0xfffffffffffffffd, 0x2}, 0x1240, 0x97b3, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f00000001c0)) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000180)=0x2, 0x4) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendfile(r1, r0, 0x0, 0x9bbb) 04:59:44 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}}, 0x0) 04:59:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3064.223059] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3064.223059] program syz-executor.7 not setting count and/or reply_len properly 04:59:44 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0x0, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) [ 3064.308049] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3064.308049] program syz-executor.7 not setting count and/or reply_len properly 04:59:44 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}}, 0x0) [ 3064.338168] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=35144 sclass=netlink_tcpdiag_socket pid=16469 comm=syz-executor.0 04:59:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xacd}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x200000000002) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 04:59:44 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0343a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3064.373500] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=34247 sclass=netlink_tcpdiag_socket pid=16469 comm=syz-executor.0 [ 3064.378444] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=53893 sclass=netlink_tcpdiag_socket pid=16469 comm=syz-executor.0 [ 3064.384318] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=53481 sclass=netlink_tcpdiag_socket pid=16469 comm=syz-executor.0 [ 3064.430212] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=35656 sclass=netlink_tcpdiag_socket pid=16469 comm=syz-executor.0 [ 3064.435187] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=16469 comm=syz-executor.0 [ 3064.443843] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=33608 sclass=netlink_tcpdiag_socket pid=16469 comm=syz-executor.0 [ 3064.448301] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=35140 sclass=netlink_tcpdiag_socket pid=16469 comm=syz-executor.0 04:59:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3064.499780] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=16469 comm=syz-executor.0 [ 3064.501452] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=26 sclass=netlink_tcpdiag_socket pid=16469 comm=syz-executor.0 [ 3064.547157] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3064.547157] program syz-executor.7 not setting count and/or reply_len properly [ 3064.562441] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3064.562441] program syz-executor.7 not setting count and/or reply_len properly 05:00:01 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0x0, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 05:00:01 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0443a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:00:01 executing program 4: r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) r2 = dup2(r0, 0xffffffffffffffff) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000040)={0x0, @aes128, 0x0, @desc2}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000000)=ANY=[@ANYBLOB="9b0023080000342051a13f6f", @ANYRES32=r1, @ANYRES32=r0, @ANYRESOCT]) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x1, 0xcd, 0x0, 0x23, 0x0, 0x3, 0x8040, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x800, 0x4, @perf_config_ext={0x9, 0x10000}, 0x41000, 0x8000, 0x947d, 0x2, 0x0, 0x8, 0x923e, 0x0, 0x4, 0x0, 0x1}, 0x0, 0x8, r2, 0x3) r4 = openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0), 0x24000, 0x0) dup2(r3, r4) dup(0xffffffffffffffff) write$vga_arbiter(r2, &(0x7f0000000080)=@other={'unlock', ' ', 'mem'}, 0xb) 05:00:01 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_PAGE={0x5}]}, 0x24}}, 0x0) 05:00:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x1c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) 05:00:01 executing program 0: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffff, 0x7}, 0x4118, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x2}, 0x0, 0xc, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c0000008d60ccddc073134ba9a1b479a550ab219351b25a30ebd3ed5d89122b1a4c4a6fa88c8584c7e8bc8569d5a9e40200000000000000f6f95138c527fc0dfa6d8005f39145c7ecbb9f31073e3d95bc3cc05ff8f33d47f6f77a8c065b5f6c3c299a355a0c2299dd50f62c86441e804dac2725816390cdd6cc669c3ebf8d7cbfd73ffbf3d8f36a200d87f9a57178699eee95837463b696572ba7699dcb27baa05b1f5f003563cd36e9acb4121c97f1aa7afb9686126ee7fbf35b3b64584b01363cfcdd003df496d8c74bff5cd1a387e56da5046eca051971d436dc32f6e3b433c1c3f4f9c2b93fb6f1c2a1112cef0c74d3c94f2b366bb3b65a65a648b097fe3ae17088735aaf460ad6c5ca7705277ea0ebb5557b0d89ac120586e973821ff7a3cb88c882b8299ae3837ee7eea350746129b7f33c84cf839ceca9a3819a5f3de4cd69fb46250f2eedb22d28ef", @ANYRES16=r1], 0x2c}}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000080)=0x1000) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1b) syncfs(r2) creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r3, 0x8, 0x0, 0x7ffd) write$9p(r3, &(0x7f00000000c0)="0fb865562069ab2f32beb83e263962827b00d7d8b791e504b65c5ed26e6688d67a9796c1aedca0de65d21b4796fd1b3df0ccedf9739e29f6b965de85433255da7945b7a842ba5fa3dbe88cd26fc9b1b807bc2d59e5a9f2c2bdaccdb839190141ba0151232669cb02b3b076251c024d73f501a54d959dac7cdb3fc324ab47f2a3e1ef12691eac5cab96860e948ea4", 0x8e) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000fffffd78b2ddc3fd020100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000001545cc2d00000000000000000000002000"/256]) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20, 0x4b, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c) creat(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}, 0x0, 0x0, 0x1002, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000080)={0x0, 0xfdfdffff, 0x102, 0x0, '\x00', [{}, {0x800, 0x0, 0x400000000000000}], ['\x00']}) syncfs(0xffffffffffffffff) 05:00:01 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xd21}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x3) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/unix\x00') readv(r0, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/4089, 0xff9}], 0x1) munlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_mr_cache\x00') 05:00:01 executing program 5: clone3(&(0x7f0000000140)={0x11060900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='memory.high\x00', 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(r0, 0x8917, &(0x7f0000000140)="dafb376c617c7c58f191883a") syz_io_uring_setup(0x20f2, &(0x7f0000000040)={0x0, 0x24e7, 0x1, 0x1, 0x146}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000100)=0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) syz_io_uring_submit(0x0, r1, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x5, 0x0, r2, 0x0, 0x0, 0x0, 0x20}, 0xfffffff8) [ 3081.067600] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3081.067600] program syz-executor.7 not setting count and/or reply_len properly [ 3081.103227] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3081.103227] program syz-executor.7 not setting count and/or reply_len properly 05:00:01 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0543a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:00:01 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_PAGE={0x5}]}, 0x24}}, 0x0) 05:00:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x1c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) 05:00:01 executing program 2: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_PAGE={0x5}]}, 0x24}}, 0x0) [ 3081.246423] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3081.246423] program syz-executor.7 not setting count and/or reply_len properly 05:00:01 executing program 0: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000580)={0x8, 0x7, 0x7, 0xbc, 0x2}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r1, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000640)=ANY=[@ANYRESOCT=r0, @ANYRESHEX=r1]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0xa) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x3c0, 0x88) openat$cgroup_netprio_ifpriomap(r4, &(0x7f0000000080), 0x2, 0x0) r5 = inotify_init1(0x800) ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000600)={0x2, 0x8001, 0x4, 0x8, 0x9}) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000140)={{0x108, 0xea, 0x20, 0x388, 0x3d3, 0x2, 0x1d2}, "b7c6dc7ed925285991ac135b3be481932909eee32789fe8426ef1a1c152c", ['\x00', '\x00', '\x00', '\x00']}, 0x43e) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000100)) sendfile(r3, r2, 0x0, 0x4000007ffffffc) 05:00:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$TIOCGPKT(r3, 0x80045438, &(0x7f00000001c0)) process_vm_readv(r2, &(0x7f0000001a40)=[{&(0x7f00000018c0)=""/31, 0x1f}, {0x0}], 0x2, &(0x7f0000001ec0)=[{&(0x7f0000001a80)=""/93, 0x5d}, {&(0x7f0000002240)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/121, 0x79}, {&(0x7f0000001c40)=""/163, 0xa3}, {&(0x7f0000000300)=""/231, 0xe7}, {&(0x7f0000001e00)}, {&(0x7f0000001e40)=""/9, 0x9}, {&(0x7f0000001b00)=""/46, 0x2e}], 0x8, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) r6 = openat$cgroup_ro(r5, &(0x7f0000000400)='freezer.state\x00', 0x0, 0x0) ioctl$TIOCGPTPEER(r6, 0x5441, 0xfffffffffffffffd) copy_file_range(r4, 0x0, r5, 0x0, 0xa1, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x2, 0x8, 0x0, 0x3c, 0x0, 0x6, 0x4640, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={&(0x7f0000000100), 0xe}, 0x1011, 0x551, 0xffff, 0x0, 0x7ff, 0x20d, 0x7f, 0x0, 0xd4f, 0x0, 0x7ffffffe}, r2, 0x2, r4, 0x2) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r7 = openat$null(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0) dup(r7) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x5, 0x40, 0x9, 0x3, 0x0, 0x6cf1, 0x8008, 0x5, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, @perf_config_ext={0x1, 0xaba5}, 0x823, 0x8001, 0x8000000, 0x5, 0x0, 0x8, 0x5, 0x0, 0x6, 0x0, 0x8}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) r8 = syz_open_dev$vcsu(&(0x7f00000000c0), 0x10000, 0x20a002) ioctl$TIOCGPTPEER(r8, 0x5441, 0xfff) 05:00:01 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0643a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:00:01 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 05:00:01 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_PAGE={0x5}]}, 0x24}}, 0x0) 05:00:01 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x75e}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x80, 0x4, 0x1, 0x20, 0x0, 0x10000, 0x840, 0x1a, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x55, 0x2, @perf_config_ext={0x2, 0x200}, 0x1082, 0xfffffffffffffe01, 0xaf, 0x3, 0x8, 0x200, 0x1f, 0x0, 0x0, 0x0, 0x80}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000080)={0x5, 0x80, 0x1, 0x1, 0x6, 0x5c, 0x0, 0x7f, 0x2, 0xc, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x4}, 0x100, 0x6, 0x7, 0x0, 0x8003, 0x401, 0x6, 0x0, 0x20, 0x0, 0x8}, 0x0, 0xf, 0xffffffffffffffff, 0x2) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000440), 0x204000, 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f00000001c0)={0x2, 0xffffffff00000001, 0x1, 0xb29, 0x1, [0x7, 0x7, 0x2, 0x9]}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_PASTESEL(r1, 0x4b6a, &(0x7f0000000000)) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) r4 = socket$packet(0x11, 0x0, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000080)={r6, 0x1, 0x6, @dev}, 0x10) r7 = socket$packet(0x11, 0x0, 0x300) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000080)={r9, 0x1, 0x6, @dev}, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="50010000", @ANYRES16=0x0, @ANYBLOB="00082dbd7000fbdbdf25190000008400018014000200776c616e30000000000000000000000014000200697036677265746170300000000000001400020064756d6d7930000000000000000000001400020076657468305f746f5f687372000000001400020076657468305f746f5f62726964676500080003000000000014000200766c616e31000000000000000000000030000180140002007665746831000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000300030000002a73bf5d76bbf4aa8f4308000300030000003800018014000200626174616476300000000000000000000800", @ANYRES32=r6, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="080003000200000044000180080003000000000008000300050000001400020077673200000000000000000000000000140002007663616e30000000000000000000000008000300000000000c00018008000100", @ANYRES32=r9, @ANYBLOB], 0x150}, 0x1, 0x0, 0x0, 0x40000}, 0x800) 05:00:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x1c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) 05:00:01 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="00000000000000001a2f66696c653000"]) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, &(0x7f00000000c0)={{0x8, 0x5}, {0x9, 0x1f}, 0x1000000, 0x1, 0x6a}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0x408c5333, &(0x7f0000001a00)) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x200) [ 3081.513893] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3081.513893] program syz-executor.7 not setting count and/or reply_len properly 05:00:01 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) [ 3081.605410] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3081.605410] program syz-executor.7 not setting count and/or reply_len properly 05:00:01 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x24}}, 0x0) 05:00:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x0, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:00:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r1, r0) accept$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000080)=0x1c) r3 = fsmount(r2, 0x1, 0x7b) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000004bc0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000004c00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r4, &(0x7f0000004cc0)={0x0, 0x0, &(0x7f0000004c80)={&(0x7f0000004c40)={0x1c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_CHANNEL(r3, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="7f00f700", @ANYRES16=r6, @ANYBLOB="00012cbd7000fcdbdf254100000008000300", @ANYRES32=0x0, @ANYBLOB="08009f00070000000800a0004600000008002201ad0100000500190108000000080027000300000008002201340100000500190108000000050018010c000000c7dd9ce1c8f85f57c70c5c56b71805b0f2e4a9f446b9e528a273705c603df32752f624160384e93a8bd98088543f6659a172b530b0c99012006dce7b0383d7f99d8459be21636690f1260706911c39969968f609a1117b956d5766e8e84eaefdef703a0825ac1487dfe62153d8373f0c80ae3e243be987cdc4ee3fffe1473dfc39928b911378e06af5247360a58847826b1e862cc93d0f5cddd9ad3c52132e4947c1258241b8d4055e24068556e33185644d24a7dc8fa696bc682a8d82e0e40522133a94815dd1c5e737d23a2b90661e94fa4465adfa7d32e803a58cd7f1d3f8f6f321556cc0a0f88758337e22b98523ac4b"], 0x5c}, 0x1, 0x0, 0x0, 0x4008894}, 0x4000080) r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r8, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r8, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$FS_IOC_GETFLAGS(r8, 0x80086601, &(0x7f0000000100)) r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r9, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r9, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$FS_IOC_GETFLAGS(r9, 0x80086601, &(0x7f00000000c0)) 05:00:20 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0743a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:00:20 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) 05:00:20 executing program 2: ftruncate(0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000001500)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x4}, [{}], "bd957fd92f411ce18f895838cbaa4d10431d6f1ff91416ba3d46d46f9806d0d4794ceeeea2a5db653d90fb7d492f9319d402b6e737a65be0d6103a89d9fb0225245ad48f3efc11c748601e2c14070aedcf8790cb988fd9a9dc42560687a7ca8bdb9a4308453cbc1b30fbefed1014e06c663745c9642cd44c9b61cb210a3f9f879c67c210929c75380a32", ['\x00', '\x00']}, 0x302) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r1, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) syncfs(r1) 05:00:20 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x24}}, 0x0) 05:00:20 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000080)={0x5, &(0x7f0000000040)=[{0x8000, 0x2}, {0x3ff, 0x6}, {0x1}, {0xffff, 0x800}, {0x3, 0x3}]}) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000140)=""/82, 0x52}, {&(0x7f00000001c0)=""/1, 0x1}], 0x2, &(0x7f00000002c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x58}, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) r2 = perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r2, r0) 05:00:20 executing program 5: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x2a, &(0x7f0000000b00)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b000000800000000800000052470000620100000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e32353033313039333700"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000003b6f4d0472b34eacba0268aaada5ab8e010000000c00000000000000ddf4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="0100000000000500110000000000000000000000040000003c00000000000000", 0x20, 0x560}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x480, 0xc00}, {&(0x7f0000010a00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x1400}, {&(0x7f0000010b00)="00000000000400"/32, 0x20, 0x1800}, {&(0x7f0000010c00)="00000000000400"/32, 0x20, 0x1c00}, {&(0x7f0000010d00)="00000000000400"/32, 0x20, 0x2000}, {&(0x7f0000010e00)="00000000000400"/32, 0x20, 0x2400}, {&(0x7f0000010f00)="00000000000400"/32, 0x20, 0x2800}, {&(0x7f0000000680)="00000000000400"/32, 0x20, 0x2c00}, {&(0x7f0000011100)="00000000000400"/32, 0x20, 0x3000}, {&(0x7f0000011200)="00000000000400"/32, 0x20, 0x3400}, {&(0x7f0000011300)="00000000000400"/32, 0x20, 0x3800}, {&(0x7f0000011400)="00000000000400"/32, 0x20, 0x3c00}, {&(0x7f0000000600)="00800000000400000000001c001a000000000000000000000300000000000000d99ec01074fea57376e978259df127322a2d1dc08fbfeed53d855ec43b408114179c66ca079de64606aac83c82d2d93fdea5c67e5c6a4c0843b655499276c37d0419d748e32984394e14c688e6", 0x6d, 0x4000}, {&(0x7f0000011600)="504d4d00504d4dffddf4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7033300075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x4800}, {&(0x7f00000006c0)="ffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300"/1056, 0x420, 0x4c00}, {&(0x7f0000011d00)="0400"/32, 0x20, 0x5400}, {&(0x7f0000011e00)="0500"/32, 0x20, 0x5800}, {&(0x7f0000011f00)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x5c00}, {&(0x7f0000012000)="0200"/32, 0x20, 0x6000}, {&(0x7f0000012100)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x6400}, {&(0x7f0000012200)="0300"/32, 0x20, 0x6800}, {&(0x7f0000012300)="0400"/32, 0x20, 0x6c00}, {&(0x7f0000012400)="0500"/32, 0x20, 0x7000}, {&(0x7f0000012500)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x7400}, {&(0x7f0000012600)="0200"/32, 0x20, 0x7800}, {&(0x7f0000012700)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x3}, {&(0x7f0000012800)="000002ea0100000001000000270f240c000000000000000000000000000000000601f8030000000006000000779b539778617474723100000601f00300000000060000007498539778617474723200"/96, 0x60, 0x8000}, {&(0x7f0000012900)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xattr2\x00\x00xattr1\x00\x00', 0x20, 0x83e0}, {&(0x7f0000012a00)="0000000000000000ddf4655fddf4655fddf4655f00"/32, 0x20, 0x8c00}, {&(0x7f0000012b00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004000200000000000800050000000af301000400000000000000000000000100000004000000", 0x40, 0x8c80}, {&(0x7f0000012c00)="8081000000180000ddf4655fddf4655fddf4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014000000000000000000000000000000000000000000000000000000000000000000000000000000000000008081000000180000ddf4655fddf4655fddf4655f00000000000001000c00000010000800000000000af30300040000000000000000000000010000001900000001000000010000001e00000002000000040000001a00"/224, 0xe0, 0x8d00}, {&(0x7f0000012d00)="c041000000300000ddf4655fddf4655fddf4655f00000000000002001800000000000800000000000af301000400000000000000000000000c00000005000000", 0x40, 0x100000001}, {&(0x7f0000012e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000002000200000000000800030000000af30100040000000000000000000000010000001f000000000000000000000000000000000000000000000000000000000000000000000000000000e56bfc17000000000000000000000000000000000000000000000000ed8100001a040000ddf4655fddf4655fddf4655f00000000000001000400000000000800010000000af301000400000000000000000000000200000027000000000000000000000000000000000000000000000000000000000000000000000000000000694f777d000000000000000000000000000000000000000000000000ffa1000026000000ddf4655fddf4655fddf4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3235303331303933372f66696c65302f66696c6530000000000000000000000000000000000000000000006177ccbb000000000000000000000000000000000000000000000000ed8100000a000000ddf4655fddf4655fddf4655f00000000000001000400000000000800010000000af301000400000000000000000000000100000029000000000000000000000000000000000000000000000000000000000000000000000000000000dfa38368200000000000000000000000000000000000000000000000ed81000028230000ddf4655fddf4655fddf4655f00000000000002001200000000000800010000000af30100040000000000000000000000090000002a00000000000000000000000000000000000000000000000000000000000000000000000000000079189cdc000000000000000000000000000000000000000000000000ed81000064000000ddf4655fddf4655fddf4655f00000000000001000200000000000800010000000af30100040000000000000000000000010000003300000000000000000000000000000000000000000000000000000000000000000000000000000007b8a9eb00"/768, 0x300, 0x9180}, {&(0x7f0000013100)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x9c00}, {&(0x7f0000013600)='syzkallers\x00'/32, 0x20, 0xa400}, {&(0x7f0000000040)="73797a6b616c6ce57273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273577a6b616c6c65ad76acbac14d565b6572737a6b616c6c657273797a6b616c6c6572730000000000000000000000008edcdd65907dc86b000000000000000000000000000000009620150da16bad3c274a034c089b52d4e42e5bf31e4e3d553f8a58d99964a6fafa461a1ef3fda697adc6bae8c6b88a02", 0xae, 0xcc00}], 0x0, &(0x7f0000013800)) mount(&(0x7f0000000140)=@sr0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='autofs\x00', 0x82028, 0x0) 05:00:20 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x0, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:00:20 executing program 0: times(&(0x7f0000000080)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c000000260001010000000000000000000000001800008008000000", @ANYRES32=0x0, @ANYRESHEX], 0x2c}, 0x1, 0x0, 0x0, 0x20}, 0x0) r1 = syz_io_uring_setup(0x21, &(0x7f00000002c0)={0x0, 0x4000000, 0x2, 0x3}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180), &(0x7f0000002a40)) io_uring_enter(0xffffffffffffffff, 0x76d3, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='pagemap\x00') prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socket$inet6_udplite(0xa, 0x2, 0x88) r3 = openat2(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', &(0x7f0000000380)={0x2, 0x10, 0x1}, 0x18) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) creat(&(0x7f00000003c0)='./file1\x00', 0x101) socketpair(0xf, 0x800, 0x5, &(0x7f0000000400)) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000240)=ANY=[@ANYBLOB="000704000000", @ANYRES32=r1, @ANYBLOB="01000000000000002e2f66696c653100"]) syz_genetlink_get_family_id$batadv(&(0x7f0000000440), r4) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) [ 3100.546104] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3100.571987] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3100.571987] program syz-executor.7 not setting count and/or reply_len properly [ 3100.647320] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3100.647320] program syz-executor.7 not setting count and/or reply_len properly [ 3100.785157] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 05:00:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x0, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:00:36 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) dup(r3) r4 = ioctl$TIOCGPTPEER(r2, 0x5441, 0x5) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x1c7200, 0x0) ioctl$TCSBRKP(r5, 0x5425, 0x5) ioctl$TIOCSPTLCK(r4, 0x40045431, &(0x7f0000000040)=0x1) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 05:00:36 executing program 0: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xf}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) r1 = io_uring_setup(0x63a8, &(0x7f0000000040)) dup3(r0, r1, 0x0) r2 = openat$incfs(0xffffffffffffff9c, &(0x7f00000000c0)='.log\x00', 0x81, 0x146) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) write$evdev(r2, &(0x7f0000000300)=[{{0x0, 0x2710}, 0x0, 0x4, 0xfffffffa}, {{r3, r4/1000+10000}, 0x15, 0x800, 0xc952}, {{r5, r6/1000+10000}, 0x16, 0x8, 0x3f}, {{r7, r8/1000+10000}, 0x15, 0x100, 0xb376}, {{}, 0x1f, 0x1ff, 0x5}, {{r9, r10/1000+60000}, 0x16, 0xff23, 0x2}, {{0x77359400}, 0x15, 0xfb, 0x7ff}, {{}, 0x12, 0x6, 0x9}, {{}, 0x2, 0x8000, 0x6}], 0xd8) read(r1, &(0x7f0000000200)=""/152, 0x98) 05:00:36 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0743a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:00:36 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x24}}, 0x0) 05:00:36 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, 0x0) 05:00:36 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0943a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:00:36 executing program 5: open(&(0x7f0000000140)='./file1/file0\x00', 0x100, 0x38) statx(0xffffffffffffffff, 0x0, 0x100, 0x8, &(0x7f00000001c0)) lstat(&(0x7f00000002c0)='./file1\x00', 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in, @in6=@mcast2}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8) lstat(&(0x7f00000006c0)='./file1/file0\x00', &(0x7f0000000700)) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x407, 0x42800) r2 = socket$netlink(0x10, 0x3, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000680)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000600)={0x5c, r3, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x12ff}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x5}, @ETHTOOL_A_COALESCE_TX_USECS_LOW={0x8}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x107f}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x3ff}, @ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0x1f}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x1}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5}, @ETHTOOL_A_COALESCE_TX_USECS_HIGH={0x8, 0x15, 0x1f}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20004050}, 0x4000) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/timer_list\x00', 0x0, 0x0) lseek(r4, 0x9e46, 0x0) dup(r4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2, &(0x7f0000000500)=ANY=[]) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000100), 0x1800) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001d00210c000000000000000004e1010008000c0000000000"], 0x1c}}, 0x0) 05:00:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x34, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x34}}, 0x0) [ 3116.655223] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3116.655223] program syz-executor.7 not setting count and/or reply_len properly [ 3116.673078] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3116.673078] program syz-executor.2 not setting count and/or reply_len properly [ 3116.677808] selinux_netlink_send: 38 callbacks suppressed [ 3116.677825] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16634 comm=syz-executor.5 05:00:36 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) r2 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$BTRFS_IOC_START_SYNC(r2, 0x80089418, &(0x7f0000000040)) [ 3116.783826] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 05:00:37 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) (fail_nth: 1) 05:00:37 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0a43a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:00:37 executing program 2: pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) io_setup(0x5, &(0x7f0000000700)=0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fd/3\x00') r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r4, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000002c0), 0x404801, 0x0) io_submit(r2, 0x3, &(0x7f0000000340)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x8001, r1, &(0x7f0000000180)="453c720711856c090f775dffc1c3c6910ac7f741055e535c589af7c72ec1ee5ba4c883c8d072435ead08251200838fa396e2fa2ba8657a562db894cd3ecaa1e22a16c71cfe272523ef5ab6206a15028b640b274bf2cdbaa0bcd33cb9dbacfc7cf722881e707fd72bf5f35cc2dff06df843c163ae4644a24911f3c23a78ca80834b", 0x81, 0x0, 0x0, 0x3, r3}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2, 0x7, r0, &(0x7f00000000c0)="1cf138bae96ba8e5ab5d5c1811768109caa9c352add0576417426ad8b919aea309f1f238399f7fb212a51183b0fa7447b9b66e4f42336a1ace29456f167cb2d30a90d6078d", 0x45, 0x8, 0x0, 0x1}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x4, 0x40, r4, &(0x7f0000000240)="7c9530c9f1bb364e10c371d243be00524e1a924ead5ce3a51ea2475266415f2f82376bbd9612868a57f38cb9dca1ee667f5bd97b74ae021aa930f74a1dc0564a1b2d310af34b4a65877615b2149707b195ed89c00bce0a545860a18a", 0x5c, 0x9, 0x0, 0x0, r5}]) 05:00:37 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, 0x0) 05:00:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x34, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x34}}, 0x0) [ 3116.971234] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3116.971234] program syz-executor.7 not setting count and/or reply_len properly [ 3116.980314] FAULT_INJECTION: forcing a failure. [ 3116.980314] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3116.983004] CPU: 0 PID: 16650 Comm: syz-executor.6 Not tainted 5.10.207 #1 [ 3116.984620] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3116.986421] Call Trace: [ 3116.987003] dump_stack+0x107/0x167 [ 3116.987830] should_fail.cold+0x5/0xa [ 3116.988667] _copy_from_user+0x2e/0x1b0 [ 3116.989552] __copy_msghdr_from_user+0x91/0x4b0 [ 3116.990561] ? __ia32_sys_shutdown+0x80/0x80 [ 3116.991511] ? perf_trace_lock+0xac/0x490 [ 3116.992417] ? __lock_acquire+0xbb1/0x5b00 [ 3116.993363] sendmsg_copy_msghdr+0xa1/0x160 [ 3116.994295] ? do_recvmmsg+0x6d0/0x6d0 [ 3116.995143] ? perf_trace_lock+0xac/0x490 [ 3116.996042] ? SOFTIRQ_verbose+0x10/0x10 [ 3116.996932] ? __lockdep_reset_lock+0x180/0x180 [ 3116.997952] ? perf_trace_lock+0xac/0x490 [ 3116.998852] ? SOFTIRQ_verbose+0x10/0x10 [ 3116.999735] ___sys_sendmsg+0xc6/0x170 [ 3117.000577] ? sendmsg_copy_msghdr+0x160/0x160 [ 3117.001585] ? __fget_files+0x26d/0x4c0 [ 3117.002448] ? lock_downgrade+0x6d0/0x6d0 [ 3117.003356] ? find_held_lock+0x2c/0x110 [ 3117.004248] ? __fget_files+0x296/0x4c0 [ 3117.005153] ? __fget_light+0xea/0x290 [ 3117.006002] __sys_sendmsg+0xe5/0x1b0 [ 3117.006839] ? __sys_sendmsg_sock+0x40/0x40 [ 3117.007787] ? rcu_read_lock_any_held+0x75/0xa0 [ 3117.008818] ? fput_many+0x2f/0x1a0 [ 3117.009628] ? ksys_write+0x1a9/0x260 [ 3117.010467] ? __ia32_sys_read+0xb0/0xb0 [ 3117.011367] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3117.012527] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3117.013674] do_syscall_64+0x33/0x40 [ 3117.014497] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3117.015618] RIP: 0033:0x7f84055bdb19 [ 3117.016443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3117.020483] RSP: 002b:00007f8402b12188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3117.022181] RAX: ffffffffffffffda RBX: 00007f84056d1020 RCX: 00007f84055bdb19 [ 3117.023756] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000005 [ 3117.025326] RBP: 00007f8402b121d0 R08: 0000000000000000 R09: 0000000000000000 [ 3117.026869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3117.028406] R13: 00007ffeaf32b7ff R14: 00007f8402b12300 R15: 0000000000022000 [ 3117.030185] hpet: Lost 2 RTC interrupts [ 3117.057893] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3117.057893] program syz-executor.7 not setting count and/or reply_len properly [ 3117.069903] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 05:00:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x329d) [ 3117.130838] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16657 comm=syz-executor.5 05:00:37 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0d43a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3117.341983] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3117.341983] program syz-executor.7 not setting count and/or reply_len properly [ 3117.374254] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3117.374254] program syz-executor.7 not setting count and/or reply_len properly 05:00:53 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x34, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x34}}, 0x0) 05:00:53 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}, 0x804, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_usb_connect$cdc_ecm(0x3, 0x50, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002020000082505a1a440000102030109023e000101c1e015090400fb0321550d24ff0000cb0351775d8bc25e8409017d09050302"], &(0x7f0000000240)={0x0, 0xfffffffffffffffd, 0x45, &(0x7f0000000080)={0x5, 0xf, 0x45, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x73, "27d7474d5e78b47fb717d5d3f77cfbac"}, @ssp_cap={0x18, 0x10, 0xa, 0x47, 0x3, 0x3, 0x880, 0x3704, [0xbe00, 0xffc000, 0xde]}, @ssp_cap={0x14, 0x10, 0xa, 0x1, 0x2, 0x5, 0xf00, 0x3, [0x3f00, 0x3e8f]}]}, 0x1, [{0x2, &(0x7f0000000280)=@string={0x2}}]}) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001d81000000000000000000000a0000000500ddffffffffff0700010000000000"], 0x24}}, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4040, 0x42) clone3(&(0x7f00000001c0)={0x40182300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 05:00:53 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0e43a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:00:53 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) (fail_nth: 2) 05:00:53 executing program 5: open(&(0x7f0000000140)='./file1/file0\x00', 0x100, 0x38) statx(0xffffffffffffffff, 0x0, 0x100, 0x8, &(0x7f00000001c0)) lstat(&(0x7f00000002c0)='./file1\x00', 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in, @in6=@mcast2}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8) lstat(&(0x7f00000006c0)='./file1/file0\x00', &(0x7f0000000700)) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x407, 0x42800) r2 = socket$netlink(0x10, 0x3, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000680)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000600)={0x5c, r3, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x12ff}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x5}, @ETHTOOL_A_COALESCE_TX_USECS_LOW={0x8}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x107f}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x3ff}, @ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0x1f}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x1}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5}, @ETHTOOL_A_COALESCE_TX_USECS_HIGH={0x8, 0x15, 0x1f}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20004050}, 0x4000) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/timer_list\x00', 0x0, 0x0) lseek(r4, 0x9e46, 0x0) dup(r4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2, &(0x7f0000000500)=ANY=[]) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000100), 0x1800) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001d00210c000000000000000004e1010008000c0000000000"], 0x1c}}, 0x0) 05:00:53 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000040)={0x1f, @none}, 0x8) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000080)=0x3, 0x4) flock(r2, 0x4) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = dup2(r1, r0) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x10001) dup3(r1, r5, 0x80000) ioctl$CDROMPLAYTRKIND(r4, 0x5304, &(0x7f00000000c0)={0x1, 0x0, 0x0, 0x9}) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r6, 0x0, r7, 0x0, 0xa1, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c) 05:00:53 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, 0x0) 05:00:53 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x0) r2 = openat$hpet(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r3 = creat(&(0x7f0000000000)='./file2\x00', 0x0) fcntl$setlease(r3, 0x400, 0x1) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=@acquire={0x134, 0x17, 0x10, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @in=@multicast1, {@in=@empty, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in=@remote, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x0, 0x6}, {0x0, 0x20}, 0x0, 0x6e6bbd}}, [@sec_ctx={0xc, 0x8, {0x8}}]}, 0x134}}, 0x0) copy_file_range(r1, &(0x7f00000000c0)=0x56cb, r4, &(0x7f0000000100)=0x6aa, 0x2, 0x0) close(r3) perf_event_open(&(0x7f0000000240)={0x6, 0x80, 0x0, 0x5, 0x0, 0x4, 0x0, 0x10001, 0xa2050, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_bp={&(0x7f0000000200), 0x9}, 0x240, 0x7, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x2}, 0x0, 0xc, r3, 0x3) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7ff}}, './file2/file0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x104, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x80489439, &(0x7f0000000340)) lseek(r1, 0x0, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x128) open(&(0x7f0000000180)='./file2/file0\x00', 0x30143, 0x40) copy_file_range(r5, 0x0, r1, 0x0, 0x200f5ef, 0x0) [ 3133.654537] udc-core: couldn't find an available UDC or it's busy [ 3133.656593] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 3133.665562] FAULT_INJECTION: forcing a failure. [ 3133.665562] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3133.665994] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3133.665994] program syz-executor.7 not setting count and/or reply_len properly [ 3133.668150] CPU: 0 PID: 16676 Comm: syz-executor.6 Not tainted 5.10.207 #1 [ 3133.668163] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3133.668170] Call Trace: [ 3133.668194] dump_stack+0x107/0x167 [ 3133.668221] should_fail.cold+0x5/0xa [ 3133.668250] _copy_from_user+0x2e/0x1b0 [ 3133.677855] iovec_from_user+0x141/0x400 [ 3133.678773] __import_iovec+0x67/0x590 [ 3133.679637] ? __ia32_sys_shutdown+0x80/0x80 [ 3133.679709] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3133.679709] program syz-executor.7 not setting count and/or reply_len properly [ 3133.680599] ? perf_trace_lock+0xac/0x490 [ 3133.680631] import_iovec+0x83/0xb0 [ 3133.680658] sendmsg_copy_msghdr+0x131/0x160 [ 3133.680685] ? do_recvmmsg+0x6d0/0x6d0 [ 3133.687538] ? perf_trace_lock+0xac/0x490 [ 3133.688472] ? __lockdep_reset_lock+0x180/0x180 [ 3133.689518] ? perf_trace_lock+0xac/0x490 [ 3133.690455] ? SOFTIRQ_verbose+0x10/0x10 [ 3133.691368] ___sys_sendmsg+0xc6/0x170 [ 3133.692248] ? sendmsg_copy_msghdr+0x160/0x160 [ 3133.693272] ? __fget_files+0x26d/0x4c0 [ 3133.694175] ? lock_downgrade+0x6d0/0x6d0 [ 3133.695084] ? find_held_lock+0x2c/0x110 [ 3133.696010] ? __fget_files+0x296/0x4c0 [ 3133.696892] ? __fget_light+0xea/0x290 [ 3133.697798] __sys_sendmsg+0xe5/0x1b0 [ 3133.698638] ? __sys_sendmsg_sock+0x40/0x40 [ 3133.699610] ? rcu_read_lock_any_held+0x75/0xa0 [ 3133.700672] ? fput_many+0x2f/0x1a0 [ 3133.701504] ? ksys_write+0x1a9/0x260 [ 3133.702378] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3133.703539] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3133.704713] do_syscall_64+0x33/0x40 [ 3133.705565] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3133.706726] RIP: 0033:0x7f84055bdb19 [ 3133.707549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3133.711745] RSP: 002b:00007f8402b33188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3133.713425] RAX: ffffffffffffffda RBX: 00007f84056d0f60 RCX: 00007f84055bdb19 [ 3133.715042] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004 [ 3133.716655] RBP: 00007f8402b331d0 R08: 0000000000000000 R09: 0000000000000000 [ 3133.718312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3133.719928] R13: 00007ffeaf32b7ff R14: 00007f8402b33300 R15: 0000000000022000 [ 3133.721741] hpet: Lost 2 RTC interrupts [ 3133.725135] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 05:00:53 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff3043a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3133.736593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16679 comm=syz-executor.5 [ 3133.758375] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=33053 sclass=netlink_route_socket pid=16677 comm=syz-executor.2 [ 3133.932051] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3133.932051] program syz-executor.7 not setting count and/or reply_len properly 05:00:54 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) (fail_nth: 3) [ 3133.995307] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3133.995307] program syz-executor.7 not setting count and/or reply_len properly 05:00:54 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1810c1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="af", 0x1}], 0x1) mknod(&(0x7f0000000740)='./file1\x00', 0x1000, 0x5) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x8000) recvmsg$unix(r0, &(0x7f00000006c0)={&(0x7f0000000140), 0x6e, &(0x7f0000000600)=[{&(0x7f0000000240)=""/252, 0xfc}, {&(0x7f0000000340)=""/115, 0x73}, {&(0x7f0000000080)=""/64, 0x40}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/178, 0xb2}, {&(0x7f00000001c0)=""/41, 0x29}, {&(0x7f0000000580)=""/115, 0x73}], 0x7, &(0x7f0000000680)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}, 0x100) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x185842, 0x123) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4000006}) pipe2(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) openat2(r4, &(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)={0x6980, 0x20, 0x11}, 0x18) r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x5}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xfffffefffffffffc, 0xffffffffffffffff, 0x0) mount$bind(&(0x7f0000000780)='./file1\x00', &(0x7f00000007c0)='./file1\x00', &(0x7f0000000800), 0x204000, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x2}) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000700)={0x0, r5, 0x2, 0x480000000, 0x5, 0x5}) [ 3134.140520] FAULT_INJECTION: forcing a failure. [ 3134.140520] name failslab, interval 1, probability 0, space 0, times 0 [ 3134.143046] CPU: 1 PID: 16699 Comm: syz-executor.6 Not tainted 5.10.207 #1 [ 3134.144760] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3134.147422] Call Trace: [ 3134.148226] dump_stack+0x107/0x167 [ 3134.149299] should_fail.cold+0x5/0xa [ 3134.150387] ? __alloc_skb+0x6d/0x5b0 [ 3134.151446] should_failslab+0x5/0x20 [ 3134.152542] kmem_cache_alloc_node+0x55/0x330 [ 3134.153683] __alloc_skb+0x6d/0x5b0 [ 3134.154551] netlink_sendmsg+0x998/0xdf0 [ 3134.155443] ? netlink_unicast+0x7f0/0x7f0 [ 3134.156426] ? netlink_unicast+0x7f0/0x7f0 [ 3134.157434] __sock_sendmsg+0x154/0x190 [ 3134.158328] ____sys_sendmsg+0x70d/0x870 [ 3134.159191] ? sock_write_iter+0x3d0/0x3d0 [ 3134.160141] ? do_recvmmsg+0x6d0/0x6d0 [ 3134.160959] ? perf_trace_lock+0xac/0x490 [ 3134.161849] ? __lockdep_reset_lock+0x180/0x180 [ 3134.162825] ? perf_trace_lock+0xac/0x490 [ 3134.163692] ? SOFTIRQ_verbose+0x10/0x10 [ 3134.164555] ___sys_sendmsg+0xf3/0x170 [ 3134.165395] ? sendmsg_copy_msghdr+0x160/0x160 [ 3134.166365] ? lock_downgrade+0x6d0/0x6d0 [ 3134.167238] ? find_held_lock+0x2c/0x110 [ 3134.168115] ? __fget_files+0x296/0x4c0 [ 3134.168971] ? __fget_light+0xea/0x290 [ 3134.169858] __sys_sendmsg+0xe5/0x1b0 [ 3134.170662] ? __sys_sendmsg_sock+0x40/0x40 [ 3134.171564] ? rcu_read_lock_any_held+0x75/0xa0 [ 3134.172564] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3134.173682] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3134.174772] do_syscall_64+0x33/0x40 [ 3134.175646] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3134.176735] RIP: 0033:0x7f84055bdb19 [ 3134.177538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3134.181448] RSP: 002b:00007f8402b33188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3134.183053] RAX: ffffffffffffffda RBX: 00007f84056d0f60 RCX: 00007f84055bdb19 [ 3134.184571] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004 [ 3134.186082] RBP: 00007f8402b331d0 R08: 0000000000000000 R09: 0000000000000000 [ 3134.187587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3134.189226] R13: 00007ffeaf32b7ff R14: 00007f8402b33300 R15: 0000000000022000 05:00:54 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 1) 05:00:54 executing program 4: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r0, 0x0, r1, 0x0, 0xa1, 0x0) openat(r0, &(0x7f0000000180)='./file0\x00', 0x181100, 0x105) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/hid_apple', 0x8900, 0x10d) copy_file_range(r3, 0x0, r4, 0x0, 0xa1, 0x0) ioctl$PIO_SCRNMAP(r2, 0x4b41, &(0x7f0000000080)="ac1f4f5b4669a4faeacdd08bf3c0f9ba5ba990e21b4346eef0e7b69b142a8a88ca89b190a8682c57855b6281beff206253178c6fba2732e2d78ccf8e3ca81b8b6bcd75082160345a723ca1614ad80b0fb76370479de1ddc098b09a988b642625be8d1c4ce62505c53fad6c199c6f2ca0f3a3d6d4ec87187f1667bb65dd4b81b818c3268980ddaa2b462b583e492b88b5dfed3eec2465cb6551dd7212534de3a259e0fedc1628d2803c7be71549024ebff6b1") r5 = perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0x70, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000040), 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x4) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r7, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$BTRFS_IOC_SEND(r6, 0x40489426, &(0x7f0000000280)={{r7}, 0x0, &(0x7f0000000180), 0x7, 0x1, [0xffffffff, 0xc7, 0x3, 0x4]}) dup2(r5, r2) 05:00:54 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB="9f04cd16b2f4dc73a49328916b685feda945324d89ba3f463ba563448011c0dc5812329889db0e227836d11c45f6ec015fbd01f3500dfad421c8e886845a3733e8a55a070905146b5f281503e88332ecc048ac05ecf5a03c9c383617688df59a34d3900b3b256396c4933b47e26dbd72037a94f1e4570ef5bdfe373007dc8144d88f283c8bda20169eb4a949fd223f8f0667d34cedf493172a6e7ecaaf228a305fd20ff746c97f39ecfb12ad0b65ee3fafc118e0e25a8337ec8f0aa5a07e2e143cc529f0fa7882f0a0b05536e2d641d34d7bc5f351d8594dffc37480277b484640f3cc4020232acb1d9bb939511ea355c4736fefbc57f8145d463abc6f", @ANYBLOB="7c9fe20c234c23fd18304ec3a73702000000203d431d707a6b67aec2293d6fe9094aa2d235e1edce3892104e69bec56d56172300"/65], 0x98a) openat(r0, &(0x7f0000000000)='./file0\x00', 0x800, 0x110) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000080)={0x0, 0xfdfdffff, 0x102, 0x0, '\x00', [{}, {0x800, 0x0, 0x400000000000000}], ['\x00']}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'macsec0\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="3c0000000100000003000000030000000220000001000100060000000700000001000080"]}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1) dup(0xffffffffffffffff) ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x6) unshare(0x48020200) 05:00:54 executing program 0: mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000000, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4000, 0x0, 0x0, 0x3) pkey_alloc(0x0, 0x0) pkey_mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'}) mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3000, 0x7, &(0x7f0000ffc000/0x3000)=nil) perf_event_open(0x0, 0x0, 0x4, r1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000100), 0x4) kcmp(0xffffffffffffffff, 0x0, 0x6, r0, 0xffffffffffffffff) setsockopt$sock_int(r3, 0x1, 0x12, &(0x7f0000000200)=0x33e0, 0x4) setsockopt$inet6_tcp_int(r3, 0x6, 0x2, &(0x7f0000000040)=0x81, 0x4) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) execveat(r2, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000340)=[&(0x7f0000000240)='\x00', &(0x7f0000000280)='--\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='\x00'], &(0x7f0000000480)=[&(0x7f0000000380)='\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000400)='\x00', &(0x7f0000000440)='\\{\x00'], 0x400) sendfile(r3, r2, 0x0, 0x9bbb) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x5}, 0x1c) 05:00:54 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff4843a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3134.360654] FAULT_INJECTION: forcing a failure. [ 3134.360654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3134.362811] CPU: 0 PID: 16709 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3134.364037] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3134.365469] Call Trace: [ 3134.365925] dump_stack+0x107/0x167 [ 3134.366549] should_fail.cold+0x5/0xa [ 3134.367225] _copy_from_user+0x2e/0x1b0 [ 3134.367923] __copy_msghdr_from_user+0x91/0x4b0 [ 3134.368741] ? __ia32_sys_shutdown+0x80/0x80 [ 3134.369526] ? perf_trace_lock+0xac/0x490 [ 3134.370256] ? __lock_acquire+0xbb1/0x5b00 [ 3134.370994] sendmsg_copy_msghdr+0xa1/0x160 [ 3134.371868] ? do_recvmmsg+0x6d0/0x6d0 [ 3134.372432] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3134.372432] program syz-executor.7 not setting count and/or reply_len properly [ 3134.372534] ? perf_trace_lock+0xac/0x490 [ 3134.372557] ? SOFTIRQ_verbose+0x10/0x10 [ 3134.377139] ? __lockdep_reset_lock+0x180/0x180 [ 3134.377961] ? perf_trace_lock+0xac/0x490 [ 3134.378691] ? SOFTIRQ_verbose+0x10/0x10 [ 3134.379400] ___sys_sendmsg+0xc6/0x170 [ 3134.380074] ? sendmsg_copy_msghdr+0x160/0x160 [ 3134.380827] ? __fget_files+0x26d/0x4c0 [ 3134.381517] ? lock_downgrade+0x6d0/0x6d0 [ 3134.382232] ? find_held_lock+0x2c/0x110 [ 3134.382932] ? __fget_files+0x296/0x4c0 [ 3134.383625] ? __fget_light+0xea/0x290 [ 3134.384290] __sys_sendmsg+0xe5/0x1b0 [ 3134.384950] ? __sys_sendmsg_sock+0x40/0x40 [ 3134.385716] ? rcu_read_lock_any_held+0x75/0xa0 [ 3134.386520] ? fput_many+0x2f/0x1a0 [ 3134.387151] ? ksys_write+0x1a9/0x260 [ 3134.387810] ? __ia32_sys_read+0xb0/0xb0 [ 3134.388496] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3134.389426] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3134.390336] do_syscall_64+0x33/0x40 [ 3134.390950] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3134.391832] RIP: 0033:0x7f1a789beb19 [ 3134.392487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3134.395686] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3134.397005] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3134.398267] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3134.399497] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3134.400748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3134.401997] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 [ 3134.403366] hpet: Lost 2 RTC interrupts [ 3134.454098] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3134.454098] program syz-executor.7 not setting count and/or reply_len properly 05:00:54 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) (fail_nth: 4) [ 3134.514207] FAULT_INJECTION: forcing a failure. [ 3134.514207] name failslab, interval 1, probability 0, space 0, times 0 [ 3134.516190] CPU: 0 PID: 16720 Comm: syz-executor.6 Not tainted 5.10.207 #1 [ 3134.517414] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3134.518868] Call Trace: [ 3134.519370] dump_stack+0x107/0x167 [ 3134.520020] should_fail.cold+0x5/0xa [ 3134.520681] ? create_object.isra.0+0x3a/0xa20 [ 3134.521492] should_failslab+0x5/0x20 05:00:54 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) r1 = epoll_create1(0x80000) mount$9p_fd(0x0, &(0x7f0000001080)='./file0\x00', &(0x7f00000010c0), 0x20200a, &(0x7f0000001180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@fscache}, {@cachetag={'cachetag', 0x3d, '/proc/crypto\x00'}}, {@cache_fscache}], [{@dont_hash}, {@obj_role={'obj_role', 0x3d, '.%$.'}}]}}) pread64(r0, &(0x7f0000000040)=""/4126, 0x101e, 0x2000) lsetxattr$security_ima(&(0x7f0000001100)='./file0\x00', &(0x7f0000001140), &(0x7f0000001240)=@md5={0x1, "b417242cd0cab220dc83ddf64bc68537"}, 0x11, 0x3) [ 3134.522153] kmem_cache_alloc+0x5b/0x310 [ 3134.522999] create_object.isra.0+0x3a/0xa20 [ 3134.523780] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3134.524660] kmem_cache_alloc_node+0x169/0x330 [ 3134.525478] __alloc_skb+0x6d/0x5b0 [ 3134.526106] netlink_sendmsg+0x998/0xdf0 [ 3134.526822] ? netlink_unicast+0x7f0/0x7f0 [ 3134.527563] ? netlink_unicast+0x7f0/0x7f0 [ 3134.528295] __sock_sendmsg+0x154/0x190 [ 3134.528979] ____sys_sendmsg+0x70d/0x870 [ 3134.529706] ? sock_write_iter+0x3d0/0x3d0 [ 3134.530438] ? do_recvmmsg+0x6d0/0x6d0 [ 3134.531120] ? perf_trace_lock+0xac/0x490 [ 3134.531847] ? __lockdep_reset_lock+0x180/0x180 [ 3134.532650] ? perf_trace_lock+0xac/0x490 [ 3134.533367] ? SOFTIRQ_verbose+0x10/0x10 [ 3134.534069] ___sys_sendmsg+0xf3/0x170 [ 3134.534762] ? sendmsg_copy_msghdr+0x160/0x160 [ 3134.535569] ? lock_downgrade+0x6d0/0x6d0 [ 3134.536278] ? find_held_lock+0x2c/0x110 [ 3134.536998] ? __fget_files+0x296/0x4c0 [ 3134.537706] ? __fget_light+0xea/0x290 [ 3134.538402] __sys_sendmsg+0xe5/0x1b0 [ 3134.539073] ? __sys_sendmsg_sock+0x40/0x40 [ 3134.539792] ? rcu_read_lock_any_held+0x75/0xa0 [ 3134.540618] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3134.541546] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3134.542452] do_syscall_64+0x33/0x40 [ 3134.543093] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3134.543984] RIP: 0033:0x7f84055bdb19 [ 3134.544639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3134.547860] RSP: 002b:00007f8402b33188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3134.549167] RAX: ffffffffffffffda RBX: 00007f84056d0f60 RCX: 00007f84055bdb19 [ 3134.550420] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004 [ 3134.551661] RBP: 00007f8402b331d0 R08: 0000000000000000 R09: 0000000000000000 [ 3134.552890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3134.554138] R13: 00007ffeaf32b7ff R14: 00007f8402b33300 R15: 0000000000022000 [ 3134.555552] hpet: Lost 2 RTC interrupts 05:00:54 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 2) 05:00:54 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) (fail_nth: 5) 05:00:54 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff4c43a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:00:54 executing program 5: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xbfd}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000540)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x105142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x90ee59f21d04e710, 0x136) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x4000, 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) openat(r0, &(0x7f0000000140)='./file0\x00', 0x40002, 0x160) getpeername(r0, &(0x7f0000000480)=@xdp, &(0x7f0000000040)=0x80) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000600), 0x800, 0x0) fdatasync(r2) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r3, 0xffff) openat$urandom(0xffffffffffffff9c, &(0x7f0000000180), 0x98100, 0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, 0x0, 0x32f2c4651da53e00, 0x70bd26, 0x25dfdbfd, {{}, {}, {0x8, 0x11, 0x1a}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4004840}, 0x4000) r4 = syz_open_dev$hidraw(&(0x7f00000002c0), 0x400, 0x8000) r5 = syz_open_procfs(0x0, &(0x7f0000000300)='net/bnep\x00') sendfile(r4, r5, 0x0, 0x5) [ 3134.711522] FAULT_INJECTION: forcing a failure. [ 3134.711522] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3134.714105] CPU: 1 PID: 16728 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3134.715489] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3134.717152] Call Trace: [ 3134.717712] dump_stack+0x107/0x167 [ 3134.718684] should_fail.cold+0x5/0xa [ 3134.719480] _copy_from_user+0x2e/0x1b0 [ 3134.720306] iovec_from_user+0x141/0x400 [ 3134.721154] __import_iovec+0x67/0x590 [ 3134.721966] ? __ia32_sys_shutdown+0x80/0x80 [ 3134.723022] ? perf_trace_lock+0xac/0x490 [ 3134.723935] import_iovec+0x83/0xb0 05:00:54 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 1) [ 3134.724690] sendmsg_copy_msghdr+0x131/0x160 [ 3134.725699] ? do_recvmmsg+0x6d0/0x6d0 [ 3134.726497] ? perf_trace_lock+0xac/0x490 [ 3134.727351] ? __lockdep_reset_lock+0x180/0x180 [ 3134.728305] ? perf_trace_lock+0xac/0x490 [ 3134.729154] ? SOFTIRQ_verbose+0x10/0x10 [ 3134.729992] ___sys_sendmsg+0xc6/0x170 [ 3134.730791] ? sendmsg_copy_msghdr+0x160/0x160 [ 3134.731718] ? __fget_files+0x26d/0x4c0 [ 3134.732530] ? lock_downgrade+0x6d0/0x6d0 [ 3134.733388] ? find_held_lock+0x2c/0x110 [ 3134.734221] ? __fget_files+0x296/0x4c0 [ 3134.735048] ? __fget_light+0xea/0x290 [ 3134.735847] __sys_sendmsg+0xe5/0x1b0 [ 3134.736622] ? __sys_sendmsg_sock+0x40/0x40 05:00:54 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x200) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mlockall(0x3) r2 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_bp={&(0x7f0000000080), 0xf}, 0x2, 0x0, 0x0, 0x0, 0x7, 0x81}, 0x0, 0x3, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x1f012, r2, 0x0) ftruncate(r2, 0x1) fallocate(r2, 0x4d, 0x5, 0xb) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x7d7d, &(0x7f0000000180)={0x0, 0x4933, 0x0, 0x2, 0x350}, &(0x7f0000ab4000/0x1000)=nil, &(0x7f0000285000/0x1000)=nil, &(0x7f0000000200), &(0x7f00000002c0)) syz_genetlink_get_family_id$ethtool(0x0, r3) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) connect$inet6(r1, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000240)={0x0, 0x1}, 0x4) [ 3134.737522] ? rcu_read_lock_any_held+0x75/0xa0 [ 3134.738613] ? fput_many+0x2f/0x1a0 [ 3134.739354] ? ksys_write+0x1a9/0x260 [ 3134.740129] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3134.741191] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3134.742248] do_syscall_64+0x33/0x40 [ 3134.743006] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3134.744037] RIP: 0033:0x7f1a789beb19 [ 3134.744789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3134.748468] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3134.750029] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3134.751490] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3134.752929] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3134.754459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3134.755901] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 [ 3134.830565] FAULT_INJECTION: forcing a failure. [ 3134.830565] name failslab, interval 1, probability 0, space 0, times 0 [ 3134.833525] CPU: 1 PID: 16734 Comm: syz-executor.6 Not tainted 5.10.207 #1 [ 3134.835219] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3134.837276] Call Trace: [ 3134.837938] dump_stack+0x107/0x167 [ 3134.838851] should_fail.cold+0x5/0xa [ 3134.839908] should_failslab+0x5/0x20 [ 3134.840795] __kmalloc_node_track_caller+0x74/0x3b0 [ 3134.841826] ? netlink_sendmsg+0x998/0xdf0 [ 3134.842700] __alloc_skb+0xb1/0x5b0 [ 3134.843449] netlink_sendmsg+0x998/0xdf0 [ 3134.844288] ? netlink_unicast+0x7f0/0x7f0 [ 3134.845161] ? netlink_unicast+0x7f0/0x7f0 [ 3134.846047] __sock_sendmsg+0x154/0x190 [ 3134.846856] ____sys_sendmsg+0x70d/0x870 [ 3134.847763] ? sock_write_iter+0x3d0/0x3d0 [ 3134.848632] ? do_recvmmsg+0x6d0/0x6d0 [ 3134.849463] ? perf_trace_lock+0xac/0x490 [ 3134.850326] ? __lockdep_reset_lock+0x180/0x180 [ 3134.851280] ? perf_trace_lock+0xac/0x490 [ 3134.852141] ? SOFTIRQ_verbose+0x10/0x10 [ 3134.852985] ___sys_sendmsg+0xf3/0x170 [ 3134.853809] ? sendmsg_copy_msghdr+0x160/0x160 [ 3134.854744] ? lock_downgrade+0x6d0/0x6d0 [ 3134.855591] ? find_held_lock+0x2c/0x110 [ 3134.856429] ? __fget_files+0x296/0x4c0 [ 3134.857256] ? __fget_light+0xea/0x290 [ 3134.858061] __sys_sendmsg+0xe5/0x1b0 [ 3134.858836] ? __sys_sendmsg_sock+0x40/0x40 [ 3134.859716] ? rcu_read_lock_any_held+0x75/0xa0 [ 3134.860678] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3134.861765] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3134.862820] do_syscall_64+0x33/0x40 [ 3134.863660] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3134.864746] RIP: 0033:0x7f84055bdb19 [ 3134.865516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3134.869368] RSP: 002b:00007f8402b33188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3134.870954] RAX: ffffffffffffffda RBX: 00007f84056d0f60 RCX: 00007f84055bdb19 [ 3134.872438] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004 [ 3134.873939] RBP: 00007f8402b331d0 R08: 0000000000000000 R09: 0000000000000000 [ 3134.875432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 05:00:55 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 3) [ 3134.876933] R13: 00007ffeaf32b7ff R14: 00007f8402b33300 R15: 0000000000022000 [ 3134.888654] FAULT_INJECTION: forcing a failure. [ 3134.888654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3134.891158] CPU: 1 PID: 16732 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3134.892556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3134.894316] Call Trace: [ 3134.894860] dump_stack+0x107/0x167 [ 3134.895614] should_fail.cold+0x5/0xa [ 3134.896416] _copy_from_user+0x2e/0x1b0 [ 3134.897262] inet_ioctl+0x327/0x390 [ 3134.898014] ? inet_dgram_connect+0x220/0x220 [ 3134.898955] ? __lock_acquire+0xbb1/0x5b00 [ 3134.899851] ? perf_trace_lock+0xac/0x490 [ 3134.900717] packet_ioctl+0xb3/0x260 [ 3134.901496] sock_do_ioctl+0xd3/0x300 [ 3134.902294] ? compat_ifr_data_ioctl+0x180/0x180 [ 3134.903273] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3134.904477] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3134.905546] ? do_vfs_ioctl+0x283/0x10d0 [ 3134.906384] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3134.907458] ? generic_block_fiemap+0x60/0x60 [ 3134.908389] sock_ioctl+0x3ea/0x700 [ 3134.909144] ? dlci_ioctl_set+0x30/0x30 [ 3134.910069] ? selinux_file_ioctl+0xb6/0x270 [ 3134.910981] ? dlci_ioctl_set+0x30/0x30 [ 3134.911806] __x64_sys_ioctl+0x19a/0x210 [ 3134.912647] do_syscall_64+0x33/0x40 [ 3134.913417] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3134.914485] RIP: 0033:0x7fa5db089b19 [ 3134.915246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3134.918998] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3134.920542] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3134.921991] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3134.923424] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3134.924873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3134.926396] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3134.943009] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3134.943009] program syz-executor.7 not setting count and/or reply_len properly 05:00:55 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) (fail_nth: 6) [ 3135.042993] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3135.042993] program syz-executor.7 not setting count and/or reply_len properly 05:00:55 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[]) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0) statx(r1, &(0x7f0000000180)='./file0\x00', 0x2000, 0x10, &(0x7f0000000240)) symlinkat(&(0x7f0000000100)='.\x00', r0, &(0x7f0000000140)='./file0\x00') openat2(r0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0), 0x18) 05:00:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) readv(r2, &(0x7f0000000080), 0x0) [ 3135.170692] FAULT_INJECTION: forcing a failure. [ 3135.170692] name failslab, interval 1, probability 0, space 0, times 0 [ 3135.173047] CPU: 1 PID: 16751 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3135.174475] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3135.176276] Call Trace: [ 3135.176824] dump_stack+0x107/0x167 [ 3135.177596] should_fail.cold+0x5/0xa [ 3135.178394] ? __alloc_skb+0x6d/0x5b0 [ 3135.179190] should_failslab+0x5/0x20 [ 3135.179964] kmem_cache_alloc_node+0x55/0x330 [ 3135.180880] __alloc_skb+0x6d/0x5b0 [ 3135.181632] netlink_sendmsg+0x998/0xdf0 [ 3135.182477] ? netlink_unicast+0x7f0/0x7f0 [ 3135.183374] ? netlink_unicast+0x7f0/0x7f0 [ 3135.184232] __sock_sendmsg+0x154/0x190 [ 3135.185041] ____sys_sendmsg+0x70d/0x870 [ 3135.185878] ? sock_write_iter+0x3d0/0x3d0 [ 3135.186722] ? do_recvmmsg+0x6d0/0x6d0 [ 3135.187510] ? perf_trace_lock+0xac/0x490 [ 3135.188355] ? __lockdep_reset_lock+0x180/0x180 [ 3135.189296] ? perf_trace_lock+0xac/0x490 [ 3135.190131] ? SOFTIRQ_verbose+0x10/0x10 [ 3135.190956] ___sys_sendmsg+0xf3/0x170 [ 3135.191831] ? sendmsg_copy_msghdr+0x160/0x160 [ 3135.192762] ? lock_downgrade+0x6d0/0x6d0 [ 3135.193628] ? find_held_lock+0x2c/0x110 [ 3135.194460] ? __fget_files+0x296/0x4c0 [ 3135.195275] ? __fget_light+0xea/0x290 [ 3135.196072] __sys_sendmsg+0xe5/0x1b0 [ 3135.196842] ? __sys_sendmsg_sock+0x40/0x40 [ 3135.197719] ? rcu_read_lock_any_held+0x75/0xa0 [ 3135.198686] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3135.199769] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3135.200826] do_syscall_64+0x33/0x40 [ 3135.201584] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3135.202610] RIP: 0033:0x7f1a789beb19 [ 3135.203359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3135.207149] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3135.208682] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3135.210125] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3135.211562] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3135.212994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3135.214443] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 [ 3135.310054] FAULT_INJECTION: forcing a failure. [ 3135.310054] name failslab, interval 1, probability 0, space 0, times 0 [ 3135.312778] CPU: 1 PID: 16755 Comm: syz-executor.6 Not tainted 5.10.207 #1 [ 3135.314199] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3135.316180] Call Trace: [ 3135.316726] dump_stack+0x107/0x167 [ 3135.317591] should_fail.cold+0x5/0xa [ 3135.318431] ? create_object.isra.0+0x3a/0xa20 [ 3135.319514] should_failslab+0x5/0x20 [ 3135.320283] kmem_cache_alloc+0x5b/0x310 [ 3135.321118] create_object.isra.0+0x3a/0xa20 [ 3135.322021] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3135.323114] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3135.324264] ? netlink_sendmsg+0x998/0xdf0 [ 3135.325264] __alloc_skb+0xb1/0x5b0 [ 3135.326018] netlink_sendmsg+0x998/0xdf0 [ 3135.326844] ? netlink_unicast+0x7f0/0x7f0 [ 3135.327821] ? netlink_unicast+0x7f0/0x7f0 [ 3135.328858] __sock_sendmsg+0x154/0x190 [ 3135.329704] ____sys_sendmsg+0x70d/0x870 [ 3135.330545] ? sock_write_iter+0x3d0/0x3d0 [ 3135.331419] ? do_recvmmsg+0x6d0/0x6d0 [ 3135.332273] ? perf_trace_lock+0xac/0x490 [ 3135.333127] ? __lockdep_reset_lock+0x180/0x180 [ 3135.334082] ? perf_trace_lock+0xac/0x490 [ 3135.334956] ? SOFTIRQ_verbose+0x10/0x10 [ 3135.335790] ___sys_sendmsg+0xf3/0x170 [ 3135.336584] ? sendmsg_copy_msghdr+0x160/0x160 [ 3135.337535] ? lock_downgrade+0x6d0/0x6d0 [ 3135.338377] ? find_held_lock+0x2c/0x110 [ 3135.339226] ? __fget_files+0x296/0x4c0 [ 3135.340042] ? __fget_light+0xea/0x290 [ 3135.340842] __sys_sendmsg+0xe5/0x1b0 [ 3135.341621] ? __sys_sendmsg_sock+0x40/0x40 [ 3135.342499] ? rcu_read_lock_any_held+0x75/0xa0 [ 3135.343465] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3135.344534] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3135.345603] do_syscall_64+0x33/0x40 [ 3135.346356] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3135.347477] RIP: 0033:0x7f84055bdb19 [ 3135.348235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3135.351988] RSP: 002b:00007f8402b33188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3135.353538] RAX: ffffffffffffffda RBX: 00007f84056d0f60 RCX: 00007f84055bdb19 [ 3135.354987] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004 [ 3135.356434] RBP: 00007f8402b331d0 R08: 0000000000000000 R09: 0000000000000000 [ 3135.357893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3135.359332] R13: 00007ffeaf32b7ff R14: 00007f8402b33300 R15: 0000000000022000 [ 3135.438581] tmpfs: Unknown parameter './file0' 05:01:15 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 2) 05:01:15 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x9, &(0x7f0000000080)=0xfffffffb, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, "0549aeadd7f24adb", "c7b6c57a6c942a329ff1695e9e8a3760f78aba387b1f5cdf94ec4ddacd3ffff6", "8d023d1f", "2a36decce228c6e2"}, 0x38) getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f0000000040)={'HL\x00'}, &(0x7f0000000100)=0x1e) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000000)=0x3, 0x4) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000140)="8d9b1e6b16f21c3fe5e8dafe454374dcaa0473b48b12a92986b70d9518c526fa83bdde3911", 0x25) bind$bt_sco(r5, &(0x7f0000000040)={0x1f, @none}, 0x8) ioctl$BTRFS_IOC_SET_FEATURES(r5, 0x40309439, &(0x7f0000000180)={0x2, 0x2, 0x11}) setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) dup2(r0, r5) 05:01:15 executing program 0: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000280)="ed41000000080000e0f46552e0f4655fe0f465ae198c7706cab0bb7a57", 0x1d, 0x2100}], 0x0, &(0x7f0000000240)={[{@abort}]}) openat(r0, &(0x7f00000000c0)='./file0\x00', 0x80200, 0x100) 05:01:15 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x0, 0x0, 0x5}) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0/file0\x00', 0x911802, 0x140) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) r2 = openat$hpet(0xffffffffffffff9c, 0x0, 0x80000, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, 0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001300)={0x0, ""/256, 0x0, 0x0}) r7 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_timedsend(r7, 0x0, 0x0, 0x0, &(0x7f0000000040)) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000007640)={0x7, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0x4, "9755154351ac9a"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, 0x0}) mq_timedsend(r7, &(0x7f0000001e00)="3cd52ed97c9e213909d730166b17123f3294a3353d43c2bda33f8b46124feb3e574cb78ff55dae93c1d80f8b1b571caa5d0f953fdc20af7c2907f40c853111e5a4a6405dfd6510e2573f0cd5a14f722a746315bf5955d6443a167b62e37e70e67059a451add17b0ba3a4967e37a184c25fd56c25f32d2c08713830771e190d3e72e360fbae6eb7f69da7ae1b7575584eb3aad405c2e0cecf7c57c725e35199b38412b21fb229249cb5214590ea9c200b689ed99433fbbb389404f04d726fe19ef657f8896380c769f15ede2ebc816773d5730db7acb1828fbcdffc4da713e0944bca7028c47238c1aace7879fca945a836e4ff365b155de4a6b5e69df15c57c8c84a27359b026401b2d2ebb22fc4727115b803cbed672e1c10421e53aecb9848432f39231a6fe45af05a49d7f66593d188b01763da10fbe076c0103b005492008157072857ecefae4dfd561229bd8ecf19e938d25a4315e343c5ffc67c1810af17fff3e930e390dc021b8a020e9ad5750cbdb6ac2406d580f35c6776feba23704f457eb3c9e481a38ae02519b5561493b3a5a22682f0622f55b91bf3fe3b6eeb0b411767b39cf41b6ea7f7606bbbf59f038ed99313e9185bafa0f1fb0d7f8f854025afe6eb498d49d00f869ed3d4abccfb90d70f1dd88a92a1f6c2a1f62238ff8733e3b25225fe919598664429606c6ba859544fe0de3a9f18ed8fdd5e9ce15ab80c870a454b550e5fe805396bf4ed72b627314fad05b74a500135c9bb1b297b170356d42c9983c3275dc8c95a5a198f3b896c712d4c44d66ee10f29d4d71df5484c473cdcd107d66ded8e5219a066b00f45faca7ccbde009031f583819cffcba547c3b5707c7c1eba73dc6ade8f584244ba35302df2a0341c8e629d52fad82cc1c34dac09d39a975902e883ce1b648080e5855ad37961abaa7eecab4ac63cb839f4039f8b93d2ba6e618ebc437166e24e210171bc8ae12f31e90adadfdba265f9a8df86648ff4bcff451f289c9142ef5bac4ba3131852ff820087a5b7e1131eb05c8c857dd4cf2839501138174f70eca95c39a59220f47be95cbe4996c214f17e5a790679057bf0c05e7d79797fa74af891a0bb050183e9124f3677a94c92e3caaeb095d0746fa8a82e30f14b228fffee24ba0385ae2940a223aa6fdd3bee655aabb131e4660eefa4e65a0cd2197f54d94783a2513ab6ae8c548b7fae70692ffa367a95cde0cd90d37be42547f30d1583a913b11c9f998d60d8c78a3677d79c717dde50a0124d918e66655902e6cb60ddd82727bc05b31057693ee9d7601be6d8870edc47c328afa800911568d99655a271c65de3a07616806e280bd453217ee2420b32544c67e34bbcec1874b450af23af54048d3a10e71967bc1ee3c0029235d95f158895bbdddfa81a3cfbcc74c7c352820f75e00324e154441074853b7c2dc1c3ed42873c6323e0bd29058b62187f57ee8def92612a91b1598af90904e770a8788c05934b54f998ed0a4b54198e74a1bdcd6e5a07109f6bd0271384211633d2d70c28843fbed80968d3cf49a697bfaffb92101e0626dc34c4b9a8b47438606152c9eea6481597918ef7739be21f562c86289b842b1d9208459f41716f2518da7d3f4ba062c0ea28a221e44f071325deef0c9ce5e8bb729e8f393020db13ad241503f9c4dc21fee5bc58893e112a2bd2528aa825c3b8e19d8312b268a43c9c662737da60bf318a5cd9069a2d96653818733825f5808371ad593f124ce11272705b5dd827d269ea01ea8a3948418278ba34338fea40665bcb5365033785adbbc7f20ea2489a728670108781da688a9d2f327f7723b76e4d2dba9c05a8f15bc05fdd521ce44e606fb0daf61c3cf96094bc4c8ca55892cd55803da5ec5f72c9ea01273ba23d834061b1a4e7778470cb726d78692d1d00291b9753fe96e43b24f239b575978b0fc6855aae3e384fff6dca011d58ca718f5a64ce083744057fadce07c1569c0a2dd34cc2f990c2d0705d4ad2dd03ed74e005e495987f5dd3b561bfd610d372abd48da2cdaa6253b074b55a30c7663daf7268768a656ac8f36d0c61a6671f6b75b69634c5c3cb06bf7d28e5b01743d673ed200a51e70f7d72c908e21769144a72870fead7075c25ddadbfeb9a9818638c3829d329eac2eb542f190986977bf6b79ae967ede1bc3e998d271f8225d5ae195e1be0ae7be5dba2584bcda86187ccde07022a3a462f505557140b14646b8d2ccb67c82bcfbeb71ece2f3af3d2d522613571766fbc39716026361c6d109d1ca6616495a5c1186cb2009e8d365abaf16a81230ad8c05889f9fcbb7ce0c6a507f9b5a078dfe5a7483d376f16428d23eb15c688f252d8548b5d94f34f8cd430b1a31bcc3e1ce90d14e3e7a33021df06882d32b90e4c6968c8046a7410bb6920f278d1b1c166875217c8e8d417adf9b50c85c509fa0581d906ab12c339e7ce03a49693489e7965043c75e5950363f062e43933d848ac73cb5f8585eee7d22305f9332df9ad7a11377c01f15ae3009d92dc3fae370f8f817400fd7f5aeb5b103fa1ba707b86ebff9324e2d52a8d46baff356e4be977bab515127107916440e1867c4d6279b08479597b3268c98566723c935f96b569b2b60807f8a046ea6e2761c062c7913dc9d4bf71f60ee2fd0e7bb3e5b718e8d4a62c43f2d53d9ecdbfb6d1dea8d8ce51c574c5007a55bd1a5933e3895659255153d501e3419ecb2c63cf337b7de31b0830f7c5b4fe267ef576c7776d34e47c7ee204609284af5a10a88b0d2488574d50614b004c04285cadc63001ac023f570b6fa4c0a21635b2d53405c4279ce02ad7033cc5df8559e1cafb3e6b0dd169df0a980a27d5acd32f68e166ddd6c43e186de12bd09f14e644c5f7a696b1cec0cfc757dc64e8f0b64c8bab66db414fa724c175fa49676d0ae100537b7cb55751a54149b60653a20bbbdaa58a9172228e553a5ec93387db79eaa9cd542cf8035d4c50b7e09e3728f153641e7fd5c9cb8969df5374a25d3611aacc81ea1d195a4b2f7e1f861259fe1d2d6422e32acd44d2f996508c07e54b200a472e4782b0e5aa030898f4c51b578f60d17fc5c01055be225120118c20b171d8bffe38f194b0ef598ac5696825da3442eb0513e31dcf997a213ffb711392223c906b637c77a5ac612611b9d4f949bfa43d746b38fa61a2b736f116edfeda864cf56357f0d9ed25d27cb057c8227379a86d9f2bf00f289ea8fcf4a61f0bbc50045047e7ef0b097e4c65d749f4d40a89f6ff2e17990e837f81364faaf32cd0c5cdf9846173610759a22a424e00f57a3143c8cf561f12489ff01fa64ef27c39370e1eca076ecaa6fbd701ad2a29b80cca60bdccd34e5f26fd0ac661ef5da02883d55401b05b15770399f960c8749fdc90fc06ddc18bd88ad6d21a7db3aaf52e28ab741f211898192d4ab34b659e79eddd844a28b5c3d0125f5b8781f270f7832114c744bc5820a60b28d408291884c0f85b47e660f8545c412c235e85da5e33bd315067b9f89a36b76e204e82ee465031f0fc463d42254f73fe269bd7ba4f4f06dafe7057f58f5387f40b0bf3fa2e9ca6b2afc496d26ebd092e0373750cc649f16e1e35179825f3a51d8b015539a4ba1661addc540c776257ceadb0d795f8fd6737bc302fc39b4dda8bf0db0f4d0a62839b02ff488810413131a566082d864e5bfc3e073a63f17b28aa8929cd239f50689fef85a8de3308be69b82d7eca3d9e5190586362841d1ff6c562a3c6d74e57750e80baddf2aabd9cc40ff3aa30e2a9be9150815977e3292f171cd184074d00e90251ffb0943b276e67a87d7eed7af3d886519f54aec72d5eb01268202999e8d78532461a8524aa0fea7c49aa864f956bc4dd31047a529f8bbf4ba971ded87c6121533491863d6d2f4dbeac566839675a781f43c9ed27d0527c961a60f212deafd75ac331674b4e76d9151c9813aca07565b1e8b52a835d1693f36cdb9be6fa8cdd7431183467be6dc75c867268cbc7f7a6cd1059ccb123c47de06785d1deb8a2a4ab286929253e05107d07c80d2790af78fe59f022763514ade2fd2f2aa0fff6c99c6af7498c9024259f2f49d8e0f054b9e7d774b4e7b1552340012153d4c79451be6ffc71079da12c140d97f3a813256e93e22e3ff9045fc6075df39fab13ed8661a6a06bc083194ebe6bc40040840f08cd586d7a3a36fe7015d3a636f94553955325eeb3d5c538251202c6c1521cbe2b87e3a22ffd2744094a44be4a63e09271a29fbddc042872a53dfe54670d0028d640754c2aa06ab7e299244bcf5517eca5a0d50799ff872bdafe888a587633f3771c161c520e56764ae13e351dd4a4fbbc4c12e00986c58a3af279473acfa42cdd442d2ab36a1f2c8e15df74b9b9fdb7f4ed0a527e1b2522ea18b822d420e493a114031ef87dad32101c7002f7aacd435e3c952c5edf7f6317215709f673926e15feb3021c3d31adaf27f468ed93f65201963ce3ec173f8003d417961a503bfe5181ed3397bfe1299107235aa1562baf276ddc6b3e802a35042d0f8a79ee06102c8e9b0a92e7e92da2788c8e6450a924fe8d7637a183f9a0b69e949ee3d54bd5abf9b6a90bd3cb8a9bc9d8d91418c72b3fe665d54dec99eb53fcf474a0f42171e2f3fb16a00633408f77c205a168f70379d5f10988510ed2605f1811c5c22d9e3e44f483cfc65e373e431eb224414db926be369c40fd1e40f2938cc484b33f69d8ee518c33a91284d6e3635720b731c68011d6b467219a6deb3b6c47ae211375d738b6f77a4f6ea2b80579aa34b3d0bced65466b6946f386482db484af971f33f546f2c0b0bcf6135784fcf3f0f1006fe34617e86adbabf80935995d34b48b9d1f12ef089510dbbd616a59e875d3f3e0aa7aea1758d6c5f2a699d031823205a4ad815efee17395d817015c392a79e4d0ac9686e596220b0ecdd2c1646e54a5630cd6022b1f52d81de0b7c0e772ab6a9c931bf527b0a874f79fa860cc82283d36be2114a4ce514b60f2b1ef941fb4e1a8d2899467d6231f82fefa3bc2462677ffd1d2436b44bf4f7fe734064f0a0b16c3f16332a85895ff84494009e00440ff7940096065996741278b3652d6286545b10c77ab2e905c1bb8c2d538ca6521df0707f55e0054d2d87d060f863c9cc50db915ac404ff6017a48a04190d12168a647d803819879c0bc3e688663d1585493dc800727fb4775473005d0cc37c3941dddb31071cb5389083a0ee8aa5317326c7f8a29646e24bb32c6d6198d2e095a6694f5ad98e3940608d60e169cc7dc507564e043aebdde61d7adf96f0a52adbde8f9ce5f99a323c8cfbb35c23baef865a6a6f949b9ee425ed2dbf1f74eda38aea9bb1e814f8de792d106ffc2030223aed765a49a8c5225f986508d023b698226c40e366e93264fbf51c2fa8a889f13ef4b768c480ae4ef3d5f061d7cd2ea2456e0c2bca80c3e7b23209a4d221a1df8cc6b3e5fa6dead523253952380abf2ca49d628a4078e4c34c49caa2f84dbd9325c2459dcf8ffe65163a438dc1f204cfeca634cfd0a2f0f165539b88bbff3b4136f21cd050ea0c2959701aed2f44be88498bd6ccad2935aa459f91e146928eceef45a9dee8ac5d9ecedf6f3757a3058742aa743b74020dfbd925deacc4fc4c1e1d91653f93b190229888c5103c29a4b5ffc836babd2035e79d5742e32f663fa44ad2ccb40e547037ecfc1d8f1cf1f70638302c6b8e8524ffe1e1b33464ae0c4ad2b8f53350998a864ac84789fd0f48534295285e6", 0x1000, 0x5, &(0x7f0000000000)={0x0, 0x3938700}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000140)={0x0, [{}, {}, {}, {}, {}, {}, {}, {r19}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r14}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {0x0, r6}, {}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r20}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r17}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r18}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r10}, {}, {}, {}, {}, {}, {}, {0x0, r15}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}], 0x7f, "9656c75f04ba4d"}) lseek(r1, 0x0, 0x2) r21 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat(r2, 0x0, 0x480c1, 0x186) copy_file_range(r21, 0x0, r1, 0x0, 0x200f5ef, 0x0) 05:01:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 4) 05:01:15 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r1, 0x0, r2, 0x0, 0xa1, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x80) r3 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) dup2(r3, r0) 05:01:15 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) (fail_nth: 7) 05:01:15 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff6843a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3155.100905] FAULT_INJECTION: forcing a failure. [ 3155.100905] name failslab, interval 1, probability 0, space 0, times 0 [ 3155.103453] CPU: 0 PID: 16773 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3155.104970] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3155.106793] Call Trace: [ 3155.107375] dump_stack+0x107/0x167 [ 3155.108185] should_fail.cold+0x5/0xa [ 3155.109028] ? qdisc_alloc+0xac/0xc80 [ 3155.109888] should_failslab+0x5/0x20 [ 3155.110759] __kmalloc_node+0x76/0x420 [ 3155.111726] qdisc_alloc+0xac/0xc80 [ 3155.112536] qdisc_create_dflt+0x71/0x370 [ 3155.113475] dev_activate+0x7c3/0xd70 [ 3155.114328] __dev_open+0x38a/0x4e0 [ 3155.115122] ? dev_set_rx_mode+0x80/0x80 [ 3155.116018] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3155.117161] ? __local_bh_enable_ip+0x9d/0x100 [ 3155.118171] __dev_change_flags+0x521/0x6e0 [ 3155.119117] ? dev_set_allmulti+0x30/0x30 [ 3155.120025] ? cap_capable+0x1cd/0x230 [ 3155.120880] ? full_name_hash+0xb5/0xf0 [ 3155.121769] dev_change_flags+0x8a/0x160 [ 3155.122662] devinet_ioctl+0x14de/0x1db0 [ 3155.123554] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3155.124525] inet_ioctl+0x34f/0x390 [ 3155.125320] ? inet_dgram_connect+0x220/0x220 [ 3155.126324] ? __lock_acquire+0xbb1/0x5b00 [ 3155.127270] ? perf_trace_lock+0xac/0x490 [ 3155.128187] packet_ioctl+0xb3/0x260 [ 3155.129011] sock_do_ioctl+0xd3/0x300 [ 3155.129868] ? compat_ifr_data_ioctl+0x180/0x180 [ 3155.130909] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3155.132167] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3155.133296] ? do_vfs_ioctl+0x283/0x10d0 [ 3155.134200] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3155.135354] ? generic_block_fiemap+0x60/0x60 [ 3155.136340] sock_ioctl+0x3ea/0x700 [ 3155.137139] ? dlci_ioctl_set+0x30/0x30 [ 3155.138022] ? selinux_file_ioctl+0xb6/0x270 [ 3155.138988] ? dlci_ioctl_set+0x30/0x30 [ 3155.139864] __x64_sys_ioctl+0x19a/0x210 [ 3155.140761] do_syscall_64+0x33/0x40 [ 3155.141575] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3155.142714] RIP: 0033:0x7fa5db089b19 [ 3155.143528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3155.147551] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3155.149217] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3155.150795] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3155.152355] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3155.153916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3155.155472] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3155.157261] hpet: Lost 2 RTC interrupts [ 3155.159716] veth0_vlan: default qdisc (pfifo_fast) fail, fallback to noqueue [ 3155.179299] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3155.179299] program syz-executor.7 not setting count and/or reply_len properly [ 3155.187665] FAULT_INJECTION: forcing a failure. [ 3155.187665] name failslab, interval 1, probability 0, space 0, times 0 [ 3155.190121] CPU: 1 PID: 16779 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3155.191617] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3155.193321] Call Trace: [ 3155.193880] dump_stack+0x107/0x167 [ 3155.194633] should_fail.cold+0x5/0xa [ 3155.195424] ? create_object.isra.0+0x3a/0xa20 [ 3155.196372] should_failslab+0x5/0x20 [ 3155.197157] kmem_cache_alloc+0x5b/0x310 [ 3155.198009] create_object.isra.0+0x3a/0xa20 [ 3155.198909] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3155.199957] kmem_cache_alloc_node+0x169/0x330 [ 3155.200902] __alloc_skb+0x6d/0x5b0 [ 3155.201682] netlink_sendmsg+0x998/0xdf0 [ 3155.202526] ? netlink_unicast+0x7f0/0x7f0 [ 3155.203416] ? netlink_unicast+0x7f0/0x7f0 [ 3155.204285] __sock_sendmsg+0x154/0x190 [ 3155.204767] device veth0_vlan entered promiscuous mode [ 3155.205111] ____sys_sendmsg+0x70d/0x870 [ 3155.207093] ? sock_write_iter+0x3d0/0x3d0 [ 3155.208003] ? do_recvmmsg+0x6d0/0x6d0 [ 3155.208814] ? perf_trace_lock+0xac/0x490 [ 3155.209695] ? __lockdep_reset_lock+0x180/0x180 [ 3155.210648] ? perf_trace_lock+0xac/0x490 [ 3155.211495] ? SOFTIRQ_verbose+0x10/0x10 [ 3155.212337] ___sys_sendmsg+0xf3/0x170 [ 3155.213134] ? sendmsg_copy_msghdr+0x160/0x160 [ 3155.214087] ? lock_downgrade+0x6d0/0x6d0 [ 3155.214941] ? find_held_lock+0x2c/0x110 [ 3155.215793] ? __fget_files+0x296/0x4c0 [ 3155.216617] ? __fget_light+0xea/0x290 [ 3155.217420] __sys_sendmsg+0xe5/0x1b0 [ 3155.218218] ? __sys_sendmsg_sock+0x40/0x40 [ 3155.219098] ? rcu_read_lock_any_held+0x75/0xa0 [ 3155.220069] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3155.221130] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3155.222202] do_syscall_64+0x33/0x40 [ 3155.223052] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3155.224103] RIP: 0033:0x7f1a789beb19 [ 3155.224865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3155.228627] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3155.230182] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3155.231634] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3155.233082] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3155.234539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3155.235988] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 05:01:15 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000002f00)='./file0/../file0\x00', 0x0, 0x21000, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000002c0)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x2044034, &(0x7f0000000040)={[{@journal_checksum}]}) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x80, 0x5, &(0x7f0000000500)=[{&(0x7f0000000180)="52fa6aed1ea5e114a9798acb3dedcac1b3dfdcee9a7597bf452c1101abd2f21621a6d5d6f91ed234fe2d8d4c81dd13807ee2ac3e8c485141622875832b4c796ae8b18e7666360a2434a7c03ba5f0035c5167e5edf9845d4a9b67371f28335b67923e91e96da44f23d1f7d8772c12dd11e66ddef63d25196f", 0x78, 0x6}, {&(0x7f0000000200)="992c5cf13700cc3237af3fc7f3f0eec5baf2a2de5bbbea146a0fc4333a0e5fa14479abee2dbfbd38140ba5660caf4b9410492a19d6070fa7c001fb7e70f05d7048573b5266a79cbf579a6a0f134f3768ba9daa319ec48b32a27b7a57d1660465bc52fb841d9f0fe7f2a3574fb85104b252d60c62554a05589c66fc091abfb3cfffac810f2ee9b83d26d0c016e3962040c300e4ab", 0x94, 0x20}, {&(0x7f0000000300)="4db84b39619da476defda6f21e95cba7e37f919095d2da58f7f76383dfb4448113b454f4c4f7854c54fdd85d1bf9d378dae79da32bd9159cd99ff12e02ce65ce3b6ed318b56aa9f584f1004c6863dc0e5487ae7b3ed80365a78a2a1287efd220522e53905ee542db5a84ebdb192f500235f2de9454de7f68e85ccbb9430531dbe5178b3c5696b714d45848e2a88a92ea726f", 0x92, 0x8}, {&(0x7f00000003c0)="ecf5cf6bba010892e422327cf759595306191b6261a497eeda4062e55cfaec698807116cadd368c478aa7d10a601b65772debcd527dda153930ffa9c7893fee8c6b6031d6136f5b53546167075e2a360b79969438d", 0x55, 0x3}, {&(0x7f0000000440)="ea4352781e81ebf993118cd50a022be12359c647f90a50f7543509c20a3daedcfa70392870afde97260a967e63103830b7d2e52a1a9c0a37b6d78d6ccd9b514cb54b43beabf612585ccca17c7960f09d96c73442bbb39ba88c99a2bc053086f89158446b1cb04579796487e0479dd02214affd8379be2940153c53fd65afd1720b23ce23abc64d048fb37b4faf5dc745e355e59ff381ff610441d6cbe973dda3", 0xa0, 0x1000}], 0x8, &(0x7f0000000600)=ANY=[@ANYBLOB="646174615f6572723d69676e6f72652c6d61785f69725f73697a655f6b623d3078303001f4d83030303030302a303030303030342c67727071756f74612c6e6f696e69745f697461626c652c6461782c7375626a5f757365723d65787434002c7375626a5f6651596309b7c782b600"]) [ 3155.256389] FAULT_INJECTION: forcing a failure. [ 3155.256389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3155.258875] CPU: 1 PID: 16781 Comm: syz-executor.6 Not tainted 5.10.207 #1 [ 3155.260322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3155.262078] Call Trace: [ 3155.262777] dump_stack+0x107/0x167 [ 3155.263544] should_fail.cold+0x5/0xa [ 3155.264347] _copy_from_iter_full+0x201/0xa60 [ 3155.265270] ? __virt_addr_valid+0x128/0x350 [ 3155.266187] ? __check_object_size+0x319/0x440 [ 3155.267134] netlink_sendmsg+0x879/0xdf0 [ 3155.268022] ? netlink_unicast+0x7f0/0x7f0 [ 3155.268910] ? netlink_unicast+0x7f0/0x7f0 [ 3155.269889] __sock_sendmsg+0x154/0x190 [ 3155.270720] ____sys_sendmsg+0x70d/0x870 [ 3155.271575] ? sock_write_iter+0x3d0/0x3d0 [ 3155.272453] ? do_recvmmsg+0x6d0/0x6d0 [ 3155.273292] ? perf_trace_lock+0xac/0x490 [ 3155.274179] ? __lockdep_reset_lock+0x180/0x180 [ 3155.275148] ? perf_trace_lock+0xac/0x490 [ 3155.275999] ? SOFTIRQ_verbose+0x10/0x10 [ 3155.276837] ___sys_sendmsg+0xf3/0x170 [ 3155.277653] ? sendmsg_copy_msghdr+0x160/0x160 [ 3155.278616] ? lock_downgrade+0x6d0/0x6d0 [ 3155.279480] ? find_held_lock+0x2c/0x110 [ 3155.280341] ? __fget_files+0x296/0x4c0 [ 3155.281170] ? __fget_light+0xea/0x290 [ 3155.282011] __sys_sendmsg+0xe5/0x1b0 [ 3155.282799] ? __sys_sendmsg_sock+0x40/0x40 [ 3155.283691] ? rcu_read_lock_any_held+0x75/0xa0 [ 3155.284682] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3155.285872] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3155.286942] do_syscall_64+0x33/0x40 [ 3155.287711] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3155.288779] RIP: 0033:0x7f84055bdb19 [ 3155.289552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3155.293365] RSP: 002b:00007f8402b33188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3155.294940] RAX: ffffffffffffffda RBX: 00007f84056d0f60 RCX: 00007f84055bdb19 [ 3155.296412] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004 [ 3155.297903] RBP: 00007f8402b331d0 R08: 0000000000000000 R09: 0000000000000000 [ 3155.299380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3155.300868] R13: 00007ffeaf32b7ff R14: 00007f8402b33300 R15: 0000000000022000 [ 3155.303180] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3155.315183] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3155.315183] program syz-executor.7 not setting count and/or reply_len properly 05:01:15 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) (fail_nth: 8) [ 3155.430128] EXT4-fs (sda): re-mounted. Opts: journal_checksum,,errors=continue [ 3155.441547] EXT4-fs (sda): re-mounted. Opts: journal_checksum,,errors=continue 05:01:15 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 3) 05:01:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 5) [ 3155.519184] FAULT_INJECTION: forcing a failure. [ 3155.519184] name failslab, interval 1, probability 0, space 0, times 0 [ 3155.522046] CPU: 0 PID: 16798 Comm: syz-executor.6 Not tainted 5.10.207 #1 [ 3155.523670] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3155.525490] Call Trace: [ 3155.526096] dump_stack+0x107/0x167 [ 3155.526914] should_fail.cold+0x5/0xa [ 3155.527760] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xdb/0x280 [ 3155.529198] should_failslab+0x5/0x20 [ 3155.530046] __kmalloc+0x72/0x390 [ 3155.530823] genl_family_rcv_msg_attrs_parse.constprop.0+0xdb/0x280 [ 3155.532229] genl_family_rcv_msg_doit+0xda/0x330 [ 3155.533284] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 3155.534747] ? cap_capable+0x1cd/0x230 [ 3155.535791] ? security_capable+0x95/0xc0 [ 3155.536896] ? ns_capable+0xe2/0x110 [ 3155.537916] genl_rcv_msg+0x33c/0x5a0 [ 3155.538923] ? genl_get_cmd+0x480/0x480 [ 3155.539953] ? nl802154_set_max_csma_backoffs+0x5a0/0x5a0 [ 3155.541377] ? lock_release+0x680/0x680 [ 3155.542437] ? __lockdep_reset_lock+0x180/0x180 [ 3155.543652] netlink_rcv_skb+0x14b/0x430 [ 3155.544714] ? genl_get_cmd+0x480/0x480 [ 3155.545796] ? netlink_ack+0xab0/0xab0 [ 3155.546790] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3155.547789] ? is_vmalloc_addr+0x7b/0xb0 [ 3155.548680] genl_rcv+0x24/0x40 [ 3155.549406] netlink_unicast+0x549/0x7f0 [ 3155.550332] ? netlink_attachskb+0x870/0x870 [ 3155.551295] ? __virt_addr_valid+0x128/0x350 [ 3155.552284] netlink_sendmsg+0x90f/0xdf0 [ 3155.553183] ? netlink_unicast+0x7f0/0x7f0 [ 3155.554154] ? netlink_unicast+0x7f0/0x7f0 [ 3155.555096] __sock_sendmsg+0x154/0x190 [ 3155.555973] ____sys_sendmsg+0x70d/0x870 [ 3155.556869] ? sock_write_iter+0x3d0/0x3d0 [ 3155.557822] ? do_recvmmsg+0x6d0/0x6d0 [ 3155.558670] ? perf_trace_lock+0xac/0x490 [ 3155.559578] ? __lockdep_reset_lock+0x180/0x180 [ 3155.560591] ? perf_trace_lock+0xac/0x490 [ 3155.561493] ? SOFTIRQ_verbose+0x10/0x10 [ 3155.562408] ___sys_sendmsg+0xf3/0x170 [ 3155.563263] ? sendmsg_copy_msghdr+0x160/0x160 [ 3155.564268] ? lock_downgrade+0x6d0/0x6d0 [ 3155.565185] ? find_held_lock+0x2c/0x110 [ 3155.566130] ? __fget_files+0x296/0x4c0 [ 3155.567021] ? __fget_light+0xea/0x290 [ 3155.567893] __sys_sendmsg+0xe5/0x1b0 [ 3155.568741] ? __sys_sendmsg_sock+0x40/0x40 05:01:15 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x2007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) syz_io_uring_setup(0x4, &(0x7f0000000740), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r3, 0x0, r4, 0x0, 0xa1, 0x0) sendmsg$unix(r3, &(0x7f00000005c0)={&(0x7f0000000480)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000540)=[{&(0x7f0000000240)="447e45983d37c7909f1c8de41e07b36557c2652394c8dbfe7ad6e702e013500df43949", 0x23}, {&(0x7f0000000400)="99a2e6270b", 0x5}, {&(0x7f0000000500)}], 0x3, &(0x7f0000000580)=[@rights={{0x10}}], 0x10, 0x40000}, 0x44000) pipe2(&(0x7f00000000c0), 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.cpu/cpuset.cpus\x00', 0x0, 0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1, {0x0, r6}}, 0x6) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_setup(0x625, &(0x7f0000000040)={0x0, 0xe6d7, 0x64c35a6fd8db2a2e, 0x0, 0x13c, 0x0, r5}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x2000000, 0x0, 0x7ff, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 3155.569713] ? rcu_read_lock_any_held+0x75/0xa0 [ 3155.570888] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3155.572040] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3155.573191] do_syscall_64+0x33/0x40 [ 3155.574047] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3155.575181] RIP: 0033:0x7f84055bdb19 [ 3155.576004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3155.580095] RSP: 002b:00007f8402b33188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3155.581785] RAX: ffffffffffffffda RBX: 00007f84056d0f60 RCX: 00007f84055bdb19 [ 3155.583374] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004 [ 3155.584952] RBP: 00007f8402b331d0 R08: 0000000000000000 R09: 0000000000000000 [ 3155.586562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3155.588140] R13: 00007ffeaf32b7ff R14: 00007f8402b33300 R15: 0000000000022000 [ 3155.590036] hpet: Lost 3 RTC interrupts 05:01:15 executing program 0: ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000340)=0x85) msgctl$IPC_SET(0x0, 0x1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000280)={[0x9]}, 0x8, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) msgget(0x3, 0x18) dup3(r0, r1, 0x0) 05:01:15 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff6c43a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3155.729022] FAULT_INJECTION: forcing a failure. [ 3155.729022] name failslab, interval 1, probability 0, space 0, times 0 [ 3155.731740] CPU: 0 PID: 16802 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3155.733374] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3155.735247] Call Trace: [ 3155.735837] dump_stack+0x107/0x167 [ 3155.736654] should_fail.cold+0x5/0xa [ 3155.737497] ? create_object.isra.0+0x3a/0xa20 [ 3155.738554] should_failslab+0x5/0x20 [ 3155.739402] kmem_cache_alloc+0x5b/0x310 [ 3155.740311] create_object.isra.0+0x3a/0xa20 [ 3155.741289] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3155.742442] __kmalloc_node+0x1ae/0x420 [ 3155.743339] qdisc_alloc+0xac/0xc80 [ 3155.744157] qdisc_create_dflt+0x71/0x370 [ 3155.745069] dev_activate+0x7c3/0xd70 [ 3155.745956] __dev_open+0x38a/0x4e0 [ 3155.746764] ? dev_set_rx_mode+0x80/0x80 [ 3155.747677] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3155.748830] ? __local_bh_enable_ip+0x9d/0x100 [ 3155.749866] __dev_change_flags+0x521/0x6e0 [ 3155.750822] ? dev_set_allmulti+0x30/0x30 [ 3155.751740] ? cap_capable+0x1cd/0x230 [ 3155.752599] ? full_name_hash+0xb5/0xf0 [ 3155.753482] dev_change_flags+0x8a/0x160 [ 3155.754421] devinet_ioctl+0x14de/0x1db0 [ 3155.755339] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3155.756327] inet_ioctl+0x34f/0x390 [ 3155.757128] ? inet_dgram_connect+0x220/0x220 [ 3155.758167] ? __lock_acquire+0xbb1/0x5b00 [ 3155.759129] ? perf_trace_lock+0xac/0x490 [ 3155.760052] packet_ioctl+0xb3/0x260 [ 3155.760882] sock_do_ioctl+0xd3/0x300 [ 3155.761753] ? compat_ifr_data_ioctl+0x180/0x180 [ 3155.762811] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3155.764085] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3155.765227] ? do_vfs_ioctl+0x283/0x10d0 [ 3155.766156] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3155.767315] ? generic_block_fiemap+0x60/0x60 [ 3155.768309] sock_ioctl+0x3ea/0x700 [ 3155.769118] ? dlci_ioctl_set+0x30/0x30 [ 3155.770023] ? selinux_file_ioctl+0xb6/0x270 [ 3155.771011] ? dlci_ioctl_set+0x30/0x30 [ 3155.771889] __x64_sys_ioctl+0x19a/0x210 [ 3155.772792] do_syscall_64+0x33/0x40 [ 3155.773613] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3155.774756] RIP: 0033:0x7fa5db089b19 [ 3155.775577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3155.779631] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3155.781304] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3155.782887] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3155.784440] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3155.786017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3155.787572] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3155.789367] hpet: Lost 3 RTC interrupts [ 3155.797313] device veth0_vlan entered promiscuous mode [ 3155.873721] FAULT_INJECTION: forcing a failure. [ 3155.873721] name failslab, interval 1, probability 0, space 0, times 0 [ 3155.876197] CPU: 1 PID: 16806 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3155.877627] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3155.879417] Call Trace: [ 3155.879968] dump_stack+0x107/0x167 [ 3155.880727] should_fail.cold+0x5/0xa [ 3155.881529] should_failslab+0x5/0x20 [ 3155.882328] __kmalloc_node_track_caller+0x74/0x3b0 [ 3155.883372] ? netlink_sendmsg+0x998/0xdf0 [ 3155.884260] __alloc_skb+0xb1/0x5b0 [ 3155.885017] netlink_sendmsg+0x998/0xdf0 [ 3155.885882] ? netlink_unicast+0x7f0/0x7f0 [ 3155.886768] ? netlink_unicast+0x7f0/0x7f0 [ 3155.887641] __sock_sendmsg+0x154/0x190 [ 3155.888459] ____sys_sendmsg+0x70d/0x870 [ 3155.889301] ? sock_write_iter+0x3d0/0x3d0 [ 3155.890198] ? do_recvmmsg+0x6d0/0x6d0 [ 3155.891002] ? perf_trace_lock+0xac/0x490 [ 3155.891856] ? __lockdep_reset_lock+0x180/0x180 [ 3155.892813] ? perf_trace_lock+0xac/0x490 [ 3155.893690] ? SOFTIRQ_verbose+0x10/0x10 [ 3155.894531] ___sys_sendmsg+0xf3/0x170 [ 3155.895436] ? sendmsg_copy_msghdr+0x160/0x160 [ 3155.896387] ? lock_downgrade+0x6d0/0x6d0 [ 3155.897249] ? find_held_lock+0x2c/0x110 [ 3155.898111] ? __fget_files+0x296/0x4c0 [ 3155.898953] ? __fget_light+0xea/0x290 [ 3155.899765] __sys_sendmsg+0xe5/0x1b0 [ 3155.900561] ? __sys_sendmsg_sock+0x40/0x40 [ 3155.901445] ? rcu_read_lock_any_held+0x75/0xa0 [ 3155.902453] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3155.903530] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3155.904607] do_syscall_64+0x33/0x40 [ 3155.905375] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3155.906483] RIP: 0033:0x7f1a789beb19 [ 3155.907254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3155.911130] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3155.912698] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3155.914194] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3155.915662] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3155.917131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3155.918610] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 [ 3155.985000] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3155.985000] program syz-executor.7 not setting count and/or reply_len properly [ 3156.009952] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3156.009952] program syz-executor.7 not setting count and/or reply_len properly 05:01:37 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) (fail_nth: 9) 05:01:37 executing program 5: sendmsg$802154_raw(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x24, @none={0x0, 0x2}}, 0x14, &(0x7f00000001c0)={&(0x7f00000002c0)="18ff151661f4c0fe55f2902ed49bb276b1a89cfe95478915cb567ce0667ee26b81cdfa7fcdf61cca43e743cb085fe0ffa4ae901b3afb69bc4c4e18dedb0f631dcd", 0x41}, 0x1, 0x0, 0x0, 0x4}, 0x11) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1002, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() ioprio_get$pid(0x3, r1) fcntl$setstatus(r0, 0x4, 0x75f3d7ae72e8c575) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000500100000f000000000000000000000004000000000002000020000020000000def4655fdef4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000010100)="000000000000000000000000e58ca12e13a240e2b1a22f8d07e8e55f010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {0x0, 0x0, 0x1000000000c00}, {&(0x7f0000010d00)="ed41000000040000ddf4655fdef4655fdef4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f0000012000)="504d4d00504d4dff", 0x8, 0x10000}], 0x0, &(0x7f0000012b00)=ANY=[]) getpeername(0xffffffffffffffff, &(0x7f0000000380)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f00000000c0)=0x80) pread64(r2, &(0x7f0000000400)=""/254, 0xfe, 0x9) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x4) 05:01:37 executing program 0: r0 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000440)={0x0, "9b55f610ffe7b9856842eb69443042b20caac33d7dda6ec6986b177fa13c2bd2c68577ea852c8bb47f31ee549b6a921e231ef07ee0f7fca620564faeeeafa440"}, 0x48, 0x0) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) request_key(0x0, &(0x7f0000000280)={'syz', 0x3}, &(0x7f0000000380)='dns_resolver\x00', r1) add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="02000000000000f74a020304000007080b9d57f30b0c0d0c0f101112131415161718191a"], 0x48, r0) r2 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f0000000300)={0x0, "3ef8a4c24927541ee4e5f8f0b6b073f3a14d9e238c0905546a9d62c9625f460dacb026ba3f615f7fdd3496dc19ed7064fc4d0bd8c5f4b761484442989c621844", 0x2e}, 0x48, 0xfffffffffffffffd) request_key(&(0x7f00000000c0)='user\x00', 0x0, &(0x7f0000000380)='\x00', r2) r3 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f0000000300)={0x0, "3ef8a4c24927541ee4e5f8f0b6b073f3a14d9e238c0905546a9d62c9625f460dacb026ba3f615f7fdd3496dc19ed7064fc4d0bd8c5f4b761484442989c621844", 0x2e}, 0x48, 0xfffffffffffffffd) request_key(&(0x7f00000000c0)='user\x00', 0x0, 0x0, r3) r4 = add_key$fscrypt_v1(&(0x7f0000000000), 0x0, &(0x7f0000000300)={0x0, "3ef8a4c24927541ee4e5f8f0b6b073f3a14d9e238c0905546a9d62c9625f460dacb026ba3f615f7fdd3496dc19ed7064fc4d0bd8c5f4b761484442989c621844", 0x2e}, 0x48, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000580), &(0x7f00000005c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x1e, r2, r3, r4, 0x1) socket$packet(0x11, 0x2, 0x300) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000140)='id_legacy\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)='\x00', r5) request_key(&(0x7f00000004c0)='user\x00', &(0x7f0000000500)={'syz', 0x3}, &(0x7f0000000540)='\xb3\x00', r1) 05:01:37 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 4) 05:01:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 6) 05:01:37 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff7443a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:01:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) dup2(r1, r0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) pwrite64(r1, &(0x7f0000000080)="dd4fda291dbee49cbce513fe9a30de7a3e99ecd1f4c4db657688bfab4ea35fbcc4a2ac05218564c5cfcb36a2898a", 0x2e, 0x2) ioctl$TCGETS2(r2, 0x802c542a, &(0x7f0000000040)) 05:01:37 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) clock_gettime(0x0, &(0x7f0000000500)={0x0, 0x0}) recvmmsg$unix(r0, &(0x7f00000004c0)=[{{&(0x7f0000000180)=@abs, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000200)=""/66, 0x42}, {&(0x7f0000000280)=""/6, 0x6}, {&(0x7f00000002c0)=""/43, 0x2b}, {&(0x7f0000000300)=""/245, 0xf5}], 0x4, &(0x7f0000000440)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}}], 0x1, 0x0, &(0x7f0000000540)={r1, r2+10000000}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',access=u']) [ 3177.292007] FAULT_INJECTION: forcing a failure. [ 3177.292007] name failslab, interval 1, probability 0, space 0, times 0 [ 3177.294658] CPU: 1 PID: 16826 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3177.296044] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3177.297703] Call Trace: [ 3177.298250] dump_stack+0x107/0x167 [ 3177.298989] should_fail.cold+0x5/0xa [ 3177.299760] ? create_object.isra.0+0x3a/0xa20 [ 3177.300680] should_failslab+0x5/0x20 [ 3177.301539] kmem_cache_alloc+0x5b/0x310 [ 3177.302386] create_object.isra.0+0x3a/0xa20 [ 3177.303272] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3177.304298] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3177.305315] ? netlink_sendmsg+0x998/0xdf0 [ 3177.306191] __alloc_skb+0xb1/0x5b0 [ 3177.306949] netlink_sendmsg+0x998/0xdf0 [ 3177.307791] ? netlink_unicast+0x7f0/0x7f0 [ 3177.308663] ? netlink_unicast+0x7f0/0x7f0 [ 3177.309536] __sock_sendmsg+0x154/0x190 [ 3177.310383] ____sys_sendmsg+0x70d/0x870 [ 3177.311220] ? sock_write_iter+0x3d0/0x3d0 [ 3177.312092] ? do_recvmmsg+0x6d0/0x6d0 [ 3177.312901] ? perf_trace_lock+0xac/0x490 [ 3177.313746] ? __lockdep_reset_lock+0x180/0x180 [ 3177.314703] ? perf_trace_lock+0xac/0x490 [ 3177.315560] ? SOFTIRQ_verbose+0x10/0x10 [ 3177.316404] ___sys_sendmsg+0xf3/0x170 [ 3177.317300] ? sendmsg_copy_msghdr+0x160/0x160 [ 3177.318262] ? lock_downgrade+0x6d0/0x6d0 [ 3177.319118] ? find_held_lock+0x2c/0x110 [ 3177.319962] ? __fget_files+0x296/0x4c0 [ 3177.320784] ? __fget_light+0xea/0x290 [ 3177.321579] __sys_sendmsg+0xe5/0x1b0 [ 3177.322359] ? __sys_sendmsg_sock+0x40/0x40 [ 3177.323236] ? rcu_read_lock_any_held+0x75/0xa0 [ 3177.324204] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3177.325259] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3177.326327] do_syscall_64+0x33/0x40 [ 3177.327172] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3177.328354] RIP: 0033:0x7f1a789beb19 [ 3177.329171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3177.332953] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3177.334513] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3177.335962] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3177.337404] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3177.338855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3177.340296] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 [ 3177.353321] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3177.376119] 9p: Unknown access argument u [ 3177.379597] FAULT_INJECTION: forcing a failure. [ 3177.379597] name failslab, interval 1, probability 0, space 0, times 0 [ 3177.382241] CPU: 1 PID: 16834 Comm: syz-executor.6 Not tainted 5.10.207 #1 [ 3177.383657] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3177.385349] Call Trace: [ 3177.385891] dump_stack+0x107/0x167 [ 3177.386653] should_fail.cold+0x5/0xa [ 3177.387447] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xdb/0x280 [ 3177.388758] should_failslab+0x5/0x20 [ 3177.389524] __kmalloc+0x72/0x390 [ 3177.390274] genl_family_rcv_msg_attrs_parse.constprop.0+0xdb/0x280 [ 3177.391557] genl_family_rcv_msg_doit+0xda/0x330 [ 3177.392539] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 3177.393861] ? cap_capable+0x1cd/0x230 [ 3177.394658] ? security_capable+0x95/0xc0 [ 3177.395574] ? ns_capable+0xe2/0x110 [ 3177.396327] genl_rcv_msg+0x33c/0x5a0 [ 3177.397101] ? genl_get_cmd+0x480/0x480 [ 3177.397913] ? nl802154_set_max_csma_backoffs+0x5a0/0x5a0 [ 3177.399035] ? lock_release+0x680/0x680 [ 3177.399832] ? __lockdep_reset_lock+0x180/0x180 [ 3177.400775] netlink_rcv_skb+0x14b/0x430 [ 3177.401590] ? genl_get_cmd+0x480/0x480 [ 3177.402437] ? netlink_ack+0xab0/0xab0 [ 3177.403239] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3177.404178] ? is_vmalloc_addr+0x7b/0xb0 [ 3177.404996] genl_rcv+0x24/0x40 [ 3177.405665] netlink_unicast+0x549/0x7f0 [ 3177.406498] ? netlink_attachskb+0x870/0x870 [ 3177.406781] FAULT_INJECTION: forcing a failure. [ 3177.406781] name failslab, interval 1, probability 0, space 0, times 0 [ 3177.407378] ? __virt_addr_valid+0x128/0x350 [ 3177.410161] netlink_sendmsg+0x90f/0xdf0 [ 3177.411057] ? netlink_unicast+0x7f0/0x7f0 [ 3177.411936] ? netlink_unicast+0x7f0/0x7f0 [ 3177.412819] __sock_sendmsg+0x154/0x190 [ 3177.413626] ____sys_sendmsg+0x70d/0x870 [ 3177.414472] ? sock_write_iter+0x3d0/0x3d0 [ 3177.415324] ? do_recvmmsg+0x6d0/0x6d0 [ 3177.416140] ? perf_trace_lock+0xac/0x490 [ 3177.416989] ? __lockdep_reset_lock+0x180/0x180 [ 3177.417962] ? perf_trace_lock+0xac/0x490 [ 3177.418817] ? SOFTIRQ_verbose+0x10/0x10 [ 3177.419660] ___sys_sendmsg+0xf3/0x170 [ 3177.420465] ? sendmsg_copy_msghdr+0x160/0x160 [ 3177.421403] ? lock_downgrade+0x6d0/0x6d0 [ 3177.422270] ? find_held_lock+0x2c/0x110 [ 3177.423105] ? __fget_files+0x296/0x4c0 [ 3177.423944] ? __fget_light+0xea/0x290 [ 3177.424743] __sys_sendmsg+0xe5/0x1b0 [ 3177.425532] ? __sys_sendmsg_sock+0x40/0x40 [ 3177.426466] ? rcu_read_lock_any_held+0x75/0xa0 [ 3177.427462] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3177.428529] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3177.429601] do_syscall_64+0x33/0x40 [ 3177.430364] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3177.431401] RIP: 0033:0x7f84055bdb19 [ 3177.432188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3177.435961] RSP: 002b:00007f8402b33188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3177.437494] RAX: ffffffffffffffda RBX: 00007f84056d0f60 RCX: 00007f84055bdb19 [ 3177.438938] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004 [ 3177.440408] RBP: 00007f8402b331d0 R08: 0000000000000000 R09: 0000000000000000 [ 3177.441873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3177.443446] R13: 00007ffeaf32b7ff R14: 00007f8402b33300 R15: 0000000000022000 [ 3177.444958] CPU: 0 PID: 16837 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3177.446185] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3177.447629] Call Trace: [ 3177.448094] dump_stack+0x107/0x167 [ 3177.448735] should_fail.cold+0x5/0xa [ 3177.449411] ? create_object.isra.0+0x3a/0xa20 [ 3177.450220] should_failslab+0x5/0x20 [ 3177.450889] kmem_cache_alloc+0x5b/0x310 [ 3177.451616] create_object.isra.0+0x3a/0xa20 [ 3177.452359] kmemleak_alloc_percpu+0xa0/0x100 [ 3177.453141] pcpu_alloc+0x4e2/0x1240 [ 3177.453776] qdisc_alloc+0x2d6/0xc80 [ 3177.454461] qdisc_create_dflt+0x71/0x370 [ 3177.455164] dev_activate+0x7c3/0xd70 [ 3177.455854] __dev_open+0x38a/0x4e0 [ 3177.456457] ? dev_set_rx_mode+0x80/0x80 [ 3177.456676] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3177.456676] program syz-executor.7 not setting count and/or reply_len properly [ 3177.457171] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3177.457185] ? __local_bh_enable_ip+0x9d/0x100 [ 3177.457203] __dev_change_flags+0x521/0x6e0 [ 3177.457220] ? dev_set_allmulti+0x30/0x30 [ 3177.457235] ? cap_capable+0x1cd/0x230 [ 3177.457254] ? full_name_hash+0xb5/0xf0 [ 3177.457272] dev_change_flags+0x8a/0x160 [ 3177.457290] devinet_ioctl+0x14de/0x1db0 [ 3177.457311] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3177.466971] inet_ioctl+0x34f/0x390 [ 3177.467585] ? inet_dgram_connect+0x220/0x220 [ 3177.468371] ? __lock_acquire+0xbb1/0x5b00 [ 3177.469116] ? perf_trace_lock+0xac/0x490 [ 3177.469826] packet_ioctl+0xb3/0x260 [ 3177.470469] sock_do_ioctl+0xd3/0x300 [ 3177.471113] ? compat_ifr_data_ioctl+0x180/0x180 [ 3177.471910] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3177.472880] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3177.473747] ? do_vfs_ioctl+0x283/0x10d0 [ 3177.474317] 9p: Unknown access argument u [ 3177.474444] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3177.474466] ? generic_block_fiemap+0x60/0x60 [ 3177.476965] sock_ioctl+0x3ea/0x700 [ 3177.477588] ? dlci_ioctl_set+0x30/0x30 [ 3177.478286] ? selinux_file_ioctl+0xb6/0x270 [ 3177.479028] ? dlci_ioctl_set+0x30/0x30 [ 3177.479701] __x64_sys_ioctl+0x19a/0x210 [ 3177.480394] do_syscall_64+0x33/0x40 [ 3177.481032] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3177.481899] RIP: 0033:0x7fa5db089b19 [ 3177.482539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3177.485659] RSP: 002b:00007fa5d85de188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3177.486938] RAX: ffffffffffffffda RBX: 00007fa5db19d020 RCX: 00007fa5db089b19 [ 3177.488120] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3177.489311] RBP: 00007fa5d85de1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3177.490508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3177.491696] R13: 00007ffefd79e6ef R14: 00007fa5d85de300 R15: 0000000000022000 [ 3177.493007] hpet: Lost 2 RTC interrupts [ 3177.514492] device veth0_vlan entered promiscuous mode 05:01:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 7) [ 3177.547560] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3177.547560] program syz-executor.7 not setting count and/or reply_len properly [ 3177.643788] FAULT_INJECTION: forcing a failure. [ 3177.643788] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3177.647595] CPU: 1 PID: 16848 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3177.649130] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3177.651065] Call Trace: [ 3177.651752] dump_stack+0x107/0x167 [ 3177.652578] should_fail.cold+0x5/0xa [ 3177.653495] _copy_from_iter_full+0x201/0xa60 [ 3177.654642] ? __virt_addr_valid+0x128/0x350 [ 3177.655543] ? __check_object_size+0x319/0x440 [ 3177.656676] netlink_sendmsg+0x879/0xdf0 [ 3177.657639] ? netlink_unicast+0x7f0/0x7f0 [ 3177.658546] ? netlink_unicast+0x7f0/0x7f0 [ 3177.659497] __sock_sendmsg+0x154/0x190 [ 3177.660427] ____sys_sendmsg+0x70d/0x870 [ 3177.661308] ? sock_write_iter+0x3d0/0x3d0 [ 3177.662190] ? do_recvmmsg+0x6d0/0x6d0 [ 3177.662981] ? perf_trace_lock+0xac/0x490 [ 3177.663941] ? __lockdep_reset_lock+0x180/0x180 [ 3177.665272] ? perf_trace_lock+0xac/0x490 [ 3177.666276] ? SOFTIRQ_verbose+0x10/0x10 [ 3177.667343] ___sys_sendmsg+0xf3/0x170 [ 3177.668446] ? sendmsg_copy_msghdr+0x160/0x160 [ 3177.669546] ? lock_downgrade+0x6d0/0x6d0 [ 3177.670552] ? find_held_lock+0x2c/0x110 [ 3177.671478] ? __fget_files+0x296/0x4c0 [ 3177.672303] ? __fget_light+0xea/0x290 [ 3177.673286] __sys_sendmsg+0xe5/0x1b0 [ 3177.674087] ? __sys_sendmsg_sock+0x40/0x40 [ 3177.674976] ? rcu_read_lock_any_held+0x75/0xa0 [ 3177.675949] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3177.677079] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3177.678163] do_syscall_64+0x33/0x40 [ 3177.678921] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3177.679959] RIP: 0033:0x7f1a789beb19 [ 3177.680714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3177.684432] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3177.685971] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3177.687415] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3177.688849] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3177.690303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3177.691744] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 05:02:02 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000040)="0000008080000000060000006a0000000f000000000000000100000001000000004000000040000020000004e0f4655fe0f4655f0100ffff53ef", 0x3a, 0x400}], 0x4004002, &(0x7f0000000180)) r1 = openat(r0, &(0x7f0000000080)='./file0\x00', 0x40400, 0x108) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) sendfile(r2, r1, 0x0, 0xec8) 05:02:02 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 8) 05:02:02 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff7443a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:02:02 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) (fail_nth: 10) 05:02:02 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x4, 0x0, 0xff, 0x0, 0x0, 0x2, 0x801, 0x5, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7, 0x4, @perf_config_ext={0x0, 0x6}, 0x2, 0x8001, 0x8, 0x7, 0x7f, 0x81, 0xf801, 0x0, 0xfffffffe, 0x0, 0x44ba}, 0x0, 0xa, 0xffffffffffffffff, 0x10) dup2(r1, r0) 05:02:02 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 5) 05:02:02 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff7a43a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:02:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x40) r1 = socket$netlink(0x10, 0x3, 0x1) dup2(r0, r1) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x41, 0x7, 0x2) dup2(r2, r0) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4306, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xe}, 0x0, 0x1, 0x400, 0x6, 0x3, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xffffffff80000000}, 0x0, 0xfffffffffeffffff, 0xffffffffffffffff, 0x9) r4 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r4, 0x0, 0x100000001) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000040)={0x2, [0x0, 0x0]}) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r5, 0x0, r6, 0x0, 0xa1, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r5, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3, {0x9}}, './file1\x00'}) [ 3202.389459] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3202.389459] program syz-executor.0 not setting count and/or reply_len properly [ 3202.431051] FAULT_INJECTION: forcing a failure. [ 3202.431051] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3202.433983] CPU: 1 PID: 16863 Comm: syz-executor.6 Not tainted 5.10.207 #1 [ 3202.435512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3202.437182] Call Trace: [ 3202.437717] dump_stack+0x107/0x167 [ 3202.438595] should_fail.cold+0x5/0xa [ 3202.439453] _copy_to_user+0x2e/0x180 [ 3202.440234] simple_read_from_buffer+0xcc/0x160 [ 3202.441285] proc_fail_nth_read+0x198/0x230 [ 3202.442280] ? proc_sessionid_read+0x230/0x230 [ 3202.443307] ? security_file_permission+0x24e/0x570 [ 3202.444317] ? perf_trace_initcall_start+0x101/0x380 [ 3202.445345] ? proc_sessionid_read+0x230/0x230 [ 3202.446272] vfs_read+0x228/0x580 [ 3202.446993] ksys_read+0x12d/0x260 [ 3202.447738] ? vfs_write+0xa70/0xa70 [ 3202.448640] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3202.449842] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3202.451007] do_syscall_64+0x33/0x40 [ 3202.451947] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3202.453014] RIP: 0033:0x7f840557069c [ 3202.453890] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 3202.458069] RSP: 002b:00007f8402b33170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 3202.459867] RAX: ffffffffffffffda RBX: 000000000000002c RCX: 00007f840557069c [ 3202.461496] RDX: 000000000000000f RSI: 00007f8402b331e0 RDI: 0000000000000003 [ 3202.463150] RBP: 00007f8402b331d0 R08: 0000000000000000 R09: 0000000000000000 [ 3202.464685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3202.466310] R13: 00007ffeaf32b7ff R14: 00007f8402b33300 R15: 0000000000022000 [ 3202.486575] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3202.486575] program syz-executor.7 not setting count and/or reply_len properly [ 3202.496133] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3202.497687] FAULT_INJECTION: forcing a failure. [ 3202.497687] name failslab, interval 1, probability 0, space 0, times 0 [ 3202.500235] CPU: 1 PID: 16865 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3202.501619] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3202.503498] Call Trace: [ 3202.504150] dump_stack+0x107/0x167 [ 3202.504906] should_fail.cold+0x5/0xa [ 3202.505695] ? fib_nl2rule.isra.0+0x333/0x1db0 [ 3202.506748] should_failslab+0x5/0x20 [ 3202.507619] __kmalloc+0x72/0x390 [ 3202.508423] fib_nl2rule.isra.0+0x333/0x1db0 [ 3202.509449] ? _raw_spin_unlock_irq+0x1f/0x30 [ 3202.510364] ? fib_rules_event+0x5d0/0x5d0 [ 3202.511299] ? __nla_parse+0x3e/0x50 [ 3202.512101] fib_nl_delrule+0x355/0x1ac0 [ 3202.513054] ? __mutex_lock+0x5af/0x10b0 [ 3202.514027] ? lock_downgrade+0x6d0/0x6d0 [ 3202.514887] ? fib_nl_dumprule+0x8d0/0x8d0 [ 3202.515813] ? do_raw_spin_unlock+0x4f/0x220 [ 3202.516748] ? _raw_spin_unlock+0x1a/0x30 [ 3202.517781] ? __mutex_lock+0x5af/0x10b0 [ 3202.518720] ? fib_nl_dumprule+0x8d0/0x8d0 [ 3202.519571] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3202.520421] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3202.521313] ? perf_trace_lock+0xac/0x490 [ 3202.522155] ? __lockdep_reset_lock+0x180/0x180 [ 3202.523115] netlink_rcv_skb+0x14b/0x430 [ 3202.523932] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3202.524749] ? netlink_ack+0xab0/0xab0 [ 3202.525532] ? netlink_deliver_tap+0x1ae/0xcd0 [ 3202.526455] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3202.527383] ? is_vmalloc_addr+0x7b/0xb0 [ 3202.528208] netlink_unicast+0x549/0x7f0 [ 3202.529037] ? netlink_attachskb+0x870/0x870 [ 3202.529918] ? __virt_addr_valid+0x128/0x350 [ 3202.530843] netlink_sendmsg+0x90f/0xdf0 [ 3202.531666] ? netlink_unicast+0x7f0/0x7f0 [ 3202.532538] ? netlink_unicast+0x7f0/0x7f0 [ 3202.533393] __sock_sendmsg+0x154/0x190 [ 3202.534196] ____sys_sendmsg+0x70d/0x870 [ 3202.535025] ? sock_write_iter+0x3d0/0x3d0 [ 3202.535878] ? do_recvmmsg+0x6d0/0x6d0 [ 3202.536764] ? perf_trace_lock+0xac/0x490 [ 3202.537606] ? __lockdep_reset_lock+0x180/0x180 [ 3202.538539] ? perf_trace_lock+0xac/0x490 [ 3202.539392] ? SOFTIRQ_verbose+0x10/0x10 05:02:02 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x40010, r0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_CLOSE={0x13, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x7) r3 = io_uring_setup(0x5204, &(0x7f0000000100)) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0x5, 0x0, r4) syz_io_uring_submit(r2, 0x0, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x5, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x4) tee(0xffffffffffffffff, r0, 0x0, 0x0) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0) socket$packet(0x11, 0x0, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@HEADER={0x4}, @HEADER={0x4}]}, 0x1c}}, 0x4000000) write$binfmt_elf64(r5, &(0x7f0000000280)=ANY=[], 0xfdef) syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r0) fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000140)='system_u:object_r:devtty_t:s0\x00', 0x1e, 0x0) syz_io_uring_complete(r1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000000), 0x7}}, 0x0, 0xffdfffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) [ 3202.540211] ___sys_sendmsg+0xf3/0x170 [ 3202.541204] ? sendmsg_copy_msghdr+0x160/0x160 [ 3202.542136] ? lock_downgrade+0x6d0/0x6d0 [ 3202.542992] ? find_held_lock+0x2c/0x110 [ 3202.543830] ? __fget_files+0x296/0x4c0 [ 3202.544841] ? __fget_light+0xea/0x290 [ 3202.545648] __sys_sendmsg+0xe5/0x1b0 [ 3202.546582] ? __sys_sendmsg_sock+0x40/0x40 [ 3202.547461] ? rcu_read_lock_any_held+0x75/0xa0 [ 3202.548617] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3202.549678] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3202.550939] do_syscall_64+0x33/0x40 [ 3202.551699] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3202.552983] RIP: 0033:0x7f1a789beb19 [ 3202.553740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3202.557521] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3202.559065] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3202.560502] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3202.561934] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3202.563382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3202.564810] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 [ 3202.584308] FAULT_INJECTION: forcing a failure. [ 3202.584308] name failslab, interval 1, probability 0, space 0, times 0 [ 3202.587072] CPU: 1 PID: 16864 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3202.588482] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3202.590154] Call Trace: [ 3202.590712] dump_stack+0x107/0x167 [ 3202.591461] should_fail.cold+0x5/0xa 05:02:02 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_INO_PATHS(r1, 0xc0389423, &(0x7f0000000080)={0x100000, 0x38, [0xfffffffffffffff7, 0x3, 0x4, 0x6], &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1081) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000000, 0x30, r2, 0x10000000) r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000006, 0x8010, r3, 0x8000000) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x0, 0x810, r2, 0x10000000) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r6, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000001580)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r6, 0x0, &(0x7f0000001540)={&(0x7f0000000140)=@phonet, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000280)=""/248, 0xf8}, {&(0x7f0000000380)=""/138, 0x8a}, {&(0x7f0000000440)=""/4096, 0x1000}], 0x3, &(0x7f0000001440)=""/201, 0xc9}, 0x0, 0x0, 0x1, {0x3}}, 0x3f) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f00000000c0)={0x3, 0x0, 0x27d9, 0xfe0, 0x42, "fe5bf7487602d29956e8df498a34763f588066", 0x5, 0x20}) [ 3202.592240] ? create_object.isra.0+0x3a/0xa20 [ 3202.593454] should_failslab+0x5/0x20 [ 3202.594224] kmem_cache_alloc+0x5b/0x310 [ 3202.595114] ? mark_held_locks+0x9e/0xe0 [ 3202.595943] create_object.isra.0+0x3a/0xa20 [ 3202.596837] kmemleak_alloc_percpu+0xa0/0x100 [ 3202.597752] pcpu_alloc+0x4e2/0x1240 [ 3202.598531] qdisc_alloc+0x2d6/0xc80 [ 3202.599401] qdisc_create_dflt+0x71/0x370 [ 3202.600242] dev_activate+0x7c3/0xd70 [ 3202.601021] __dev_open+0x38a/0x4e0 [ 3202.601760] ? dev_set_rx_mode+0x80/0x80 [ 3202.602610] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3202.603675] ? __local_bh_enable_ip+0x9d/0x100 [ 3202.604678] __dev_change_flags+0x521/0x6e0 [ 3202.605715] ? dev_set_allmulti+0x30/0x30 [ 3202.606709] ? asm_sysvec_call_function_single+0x12/0x20 [ 3202.607799] ? cap_capable+0x1cd/0x230 [ 3202.608697] ? full_name_hash+0xb5/0xf0 [ 3202.609593] dev_change_flags+0x8a/0x160 [ 3202.610523] devinet_ioctl+0x14de/0x1db0 [ 3202.611458] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3202.611458] program syz-executor.7 not setting count and/or reply_len properly [ 3202.611474] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3202.611513] inet_ioctl+0x34f/0x390 [ 3202.616696] ? inet_dgram_connect+0x220/0x220 [ 3202.617734] ? __lock_acquire+0xbb1/0x5b00 [ 3202.618755] ? perf_trace_lock+0xac/0x490 [ 3202.619677] packet_ioctl+0xb3/0x260 [ 3202.620543] sock_do_ioctl+0xd3/0x300 [ 3202.621398] ? compat_ifr_data_ioctl+0x180/0x180 [ 3202.622522] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3202.623780] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3202.624981] ? do_vfs_ioctl+0x283/0x10d0 [ 3202.625874] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3202.627060] ? generic_block_fiemap+0x60/0x60 [ 3202.628152] sock_ioctl+0x3ea/0x700 [ 3202.628891] ? dlci_ioctl_set+0x30/0x30 [ 3202.629794] ? selinux_file_ioctl+0xb6/0x270 [ 3202.630917] ? dlci_ioctl_set+0x30/0x30 [ 3202.631806] __x64_sys_ioctl+0x19a/0x210 [ 3202.632636] do_syscall_64+0x33/0x40 [ 3202.633388] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3202.634427] RIP: 0033:0x7fa5db089b19 [ 3202.635193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3202.638897] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3202.640428] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3202.641863] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3202.643302] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3202.644733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3202.646255] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3202.651292] device veth0_vlan entered promiscuous mode 05:02:02 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) getpeername(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000140)=0x80) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000180)={0x0, r3, 0x7fffffff, 0x51430194, 0x1ff, 0x3}) close(r1) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) write$binfmt_elf32(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c460000000000000000020006003c2ea9e80000000038000000000000000000000000002000010000000000000000000000030000000000000000000000000000003f000000000000000000000000000000000000000a710a2ff766a2979e1fc774e37f1b692554"], 0x58) close(r4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 05:02:02 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 9) 05:02:02 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:02:03 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff00b6a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:02:03 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 6) 05:02:03 executing program 0: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x4d, 0xffff}, 0x7) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffdfffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x20, 0x0, 0x8000) r1 = accept$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x10, r0, 0x8000000) r3 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080)={0x0, 0x0, 0x20, 0x2, 0x276}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) socket$packet(0x11, 0x3, 0x300) r5 = openat$cgroup_subtree(r0, &(0x7f00000003c0), 0x2, 0x0) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r6, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_io_uring_submit(0x0, r4, &(0x7f0000000000)=@IORING_OP_FILES_UPDATE={0x14, 0x2, 0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000400)=[r5, r7, r7], 0x3}, 0x0) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r3, 0x0) syz_io_uring_submit(r8, r4, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_setup(0x5a05, &(0x7f00000001c0)={0x0, 0x9646, 0x0, 0x2, 0x133}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280)) io_pgetevents(0x0, 0x5, 0x1, &(0x7f00000002c0)=[{}], &(0x7f0000000300)={0x77359400}, &(0x7f0000000380)={&(0x7f0000000340)={[0x3]}, 0x8}) syz_io_uring_submit(r2, r4, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x5, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x9) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f00000004c0)=ANY=[@ANYBLOB="01e8ff0ffe391363f62f6864f07b8ebdcbe856642e06d81481246ed1ad98c0b271409391f6bc01f222d484", @ANYRES32=r1, @ANYBLOB="00000000000000002e2f66696c653000c39346271859c85a2a23b1f9260e6f00000000000000004770c701100f0a19416cca5bb7fe6260a8b067ca621ca3de29072e0ca7cc9835ba124433e6dd0ddc91"]) [ 3202.965181] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3202.967102] FAULT_INJECTION: forcing a failure. [ 3202.967102] name failslab, interval 1, probability 0, space 0, times 0 [ 3202.969946] CPU: 0 PID: 16891 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3202.971521] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3202.973378] Call Trace: [ 3202.974014] dump_stack+0x107/0x167 [ 3202.974836] should_fail.cold+0x5/0xa [ 3202.975707] ? create_object.isra.0+0x3a/0xa20 [ 3202.976717] should_failslab+0x5/0x20 [ 3202.977582] kmem_cache_alloc+0x5b/0x310 [ 3202.978482] create_object.isra.0+0x3a/0xa20 [ 3202.979502] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3202.980628] __kmalloc+0x16e/0x390 [ 3202.981454] fib_nl2rule.isra.0+0x333/0x1db0 [ 3202.982542] ? SOFTIRQ_verbose+0x10/0x10 [ 3202.983472] ? fib_rules_event+0x5d0/0x5d0 [ 3202.984410] ? __nla_parse+0x3e/0x50 [ 3202.985260] fib_nl_delrule+0x355/0x1ac0 [ 3202.986163] ? lock_release+0x680/0x680 [ 3202.987095] ? fib_nl_dumprule+0x8d0/0x8d0 [ 3202.988043] ? __mutex_lock+0x4fe/0x10b0 [ 3202.988960] ? __lockdep_reset_lock+0x180/0x180 [ 3202.990016] ? security_capable+0x95/0xc0 [ 3202.990978] ? fib_nl_dumprule+0x8d0/0x8d0 [ 3202.991927] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3202.992892] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3202.993790] ? perf_trace_lock+0xac/0x490 [ 3202.994756] ? __lockdep_reset_lock+0x180/0x180 [ 3202.995793] netlink_rcv_skb+0x14b/0x430 [ 3202.996714] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3202.997614] ? netlink_ack+0xab0/0xab0 [ 3202.998497] ? netlink_deliver_tap+0x1ae/0xcd0 [ 3202.999524] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3203.000559] ? is_vmalloc_addr+0x7b/0xb0 [ 3203.001467] netlink_unicast+0x549/0x7f0 [ 3203.002377] ? netlink_attachskb+0x870/0x870 [ 3203.003359] ? __virt_addr_valid+0x128/0x350 [ 3203.004346] netlink_sendmsg+0x90f/0xdf0 [ 3203.005251] ? netlink_unicast+0x7f0/0x7f0 [ 3203.006224] ? netlink_unicast+0x7f0/0x7f0 [ 3203.007175] __sock_sendmsg+0x154/0x190 [ 3203.008079] ____sys_sendmsg+0x70d/0x870 [ 3203.008978] ? sock_write_iter+0x3d0/0x3d0 [ 3203.009931] ? do_recvmmsg+0x6d0/0x6d0 [ 3203.010803] ? perf_trace_lock+0xac/0x490 [ 3203.011753] ? __lockdep_reset_lock+0x180/0x180 [ 3203.012780] ? perf_trace_lock+0xac/0x490 [ 3203.013695] ? SOFTIRQ_verbose+0x10/0x10 [ 3203.014615] ___sys_sendmsg+0xf3/0x170 [ 3203.015480] ? sendmsg_copy_msghdr+0x160/0x160 [ 3203.016495] ? lock_downgrade+0x6d0/0x6d0 [ 3203.017415] ? find_held_lock+0x2c/0x110 [ 3203.018325] ? __fget_files+0x296/0x4c0 [ 3203.019232] ? __fget_light+0xea/0x290 [ 3203.020104] __sys_sendmsg+0xe5/0x1b0 [ 3203.020947] ? __sys_sendmsg_sock+0x40/0x40 [ 3203.021918] ? rcu_read_lock_any_held+0x75/0xa0 [ 3203.022990] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3203.024151] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3203.025302] do_syscall_64+0x33/0x40 [ 3203.026127] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3203.027267] RIP: 0033:0x7f1a789beb19 [ 3203.028108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3203.032158] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3203.033881] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3203.035470] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3203.037041] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3203.038616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3203.040197] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 [ 3203.042034] hpet: Lost 4 RTC interrupts [ 3203.142440] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3203.142440] program syz-executor.7 not setting count and/or reply_len properly [ 3203.157398] FAULT_INJECTION: forcing a failure. [ 3203.157398] name failslab, interval 1, probability 0, space 0, times 0 [ 3203.159937] CPU: 0 PID: 16898 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3203.161585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3203.163441] Call Trace: [ 3203.164037] dump_stack+0x107/0x167 [ 3203.164860] should_fail.cold+0x5/0xa [ 3203.165722] ? create_object.isra.0+0x3a/0xa20 [ 3203.166758] should_failslab+0x5/0x20 [ 3203.167611] kmem_cache_alloc+0x5b/0x310 [ 3203.168521] create_object.isra.0+0x3a/0xa20 [ 3203.169518] kmemleak_alloc_percpu+0xa0/0x100 [ 3203.170559] pcpu_alloc+0x4e2/0x1240 [ 3203.171449] qdisc_alloc+0x399/0xc80 [ 3203.172310] qdisc_create_dflt+0x71/0x370 [ 3203.173241] dev_activate+0x7c3/0xd70 [ 3203.174118] __dev_open+0x38a/0x4e0 [ 3203.174949] ? dev_set_rx_mode+0x80/0x80 [ 3203.175881] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3203.177045] ? __local_bh_enable_ip+0x9d/0x100 [ 3203.178075] __dev_change_flags+0x521/0x6e0 [ 3203.179043] ? dev_set_allmulti+0x30/0x30 [ 3203.179977] ? cap_capable+0x1cd/0x230 [ 3203.180853] ? full_name_hash+0xb5/0xf0 [ 3203.181763] dev_change_flags+0x8a/0x160 [ 3203.182699] devinet_ioctl+0x14de/0x1db0 [ 3203.183628] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3203.184631] inet_ioctl+0x34f/0x390 [ 3203.185443] ? inet_dgram_connect+0x220/0x220 [ 3203.186471] ? __lock_acquire+0xbb1/0x5b00 [ 3203.187496] ? perf_trace_lock+0xac/0x490 [ 3203.188425] packet_ioctl+0xb3/0x260 [ 3203.189259] sock_do_ioctl+0xd3/0x300 [ 3203.190118] ? compat_ifr_data_ioctl+0x180/0x180 [ 3203.191195] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3203.192478] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3203.193622] ? do_vfs_ioctl+0x283/0x10d0 [ 3203.194518] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3203.195687] ? generic_block_fiemap+0x60/0x60 [ 3203.196691] sock_ioctl+0x3ea/0x700 [ 3203.197497] ? dlci_ioctl_set+0x30/0x30 [ 3203.198385] ? selinux_file_ioctl+0xb6/0x270 [ 3203.199375] ? dlci_ioctl_set+0x30/0x30 [ 3203.200260] __x64_sys_ioctl+0x19a/0x210 [ 3203.201167] do_syscall_64+0x33/0x40 [ 3203.201989] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3203.203143] RIP: 0033:0x7fa5db089b19 [ 3203.203976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3203.208074] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3203.209764] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3203.211367] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3203.212949] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3203.214530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3203.216119] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3203.217957] hpet: Lost 3 RTC interrupts [ 3203.222142] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3203.222142] program syz-executor.7 not setting count and/or reply_len properly [ 3203.238728] device veth0_vlan entered promiscuous mode 05:02:24 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:02:24 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x882, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x85, 0x80062}, 0x10010, 0x0, 0x1000000, 0x0, 0x5}, 0x0, 0xb, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 05:02:24 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x6f, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000140)="255152e956bba54eeee31069f9c0303570c582855b2bf452cf5a0ea3fbddacef10ebe63e88869ccf784b7e4708bb34401dce2db7b3eeadb62aa35da0902d81559919803bf709cdcd9eaaaebc9be0bcb16851b0a03e3a8ca7c164b35bfcad6c70859adffaa5d32bedbaee6932d0", 0x6d, 0x9}], 0x0, &(0x7f0000000200)={[{@data_err_ignore}, {@minixdf}, {@journal_checksum}], [{@dont_hash}]}) copy_file_range(r0, 0x0, r1, &(0x7f0000000240)=0x1, 0x7, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000500)=0x3, 0x2) connect$bt_sco(r2, &(0x7f0000000040)={0x1f, @fixed}, 0x8) 05:02:24 executing program 2: openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="cd656d69f282f46caedc9da09676f7d5fb29e8f4", 0x14) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, 0x42, 0xe21}, 0x14}}, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000300)=ANY=[@ANYBLOB="03000000000000000a00000000000000ff010000000000000000f50000000001000000ed00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000006aab9c848249000000000000000000"], 0x110) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000180)={0x2, 0x7e850000, 0x5, 0x0, 0x0, [{{r0}, 0x8e}, {{}, 0x2}, {{r2}, 0x20f}, {{r3}, 0x800}, {{r0}, 0x1ff}]}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = syz_open_dev$tty20(0xc, 0x4, 0x0) close_range(r1, r5, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r4, 0x80047210, &(0x7f0000000140)) r6 = syz_open_dev$rtc(&(0x7f0000000080), 0x9, 0x101001) ioctl$F2FS_IOC_GARBAGE_COLLECT(r6, 0x4004f506, &(0x7f00000000c0)=0x1) unshare(0x48020200) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) unshare(0x58040280) unshare(0x10040200) 05:02:24 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) getpeername(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000140)=0x80) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000180)={0x0, r3, 0x7fffffff, 0x51430194, 0x1ff, 0x3}) close(r1) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) write$binfmt_elf32(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c460000000000000000020006003c2ea9e80000000038000000000000000000000000002000010000000000000000000000030000000000000000000000000000003f000000000000000000000000000000000000000a710a2ff766a2979e1fc774e37f1b692554"], 0x58) close(r4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 05:02:24 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0009a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:02:24 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 7) 05:02:24 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 10) [ 3224.369731] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3224.374718] FAULT_INJECTION: forcing a failure. [ 3224.374718] name failslab, interval 1, probability 0, space 0, times 0 [ 3224.377291] CPU: 1 PID: 16924 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3224.379008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3224.380842] Call Trace: [ 3224.381409] dump_stack+0x107/0x167 [ 3224.382166] should_fail.cold+0x5/0xa [ 3224.382966] ? __alloc_skb+0x6d/0x5b0 [ 3224.383770] should_failslab+0x5/0x20 [ 3224.384550] kmem_cache_alloc_node+0x55/0x330 [ 3224.385476] __alloc_skb+0x6d/0x5b0 [ 3224.386238] netlink_ack+0x1ed/0xab0 [ 3224.387011] ? perf_trace_lock+0xac/0x490 [ 3224.387871] ? netlink_sendmsg+0xdf0/0xdf0 [ 3224.388858] ? __lockdep_reset_lock+0x180/0x180 [ 3224.389838] netlink_rcv_skb+0x348/0x430 [ 3224.390806] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3224.391749] ? netlink_ack+0xab0/0xab0 [ 3224.392551] ? netlink_deliver_tap+0x1ae/0xcd0 [ 3224.393622] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3224.394557] ? is_vmalloc_addr+0x7b/0xb0 [ 3224.395415] netlink_unicast+0x549/0x7f0 [ 3224.396401] ? netlink_attachskb+0x870/0x870 [ 3224.397321] ? __virt_addr_valid+0x128/0x350 [ 3224.398410] netlink_sendmsg+0x90f/0xdf0 [ 3224.399394] ? netlink_unicast+0x7f0/0x7f0 [ 3224.400311] ? netlink_unicast+0x7f0/0x7f0 [ 3224.401338] __sock_sendmsg+0x154/0x190 [ 3224.402276] ____sys_sendmsg+0x70d/0x870 [ 3224.403205] ? sock_write_iter+0x3d0/0x3d0 [ 3224.404213] ? do_recvmmsg+0x6d0/0x6d0 [ 3224.405147] ? perf_trace_lock+0xac/0x490 [ 3224.406108] ? __lockdep_reset_lock+0x180/0x180 [ 3224.407254] ? perf_trace_lock+0xac/0x490 [ 3224.408143] ? SOFTIRQ_verbose+0x10/0x10 [ 3224.409108] ___sys_sendmsg+0xf3/0x170 [ 3224.410151] ? sendmsg_copy_msghdr+0x160/0x160 [ 3224.411139] ? lock_downgrade+0x6d0/0x6d0 [ 3224.412129] ? find_held_lock+0x2c/0x110 [ 3224.413170] ? __fget_files+0x296/0x4c0 [ 3224.414025] ? __fget_light+0xea/0x290 [ 3224.414967] __sys_sendmsg+0xe5/0x1b0 [ 3224.415980] ? __sys_sendmsg_sock+0x40/0x40 [ 3224.416883] ? rcu_read_lock_any_held+0x75/0xa0 [ 3224.418023] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3224.419227] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3224.420355] do_syscall_64+0x33/0x40 [ 3224.421170] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3224.422456] RIP: 0033:0x7f1a789beb19 [ 3224.423233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3224.427441] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3224.429002] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3224.430611] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3224.432310] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3224.433767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3224.435243] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 05:02:24 executing program 0: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000200)={'syz_tun\x00', 0x0}) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000180)) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000180)) r2 = openat$hpet(0xffffffffffffff9c, &(0x7f00000001c0), 0x406900, 0x0) perf_event_open(&(0x7f0000000240)={0x4, 0x80, 0xff, 0x3, 0xea, 0x7, 0x0, 0xb43b, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x2, @perf_bp={&(0x7f00000000c0), 0xc}, 0x0, 0xa7, 0x81, 0x9, 0x4, 0x9, 0x7ff, 0x0, 0x4800000, 0x0, 0x3}, 0x0, 0xe, r2, 0x8) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10) ioctl$BTRFS_IOC_FS_INFO(0xffffffffffffffff, 0x8400941f, &(0x7f00000002c0)) r3 = socket$netlink(0x10, 0x3, 0x0) fcntl$dupfd(r3, 0x0, r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_SET_HARDIF(r4, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'veth0_to_bridge\x00'}) [ 3224.504840] FAULT_INJECTION: forcing a failure. [ 3224.504840] name failslab, interval 1, probability 0, space 0, times 0 [ 3224.507267] CPU: 1 PID: 16927 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3224.508678] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3224.510368] Call Trace: [ 3224.510914] dump_stack+0x107/0x167 [ 3224.511685] should_fail.cold+0x5/0xa [ 3224.512486] ? create_object.isra.0+0x3a/0xa20 [ 3224.513441] should_failslab+0x5/0x20 [ 3224.514236] kmem_cache_alloc+0x5b/0x310 [ 3224.515099] ? mark_held_locks+0x9e/0xe0 [ 3224.515951] create_object.isra.0+0x3a/0xa20 [ 3224.516887] kmemleak_alloc_percpu+0xa0/0x100 [ 3224.517825] pcpu_alloc+0x4e2/0x1240 [ 3224.518625] qdisc_alloc+0x399/0xc80 [ 3224.519423] qdisc_create_dflt+0x71/0x370 [ 3224.520299] dev_activate+0x7c3/0xd70 [ 3224.521209] __dev_open+0x38a/0x4e0 [ 3224.521968] ? dev_set_rx_mode+0x80/0x80 [ 3224.522823] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3224.523946] ? __local_bh_enable_ip+0x9d/0x100 [ 3224.524898] __dev_change_flags+0x521/0x6e0 [ 3224.525801] ? dev_set_allmulti+0x30/0x30 [ 3224.526674] ? cap_capable+0x1cd/0x230 [ 3224.527507] ? full_name_hash+0xb5/0xf0 [ 3224.528355] dev_change_flags+0x8a/0x160 [ 3224.529208] devinet_ioctl+0x14de/0x1db0 [ 3224.530049] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3224.530982] inet_ioctl+0x34f/0x390 [ 3224.531755] ? inet_dgram_connect+0x220/0x220 [ 3224.532697] ? __lock_acquire+0xbb1/0x5b00 [ 3224.533592] ? perf_trace_lock+0xac/0x490 [ 3224.534460] packet_ioctl+0xb3/0x260 [ 3224.535243] sock_do_ioctl+0xd3/0x300 [ 3224.536034] ? compat_ifr_data_ioctl+0x180/0x180 [ 3224.537097] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3224.538278] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3224.539363] ? do_vfs_ioctl+0x283/0x10d0 [ 3224.540210] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3224.541301] ? generic_block_fiemap+0x60/0x60 [ 3224.542230] sock_ioctl+0x3ea/0x700 [ 3224.542980] ? dlci_ioctl_set+0x30/0x30 [ 3224.543824] ? selinux_file_ioctl+0xb6/0x270 [ 3224.544735] ? dlci_ioctl_set+0x30/0x30 [ 3224.545555] __x64_sys_ioctl+0x19a/0x210 [ 3224.546397] do_syscall_64+0x33/0x40 [ 3224.547183] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3224.548236] RIP: 0033:0x7fa5db089b19 [ 3224.549007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3224.552868] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3224.554544] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 05:02:24 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) 05:02:24 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 11) 05:02:24 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff000aa9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:02:24 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x2, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3224.554558] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3224.554570] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3224.554581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3224.554594] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3224.580266] device veth0_vlan entered promiscuous mode 05:02:24 executing program 5: socketpair(0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001bc0)='./file0\x00', &(0x7f0000001c00), 0x1200888, &(0x7f0000001c80)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@version_L}, {@afid={'afid', 0x3d, 0x100000000}}], [{@mask={'mask', 0x3d, 'MAY_READ'}}, {@fsuuid={'fsuuid', 0x3d, {[0x0, 0x0, 0x66, 0x0, 0x0, 0x39, 0x0, 0x35], 0x2d, [0x5, 0x63, 0x32, 0x66], 0x2d, [], 0x2d, [0x35, 0x65, 0x66, 0x30], 0x2d, [0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x38]}}}]}}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000002040)={0x0, 0x0, 0x0}, 0x0) 05:02:24 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 8) 05:02:25 executing program 0: r0 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(0x0, 0x0, 0x0, 0x0, r0) keyctl$search(0xa, r0, &(0x7f0000000100)='user\x00', 0x0, r1) add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r0) add_key$fscrypt_provisioning(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, &(0x7f00000000c0)={0x2, 0x0, @c}, 0x29, r0) r2 = request_key(&(0x7f0000000300)='blacklist\x00', &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000380)='#,@&,&!%)\x00', r0) add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="0630585250825d0653c9abcfcf0c2acfe9f9802698313bbc70778f9a51011b73918bf951216820c5048b4f34cc023468c1e63d874db75f435e0615f9f8a184e7df73a300682e3f2cbce23a8855eae2978444f921a9ea74225469e9eb77d7d86119377e3630909f6cf292a71673f9e4889477d31be119cba5b2874c5d7cc67041d7ebcf588a926ab93d679cf3b47dfdf84bb9ace333ab096ed77a3da33e0fe47d5954d3033a9a934f6ec6d24777c2d40414e4c426a3ee371f23151a44b1c6a91441574d0680a58d", 0xc7, r2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000000000)={0x9, 0xfffffffffffffff9, 0xb52, 0x1ff, 0x4, 0xfff}) write$binfmt_elf64(r3, &(0x7f0000001500)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x9, 0x5, 0x1, 0x0, 0x2, 0x6, 0x0, 0x27e, 0x40, 0x3b4, 0x0, 0x4, 0x38, 0x2, 0x5, 0x7, 0x4}, [{0x60000000, 0x0, 0x6, 0x0, 0xdd, 0x5, 0x40, 0x7}, {0x3, 0x0, 0x2, 0x2, 0x4, 0x5, 0x2, 0x7}], "bd957fd92f411ce18f895838cbaa4d10431d6f1ff91416ba3d46d46f9806d0d4794ceeeea2a5db653d90fb7d492f9319d402b6e737a65be0d6103a89d9fb0225245ad48f3efc11c748601e2c14070aedcf8790cb988fd9a9dc42560687a7ca8bdb9a4308453cbc1b30fbefed1014e06c663745c9642cd44c9b61cb210a3f9f879c67c210929c75380a32e7910a5057b77e7bd0079d943a44fa0493ff131383c73cac8ae601866e27e490ecdc05fa94e4e033e84ef40df030f991b72629e4b699180c2d59c227c254c29573c7ebe968993b2a808c7a7de46d4a28b88d3878dfcbe3e00ac859a44cc29c887800fd41813956894a5d446ed437c8d0d676163a0fe17faa72d9de2df6acb5bcfc7762dd38fb695d48b7615dd10595f5ce86bdbd42165a492854fd58fa33c189830c186cebc7f476d8f6d340a562e9a0087c1df70c3def99bb7da2e037056bcf01b6b4611021423894cb4fc49280bd814897e99effc5a6f739c7297475fc7ee6abfc739e4245326c052d4a25ff71a919639b9ec609800d000eb7b48a143081004422ab2b0c93f52f13c21fe3a69891899cddf448266e7c6c2a44a6b168b690710fa914cf98d5a4f1d2c69b15bca663d4665dbbcd7b391ad8744d8180fa9b590bf9292e69f810bffe0c7098de8c8c2ffffa7f71487a00ae4e228b96cca3de846df5ec2d175f6ad40f8f75c245cf54f6a110d2feaa211d303b13daf2ce54082d6c41e2bad767a6f7e1508cae12f627037e66993525b05b808098b463f8466860a55a97b40397e48320d933660dab0adefc9f5ee15df7b65671fe0766c1cde6e057dfa4456fb6980349c22672d422ccf7c40a788f7044cdb6c211c40d6ba5210916ba134236af42e3151733dc3f2eb243535643024472bb92205aa7d2258a3d01a597accb32dfde82c3e7455e0f6bea40bc891e1dad5030eecabe51bf31aaeef9b0b5b0e4fe36f6f60c38c2d47f5b45f8e6789650de5a746fe7f918035731eca253c276729b3ae17160a1d97a55cc95fd242c0468cdf19578820e9e0d0d1696bf169104cfc9fff87c7e56bf1fd0109ee2186d09ffb1de9b175ef691fc316cb4e4e37e15cd928f0251188a08e8e2ff4e99e4936ac771717fb3243a13b47166b8bc774651829dbeec86010c1332486690911932921093cf7bc48ee832d7b3cf479257fc9da062964d40a1cf43763af895b7b6cdf5df545036437622a0546880d889f43c6c55c86cad2bff797322df713b16d89d78d1844d098b0c69148bd773f03bc65f6fafed0b67316a172de8778874dd0a21b5a4d76fce773e418a269514d6b941723d7f2dce926983960e1551b1687041479e4fe4c4dced2fd46137497cda2ba3e2eb3492248ce07415433d03c8db0605ee603c7b1b48e27f1755648e854e964247d72f7561e6c48b442e82b3a6a71f5cf4864df5377c65a6c2fc708886a00ff1c182d89886838ce92592a6b8d8d0884a4139e348cca9dac6650b89e27e5859930dc1d4bf81317ec094d3f240fe95b8b6f6b899fd9d6d3ba88ca2dfd526eafe87055faa6ffea38b5303ab77a607c6e9a329fa48c180c788537bc112ca422502f99988cd46fb48179403d1b24a908457ef8d71920623ec2dc3b3dd6c6847d2e07170517b6968d129653fd02236e151ecdb2540cca6a361d930727defb55e68cbbcae67245a7073183a64b45e49610c9ac3ba02aec4fb85557a48a37abb72bb7e2b5589d5fe26a8f20562b1a165fcc02d81e7e52fa74eb7ad3b1ce769c840ca809eb2b9921c5a9e0bcac57665cf78c60a206065857fa650b183dc035f2da1a057d50cd88483ec2d899d69977bcccd7f8788881161320cf66b850128e9d8a57b244ac1b3d51d2a3d097c9fdf6056787c7d8697768fc554f9b38c5fa2e008d7beac49bbc68199f51aeb9167ab73ef7409026b900511880a150282e5ffdde45aeba967b8f78dd7c3d1df125c63a41118dc0a956460f93fc6af6d52a7b74219034dfb9d40100e51f2a9ed3ad6e526d2f8d9eb120480e54ae52d5f12971683f17e74a8e879c5a363f4e303a874e8b7e74b161f99b28ebb7591b4e93adab81ddf21ea00d62f0fca1a712784ceee6a82ecf689931ca3270e2207b2b45b1aee88145637878cf197d23b0f8022c469045ff13c1ed4a253579102ebd2dc4d54eb0b7aa531087d5edf9353120fd44791f254119512e29f745cbc4960d95d5efea0e1f8a6f9226a74bda485bfec6b80c93e2bb2b3ab8113abfe2ff1650dbd21d2046de6a50ebec45ec6ecf0ac1984f7bbe15587b0f71aa0cf08bbb9155bc0ae8dd833fa9084fbc4ed689d970c97ff27148bb8b6b5e336eaa19b4059809e97441ee546226a72701857381f7a70446f022599f841afbb04f255d90dabbe2d517addb5bb4cbdf660f172aef0e4ee708162be0fbd8ab76817d2e3c186232a7c377e6a86b2f90d4d0fb92180d5b7bda848ed0b8d03ae6379da8e47c215ed069feb37ac5bd2cabed7fa046d1f9076f33117f42c3c256a664213accdbd3e769ce9b1944158babe5a08da830978b10276030c4102b2356d8640f4c27f0ca38fd9678a1ceb0cadc6cc143d3729495ae3f152dfc00fa006ddb8d47b0a4fa464f33d6d28876732066b7d334a33cd3e1a8a8f71d7829737d3e6adb02f1e29e34692415e9c61fb1b0ef62708cd2779548ca8e69ff82a4509a40179180c83d64e9ba98d771c0050fe645d31da2df79d76b96a978a1a37247f3bbe9ee7f8078ee6fe747423d1cea406a2d0ff5c05bfb8d77203c6a9bfb92550a52f56c062f0f68337fbfaf0f366629bf4177661d0d0c970984af5098f94e20e98cbd617e373191bbf9b662bfbf0a44ea707fb5f161a9e56130897f4d9c11dd22dcba3aae9fe85526a76a45243af0aaf2da4df0f2a8c717020325aa092257cf84005d47aa28d12c5ee42b6603ee7f920925758871724d1492615b65d3578876df8a44f6030e15f376c6196a6aef9ae98b55c153f606ca122df74735f31918cc724438951d69e8a5e41055c6bbf2c6ea3b27917b52d8dfebd3758a115a52e534f2ca4090aa84283369eed8144fdf7ca27014afa9c8280407bd45b96f9f7e63f7cb11709b2edd9f5cd671f7854abec3b9266e0cd5dac57ce7bd7ab8df91b8daff98e52c719fdd5c87490885e86574d91594a36b351845059941b4392f91807f21a51aafaac4b716c0ac919e98d4eae792831033d462f3bac39952fe0d62d21899d8f56c2ff516cf4ac02d136e96eb677d81eebc1039b5cad753758e625b502bfc83ae50cf7e10e4df8944aaf921efcac2ff24d53e433c40de77dacebfe4d4975fdcef5d032155fe6e7372db4a195e1d45937b67b4a649e00f0ae5f93ae9ada36d4031b9f28eb2e29df997c5e24f473ea46857e4c64d5e0173c60b70969acc1dfa31038b90c77ad99a24c10c02b32903a0116f8b94641d18cdd198f4061040c97d105b91f75a6d125a56e12c8bf805f1846e82e4b53e6ba180f57f69150d743240f781390fc7bd63a150d19092a5a17a8bef0b65b9541762a551c772756b09d56355bc34ec0d45a9ff53ea9bbaffa69065677838428a3e9e7267560a303c4722db5e7d0eb364ebe21aaae0953b1a4d1282c6d8eb3c8bf094467b0c87bf5a294071d0874ab24f491e0e4703149da8c179eb4dfb046dcc7ab7ee54389543f26010b45fac96536574ddfcd83e3d7e7eef2981d04c954e74db4b5faefce228e63b3b40124db606549e9f16b6652b2d75da58a6379e22acab45c9e4912f41cf04a716c2a4b5af9eef2e7a5057f17184751a6e271fa68c0d03048f7bfb7026ef6a4b9fe32a66658e928a109f83fb035ef5ab3a54d2e1af97fe148f40419e272fa500c273c8a718021f171195915b462507c45e6d6888fc8be897a93716daf2eaf58ae66d462f9c003d7c4adc8429ebb254e7bc558805560d04115d57451d4a2b39539e5b76e8135710299b64e45edb54ff000059396b52d988d1d3af9563c026f3e54cab67e35a8b09e887dd5f00e4ed24233ee5154bbc630754e26fc28022a62e17e31f05eda5c924d34b548ff2c16a2eda02a3c48370f9471048674fd63b90408788f2874c7c9a6544160b7cc25b79045db8bd2ede6defcc2f65f28c44d7867d91d6dc44885da0cd802553294c1863bedf6a05f779e3e2db200ce22b16b166591c7a4b067cb9bd52f17302eed6ca404d8781236e922b1bd882991b857d25ed0ca9087a868cd42e4ae0b288d817707666e3a52acbbd6d6550108ae7a111e1d0f125be9f60f429c3f6b231cdf822ddb603f93af7dcd1c4002d563a1c75882ffc031e64dca129fcb06a266ba44861a942213ad80cde5b9d41c2b1aa90e45d63d8c9214107da627b1a96ec83247135f665d86e613ba6cd9cbe927c8dd994c1765ff7098694915a27b9b8b144464a5e4b124cbe8d5a973e203007b355a2aa8a230db151a56120c346e5d5393ae347e50145ed531a4fdb6279088af98a9117f471b5a254cf89347980bd38ea3dbcf590d27047e77d14c748f62a1b856e898bce800ad3cf83b9a28dcd4967a91cd51068853045829e4a879bcb2e889e5121ffd0ffb07b78c7a37114a87faa77994f80b09a9bc7554f4008b9397f7414d553a819d6851d7db649e06b4c4c93da70e2e9129656fb5f4cde45fcf12cc8863e3d4e2f0247f1a3ec655e4260668a3de5be1778e715a73d7337be40b1fad4f966ad426f815e42f3ae90a3f66dbc68d4573bec2a727b9d178eb980d6ee53b23013a9ff7410ebf0bedbb76b42ddda2aed4912037083cb47b35f1ea9f7673bcb0618895394797475eb09f432ba954059932839f185ef220db1aaeecc739ccfb7a8d8d047181c053b3a0e723335fd72e102d6e991fce1a5d8e139e4d4f0dc98021b49f04d284700982b0673027d021b0d66e9ee7c4d28aee4e673484d23771469a0006cab4c08d5c7de85158704262062aea9cde45b5a040e2435e671eef474af106a25845837182d9e2183d8665a06ff9967fe9fb08d85547773adc3c44e176c90ccabf9aa78ff63659a434affaa442e4b892d04186f4fcf82d74af7795e38e913597b3b3d55e3bebfb809c4827f0ceb97724ec4b2e5f831f82e6a5e016bbddcf3cbf84dddfb63a15bb6ffadaa9ae515e40e1bccdd2a24e52ba6b8892f42fb206509ceaa337c86e9ac800038a6b7d16236aa50fafcd6aaaf4de7e85fdffc5801f4340c87655ea8435eb97551379e33bc3acd5a064d7de4739c65b54fdfe49fff7eec6bab185ce8af6f75db4efcba85495651844e884a93bf1585ada122ad19de53099478af4ada009a57941b94195c5da4835841bc91f638d22e5087f00cb119fd3fb1c25600fc58ddbd6a60029c3d5edcdd6fc666d88effaab2f8dcce90758c6e12e3cd1fcb6154d831262b911da5b08965dd048edace8201a021ef061e22e27f7d88fdf3c8dab88736485faff908b08252da2bd5c91d490dffc0b2fe01e311b0eb1a589b47f365e8420ed59a4dff884dd6a50ae434f6c2ee29fcec9ed7637b44214c4adf152bd8c19104fae985cd3906231137815913b46cd43e40eaa18ccac8e3ecc08c4b19ae5dee9bdebd8c653c59302036f9d0fbcfd2084a5c4f9b5073dfe4ccce27397e935f53c0f82daa0f7d4880efec3ee3949c0e7e2fd2a638859b51dfb518c80cb07ec919b858467306bcf69d0b1a57c1489bab791407b853c1052674da606db1cd20375451868572fdc3e0d6c1bea3fbe9dd92b2826b4c9aae5898cd2a880d6760ba061db565eee9addc665c9f20e5cea05", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x15b0) [ 3224.806887] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3224.806887] program syz-executor.7 not setting count and/or reply_len properly [ 3224.814487] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3224.832316] FAULT_INJECTION: forcing a failure. [ 3224.832316] name failslab, interval 1, probability 0, space 0, times 0 [ 3224.835098] CPU: 0 PID: 16948 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3224.836615] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3224.836901] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3224.836901] program syz-executor.7 not setting count and/or reply_len properly [ 3224.838427] Call Trace: [ 3224.838454] dump_stack+0x107/0x167 [ 3224.838479] should_fail.cold+0x5/0xa [ 3224.838502] ? create_object.isra.0+0x3a/0xa20 [ 3224.838524] should_failslab+0x5/0x20 [ 3224.838543] kmem_cache_alloc+0x5b/0x310 [ 3224.838571] create_object.isra.0+0x3a/0xa20 [ 3224.847605] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3224.848719] kmem_cache_alloc_node+0x169/0x330 [ 3224.849744] __alloc_skb+0x6d/0x5b0 [ 3224.850542] netlink_ack+0x1ed/0xab0 [ 3224.851363] ? perf_trace_lock+0xac/0x490 [ 3224.852265] ? netlink_sendmsg+0xdf0/0xdf0 [ 3224.853189] ? __lockdep_reset_lock+0x180/0x180 [ 3224.854207] netlink_rcv_skb+0x348/0x430 [ 3224.855102] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3224.855985] ? netlink_ack+0xab0/0xab0 [ 3224.856831] ? netlink_deliver_tap+0x1ae/0xcd0 [ 3224.857832] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3224.858823] ? is_vmalloc_addr+0x7b/0xb0 [ 3224.859729] netlink_unicast+0x549/0x7f0 [ 3224.860622] ? netlink_attachskb+0x870/0x870 [ 3224.861575] ? __virt_addr_valid+0x128/0x350 [ 3224.862537] netlink_sendmsg+0x90f/0xdf0 [ 3224.863438] ? netlink_unicast+0x7f0/0x7f0 [ 3224.864369] ? netlink_unicast+0x7f0/0x7f0 [ 3224.865290] __sock_sendmsg+0x154/0x190 [ 3224.866157] ____sys_sendmsg+0x70d/0x870 [ 3224.867054] ? sock_write_iter+0x3d0/0x3d0 [ 3224.867970] ? do_recvmmsg+0x6d0/0x6d0 [ 3224.868823] ? perf_trace_lock+0xac/0x490 [ 3224.869739] ? __lockdep_reset_lock+0x180/0x180 [ 3224.870748] ? perf_trace_lock+0xac/0x490 [ 3224.871666] ___sys_sendmsg+0xf3/0x170 [ 3224.872522] ? sendmsg_copy_msghdr+0x160/0x160 [ 3224.873530] ? lock_downgrade+0x6d0/0x6d0 [ 3224.874447] ? finish_task_switch+0x126/0x5d0 [ 3224.875449] ? lock_downgrade+0x6d0/0x6d0 [ 3224.876361] ? __fget_files+0x296/0x4c0 [ 3224.877246] ? __fget_light+0xea/0x290 [ 3224.878113] __sys_sendmsg+0xe5/0x1b0 [ 3224.878947] ? __sys_sendmsg_sock+0x40/0x40 [ 3224.879909] ? io_schedule_timeout+0x140/0x140 [ 3224.880920] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3224.882060] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3224.883190] do_syscall_64+0x33/0x40 [ 3224.884010] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3224.885122] RIP: 0033:0x7f1a789beb19 [ 3224.885936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3224.889949] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3224.891606] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3224.893161] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3224.894707] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3224.896267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3224.897825] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 [ 3224.899662] hpet: Lost 3 RTC interrupts 05:02:25 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0025a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3225.015780] FAULT_INJECTION: forcing a failure. [ 3225.015780] name failslab, interval 1, probability 0, space 0, times 0 [ 3225.018260] CPU: 0 PID: 16955 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3225.019784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3225.021636] Call Trace: [ 3225.022239] dump_stack+0x107/0x167 [ 3225.023085] should_fail.cold+0x5/0xa [ 3225.023951] ? kvmalloc_node+0x119/0x170 [ 3225.024871] should_failslab+0x5/0x20 [ 3225.025731] __kmalloc_node+0x76/0x420 [ 3225.026614] kvmalloc_node+0x119/0x170 [ 3225.027501] pfifo_fast_init+0xea/0x3d0 [ 3225.028406] ? __netdev_watchdog_up+0x190/0x190 [ 3225.029444] qdisc_create_dflt+0x103/0x370 [ 3225.030401] dev_activate+0x7c3/0xd70 [ 3225.031281] __dev_open+0x38a/0x4e0 [ 3225.032092] ? dev_set_rx_mode+0x80/0x80 [ 3225.033025] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3225.034185] ? __local_bh_enable_ip+0x9d/0x100 [ 3225.035222] __dev_change_flags+0x521/0x6e0 [ 3225.036185] ? dev_set_allmulti+0x30/0x30 [ 3225.037115] ? cap_capable+0x1cd/0x230 [ 3225.037991] ? full_name_hash+0xb5/0xf0 [ 3225.038895] dev_change_flags+0x8a/0x160 [ 3225.039828] devinet_ioctl+0x14de/0x1db0 [ 3225.040748] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3225.041728] inet_ioctl+0x34f/0x390 [ 3225.042520] ? inet_dgram_connect+0x220/0x220 [ 3225.043529] ? __lock_acquire+0xbb1/0x5b00 [ 3225.044479] ? perf_trace_lock+0xac/0x490 [ 3225.045394] packet_ioctl+0xb3/0x260 [ 3225.046222] sock_do_ioctl+0xd3/0x300 [ 3225.047066] ? compat_ifr_data_ioctl+0x180/0x180 [ 3225.048109] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3225.049364] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3225.050490] ? do_vfs_ioctl+0x283/0x10d0 [ 3225.051395] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3225.052538] ? generic_block_fiemap+0x60/0x60 [ 3225.053525] sock_ioctl+0x3ea/0x700 [ 3225.054319] ? dlci_ioctl_set+0x30/0x30 [ 3225.055206] ? selinux_file_ioctl+0xb6/0x270 [ 3225.056170] ? dlci_ioctl_set+0x30/0x30 [ 3225.057043] __x64_sys_ioctl+0x19a/0x210 [ 3225.057940] do_syscall_64+0x33/0x40 [ 3225.058757] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3225.059998] RIP: 0033:0x7fa5db089b19 [ 3225.060812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3225.064823] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3225.066483] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3225.068047] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3225.069601] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3225.071159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3225.072715] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3225.074510] hpet: Lost 3 RTC interrupts [ 3225.075854] veth0_vlan: default qdisc (pfifo_fast) fail, fallback to noqueue 05:02:25 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 12) [ 3225.107494] device veth0_vlan entered promiscuous mode [ 3225.242914] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3225.242914] program syz-executor.7 not setting count and/or reply_len properly [ 3225.275858] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3225.275858] program syz-executor.7 not setting count and/or reply_len properly [ 3225.280683] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3225.280774] FAULT_INJECTION: forcing a failure. [ 3225.280774] name failslab, interval 1, probability 0, space 0, times 0 [ 3225.280793] CPU: 1 PID: 16965 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3225.280804] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3225.280811] Call Trace: [ 3225.280837] dump_stack+0x107/0x167 [ 3225.280863] should_fail.cold+0x5/0xa [ 3225.280891] should_failslab+0x5/0x20 [ 3225.280912] __kmalloc_node_track_caller+0x74/0x3b0 [ 3225.280928] ? netlink_ack+0x1ed/0xab0 [ 3225.280956] __alloc_skb+0xb1/0x5b0 [ 3225.280979] netlink_ack+0x1ed/0xab0 [ 3225.281001] ? perf_trace_lock+0xac/0x490 [ 3225.281020] ? netlink_sendmsg+0xdf0/0xdf0 [ 3225.281042] ? __lockdep_reset_lock+0x180/0x180 [ 3225.281068] netlink_rcv_skb+0x348/0x430 [ 3225.281087] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3225.281107] ? netlink_ack+0xab0/0xab0 [ 3225.281126] ? netlink_deliver_tap+0x1ae/0xcd0 [ 3225.281156] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3225.281175] ? is_vmalloc_addr+0x7b/0xb0 [ 3225.281201] netlink_unicast+0x549/0x7f0 [ 3225.281227] ? netlink_attachskb+0x870/0x870 [ 3225.281245] ? __virt_addr_valid+0x128/0x350 [ 3225.281276] netlink_sendmsg+0x90f/0xdf0 [ 3225.281303] ? netlink_unicast+0x7f0/0x7f0 [ 3225.281335] ? netlink_unicast+0x7f0/0x7f0 [ 3225.281356] __sock_sendmsg+0x154/0x190 [ 3225.281378] ____sys_sendmsg+0x70d/0x870 [ 3225.281401] ? sock_write_iter+0x3d0/0x3d0 [ 3225.281418] ? do_recvmmsg+0x6d0/0x6d0 [ 3225.281437] ? perf_trace_lock+0xac/0x490 [ 3225.281463] ? __lockdep_reset_lock+0x180/0x180 [ 3225.281480] ? perf_trace_lock+0xac/0x490 [ 3225.281498] ? SOFTIRQ_verbose+0x10/0x10 [ 3225.281523] ___sys_sendmsg+0xf3/0x170 [ 3225.281546] ? sendmsg_copy_msghdr+0x160/0x160 [ 3225.281579] ? lock_downgrade+0x6d0/0x6d0 [ 3225.281604] ? find_held_lock+0x2c/0x110 [ 3225.281634] ? __fget_files+0x296/0x4c0 [ 3225.281666] ? __fget_light+0xea/0x290 [ 3225.281695] __sys_sendmsg+0xe5/0x1b0 [ 3225.281715] ? __sys_sendmsg_sock+0x40/0x40 [ 3225.281734] ? rcu_read_lock_any_held+0x75/0xa0 [ 3225.281776] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3225.281796] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3225.281823] do_syscall_64+0x33/0x40 [ 3225.281841] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3225.281854] RIP: 0033:0x7f1a789beb19 [ 3225.281875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3225.281886] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3225.281909] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3225.281921] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3225.281933] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3225.281944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3225.281957] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 05:02:43 executing program 5: openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="cd656d69f282f46caedc9da09676f7d5fb29e8f4", 0x14) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000e00000000000000fa0100000000000000"], 0x14}}, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000300)=ANY=[@ANYBLOB="03000000000000000a00000000000000ff010000000000000000f50000000001000000ed0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000006aab9c848249000000000000000000"], 0x110) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000180)={0x2, 0x7e850000, 0x5, 0x0, 0x0, [{{r0}, 0x8e}, {{}, 0x2}, {{r2}, 0x20f}, {{r3}, 0x800}, {{r0}, 0x1ff}]}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) close_range(r1, r5, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r4, 0x80047210, &(0x7f0000000140)) r6 = syz_open_dev$rtc(&(0x7f0000000080), 0x7, 0x4a481) ioctl$F2FS_IOC_GARBAGE_COLLECT(r6, 0x4004f506, &(0x7f00000000c0)=0x1) unshare(0x48020200) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) unshare(0x58040280) unshare(0x10040200) 05:02:43 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(0xffffffffffffffff, r0) ioctl$AUTOFS_IOC_FAIL(r0, 0x9361, 0x3) 05:02:43 executing program 0: getgroups(0x0, &(0x7f0000000180)) mount$tmpfs(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000001540), r0) sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) utimes(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={{}, {0x77359400}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_P2P_DEVICE(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010036dcc397a50bb1815e99000000001000", @ANYRES32=r3, @ANYBLOB], 0x1c}}, 0x0) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="28010000", @ANYRES16=r1, @ANYBLOB="020229bd8500fddbdf253a00000008000300", @ANYRES32=r3, @ANYBLOB="00006500fbff000006006500ff00000006006500010000003b005b0036bb1a6a06a95fe6cf645f9562206bfd49392e43ab875f3bc7dd35c80a7c3ca63afa659948effd32c65ea56353da57cb978d575c11882b0000005b007b7632985b2dfcc91cd241fa11de9cd60a474fbcad10bf4b86b4a1495fe864f5e3f8c1cf14deaa48fbbb35be3ca785fbab45e8f6839d4b65e7b5d1a67d3f005ad4fe78dde994e592194872ac3f000000"], 0x128}, 0x1, 0x0, 0x0, 0x4000001}, 0x4004840) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001540), 0xffffffffffffffff) r7 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) r8 = fcntl$dupfd(r7, 0x406, r7) ioctl$VFAT_IOCTL_READDIR_SHORT(r8, 0x82307202, &(0x7f0000000300)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r8) sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000000)={0x1c, r6, 0x301, 0x0, 0x0, {{0x5}, {@val={0xeac}, @void}}}, 0x1c}}, 0x0) 05:02:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff00b6a9d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:02:43 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000000500)={0x0, 0x8}) r2 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000200)=@secondary) syz_io_uring_submit(0x0, 0x0, &(0x7f0000001600)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f00000015c0), 0x1, 0x6e05218349c7f8b5, 0x1}, 0xbbd) r3 = getpgrp(0x0) pidfd_open(r3, 0x0) perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x81, 0x5, 0x5, 0x5, 0x0, 0x3ff, 0x8a000, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x0, 0x401}, 0x9000, 0x1, 0x0, 0x1, 0x3, 0x5, 0x2, 0x0, 0xffff, 0x0, 0x100000000}, r3, 0x2, 0xffffffffffffffff, 0x8) prlimit64(0x0, 0x0, &(0x7f00000003c0)={0x7, 0x10001}, 0x0) dup2(0xffffffffffffffff, r1) getgid() stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) add_key(&(0x7f0000000340)='encrypted\x00', &(0x7f0000000380)={'syz', 0x1}, &(0x7f0000000400)="a727703b0078fd01660cba73a610bbafd619a02a27c2101e104c886798fcef5860f2dc33e522a808253de5a88a829ef1b1f748978569b016b3512e88ddfdc8f31359b86862009163406abad4eeb982ab5581889aaa8f32eced4859c95a18246478e27f5c9b39f83045270826f3dc20590c90f4da31243930bb618bfdfab2833d04c828f24226df033fc5bc4f65bee6d18c56ba76cc57fd60876370042832a47e97f7e7f39352b6a8e8e9dcc60bed4d31fcb05d1a501b58cb59cbfcdf933e7d376973ebe1a82bf4b8e9f9a20178f8bfe3", 0xd0, 0x0) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) r5 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, r5, 0x0, r4) 05:02:43 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 9) 05:02:43 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 13) 05:02:43 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x3, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3243.710915] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3243.710915] program syz-executor.7 not setting count and/or reply_len properly [ 3243.714955] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3243.719326] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3243.723242] FAULT_INJECTION: forcing a failure. [ 3243.723242] name failslab, interval 1, probability 0, space 0, times 0 [ 3243.726211] CPU: 0 PID: 16984 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3243.727859] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3243.728387] FAULT_INJECTION: forcing a failure. [ 3243.728387] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3243.729742] Call Trace: [ 3243.729769] dump_stack+0x107/0x167 [ 3243.729797] should_fail.cold+0x5/0xa [ 3243.733489] ? create_object.isra.0+0x3a/0xa20 [ 3243.734539] should_failslab+0x5/0x20 [ 3243.735487] kmem_cache_alloc+0x5b/0x310 [ 3243.736426] create_object.isra.0+0x3a/0xa20 [ 3243.737496] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3243.738663] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3243.739834] ? netlink_ack+0x1ed/0xab0 [ 3243.740770] __alloc_skb+0xb1/0x5b0 [ 3243.741615] netlink_ack+0x1ed/0xab0 [ 3243.742479] ? perf_trace_lock+0xac/0x490 [ 3243.743444] ? netlink_sendmsg+0xdf0/0xdf0 [ 3243.744418] ? __lockdep_reset_lock+0x180/0x180 [ 3243.745487] netlink_rcv_skb+0x348/0x430 [ 3243.746418] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3243.747346] ? netlink_ack+0xab0/0xab0 [ 3243.748249] ? netlink_deliver_tap+0x1ae/0xcd0 [ 3243.749302] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3243.750350] ? is_vmalloc_addr+0x7b/0xb0 [ 3243.751287] netlink_unicast+0x549/0x7f0 [ 3243.752247] ? netlink_attachskb+0x870/0x870 [ 3243.753250] ? __virt_addr_valid+0x128/0x350 [ 3243.754274] netlink_sendmsg+0x90f/0xdf0 [ 3243.755212] ? netlink_unicast+0x7f0/0x7f0 [ 3243.756203] ? netlink_unicast+0x7f0/0x7f0 [ 3243.757174] __sock_sendmsg+0x154/0x190 [ 3243.758086] ____sys_sendmsg+0x70d/0x870 [ 3243.759022] ? sock_write_iter+0x3d0/0x3d0 [ 3243.759996] ? do_recvmmsg+0x6d0/0x6d0 [ 3243.760889] ? perf_trace_lock+0xac/0x490 [ 3243.761846] ? __lockdep_reset_lock+0x180/0x180 [ 3243.762909] ? perf_trace_lock+0xac/0x490 [ 3243.763869] ? SOFTIRQ_verbose+0x10/0x10 [ 3243.764807] ___sys_sendmsg+0xf3/0x170 [ 3243.765702] ? sendmsg_copy_msghdr+0x160/0x160 [ 3243.766755] ? lock_downgrade+0x6d0/0x6d0 [ 3243.767718] ? find_held_lock+0x2c/0x110 [ 3243.768661] ? __fget_files+0x296/0x4c0 [ 3243.769586] ? __fget_light+0xea/0x290 [ 3243.770485] __sys_sendmsg+0xe5/0x1b0 [ 3243.771358] ? __sys_sendmsg_sock+0x40/0x40 [ 3243.772365] ? rcu_read_lock_any_held+0x75/0xa0 [ 3243.773456] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3243.774657] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3243.775853] do_syscall_64+0x33/0x40 [ 3243.776703] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3243.777877] RIP: 0033:0x7f1a789beb19 [ 3243.778738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3243.782957] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3243.784712] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3243.786344] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3243.787992] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3243.789625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3243.791259] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 [ 3243.792930] CPU: 1 PID: 16981 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3243.793183] hpet: Lost 3 RTC interrupts [ 3243.793914] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3243.793927] Call Trace: [ 3243.796208] dump_stack+0x107/0x167 [ 3243.796674] should_fail.cold+0x5/0xa [ 3243.797160] __alloc_pages_nodemask+0x182/0x600 [ 3243.797751] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3243.798523] alloc_pages_current+0x187/0x280 [ 3243.799093] allocate_slab+0x26f/0x380 [ 3243.799607] ___slab_alloc+0x470/0x700 [ 3243.800110] ? kvmalloc_node+0x119/0x170 [ 3243.800624] ? cpumask_next+0x1f/0x30 [ 3243.801116] ? kvmalloc_node+0x119/0x170 [ 3243.801633] ? __kmalloc_node+0x3ef/0x420 [ 3243.802163] ? kvmalloc_node+0x119/0x170 [ 3243.802679] __kmalloc_node+0x3ef/0x420 [ 3243.803197] kvmalloc_node+0x119/0x170 [ 3243.803708] pfifo_fast_init+0xea/0x3d0 [ 3243.804201] ? __netdev_watchdog_up+0x190/0x190 [ 3243.804679] qdisc_create_dflt+0x103/0x370 [ 3243.805123] dev_activate+0x7c3/0xd70 [ 3243.805521] __dev_open+0x38a/0x4e0 [ 3243.805896] ? dev_set_rx_mode+0x80/0x80 [ 3243.806311] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3243.806847] ? __local_bh_enable_ip+0x9d/0x100 [ 3243.807322] __dev_change_flags+0x521/0x6e0 [ 3243.807783] ? dev_set_allmulti+0x30/0x30 [ 3243.808209] ? cap_capable+0x1cd/0x230 [ 3243.808617] ? full_name_hash+0xb5/0xf0 [ 3243.809036] dev_change_flags+0x8a/0x160 [ 3243.809464] devinet_ioctl+0x14de/0x1db0 [ 3243.809884] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3243.810345] inet_ioctl+0x34f/0x390 [ 3243.810720] ? inet_dgram_connect+0x220/0x220 [ 3243.811263] ? __lock_acquire+0xbb1/0x5b00 [ 3243.811736] ? perf_trace_lock+0xac/0x490 [ 3243.812183] packet_ioctl+0xb3/0x260 [ 3243.812570] sock_do_ioctl+0xd3/0x300 [ 3243.812967] ? compat_ifr_data_ioctl+0x180/0x180 [ 3243.813466] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3243.814051] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3243.814592] ? do_vfs_ioctl+0x283/0x10d0 [ 3243.815004] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3243.815591] ? generic_block_fiemap+0x60/0x60 [ 3243.816053] sock_ioctl+0x3ea/0x700 [ 3243.816450] ? dlci_ioctl_set+0x30/0x30 [ 3243.816884] ? selinux_file_ioctl+0xb6/0x270 [ 3243.817365] ? dlci_ioctl_set+0x30/0x30 [ 3243.817782] __x64_sys_ioctl+0x19a/0x210 [ 3243.818203] do_syscall_64+0x33/0x40 [ 3243.818728] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3243.819249] RIP: 0033:0x7fa5db089b19 [ 3243.819667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3243.821559] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3243.822405] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3243.823156] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3243.823910] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3243.824658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3243.825392] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 05:02:44 executing program 4: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000180), 0x9d50a1, &(0x7f0000000240)=ANY=[]) r1 = memfd_create(&(0x7f0000000340)='\x00', 0x0) lseek(0xffffffffffffffff, 0x8000, 0x1) fcntl$addseals(r1, 0x409, 0xe) fallocate(r1, 0x0, 0x0, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x1}, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(r0, &(0x7f0000000100)='./file2\x00', 0x10) rename(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file2\x00') creat(&(0x7f0000000200)='./file1\x00', 0x2) chroot(&(0x7f0000000280)='./file2\x00') r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', 0x509441, 0x18e) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) write(r3, &(0x7f00000003c0)="0289819eecd945439d8a8b16bf2bf2b67eefb591f4cf4db9ead300c6ac8ba94f7d4a804292338b2abd8472d8beffa0ce3669f0087fe6e41dd4cf60d158da85532ae8", 0x42) r5 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_mreq(r5, 0x0, 0x4, 0x0, &(0x7f0000000340)) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f0000000340)) sendfile(r2, r4, 0x0, 0x100000001) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 3243.858478] device veth0_vlan entered promiscuous mode [ 3243.908099] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3243.908099] program syz-executor.7 not setting count and/or reply_len properly [ 3243.912540] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3243.922990] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 05:02:44 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043b6d7cceb232fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:02:44 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 10) [ 3244.085127] FAULT_INJECTION: forcing a failure. [ 3244.085127] name failslab, interval 1, probability 0, space 0, times 0 [ 3244.087698] CPU: 0 PID: 16999 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3244.089230] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3244.091108] Call Trace: [ 3244.091714] dump_stack+0x107/0x167 [ 3244.092513] should_fail.cold+0x5/0xa [ 3244.093355] ? kvmalloc_node+0x119/0x170 [ 3244.094265] should_failslab+0x5/0x20 [ 3244.095095] __kmalloc_node+0x76/0x420 [ 3244.095955] ? lockdep_init_map_type+0x2c7/0x780 [ 3244.096987] kvmalloc_node+0x119/0x170 [ 3244.097835] pfifo_fast_init+0xea/0x3d0 [ 3244.098717] ? __netdev_watchdog_up+0x190/0x190 [ 3244.099771] qdisc_create_dflt+0x103/0x370 [ 3244.100712] dev_activate+0x7c3/0xd70 [ 3244.101571] __dev_open+0x38a/0x4e0 [ 3244.102371] ? dev_set_rx_mode+0x80/0x80 [ 3244.103273] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3244.104442] ? __local_bh_enable_ip+0x9d/0x100 [ 3244.105438] __dev_change_flags+0x521/0x6e0 [ 3244.106389] ? dev_set_allmulti+0x30/0x30 [ 3244.107299] ? cap_capable+0x1cd/0x230 [ 3244.108158] ? full_name_hash+0xb5/0xf0 [ 3244.109034] dev_change_flags+0x8a/0x160 [ 3244.109937] devinet_ioctl+0x14de/0x1db0 [ 3244.110826] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3244.111816] inet_ioctl+0x34f/0x390 [ 3244.112608] ? inet_dgram_connect+0x220/0x220 [ 3244.113617] ? __lock_acquire+0xbb1/0x5b00 [ 3244.114555] ? perf_trace_lock+0xac/0x490 [ 3244.115495] packet_ioctl+0xb3/0x260 [ 3244.116312] sock_do_ioctl+0xd3/0x300 [ 3244.117152] ? compat_ifr_data_ioctl+0x180/0x180 [ 3244.118203] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3244.119477] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3244.120600] ? do_vfs_ioctl+0x283/0x10d0 [ 3244.121488] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3244.122630] ? generic_block_fiemap+0x60/0x60 [ 3244.123635] sock_ioctl+0x3ea/0x700 [ 3244.124434] ? dlci_ioctl_set+0x30/0x30 [ 3244.125316] ? selinux_file_ioctl+0xb6/0x270 [ 3244.126284] ? dlci_ioctl_set+0x30/0x30 [ 3244.127162] __x64_sys_ioctl+0x19a/0x210 [ 3244.128094] do_syscall_64+0x33/0x40 [ 3244.128929] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3244.130072] RIP: 0033:0x7fa5db089b19 [ 3244.130896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3244.134955] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3244.136650] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3244.138208] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3244.139779] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3244.141336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3244.142889] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3244.144773] hpet: Lost 2 RTC interrupts [ 3244.147464] veth0_vlan: default qdisc (pfifo_fast) fail, fallback to noqueue [ 3244.161036] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3244.161036] program syz-executor.7 not setting count and/or reply_len properly [ 3244.169084] device veth0_vlan entered promiscuous mode [ 3244.247142] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3244.247142] program syz-executor.7 not setting count and/or reply_len properly [ 3249.458930] kworker/dying (5817) used greatest stack depth: 22968 bytes left 05:02:58 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000000500)={0x0, 0x8}) r2 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000200)=@secondary) syz_io_uring_submit(0x0, 0x0, &(0x7f0000001600)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f00000015c0), 0x1, 0x6e05218349c7f8b5, 0x1}, 0xbbd) r3 = getpgrp(0x0) pidfd_open(r3, 0x0) perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x81, 0x5, 0x5, 0x5, 0x0, 0x3ff, 0x8a000, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x0, 0x401}, 0x9000, 0x1, 0x0, 0x1, 0x3, 0x5, 0x2, 0x0, 0xffff, 0x0, 0x100000000}, r3, 0x2, 0xffffffffffffffff, 0x8) prlimit64(0x0, 0x0, &(0x7f00000003c0)={0x7, 0x10001}, 0x0) dup2(0xffffffffffffffff, r1) getgid() stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) add_key(&(0x7f0000000340)='encrypted\x00', &(0x7f0000000380)={'syz', 0x1}, &(0x7f0000000400)="a727703b0078fd01660cba73a610bbafd619a02a27c2101e104c886798fcef5860f2dc33e522a808253de5a88a829ef1b1f748978569b016b3512e88ddfdc8f31359b86862009163406abad4eeb982ab5581889aaa8f32eced4859c95a18246478e27f5c9b39f83045270826f3dc20590c90f4da31243930bb618bfdfab2833d04c828f24226df033fc5bc4f65bee6d18c56ba76cc57fd60876370042832a47e97f7e7f39352b6a8e8e9dcc60bed4d31fcb05d1a501b58cb59cbfcdf933e7d376973ebe1a82bf4b8e9f9a20178f8bfe3", 0xd0, 0x0) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) r5 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, r5, 0x0, r4) 05:02:58 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 14) 05:02:58 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 11) 05:02:58 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg$unix(r1, &(0x7f00000059c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000003b40)=0x0) statx(0xffffffffffffffff, &(0x7f0000003b80)='./file0\x00', 0x400, 0x7ff, &(0x7f0000003bc0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000040)='./file1\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(0xffffffffffffffff, 0x0, r5) r6 = getpid() shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000280)={{0x3, 0x0, r5, 0xee00, 0xee00, 0x51, 0x1}, 0x0, 0x0, 0x0, 0x7, r6, 0x0, 0x6}) r7 = clone3(&(0x7f0000003ec0)={0x11808a000, &(0x7f0000003cc0), &(0x7f0000003d00), &(0x7f0000003d40), {0x21}, &(0x7f0000003d80)=""/154, 0x9a, &(0x7f0000003e40)=""/1, &(0x7f0000003e80)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6}, 0x58) recvmmsg$unix(r0, &(0x7f0000004a00)=[{{&(0x7f0000003f40), 0x6e, &(0x7f0000004180)=[{&(0x7f0000003fc0)=""/162, 0xa2}, {&(0x7f0000004080)=""/171, 0xab}, {&(0x7f0000004140)=""/52, 0x34}], 0x3}}, {{&(0x7f00000041c0)=@abs, 0x6e, &(0x7f0000004700)=[{&(0x7f0000004240)=""/94, 0x5e}, {&(0x7f00000042c0)=""/176, 0xb0}, {&(0x7f0000004380)=""/189, 0xbd}, {&(0x7f0000004440)}, {&(0x7f0000004480)=""/200, 0xc8}, {&(0x7f0000004580)=""/82, 0x52}, {&(0x7f0000004600)=""/10, 0xa}, {&(0x7f0000004640)=""/176, 0xb0}], 0x8, &(0x7f0000004780)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}, {{&(0x7f00000047c0), 0x6e, &(0x7f0000004940)=[{&(0x7f0000004840)=""/15, 0xf}, {&(0x7f0000004880)=""/57, 0x39}, {&(0x7f00000048c0)=""/82, 0x52}], 0x3, &(0x7f0000004980)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0}}}], 0x78}}], 0x3, 0x10001, &(0x7f0000004ac0)) r9 = socket$netlink(0x10, 0x3, 0x4) r10 = syz_open_dev$tty1(0xc, 0x4, 0x2) r11 = dup2(0xffffffffffffffff, r1) r12 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004e00)=[{{&(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001480)=[{&(0x7f00000001c0)="bbe20d406d5ab169ab5140e07ce70049c4ddba704a6bc10cf01fbe32cbe4868e315984a9f388eb948423a0b76387345e257ce90e3571e3dd3894f819390fb437cc323f6ec6e9db1f9649a32c527e40625200cf34853b12664aa590a53c5cde81c26b9ab125a7aad4c52165c33f00c52913feba48a104afa746ccad08eced7f2a3122199760c062c4881d031d99d52112e4e8f72111eb1ac0d3ffbf5c269aacbf609e655b3875b228373a7cfd02ea0dd8f3f0ac7a6ab2b2ef88710852101234329057fc415ecb966758a7ebad36f7627290bc9c1b25e01ec80512c960cabe89a07ee68132e3313a76370cce368d8688d509e4f71940c47dcfd21b8453d705d4dcdcec4c9d68926f88ef525debb86b8cfa3d195ed3b1ae329c3803dbd34b362568e6b891386e42b67ab8d452693c3abb01cbd597948e70e23f67885e3a4ab2f5fa306df4ace33a86c8a15e38e7505833c95111e40617db2b326d9cc948ba28f9cf7b989b4dbaccf6c0dd0478c90b4fd0957c72aa080639a4fe499928931baca592f4392aaa7308bace34adbd1e3adf70328f9718275f6ce40f18a2046d206eecde8524be90d14cfb7f490340243642ae7b5d6235d4cf134b8bb43a4b8f9dd5e6ea699361d603a18e75872d7cbad36eab5fa205ac000c77d31be0cbe94f3b863ba6bf61e0c12fb45bcb36dedb5db9c0745836ccf426fb12e94d5b04d3fcd3eee9de308333363aa5539cb7bd0ad1837e46f70c1b15af73e9ad9026e42911ef23e64e9eb8b95712051043fe6a8e6da0097983942eba2bee9f80a19f05edb69da75ab5810c3efaf826c4c6932abff71c94e7cbd4d3f1fe88f455bd44734cfec1c34aeeab5f525160c944d783ad7c4630bb72beac3509e5b87cd8e6df9c3643ad92dd02ee011b9d90f2cd2921ea508b1a500bcb0fde48601b57e5f3622dc7f72dee163d64ce05df113a8b7a58bbce56eb61d13ede555944cbe3b24524daa97d8014c470e6f8135b7c7ae811ad19fd8a8f62fffae823db02dbb248d442353669a75399dd82bc9d0cc06e3c5c39e4e983245d99208eb783f1ac4a742ecaf63b02f8667fd5f69c272c9bad3a2188d701d5e6e0c6ddceddfe9ee9ed95db0ec00f1ae3b8b1d64f085c747b0950063811925f095296760b3bd4df3731cd1555c7cb582b2aaaf86915609e5d2816b8ae6d3b7a3c267d649a79267fbe75f597e1187e96fcf170c4b721715991f87d4410a15e046a4dbe88080933030092667dda5f81c87d552358773e6d77276ff791ba3205727e6993a9d88596aa0e723235b17f249b3e104b3b38038b2b9aa22087529b14175061b7684e48d51dba3c6df9172204887ee5304cd779a21311c1a48f499da3b4cd51aa41e291001a94207832aad6ac183735f5f33313cd4f0a96807d8200537048178528749be3fc79a57e54fe3d5209f1113b1e454d48543ea8c9bd320a1a7144a6e1dc372c70f740e639ef5bd3669faacdca2f7030b4013f78621d098a7ae3898f1753dcfb0968eb4e2531d12160cde644f856d8ebfc039393fc04f431258519a083e1c45d3b5bb0477671bc816a0f682605aee7ceb060251212ac54ece9011543e97cdfcdd1e4423f88a3293ab24d28509b5d40c261460911d664e869cd21d1f7d8b78631695c17a8119696a7e8a31ad81f15b616808ed0d338c6607176412f26db1f0f29011420f05f64fa9e99d5db9a4f62c8a19a35e6ff13f1a694693443f0a3dd81e05e5b90e9a8842b80e15146aa539842fe2f900d62499a1cfb62c769420004d27b73e9a7f089e3aa49f7815f5f55eaf77a7af436041fd610cd943d6ac2501a749e921338f0eeee98db889a860917c8d44b87ec7129f8e608585df502a9c7b3534c328fb3884ca5523ff42137226d99107908c9d728aa5f15baa4852a8065870d5bdda94e08c2c7fa2f331deb98757a7dec8ad709eb68fe49bd5651ef2f03d48be56c994dbaee206c6407cdb9c61a38843b414cee9345c1b5bb9abb9fbec7a79814a19977d7262c2bb4c2f94c7cef41cde7cfc7842e60bf04d22225c9973cba8edc953f04c66a1adede0773329feb93408083930c9d356f0558a204229a22586cfba49ac84d7cee51275ce68a67491a1bef5886ca877b63b631f25fbbda542b1ed9a93d023f97fa1a4196a0d7b47d39085da70e8bc777db7ebe6147e216c8a432cc983531a4fe37f8145512239b0e279316b2a3d5dd80378c3b9055ec304afa59d5661c0cea5ca2bdb571952bf89dfbc7209c3c263406cfa5a5b03d39bd4ae135f476816f557ca99d68c49597669faad455b01b5118c6f4d215a178c4cd75ada7eee4cbbe43dbc4d2af5d001eba5e740440e6ac11b0d8f7abe647905cd11af6348da42d9b13c416e21689800098149f929518342c74db1b5d5139db99cf5db39f0843800efb9f1c406ee18a4ccf4524883e3dba511672bf06c8e01db61c1bca601265c6d295415fa9b8a6cb55bef7631acd42aeac9fb165581e492edd631fd04b854b6f2fdc1e110b9fd50c37dbef0a429f6779103b06f86b9182c5c7b3d38c630a71c8feeb2c717a18943de132799045cd017f344595a5cb61499903c6788f08f272428d7e61acb86d8dd70040c98df88865737e5585789d1f7ddad72bfc6f763a0a432cb018b0199d270f9c8ea7425cb0e8ad868e2b8c7631a52f57e78013486669e90c3f065ed05ab02881db954af82edb56f5b62ae31d30a55faae56eb2c036d09a355e562a379f087fb2c96b2a703c577b554672dad0879bb301661f22fa703e673dee3cd64b906e25740f49dba02ae04c6c77fae8da96c0d1b94fa3d109f5d78b753f37df230d9599e3d055a006a15e53591756f61a437446891c658f78bb67ba85d3cbdd191a1895aacca5ecb71b4cd09e909b23e42dc59fa474957de6d8de6b3f7b55e4d77304b565b246140de69d7e66345a31ca1d1db7d7048ae68cea68caccb133e6cd2748d4014ce1947f60793dca08e118ddaacc49b1546be866a2c668b316509fb934c0548e556505cc1e49960ba48c976f7ae409266432da0ef4e51a5184c524a1cc43c9ca660f132afa0a3ec68c77929a61af9c58cbd6ee1f5e4be8405159e7998fc5d05747e035d35c73f6ce3c2efcd0e8dc413cfdaba01ee6bec6d1d2ef0f42941d3319a011f478ab8c8f7f03e30eebed0933f2e9bcf0c984f59e8f473ccc983797de8c18c4a712f0a2e93c4d37e2c66b9ef16afdc7892eaacff9661d2d390ca3c475de9ebbf82591f0932e61ee282e53f6b165088044f5fb9b5bcb3dacdb92c6b8116eea991ebc24923082b23a5badb790bbd1817ca62672ad6f13a79304ea70e87275ce68a4b4ce9814697d178c0516552537201d2c19cad0a919e91aecb8b3b70425a05eae87cd1bd6a3b90ebb303cfa870862e2c80f3ee64881371606af04b8c63c9ff578a70f731a5fe6299186eb66478f43f517069c3d97bc27382f002838afdc2259cf7785d2c93ec5c9f607166a9dfc54b65770dda0a0a6e6ed4799f7f779cfe43f075007944555fd5f6640e8c4751a99b3595be19498ce8561b4689c158a0f8834b41fa5dbeb55ba2b59fc3e9742c4faca84dee28ad84792786f82ceea51bbd52837c686262540d9f8fec1a857c5dbfdc1b66863f82d816b383ab99d786ac0afe3216fd54708d3c52587725298716111bba31394af086fb9915d694251748b2622834885c506866a9eae485eb6718fdb5ee05f1b881de7345b30a71dac00f2dc0cd548669b6e39b50cfe197d525c79ba1e458665395b52f99ee62f34f15f394e77efafacbc4c7cdc69e023cdbb8fcbc68581620fda40cc93cdf6b8cebf679470d7757780d9079f9d4016dacc71e903480abf713ded85e08e65832bc76bf9f262598376b974ab44327e5cc27e011dde02be4efc3521e5c91b21003284b18edb29addd5465205a244518fb1517386e56e57753136b8d1b3caea1c4e8c20eef89a52f9ee051d95914768e49575f0f264e6676471e854df7f72fe93a93dedb7165ecf13961f4f3773065792327c2d06b547da0ada66574d74f0f92bebf0a30248a25b9ce93b67deb56a79c58c80734bc7252b0512e187f2c24b4a4aa520dd395104bd3847250aeb77fd55d89839dcf1208722101d0e4c166abe5909ec5d28ec04612d9db691995bc0d8d554b9dbfefc3e0b6f59d625d1bd0f40fe153500b40315e336b3950fb2343bde31fd20d0ef4f687b19df03f4829f3f1ba8af8c992d1978a62f6918d8c14913eef4a95c0254e735bd52b68c15d02f5e35a392d617a443dbdd37a665e6f5081ccf3aca8eb98cb40d2d141b37992fcdc825c7418234ec71490afb4eed9e534cbe106a5a8db525f0b4340fd9f7b81f17f4001bd28414ed9df0a8e6dc64eb2caa3f5569629225753f60a19464c1bf58dc2fd9219e1c03d4de0f38831bf528150c9917a688efc574cf51f55a997b01e8ec57ecf161f26b358ef929a8a77d7553dbf061cb36553a9d2af92d1013ce76a7d3022b7101627fc0890c1ec9490d718ec942cd16d03f05d43efd202b6ed6f192105769feabe8eee337bea02393e232863a23b92be29b2077dcf0cbc14cb55d9180a781914c6f0ba0fe6d39486e557dbb662a8fdb9a4761bee4a51a9a77cf6c7e8668bdcd579cab28488c2d3c4db157da97ed24c3a5cfb1c090f034355dd7538b01d149aea6577aaff60b1a946b933539a9c7ac2724fe59538cb5d9a6f252bc76b1559478ad070464b526e9dc47359f02d35b2be5e7fa6426cb7e1c9dc6afc709894be1656c8aed4e62f20b8f69bb23b50b107168d2ff9f8aba3c56adc452be09d8c77333f51510b46d59a4ef38ae88977a23b0d186d7f36d9a75508e1a9fc254d34efef5646442e1a389c840b6331dbe2ae969bdb38d9f8675c0d619a3af54bef3ba4be902c0d2181ce148bd04aa3ed0478ac13f7b3c6c2aba5ce9b536856a2558756df3d1036859c8e1ae040861b039098e0d5a39864bfcc1859f49656ca19416248399b7e7604db345d2b8410958c83f6f4e0287238ba76653eb8712738304e9e8eb39f8b683b4d68436f7da5d8997b6d01336cf8746ca187114f9a86015c468b5605bb3ce1b62cc22d532cfcb24058a904a4dc4af5bebaa727990685d15be51090ececbff9eb7f2a8b5c2f3ada4df164886bbf42617a15b800616c702daf18d20e7c2eb17dc00d3b537a58b62b5fab7e921ddb1aa3b1168a1697ee6f0bd909b8a3f93659bc5815e436c3ce305bc7c8428a8519799e98252551e2d12759be9de040af7d9b7526d85ae53f21edbb451581b60c4d8c835916a023be23806831b38347c2321e671eb23d4058122bbd94615ba40a4590b909352f601c1c28f19834b34ff0ebca946c4f8d04ed856d6eb6ae6e34b53c8cdbbaf4ae371318f429b791f995df9fb6616c36606878f694509bd289304cdc5193e50a5a25573ad27ff1a4f38715fa5db28353741b9835f161b8bfef8810a93157cf017e6cd4d022c49ba7e486d91da7fc7a477d7aec741b037adab85ccb49e7dc03fa836de039a5738a6a05fe72d136ec61dac661461a9fc3c74b939581cb1447b58b6ad6c3a0847d967405c61ced4b61ef038527da0b485f380fbc760178dc9c280ff7ae132dcba0f35b8759e14ec74d84c745dd487d8362a970a4f6cede769320c99ec5c2844ccd58d28db5f65d9e97ca2fb0ef16490c0ae0d3ef916030b15440c6084521020f500ac8514afa5089bfd441d1b36b7f4e04d346ca4f2a29c4c2fbc95cef9f277ab95ef2522cc4e24aad5d88093a075ebb", 0x1000}, {&(0x7f00000011c0)="3e0c8d9265790d1204fbbce04d36a52329686d5c13d73074253a66dd55d50f8984c92aad5e1c7e9bac68b1eeff0aa3", 0x2f}, {&(0x7f0000001200)="238e203633045fa9f1e566af47919bc4ae4c566272e08535eb13ad4b5119696bfc57b123296b3df2", 0x28}, {&(0x7f0000001240)="3feff86b396b6a46a38de8eb16fccd1cfc", 0x11}, {&(0x7f0000001280)="9950bdacca7478b8be02c053c4d64079a9a267e30a1c962a1e2e60dca345499fa862c172c71c539a53de4e08189158e3f21823af42633dc7a749b8aa327b7b7e21257f5c37a15c1d181e78b0ac78d765aa90100150ae544648de8655e6139877e8c7b9ec096a25fccb14525dd6194c53d66474ef22e4fa93b48592d80ca1b3867accc69eeb9b56af9c108ce3c0cfe0a85e7a5066a4c3feabc85d88c6ec94b277013f", 0xa2}, {&(0x7f0000001340)="2b4a525d0ee79de19800c733aefe161c0d5fd441568eceed0ac3d875b5f441ca6c0ca09aee1f5db5b8114fbd65b069da2be13c72c2e50f1e4141267a6465aec398d348fe2b7f63491eda4ab5484eea972e8390942cbc0502e3e37f8034c91dcaf60204844bed2ed4bcf9dab24382157ccbf2e58d8e2584ee6cbac752c64a635e51991117", 0x84}, {&(0x7f0000001400)="577efda66bf14a9d75c29fc07b8c83c19282975756c44f10101c2a9e0ec1e97b727e0f11ffed39c711c20b33e0b9a3f646217d9d8198dc72f153337c215426e58df5d00f7960a356151961d30ff9dff25131a0a534242cc273e929d7db3108f5817c46aa", 0x64}], 0x7, &(0x7f0000001580)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}], 0x20, 0x40040}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000015c0)="bdeb5ede133fc1a493a234d512039e79b73d94c9fc3fc269d9bca70b3e149faf5dc663341c44d17dc73d4e7f4eb40dcadebbd59dcf04de79", 0x38}, {&(0x7f0000001600)="4843b7125b261b0b53bef6728292158b68aca92e92e69c66a36bb6734af8d1efc321fe4163b948812a9cd672f5d5cc7f077f769f1dacd63ed7cefc2a4095b670e768a2c2a36dc7e10092ab029dc3b08aeed1c3c10af29df908409bdbdee686c421a862bd9a043b8a7bc935a0", 0x6c}, {&(0x7f0000001e00)="869a2740e97ce78e877e51aa8231ca2ad79578713ad36b7268b4b4b15d01f884aa1593bd58d46e25b1b0d12193dc3b70fdfa68cfd5b57afb1bd2523aead009d212f80726afbe6996851abdcc48664fa740376c0a911efa6a6047ffa4c7bdf451f3fdc0af36735aa1e5f29398d299b13456bb4fdfc93d64539343650ccca529a89c506ab865065321c50ffc79cc976a5cf0c5808e5f074f0a0528faddec7c5a4e0a347bf1b62978337adf951485416f9dd964de619e705d52a8063d59d6d0ffb1e33f8086aeaa3ee42abd9d5ebc8113160da581e3db4de045a987d6fa7c8e89b391ba9db1f1ac3a9b4b7195bf6708a0a793096e058cded4e8a0fe8d8b880ab2a27f9fd4ebe4d216d02e6f08585b24fad4864eeded8a4cda39279995e5f4e68948287d006abbd8482e11292f41351f947a1b026c570d68e58b4f4fbe920b0f4eba800ffa55099cc73d064fb20bdde0172a50b07a9f0322afbcc9023c12f32ef445774fb1ccaee73314cb3456f984b90f26f29932e5dbf9e743cbbccec4a1c71b2d7b0010a82323fc198dafb4866a26e1bd0532ef26d24d372895b3d10de3603f2ae0339cb27f60419a3d959d5afb2523043855f6002a7314d7128e1f56b918e3a472ec677ddb56adf11ca44600c2af8da7bc215320360c71a11946016fdc83bf61955c598eaeba08b6e2788cb4733297f6fbd472b00c18c846ef09680741fa1e2b0f40b39d97727a3a8c0bb400d581dca166a19d154e9e1a98facb457b4d30f079db05c48c0a37231911f695c025899dfa2f9120c20d299f2a2ea4d432def8cf1e68edc52d620006de948fea9a70f19513db2871b7ef0dd851b9d085531845ac9ec577f0631beab1373b1badbe43bd59cbdaf0c0eca01a599cc880e6b4fb7d3eb93b85568ab94a1f98f49cde61a1dd381928e3d0e55d9e1e18ece0e99f5673f8f4b50c589fe53be4bd4253801a7433077f624c3d2dd07acaa2e13d3a6417ef771702f8052d738414f9c9a527f1f06a4d395fc1cc31ba40a9413481b113a6ec572af826dab8268a2d36b015c0ce0646dfaf2616eab995fdc40ddedd567930ce81a12a77c628d9854b4225841eee48b197f78feea1510df5c52341ca648ad0d533bfe1e6284cc08d824555982a01fd6146fe1f5ce99fd9ea7ccca0e7f0124eaf3d2eb5cc42116f48c4ea9bc4643c3b7ea06328d7f2520c37e8a6dc211b73a4239415b2b013568906dd06c0c228e078121933ecb2647bb0f624d9d0d000a1a5cc068148db5a7cc4e8486bc5f8c11bd38ff75abba7dd64f29ed56ee8b32fe971f097b8282338d98124dc25679febc67f6e9e49a430ab5bc294f8adbf7f65734968787ece1319ec14038e95d63836bf1e271569b034dee1275bc8e0b6976ac8b90c98c8396f69ef55b75a36f0e9071b3988a95c5ce74dac065db2c3ea8223a32e4671c0e2c3c86a19d79702a37c37529e54d3b9f72177f09ced5c5ed145dbd7062c5509e3f76b7da8bbe7e1c888ca27395e7cefe034075e58312e9b8b57080685bcc3dc5b78ea9759e1a05f452d9c6444e6a53902277d4e29378eb3f404cca53659aaafa3dc758ac5877275b19121f0f580c5fab750c562f4a49ed8d1063e7611698bf438b03f6fb2d30f35cf6690262b42c63612689e68a66312770f9a2aa014a3ad604781d54064f87d6afed34da0db070373e19ada28e6597595f5ecf2040b2c0c64c09593c74673cc33c96c3ea831a334536e8fffb9066da05615bcec313c5ce051ef07be972b46f3bc7d94f90ca5f226c1ac0954c78e73cf4616da895e8f327c5e69b58733e7ea1af5166a9d97d635c5d30c20f198e4e379793fdee04f42156bd5b2fd4eeb75b1e72504f837cb425465b4cab02926bd51fc1c627a9b711391887416bbed2de88668deb14b260e4d656ce9f3463280951eef7f3d9ba6cd32c688cfb1c95056d3757ab43812f21557cd513a9e452e82808aaab33f161bf2c5283fa6e1df9c86ef77e9f471fb073bd85867aa50224f185a2f9fb01dc078dfd568707b03547a0eb16b4eae3b74d6651eb406d63839d3e1774d9e5a8b1947f1c36f1cb623f5f0642ec36036581ecd6a16245ff817251043bd6a4c9d04ca0ee37537247c2fc90cc4a24fd9654fd7d8c0c034b69cf9cd6bb03601b4dc6fac7e6afc3dab4ee5e5e2d6eb6a9937e502a009cc2e7b218e141049c7e098da747bdde6004fb494e7260d059c737950b1769eff76577f1b0a90de75463d919dbd6ec1f0d8db1d9f24349f7edd1788ed066a96d5f9bceee45c6467f38b9b495361d4ef5455be254fadbbb04b572d2093fb74ee4521068080f028baec4430d44bf913e9f941acd7353109c2d63d676c733b093d5550421820dae83df5b81e12754c79028df89b34c3233bbaa9fafb8fe5ddb924bdc67aa173a380a3a3453f1e42b308190cbfc964aab2adc49868e9c250ebac093c72896ad306e957e409cd9b313c9695ded4a11898a85695c217cca01b0495f139263b6d37e5cd32b228b5c6e8007977ec646e95fe1dce0dcfa9b36bb3afbc4d597200b08ce8bf0dc92f61008f24d806ac35d8923cb622dc57bc94146147b2240f8934a32224e7df13733cca8f0c9ea8da5b57a96f23c8280abb3af90e32b77a67e3fe9dc9a878fb2df1ad5e9fc78fc82607751b5799e3974fdda6905fbdfe6cc68a1a9232709e54952fd1a66072dcc4305a8ddb327d3f14309e2c56d84430df2c4da661a2e55a2f7f273a83cfeed77a50e7d8b62fdcc715267c20fcc4c072884ff26585270955bb4fc8ea7bcc81848657834f4a523df4d67719c0f45754a51d71da100302efe0304423139d0167079fcf65b22f4bb3a36f475cf2c10c2d44d26d363c4c69baf86eeff2b77dbddc7c74c7a196b7718c5fdbe31e7664025cd6df96a16b44cd38f1af841c470ef7ccf7ae10c98fb6d481d9243b8c8f9859aef1431dd195d1a961c66699c10931182c55969946aeb1d2ec30ab82634ca21966e45f690f12f3a23c8e795e0b701669bbb12277a48f4d82ae8b4ee7988be444a2689895548397aa6caa2c5f2f758105da9be56d153eaf7a587da4f009a92158d710dc3b88daa9e6c35cb55b6d2fca13470521b7076b4585d785d90d97b0278a3984ac740dd6bc139343bba1c1c5745e99b0c6dd0e18b432e3baa1137ce87d77416fc9a85d03d03b7bf7e11ba7ed0ced6a3e9f5e1eb246350cb2b66eac8f87d90ba45def117ed30a33f19927656e680d852fd1ca096bff70a574a269eb819c5b76003a3b42430a5af1300321233db9170b76e39f5f0515f77bfc8a186edf98f9a4d633219a3363bcbed9be2d0828c1d4ef43d017bfea2d79fff6897d66612435ad1d8fbcd5b4e6979f1ee3d3372a35a293ded1c3d7a4101171495e22127724c625080a9477551c3641bc547e49991a081ca914ce6de7bf4dcc4801e9f344d7c8b7ffaa6ea1b961d3613891172cd3392ef77fea38933149ccaeec667195673efccac16c04b6a434eefed3b3cbbaf54fef1902aab4ea282d56f62b9398485224325c067650f8a04b24d13750d1e42349ef54069f243539364d7a8f277f47fec5501e4a6aed057f542b903c32dea8305e75b086f545c7c8adafd2491715486233297f0e7fc42f8e9309c561c46a53664e1ddffd57be8b8c96474fc8a81de117940ebd28e8beaf620805d7ab40ad2b0be0ff0143a699d3c97f16602d201a20ca35ef19c1b106530b53e8726ee67c34e31f00b222e431538c2572f67b01014a9b2c92797274732e1c72480220ce7a6a206ef0bdd419d4232d299e0f66f7e10ee2f2c8f960c6e6633e90211333e2c3f2255c031e4e98f11d538b4e040dbaf464cfeda01256e8fa4a87d4865a274a72e1acd0f9adec3911940426e37a4dbb4b569e39f257b297ff3881d29900238ac30dc957ffcd41738c8fa71ba3a275275a7b067b2000304127fede1ffaa92fea95ae11110c563f0272584b052cb06949c98fd0ba98f95dfa021b84db41f28debd9dabdc0ccd946eb8ddde4c176c467744153d1dd8f8ca8a5b4c25bc7113f30e34f0aee04ff4d5c870670f69814b88e1aed3db2e4eba45f32b817a6d3b207f955868988d8bb1fea8cbb72537cf95c14d7d1fdd03e9501ed5e26745ee717a3fa9c243e04b237095c11d3794413ee458c393d5a021a13c7f1f5b30886eae777cd940009d0b6e10cca7785d090b890189db04825175b0a21ad0a6da603ea2b6ce7e1f11e9972807ee41ac09e5b9845d0b84a5dea0572f602b881b066b03a689fcecb04e470a7569b6c8005e6f8ce9fe2010d7e07e4910ffe78b01545f17b7ddc348d542db53473a0eb68d55848aacde610a080fced0edccec344b8178d3904ff633404bfdfbfd39aa412e42a48dad26c8625332cffef1cd25097e32e280992ae143959649cc131952cccdaeef8a841a167af2a4ed03e2349b8498c86c5212850ea6dc21d9b27957199a4f980c455a6fc1f0f9ee8bcb158c99eafbb49055c425a217e2b374cee1e9358abe9b30ba636df4b177e3cd3126f60f11ac136814aeb9a863a64493a021b566e8bc97d879c4b1598e8b4cb3fbfcfa3bed1cb9124792afffe19e52c44180e2d05df5efacc76e1a66ee92c8c4b2cebf3f25749dc11a49a669f33b47e59f630cb1b8da4de904e4acf97b0dae6d739a1b76153e344771ae2d2c4c5ffa464e8b05d976acd68d13f7f8a9628f1241b5647c989e5b35c2dce05f53182822ccde7bbc907d5d8bd3e70b351baaf8aa3f9d1178532a34b65fde2daf6f74933fc83febd5e45dc278b49ccab07d56eb55fe0bdc162d753cbb90df352718cfd5e3b5fdc95624c2aa1d88cf1d2919ab3fc93d73421f36c9cbf7e5c064833e7f9e95ba8888b9eb42c8ca00b7c20a9ce62d1fc15db7ac6380d6d447a1de566c29b226c41d260cbe7f78ab7ce96027ab47377172e26a77a8826a270503aa4456b1e713da3fadeba3079431e0d1dd53ed6d017b66bda19fb8b2c53bce1e31adb429328303f83354704c6d08df0ffe9279fdc8db7986cbe21c1cf952ac978c5186398baaa9db9466b2fe72374fc07327f830dea17006e095e680510d152fcac676c88478b969bd42ce449840ff4729fbe3f8f6d889fc3e9744ab83b88f7a610821cbf94fb4a506c8406378943349cc4dc047650188e93fd350e5a221806c6a8e0942a9c6a94535eaccaacac1364dbda63120dfa4b493cab59a605422e1190f036c69e72db52abcec50650c708582f73cf591a25e84ac55adb35985bb5a99d2a35e328c66dbd4770a69313fb66edbcbf4d15ede9f2ab641c1815747e50d9f7e6ece77690123fc397411f82a767c5f736c35409072deffbc37c6aecc3497b4f77f7bc020763a4896d72a775e05e6217c365f3c1cffb43afe32662c6fc52d7dc996f610425c8b9b4c22cac8a4c1dc7158e5e001863f9696d5c043cfa7947ed2707319968392f2f0e9c0f3dc7ffdd4833a31a50981493b7818ec7832d2596b38fd83ef2f40dc67fcf8f0502ef97ccd64276a832f6a56b34eb07ced7e97b005d176e89a2041bb5013ef194a0dcc3f45786513f08864eb7c0db1de7927e08d9e269d00ce69439c7320506b32e7fc2809fc5e1aae550416cac6a31006951b6c4ea32266b188d17a8e70723a0b85c24a58155a500a49888a62b7fa948fa5ecd095a402e4c4a732849cf40c66843b64c0a41ab89819fe30a674761b704ddde00036d0e2a1ebc3e65afb67a9978a9f68ccec59cf946598efe1d3e1f4fa68014ba5a7b487e8501162d10cea37acb1eec7ecbe8d956", 0x1000}, {&(0x7f0000001680)="1b53ee602f4b524ffa9d576c5af97c715606f347278c7e80198764c365de01b01ea40a490a273c9083e0c1620fe6ae79c85416ecc9938e54ba16959db6771a80aba5323ef050d4981a61449c5ad940eca043247b5736b6fa5e78089097f1968c1b1b230a9c5999b0ae16f003edbdc75011e55395070130168dfd4c8227109b531dd98b1b7a516c6a07ba27b048fd69794c8cbc19ee3738f295eb60af0f2ae169a6a53be53d32fbda752a6c2a353a2a41031cfa892b74f4a67231e434a4405945be72867a9a6d6e85e55e9a32e14f2012be5c121527bd54a4", 0xd8}, {&(0x7f0000001780)="e0dd8438e127b0751155cf1004ac356cefd2dd6e1ffcbc64afc6e2ba7c7ba7173b959372eb08d875eabc8f409d3d57c2cfc63d", 0x33}], 0x5, &(0x7f0000001840)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee01}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x38, 0x90}}, {{&(0x7f0000001880)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000002e00)=[{&(0x7f0000001900)="dc07181c67707279eaed61d421f29852162fbc32229c53cf05b4c67ebd8c723bdfb8021d370f57b96e59b879eef88542de99d703a6358b50433a15681d4f264169cd5c384988b634cad44fed01eff1e5cb31fda563248b17733efa62957b2c3cf5", 0x61}, {&(0x7f0000001980)="2f2d0264920c50cd2156407b2301e16a83fdbd77c8fa0b0757318197779ae36d54bcd0c107495d0649ee12e25080649186ffc5f9f19dfab74a114ff475b436f728c2edb5ce44129b014b8bc603d3e30c1b36e18034f2196a5b43b384f9c4622d84eff2db7beeff5fa73e86fd7977a147ad8613506b2b4f4371753ab8d8d017040aff720a4b7cc6422102b9534f0f0eaf6e45026f0cf3a6651c5d5f4bb4d65e8202b2ffe584656014ad74bf820b961303990962", 0xb3}, {&(0x7f0000001a40)="6c6b8d03f1cb5db28cec26c11e6dc81279bdca9f066850c3594fde1cdb2d1181f91562db3220322fa84eca2532de38017017ce45503e09cd527d8a6c131241a65356d25b16792284bafde00f81d177a321f60ae8c013bea5ee72cc4aa40171cdbca4bdf5158af0b1b72691bf66e1c458abf8fbd5c52265a2bb7edfb6344c172416c582623447781f0a43e2424a4d99108175c864a7657bc24922f1ce910f38b8ef95d8d33316a4d323bacdda7ae2d786fe4d52964b10771f786f3b51cb717cc284246f9797a88ebe677aaa655ea2768455", 0xd1}, {&(0x7f0000001b40)="cf21bffac20d3170e90b7359b5d254ec838a8e7ac7ab272cdb8f9ac86cbd3a4f01969236daeacf8dcb3d3da3ad390bb3b365c13c0634b6a32709e6d3475782305d031cb9d997130bdc290ab4b9947982de05d27a69d15bd8d8c235c0ca0750ab8cf7aa1087ac07dd45", 0x69}, {&(0x7f0000001bc0)="9b9f6de2", 0x4}, {&(0x7f0000001c00)="21e9b9eefde5fd00a27b75496aad2ca8deb7dd9934df87853d22df827d24a0ccc1c325822303125a2946aa9c4237f424c7b55d5c1d10aa1cdac1c94722162ff0c2db040796", 0x45}, {&(0x7f0000001c80)="661218b47447007975c56d676d59be8c947217f0f4a09d5b9e76784ff432241b", 0x20}, {&(0x7f0000001cc0)="eb194e5718853ea6b88a5142dce28d55", 0x10}, {&(0x7f0000001d00)="c2aa5a8dcd2c0c13d2bbd9c8ce128279e728f34fee7a6f5e4f40703ca027985e44d6f6f2eacf1e26b75085f5b71d", 0x2e}], 0x9, &(0x7f0000003500)=[@rights={{0x2c, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, r1, r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee00}}}], 0xb0, 0x848}}, {{0x0, 0x0, &(0x7f00000038c0)=[{&(0x7f00000035c0)="58c405d2983846c81f554c2d5db2d9e1b82c9e365a796b3918e8bb3dff25756f7841394d8bf50388ea40106028fd10874e51dd3539633e2700537654a454079786078f363235d1a3cef07c5a90662077eb82d11efbc6c166415f00e24f12cba4f7d51c0f3ed1a62ca4e3c21038b8fffc77c9af6456632da683d0eb844c3d47c083d51ff0b9df61aef9498a420515048a5a8addf7f688e6e90e54df5a15416bd7f773ce7e25c2b27a669c6c12bac443b56f0475697ef7b35f41bfac372cf6f4a9dafda2", 0xc3}, {&(0x7f00000036c0)="d037e6a9d67650d8f69d8dc0f2e1fa85d9c22f31", 0x14}, {&(0x7f0000003700)="be87709737d904932885", 0xa}, {&(0x7f0000003740)="9cbb7c72423e194f37a1334b693e01da0c9309851234fa1c2ab83120ed073c07d133d7fcc78d8c9c24af17a1c01c1692051140fc6516557842e8c4e76412cfabef3e092a0434bb4930436b527411fb4879bc25dc618fe0c4113b58c32bc7d44e84f0b1b853fa32511e5b995c06ccbae9d5887cb36d2270ec37518ce1e5c8d83e71bab6678ec95ed452694130183000b0110187e5dcf52e3038cebf84b645d24da6ca1e7c907810696d0b061fe9f2eb8f1d44afb7255ba45dfd8ccdee07f7f22da4b82e6384649683a7e7c0bcb3ef9f7ec94c6acfc86b7bf431f14065513cd3b8cf65f44a912cd12e", 0xe8}, {&(0x7f0000003840)="8af9405ea502088fd28633f2b518fdcc5e5539c88681b0890a46ae6f364c7e7486c30d9534d02764753794651451f615ff8c10f976210bc1026857e9a5fdfa9af1e933810cc9e19bafab3c3bfc7c9eb63aa9b0eecd66715fc6d5e0798d348bbade93df4c29464b9dda706ef5", 0x6c}], 0x5, 0x0, 0x0, 0x4000004}}, {{&(0x7f0000003940)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000003ac0)=[{&(0x7f00000039c0)="bf3823b694e02526220616323b5694264e0f2291cbf71afeb0947c71df2cd7060b9822de5f44b9027010113aff976c2a470c667231fdacb79848a14a1e2614177f9fa09f41d7c2b7e367e9adabd02f10dd767bf9538f544957f310f4cafa077c39b292e5b966e857d3628e010569cb3f352a5988546d0bd40cbe3d1ba33b0a1401f11eb5fece38f28ae9e7071d935ce1becfad0f86b248638da8e196f1f5e23d223eb5724126012aa901478a", 0xac}, {&(0x7f0000003a80)="a799db7ecfedc95fced0a5ad4d01b5ac43558cc74c0f6b29cfdc57821aba924d39fd2dde77238ffcd8e2", 0x2a}], 0x2, &(0x7f0000004b00)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r3, r4}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, r5}}}, @cred={{0x1c, 0x1, 0x2, {r7, r8, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xffffffffffffffff}}}, @rights={{0x28, 0x1, 0x1, [r9, r10, r11, r12, r2, r2]}}], 0x108, 0x40010}}, {{&(0x7f0000004c40)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000004dc0)=[{&(0x7f0000004cc0)="3912864d67e6678dae9d3da98b9dc74529eb6925da30ff67edca2736b94c509180913466ddefa1ca0a7f1d0311406f83cebd324b04f7898278b06ff9e85b3085210130456003750339c68924834312e86786972ec5051c177f009e9c417b0ce86078a51a68c709a6a114f3123583a15ecd55c4d299dc74a301c1de3e1ff66817c72d43fcadbd14e18a36c78cb51afd33d0cea7bfce5dcf18ee9559a10d34455dc983808696f2d4016b2cbce018ec44d406d1cd3366e4d8b757b8e7895d076aa83e59f788991f8f4ec0c17c6d9a8510ff4959f84ab3fe2dffe6e510bf38cdf93bd0a860805398a9810dff1f2acfad4c9eae07292e92eb96b3ea", 0xf9}], 0x1, 0x0, 0x0, 0x24000000}}], 0x6, 0x20000000) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r13 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index=0x5, 0x40, 0x6, 0x83, 0x0, 0x0, {0x3}}, 0x43a) sendfile(r0, r13, 0x0, 0xffff) 05:02:58 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x4, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:02:58 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb302fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:02:58 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x2}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000140)=0x7f, 0x4) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x90000, 0x0) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x23, &(0x7f0000000180), &(0x7f00000001c0)=0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10, 0x0}, 0x404c008) r2 = fcntl$dupfd(r0, 0x0, r0) sendmsg$inet6(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000bc0)='+', 0x1fc0}], 0x1}, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) umount2(&(0x7f0000000200)='./file0/../file0\x00', 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r3, 0x0, r4, 0x0, 0xa1, 0x0) unlinkat(r4, &(0x7f0000000240)='./file0/../file0\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='io\x00') 05:02:58 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000001540)=ANY=[@ANYBLOB="010000000100000018236f169060ccabce752abbef3571a99984b83cf44f9d1db724ef968023d6602b954d4d35b41052e9e99740803ece0c5f78a09a60866668bbe7118a081655619f9b9dc9df6a88525c9c37577943eca2d826d04f7bc050", @ANYRES32=r0, @ANYBLOB="03000000000000002e2f66696c653000"]) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x8) r3 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r3, r0) writev(r2, &(0x7f0000001400)=[{&(0x7f0000000080)="0ee91bfaa865d36572e23f0b248d9fb0341d", 0x12}, {&(0x7f0000000280)="8846cad2ce3aaa2779d018ea5f4c9c003b0ea5dd13f7769eccf4f019d8282325f2c22f4945e9f40e30a888ecbb2edef85951749b51973214b3d04adeab0ecacf0ee8d839b4033346bff07c3414d20c002f89169f536da526009293908da879e29861bac8395916775a2b7af9cfedbc6460ad93ff60ca79da87b76b44bd6a191c8ca70946dac0e0774e11f811ee2aa15addd15dce11e46c960e7a2869b4ac0c9e5c254a97f62631ea979aa1458c8992875d400ff1644f2d0bf40642c32fa3a1d2b542ac66055b55c96e2542bc2d7f7f6cc968d7c581e300d2d7f08a19e67da4c1e23efd6bbb9853a738383b238537b594fe4e0dc1f025d7ec5374fd7d7f391c51d4853b8e3c66500864821aed24e24284cc0b8eabe89427a719f4a9428e1de890f83cdefd29ab1e5681b911ad92195534c139075389b640ce8ad5ebb15a42320ca180f086a98f4c48f24f550fdba3d8510d28ed66d23c36528165164e7960c047df29f4bc0de9e58a4296a980ea6f8ed4670cb8ed3c74ab454e29c1a7882d7d4e7d3e9d6705658733be044eec225b93dcab61fde09b3a3eb8b7e63910f705c5107d2e1b5eea363beecf66db1f85ec978f728f325b619029f1fb58a5b1bc522953581cc524297cb252e85d08cb1642ebb3f1b1d2eba2f03f6c1a4d7bef0f926c052092b942e549a292b05a5498f6742f5ce4d4f98757ddeee87e30acb2614d05e1e512e08dac2ad8202f95282565504e35f5a800c1818b500e3d4ece5efb701f38a717d5623d6649a04ce7397bb7a5120f8188c99492b4e1e8a318280397828eecee75803b9ac920f8489de4d4cd55eb98e006f3d3c6b4b4d9e7a28472218b786098d7fabca17c63af239a4f769b1661fb56840608b48387b17e32af82a90d9581969755fdd63082dbeed7157cd56725d79ff2d9eefe37793a0408e2fafbed2ba1c4839ab1e3ce80fda9341a4de20406f49994cd6fcb8f5d3c8162f768c8fece30f12c586cb57708841c7552749f78b78901ec1b25eea257390954a1c535305e775afbf8acac83688e7e135f6a1ab1ec4ad77e60cb2651e0b10dd8c3084502128b812f6bf0ae89c785831f76393cf4d56221f40444ddd935cc26725957c807220378a20e051cd654be347f0afbdd7adde8a17fdd56463e382090d70120f95c66f54d7ff3842de65b1920df3bad3b4c178d3bfb36706171b6746c451a630ee9a6bf1d1c952f3916bd185b0190a854630f446b2683e350c9247ca3ccddde9383a75a3834822fb3d2da096b90e0429cfe4256bb9eebdeb417ff0db1d98870bf0874c6589079837e4b806c8a5917be9dd33e39cab2ea6dee19210263bf8294aea34be51d8e51db58b11aa0d22be3e2d857d3363ca91a94e161bd56adde1cdba11cc735c89e53208b75d6153d5841c421c90c0ad858db93e7ea3b1f75b723576fdfc16a78f2dc4b02623faf17e9f848f5dd92851bb48bcd81d87ac2de28d1328b65482e7fe7192dc18f2b1e292f3d7099b3ba13b54a8eb0f65c436f0caf6f1a8e4a80fd7a5bc2c2a0e9d1e97ae46ff79428b84bc946064b621bceda4acd919dfb412efca01c89e29b3992e509946a80b35d1e9c671ddd16ba8a25fa6629608b19749cb75c4189c0499a697064dd489484a69228e201c915e495bb7d21939477c42beb30cb3cd985a7d50f47ab96ae55c5aaa054cc4b633f373224670f0ecb39491634d610c56f8bea52c8459db3351daa109ea16a2396055ee06399d382ad8cef6dd96acd91a7f0c5643dab2ec35bf242c6f46627a18d525805b0da1e20523db24d6bd18d730abf6267e8e4539005065b75d45afe4662a8db609ec0120f52c147c40d83b273214045895c9738309c70ab43ef491b9a0c08d018c93573cbf573a0f82a150faef73b335eeac1826c1a89cc7a94577cdb27e914809adec23eedb5f9a7b4397a3536b5d529a051fac106cd91d0a350f1a46066bcd006b95862ec3387d660973f7623f9ed0f48597a71253e06f75c3e373997d0fe82bafa4765fe41f0ea9bdfa8d686f6fb40afdb5c5c40cfc4dcb9272c02ad3af65d497c8dc6f9bc3f6b6abd71627a9d56f54b80699fb7209d595a9ffd93a9c0550ecf6c127a92c9a1526ad6d6ed534ad739e9ce29b3c44a8b31c39508b8705c07c472ee85b7331afab68d4cf6a0240c9dd8713a3335def010f186358478e0f9d8846a4ca4d624b3a9a75bf1e94f21ba5af50071ebf5f12a191afa4a2dcc0802a102e00a75550b3e8d7278b7e86fbb977da62e078db590163dac02036eea41de256e7d6079a5c38a698de50d4a5826294b5330b2c7bb86e3928c2dd0ee0503b78d50ec7e79ccf49233d9ff22370bd222f6e8ef30e996d285e642ea16e1cd261955307e5509e98cb38886f5d79afafc38b9cf6c35deb75c9369a8366526ae21e811c91af9a9eef93c10f3d85943b5e5487489435311f747ad195e07d2da4e7935277bf0b2aaca2bd1953a11b6e18754f35abe7e334a5a0e166f337a4cd89f0237df92b70a62bd2a897576628fd1e13d1731170c1d85330cf9c49a0b5a985ae05c3fc2408049ff6f280645c896fbf403cb4ba1c90700daf4cfc34849c6157f55809bbd8ed3f39982e197f285c8dcd5bdcd66dfae0ecdd0474d0582d9a05976c1149c2e804c27e0f24263a87e907678aaa4460e53d1f07fac1f003de8e354ac00028aea1443c2197dcea7a00fdf430f464841e9e725af163d9fd523231abd4313a23bbf1d63fcde0a727e1158f9c4d908597740f201c12373582e1ddd71b2c1e310b854ae2e73cc6d563a1ee2b19b5c64f612b21b15bab0bb8b0cb443cafea41ca1197b439bb6fd2ace837af54648fe4866446fd46a23cf0831c9f17849f07857527515b8c699499bff010b1323235e96fe788e6e1467a38def652f9e8e917e1c34757b9399e37ff04c642f577dbc12f736518a42aa2000200c8261e4c52aa4b558d91b0edb8192a395212e1f20b368ca2cba858cb886b8e30d135b878d804c32c492d8cd33c501eb420492cfcf407e825fed0e68b48206d10333eade030857718228b05bf7a7153355c75b2fd13376675bf78a5bff38b44496e9a2ea3dac4b11e84b21f45d7aba55cb124edb0c8979db914869c6ab188cf5471f8014c6e406b72ec8f5a06ba785addde6132a28cad9eb2e63e90675eafaaf00e268eed1b79e14f147ff3195e1ae43ef640cd77ad5d0c6128a08ac2c32888311116e91d7146e179e96c3c4dd53af8390b7bec91243ecb01022e24a977ef6dc04a8377039d24447a7c89288180261df9ee23e88e14477c691bdb9cea5912a2c09aa6c0132cb35481eb1413cec744bd1b5479317c64c7e970f17584e593590a813c89c7bf7c0b6a0aabf718fef75b141598475eb596fbe6463dc9ef65367d2fab0dc10ed672921dbc1222d8eb1b4f22fd748fc81daf70c22bd24f2b85bd29be4f79d1021445188f60318865d4f99bb95dc896e6ac613691978c7fa2fc12ec2085a4debee34824b8e78bfc9b6ee8b0bcf59f09e118b3f8eabfd3d1cc691ea53a4ad1acff77ed5cbdb7518782cc88f67c857a0f24731e0fee756db2e24e0ab1f4e1812882695bee87201d2a76ca80a3cfb01226a6756b01dc88fde88c58600c708b2ae95307cd426fd6964d010bd64ec4c17228be90b96363b595ae3a843c9beecec53260886866019e00d005584a3bbf9b0849fb34930149b8d8e85ac60bc7c7c9ba7bfdd083ea3d10d25cf1fe8a2d090a91edcc09e5656b418392e85f79203a1a78822047dd78bf2dadf7038d9d2571e5fdf348da97a21572d4c65d7afb2d5ffb1382dc1ab7fac65fcd832ce3aed75300625bc31d5ad1bb5b188a53ee4077cc8a83710fbea13452eab51952df5c219050ded1cbb2fb305ab7b87287e39f45c0e0343cfa11ae3b011d4ae98146ea61da96c094aa12af43d26d3007477657cd4fdb1f98b30f47df2e63277cf8c9f9b00ea6166ee94b00e9a7abb6b98538535ff831b8237314b5d674b91857ff46c0baea4eec5d8bdfa55bf5461536b46fbb813ec2f7f105ca0aaab2782588b7889f20cad51f82aa1de574c73a3e8b92d870d26cd0b1e1676c8b848b2325053630010400d335970d220f4efb4f3ef6f679dde7ed538e18e1592e29dfe7cabc147875871a183e5110348f49e1db093ad15c904fe61c8cbe16759dfc23f086f88524bfa848b464550f30e2a16bc7c54278b04ca9688f9a3a0b4f18b4ec675221894b49549d64c1e226a6aa977a80a4a47e894c7bccae11eda84e5508ec7cea816d9322b243457ffc4a99927066d35c666f4e6098b14467c2a8ff2b3eb403e595ec3102012b087206451435d976bae2ca691ba62a35b374c552217fc9c1339852287de90055874ba93c270da086589ad4c10dfc0b05bbfbebd5793c531356dd97f33d662806b8c22c7423d9f910103b17d6c24a94124c0d91fbf60c7c94e454b546137c30927ef76866c27e581d891bb16d964c718f2bbc98aeda647f25919c4002dcb8a2b96f8c4cb9aabc81ef6586053051046445ef4aaee9889a90d7e2ab1e932b885feafe6687f2a986e7b4fce8e1be80ec8761f3206225832b2fc24e14c730f2dd45b40a7d5633e0a473f66ffa4a80f27b736f05f6e229f42f69b51877a8221baece51ba916ab83fe06a7bb133380c58c082ad56d85c17028458c02456895a0e15c3a913a03ae003c0e689cc9e49842cb8de8bbe8981c4f65888b42bc435a9b53d467b148540884d61ca7179a61035b7c3b9f089b435baea621ebdc1422c1bab7fd691c64095fe84cd0eb0435e150e5b0aa6032651752bbc03085c478d23d1c072593a28bae6ed0cefa4185bade9eda96374725aa27a7d2c98e31125d11b083e4126b07b894878442669c53ac840bfbe5df765b1609206c4456f0a14fe3d8ddf81cf495571f4bccefd61cb067e3de703fdf520acefcdf48e3e020ada021f11bf84ed5aa78a3d8434d2266f01451b311eeacaa942235eaf521a745bc12c1eb30679959bad570726b94e0144ce535904c25b94daee78a7d0563c046b02a9b85ccbf1093701abe78cf9a3f0208566cf3996b78e53435dab79f8b8ad5debfe1794cd8156435da0a0286f8dc31968c032cef63109f49cf22d9edd464e375c0b03b3686a070f70860edf5d5ac8f20a37b16a8c44212b0998f98529b38112a5e93a56105c35be752c9699619579b34f01f63f87eab80cbefe1d185cc6a0e7b0adc657d6a9c8fbcdf3eea18acd2f4bbbfa9228f43956e2ac575eb1a4a749c092c2bb8e15e664a027ddd4c5e0bd657f352cc50fd863941b46f76deab93b92462fbbc451634490742805468062d64b9b269b6fa56e21140907303907f8a407b80b4157f7e9b1943a358edd096be409e9d1c66c6fb76abf74e64c309fc14a15f3efdce6748d22469331767b51573de0f143e45849394362fc6763d17ab819764e455ca7c216ec6b88c099919c1e6cbf1d48267f0a0040f05c3a3fdaa447d932eb9100f24e7db492c48607aa6d7f47c20f6a84175c73eb075de7cc9d0163a61aed588381bf804fed44cb3478fd56104d4da0ff7d670efee7e437f6e18cf1ea59a57784bbbb7cde65cc920f765a7a27382a8dc0e37e1b90aa42b003bec903a97ae09dd8164d98dadb1d234255d37eb3679d1eb7d10698cbf98af1ad0990c8e919ad0c590e957221adbcd63dd46aca6d53edf419a96dc4d7c6eb169272632955f7717c41939df684d18f824fb87d3e626932704bf10655d117559ac795915edaee1ed81f544be176a414e6db090f8d2", 0x1000}, {&(0x7f00000000c0)="22dc3fa728252e3730f6af99f6948baf3530617ce269e0a8694f8065cde887783508dc6ace185adac2f48f3b692b8804956d97583a5dcadb3416683e2591df13eea05c4aa029f714d3dd800a983a2c4a922e0d35d7d221909df5996b563d6a05427cd18770e93309276ae61b6036e293bb8843af855323584e81f510ab503b275aa43a1ec86c2f2becf9e43a0c85e943581744be822a01ad8bed30c13cc9b85284f329281ba05d4a62cd77f970fc60d86590de162ce7a6eb788466b26429c58aef29886702a3e5", 0xc7}, {&(0x7f00000001c0)="631317b45049bba6170178dc384eef5340d3048a1a37c1e6a97d74d678de6e1016d2478230bf53bda16fcba814f236f8d764eb44a1", 0x35}, {&(0x7f0000001280)="f3cbf8591fb0c54c5b24b2f7944d8367f273f02f68ae8c98fcddfeb047f5663086438e23fa54abface0ba549683c8db487778411bbb3c8928b4d7c07c9a56a5c690d0331ac2f9f3d127de084d0dde256e92f6e0a5d0e7b89f3f4e8a74f6a9016c2a26b079897ceb4a01b02ba21bfd0be9e404e28763ca3412ccde6510b65fbac2948be8b17c655f9c673a4da094c377e8c1667f4b590a693d0d9b62c7c9285cedf836ff8087e765c046b23eb9f418ba0ec2e27efec1192f1a2d9fe44d76fcf3c01ce04aa2b265991538557ff803dd5abe1", 0xd1}, {&(0x7f0000001380)="6c05c213dd05879a5c2d57f288d00b1c083889dbe47a6ab293f7b825bf372a26a9ac03cc480108c1531c3c64262e2e64572fc3cf0565f6851567c4a32915e5d326838e0cf902f9f0d6d5e71a433fef5fe0d1d6b3ca923c75c70b0e9f0fef", 0x5e}], 0x6) fchdir(r4) r5 = gettid() process_vm_readv(r5, &(0x7f0000001a40)=[{&(0x7f00000018c0)=""/31, 0x1f}, {0x0}], 0x2, &(0x7f0000001ec0)=[{&(0x7f0000001a80)=""/93, 0x5d}, {&(0x7f0000002240)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/121, 0x79}, {&(0x7f0000001c40)=""/163, 0xa3}, {&(0x7f0000000300)=""/231, 0xe7}, {&(0x7f0000001e00)}, {&(0x7f0000001e40)=""/9, 0x9}, {&(0x7f0000001b00)=""/46, 0x2e}], 0x8, 0x0) perf_event_open(&(0x7f00000014c0)={0x3, 0x80, 0xfe, 0x5, 0x3, 0x2, 0x0, 0x0, 0x830, 0xa, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_bp={&(0x7f0000001480), 0xb}, 0x8012, 0x100000001, 0x5, 0x7, 0x8, 0x1, 0x2, 0x0, 0x3ff, 0x0, 0x80}, r5, 0x6, 0xffffffffffffffff, 0x8) [ 3258.506024] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3258.506024] program syz-executor.7 not setting count and/or reply_len properly [ 3258.510771] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3258.516204] FAULT_INJECTION: forcing a failure. [ 3258.516204] name failslab, interval 1, probability 0, space 0, times 0 [ 3258.519113] CPU: 0 PID: 17022 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3258.520721] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3258.522630] Call Trace: [ 3258.523224] dump_stack+0x107/0x167 [ 3258.524054] should_fail.cold+0x5/0xa [ 3258.524905] ? create_object.isra.0+0x3a/0xa20 [ 3258.525916] should_failslab+0x5/0x20 [ 3258.526757] kmem_cache_alloc+0x5b/0x310 [ 3258.527660] create_object.isra.0+0x3a/0xa20 [ 3258.528655] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3258.529828] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3258.530943] ? netlink_ack+0x1ed/0xab0 [ 3258.531818] __alloc_skb+0xb1/0x5b0 [ 3258.532627] netlink_ack+0x1ed/0xab0 [ 3258.533452] ? perf_trace_lock+0xac/0x490 [ 3258.534366] ? netlink_sendmsg+0xdf0/0xdf0 [ 3258.535309] ? __lockdep_reset_lock+0x180/0x180 [ 3258.536359] netlink_rcv_skb+0x348/0x430 [ 3258.537257] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3258.538154] ? netlink_ack+0xab0/0xab0 [ 3258.539015] ? netlink_deliver_tap+0x1ae/0xcd0 [ 3258.540041] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3258.541045] ? is_vmalloc_addr+0x7b/0xb0 [ 3258.541949] netlink_unicast+0x549/0x7f0 [ 3258.542852] ? netlink_attachskb+0x870/0x870 [ 3258.543838] ? __virt_addr_valid+0x128/0x350 [ 3258.544823] netlink_sendmsg+0x90f/0xdf0 [ 3258.545097] FAULT_INJECTION: forcing a failure. [ 3258.545097] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3258.545724] ? netlink_unicast+0x7f0/0x7f0 [ 3258.545758] ? netlink_unicast+0x7f0/0x7f0 [ 3258.549442] __sock_sendmsg+0x154/0x190 [ 3258.550322] ____sys_sendmsg+0x70d/0x870 [ 3258.551220] ? sock_write_iter+0x3d0/0x3d0 [ 3258.552163] ? do_recvmmsg+0x6d0/0x6d0 [ 3258.553023] ? perf_trace_lock+0xac/0x490 [ 3258.553943] ? __lockdep_reset_lock+0x180/0x180 [ 3258.554965] ? perf_trace_lock+0xac/0x490 [ 3258.555886] ? SOFTIRQ_verbose+0x10/0x10 [ 3258.556789] ___sys_sendmsg+0xf3/0x170 [ 3258.557652] ? sendmsg_copy_msghdr+0x160/0x160 [ 3258.558666] ? lock_downgrade+0x6d0/0x6d0 [ 3258.559587] ? find_held_lock+0x2c/0x110 [ 3258.560511] ? __fget_files+0x296/0x4c0 [ 3258.561438] ? __fget_light+0xea/0x290 [ 3258.562307] __sys_sendmsg+0xe5/0x1b0 [ 3258.563148] ? __sys_sendmsg_sock+0x40/0x40 [ 3258.564108] ? rcu_read_lock_any_held+0x75/0xa0 [ 3258.565152] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3258.566307] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3258.567452] do_syscall_64+0x33/0x40 [ 3258.568288] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3258.569427] RIP: 0033:0x7f1a789beb19 [ 3258.570250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3258.574308] RSP: 002b:00007f1a75f34188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3258.576002] RAX: ffffffffffffffda RBX: 00007f1a78ad1f60 RCX: 00007f1a789beb19 [ 3258.577574] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 3258.579146] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3258.580740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3258.582315] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 [ 3258.583924] CPU: 1 PID: 17020 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3258.584218] hpet: Lost 4 RTC interrupts [ 3258.585038] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3258.585052] Call Trace: [ 3258.587528] dump_stack+0x107/0x167 [ 3258.588058] should_fail.cold+0x5/0xa [ 3258.588613] __alloc_pages_nodemask+0x182/0x600 [ 3258.589291] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3258.590182] alloc_pages_current+0x187/0x280 [ 3258.590810] allocate_slab+0x26f/0x380 [ 3258.591382] ___slab_alloc+0x470/0x700 [ 3258.591962] ? kvmalloc_node+0x119/0x170 [ 3258.592561] ? mark_held_locks+0x9e/0xe0 [ 3258.593146] ? kvmalloc_node+0x119/0x170 [ 3258.593723] ? __kmalloc_node+0x3ef/0x420 [ 3258.594296] ? kvmalloc_node+0x119/0x170 [ 3258.594872] __kmalloc_node+0x3ef/0x420 [ 3258.595451] kvmalloc_node+0x119/0x170 [ 3258.596038] pfifo_fast_init+0xea/0x3d0 [ 3258.596605] ? __netdev_watchdog_up+0x190/0x190 [ 3258.597270] qdisc_create_dflt+0x103/0x370 [ 3258.597876] dev_activate+0x7c3/0xd70 [ 3258.598433] __dev_open+0x38a/0x4e0 [ 3258.598948] ? dev_set_rx_mode+0x80/0x80 [ 3258.599540] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3258.600307] ? __local_bh_enable_ip+0x9d/0x100 [ 3258.600963] __dev_change_flags+0x521/0x6e0 [ 3258.601565] ? dev_set_allmulti+0x30/0x30 [ 3258.602164] ? cap_capable+0x1cd/0x230 [ 3258.602729] ? full_name_hash+0xb5/0xf0 [ 3258.603308] dev_change_flags+0x8a/0x160 [ 3258.603915] devinet_ioctl+0x14de/0x1db0 [ 3258.604496] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3258.605135] inet_ioctl+0x34f/0x390 [ 3258.605663] ? inet_dgram_connect+0x220/0x220 [ 3258.606313] ? __lock_acquire+0xbb1/0x5b00 [ 3258.606935] ? perf_trace_lock+0xac/0x490 [ 3258.607525] packet_ioctl+0xb3/0x260 [ 3258.608074] sock_do_ioctl+0xd3/0x300 [ 3258.608620] ? compat_ifr_data_ioctl+0x180/0x180 [ 3258.609305] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3258.610122] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3258.610796] ? do_vfs_ioctl+0x283/0x10d0 [ 3258.611376] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3258.612139] ? generic_block_fiemap+0x60/0x60 [ 3258.612773] sock_ioctl+0x3ea/0x700 [ 3258.613290] ? dlci_ioctl_set+0x30/0x30 [ 3258.613862] ? selinux_file_ioctl+0xb6/0x270 [ 3258.614490] ? dlci_ioctl_set+0x30/0x30 [ 3258.615055] __x64_sys_ioctl+0x19a/0x210 [ 3258.615780] do_syscall_64+0x33/0x40 [ 3258.616319] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3258.617042] RIP: 0033:0x7fa5db089b19 [ 3258.617575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3258.620208] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3258.621301] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3258.622329] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3258.623345] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3258.624384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3258.625260] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3258.642535] device veth0_vlan entered promiscuous mode [ 3258.657996] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3258.657996] program syz-executor.7 not setting count and/or reply_len properly 05:02:58 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4046a2, 0x10) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4, 0x13, r0, 0x0) truncate(&(0x7f0000000080)='./file0\x00', 0x4) syz_io_uring_submit(r1, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x9, &(0x7f00000000c0)={0x77359400}, 0x1, 0x1}, 0xfffffffc) r2 = syz_io_uring_complete(r1) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15) r3 = openat(r2, &(0x7f0000000140)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) copy_file_range(r4, 0x0, r3, 0x0, 0x200f5ef, 0x0) 05:02:58 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 12) 05:02:58 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7ccebb62fb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:02:58 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x5, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:02:58 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e21, 0x7f, @dev={0xfe, 0x80, '\x00', 0x40}, 0x64}, 0x1c) dup2(r1, r0) 05:02:58 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) (fail_nth: 15) 05:02:59 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x34, &(0x7f0000000080)={0x0, 0x0}, 0x10) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000000)={0x2, 'veth0_virt_wifi\x00', {0xa12}, 0x81}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r3) [ 3258.860351] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3258.861502] FAULT_INJECTION: forcing a failure. [ 3258.861502] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3258.863157] CPU: 1 PID: 17039 Comm: syz-executor.1 Not tainted 5.10.207 #1 [ 3258.863972] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3258.864926] Call Trace: [ 3258.865234] dump_stack+0x107/0x167 [ 3258.865750] should_fail.cold+0x5/0xa [ 3258.866188] _copy_from_user+0x2e/0x1b0 [ 3258.866647] kstrtouint_from_user+0xbd/0x220 [ 3258.867151] ? kstrtou8_from_user+0x210/0x210 [ 3258.867669] ? lock_acquire+0x197/0x470 [ 3258.868143] ? ksys_write+0x12d/0x260 [ 3258.868593] proc_fail_nth_write+0x78/0x220 [ 3258.869081] ? proc_task_getattr+0x1f0/0x1f0 [ 3258.869597] ? __fget_files+0x296/0x4c0 [ 3258.870084] ? proc_task_getattr+0x1f0/0x1f0 [ 3258.870604] vfs_write+0x29a/0xa70 [ 3258.871033] ksys_write+0x12d/0x260 [ 3258.871466] ? __ia32_sys_read+0xb0/0xb0 [ 3258.871981] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3258.872613] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3258.873246] do_syscall_64+0x33/0x40 [ 3258.873696] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3258.874316] RIP: 0033:0x7f1a789715ff [ 3258.874760] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 3258.876978] RSP: 002b:00007f1a75f34170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 3258.877888] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1a789715ff [ 3258.878727] RDX: 0000000000000001 RSI: 00007f1a75f341e0 RDI: 0000000000000005 [ 3258.879588] RBP: 00007f1a75f341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3258.880455] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 3258.881418] R13: 00007ffd0f06a67f R14: 00007f1a75f34300 R15: 0000000000022000 05:02:59 executing program 5: sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000340)='limits\x00') r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r5, 0x0, r6, 0x0, 0xa1, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup2(r7, r3) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 3258.937868] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3258.937868] program syz-executor.7 not setting count and/or reply_len properly [ 3258.961375] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3258.961375] program syz-executor.7 not setting count and/or reply_len properly 05:02:59 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0xb, 0x4, @tid=r0}, &(0x7f0000000040)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{}, {0x0, 0x989680}}, 0x0) timer_create(0x3, &(0x7f0000000100)={0x0, 0x13, 0x2, @thr={&(0x7f0000000180)="1164dd775a986cb6c2b60488206e73d07ca5f93ff431089cc5f56187accaa7ae24eca487bfb2789f91cfcdc3e812fab4dc9ecfafb7feaf8069a4e5f3b31ab230a3bd9414f8d72a708c23c837e16b5c80ab15a147d5044b52664de29bdecb95dd5cbcb73382a2092df31f398117d7ba311229196307f099e42ea8fef0", &(0x7f0000000280)="9c852629403724be4f33a0f6c15461f7202d58a2e44daff9cb1e7f92a35b7ae200d356c769fc1b4160700e36ddae58254630ec18b857ea16d4fa6f163914a08c7861d1436acd01820310630a0cef8ec17aa30ebc4582bf8136e527f008047a43661b7746ef483408eaf4394e5b18fcce7f5ebdef53d21cbb1d8be776eb4d7c52ffab387592d443bbef6e2005344462d04709db3b155bb77477aeabd2c138f274b6973b9bc77b8ccb09f0c39c392bc8d55507d3307398ebd125cec3e35260264d77454d12c8ca6e540a82bef1ba5342271969299ad72b8027b39ffe216412f324794dfdea3ff70dde0ef0e4bb92993faafccd1f4f89747c24a2ac14759fb0d0afcfd6ebf205460d892506c2cfde68c83c0792260eacc17ba8d044ba428293ba23508861e3201f3715dd66004a4f7dafacd4f96f7a12ca4e4af94a3d6cd0deca8ca2bf6221c550195a2d15a9c6fa584f61cfcd444b75d4736628f69e2d07b85e84de37e16bf239648ddaa889b8133f89377701c961580c58f286e03587a68a82f39b846145f39c46bd33665823cd2f9ffcfe9da35982615359096f7a9bffc3825f664d09aea08c11c9a41300d8da3490b0301c6433d2e32f5bb4349dca2e898c016139b81a82b5ce8d6d687d61de50a73990d10c3f12cfbd49b9ee37341f05b9be387d47a1f5709736e969a48742d286c4a11e473cde70ffaaa304516b675c40eecee872a60f3bed1cb57179d85eb1aa848b6ea69aaa03f58df2caecb582f81af9dfc4263a0684ecec35f40cf123edf03bcf662aa8b9246a8a7b2a489c291a138c0890b0a2fdb5d47c3d1983bf84a798fb9fcbd8c528b6eafd89d61399dcefacebe7f5f684839993c39ac9ec608268af7eb137d9c5b9a2322fab5a3b2c138e228a0bcec9325d744db86395161236feb0c823879c199dddb21ab7a27d91386dbb185dd0e10e2784e357696d7a878b8e84fd0375094f31600e47aecb0408dc5477f7cca763537b07ec1a4fed82f9e32a580c601e280bec9e70ec1955de68ae5ba3a6e5c9479e13568aacb8daf36c7981d600c814b85dfdade50fe5943c66bf35473c5bddb90fb76a3c099a66a08a97303296f6a219e63ffb0d12eb7955cc3984ff22cad9806e641958000fb1bba609c4203363095ffd6587aba08c3316700317126989cc506a9fc602797a60e5db3569c50f5a28e03a167ad97728528e236f545668d28abede0c35400f044ba6f102a52bb47d0d04a346ff426407540b6ff33c8c0007121bf9e4f1b70f96aca48aaac33af6837a49dbfdacbe4703a001e6f1008b528786a8626ab638df2f616878e987cf8be5a21c56e29aea0b4e089a813fe9126334e4e0fb8895ede9f038841848668beff89609bc5fd4fa73fa84752983651df390c1641ca7325ca3537178ab984e57a1438822c9ff67af941c3375f32ffce13c4dd2c358e90e768922e66d169a50e57759bf118cf2e7c5f03d3831ce14243293cfaebc9c9b0e887b7a68db341ce0bd8ff3d618933d226312ee47e5daacc38358b0aaab546efcbe950930ba584289dbb488d0092edb9f70a67dcccc4d38755893f8cccfef7504978fe9a22becd51ad9e2d6782468e202c333d9f00128ea1d9e0b78a4470b2732eb775813452f5ce4775b6731bbd41e4f7b3339de48cea4bd504386341d4790d228fb60875f858e89fb2a1d604cd11854b3c1b543fb45679673b780dc269ff0765e84d53b681ceaef68c39b0daa9a9dbac599432b6598a66af097bec1c96730ad8c5d081197ab27342d417a2ddb01f9594d1445d003b0195466b57225964a4ee3be190196ba0181b3f9e4b15621f4b9f856255527ee496a1247b21fbc128c94de0215debf3114f86c3092b2f8b9a93b0bfaa2d059d08a8fbf87a2593b752ce9c8ce1bece2b35f5c82c44c6c6907a802530ba32946967a8e89c6369141dfc19917a80b0c1e57637e6a0c4e3612b30eea831682093e6e6470d43da4bb57e689823a02d3e495970bed0a500115d8a1ac92d3d278ab6f8349476f4e0028b79c5a9b21c8f6931fba7d3769cdaa6c676e34c16a49514eeeaacedae4f1ceb5db3f58075964b80c5c34fdea934bf1c5857f6d9e32da65d9e1aa5c5976f070d6b6078f8c54ca5b45e8b50f5be1607311089dc613eef48ffd0af888abb386b5c8238f45b731397c75ae49ec38e9df4c578e7b79e538ef0d219c17faeb93172dc99252aa8aa6e1465dd93f37b0f6024048287872608e51fc9a53e9b579165fc154161461dc98ae4d13480468d9e761cb2b7b047593985ceb4e62d5e25b3dbf121e30c2f1b679dc2e89975c31cb74011ff5a2ced2a95f07e5443ded6b88b0fedbfcf2ae4e1c73fe90eae4738a452e64317bd3ea24abe54df11aca7043cf716201acc02c0fa95068dca966c8c6d32223d6d131e677f90cc746c35f6df2f390fdc6773b57e43858fa32f479db7fe9b4c7c847da44215aca8c3ea80e851f1a899fc4950c90a79f8aa932781f100640d0d257a2918b25de0888033a8eb659cdab25e7a82f4f2e983cea55175d908612a7dea41614f4a89a6bf2efbf71f4b083aca060287e2d6bef43bdc44889b902ea5357b23b732def6450402471c271e6a1a18dc001118fa820edec5a0d32fe10e9a758daee30180dba29adf41e16f91ebc3f9cd3f0c1c6535852b15e81086357965421716940257be90c9e315578e1c643132621dc082f62b1ab74e5a57551e6d8b942b0d4b69bea5a1616cee9ba6f024accd1bd6cf0ffd3ec7a0039d4ce29ccc593becf6ab3682f63b5f4922240e156509958b518b1f2808ea217d3641ac3eb5dffde33d82a4941674eda047162de4b532658821f2e63c75c5d9d70d43f1a72296b8bb49c37b9227b720255a1fc6858768ed1fb0f3eec2647a7fe1b23f50beec39b55914f16631198e28e3844c12c6b6b04759380556cfc01ff23ff4bf46ede44ce9d65e5a8ebcc9ec9a897a5f2e51278dac32d684202ba442fac860c26d2ccc702149fc99fd8a397157de96505baa9c4705d20fd7e76cf3ff3a523a3670331089b8cf4616b3aab8c485fd2fa99034eebae82ea04bbeaaf22ca53fc0b95af91bd45536f49547b90f002a70e398e2bcbfc377a97c7e817788209642917ee2348e9ab97fc397165936c49654f9caab0840984a5dc002ca41fa83fe37e297f71acca52b94e58e6839bdf96875b1151864b9b5bdbdb25867965b566dfc5e8e4ed237ab757d45609520faca94eb83a4482e9e48c6d3775c9476373e34facbb6ac33b7a9a64a32cf5b6e6320eedc27b90e7ff7ec061cdcca6fb9b69931482b21f41151f32cdbc6dc476c7c78d3ecb0ed0138968e392337276508b5648fc21b6b6f925e34b3166bff468e1c2cc32e714c380a077edeabcce18cd71e0826a9447f58bcd51a2147334f226113a31e26594971887dda8fcb5728ed729ee4a0ca75cb39beda24360bd5e31aa4f0062eec4bf7c7b51324a065581d9fd9b7ddd5db440379f1472551169c8dff6d2a12ffd8240110ddf88867e88bdffc4bee51ea8e657000147d92bf50e1d25a78e2c467139f60a46b5bff173965688493547537c2dd163375e05de0caf92c170d37ccb35c97f57e637f04b74c4c556dd3f89ade323866310487da35cd8ebdef8aa18677672ec9cc014d5d34f7d541f7544884ae252dc3f7b45fe5df339f815e763e9449785e4906b943b78b4ecead18bd22465fd120b28433df5f4972f6a2c99ccfd599d9e1e1e0e6fb4b54640a4ab1baf88c1e855dc20b1433bcd7f39d3312965536ebaae567361f6d2c63594c8a1ee27105e312e5902765c567b0ee15e5d5a76f297e1b19a41c614c76670c90061ebef7eace9fbeb9249435347eacff4597d95b0fbc7c2bafbe16384d0750fe73eae35c64752a1ea4342157b147adff4f8aa500645f0a2805a4fedf55b16f9c907d4ca587f437ccea69c03fa1360bdebd2183937ee62b5bcfc2e34957f76d397a939f3dde0f54db8a2a0d0e38847ad352be94989effc80cd37e81acd237f5c0490fda0eafce59ff15d498a668f21a863d8bb55db10a6f3a3638b17a0d93819c0717b9dc9c809806ad2b4e54c934d0af53de0387c731d38568e1228c9622b0df8b28f0caf4d055908e15a8809195873365a914ebd758363e6c42030039d9b4cdfcecc93f868f06dce978880289f83a3593f68b6b54e2a40fe6d8cde40e9ae8057aee9b1beefb897689367a95ff8cc30bd6842aebbb193febe6b32c1303e04b9e8c1cb5d171b900eb846c932059943aa010e4fe967a9ace63803ca20be77c9ec6ecc21989a13ed4d561b48f2305619742b7456d52c474402f849f7ce4e0168e197e86d961795a3a2ed5b11a18aa7e93eb28e7cdb22db63355ec5822856611005adf9e9cf6731d65480cf7fc146c2319c81ac1e2ae75b36dcaa3712097bda257830ac0e02a8573d7756dbc190f5ad89cadb3145f769ff9189d7510aa530c1571260d27c6ae56096a39b67d68fcb253a17ebf05ca87426bff2f5c8f5305b5996ad93ab9f1998a0c760a361091e8ef7d69361c731b6d790eed5fd392bc4f9dd8c6d75e5128d1bb360356841aa81d2d71819adf07ae60a5b8dd7b676031b5ea63971dbd918ca6fa306701e70af6e8eb077d7ea11271ecbd2cae681193c9cf93b2d0c4bf036604899d706e9ae5f209bcc59284ac94214307cc5888e1c2f0f58a01f19d51763d58115422f94418c4a1639d15d3b147e1e92de575d9ecfbf9671ffb6d17c61c34222757c4e78a1dafd3cd04104fe574af01558d356aecfbc741c5cbcfba4567677aa2ad70482463b0d1cdc98104a49e646f10a0df974851057106b802174152422d85e4c492c7821ed2d786f8d3d4a1c0559e2e064db8482a3b34b813fa8e99046a459c6b04f3f535cc07d01f9864e017a293f936bc32e78aaf8c6119605dd65fb7fe11058a7b21e785846e881ab561d8f0138ebb7c47b6973e4fee510cb3cfd2a3310b495b811ff0d34b6196fcc6c27d640f307ec343fa0b30b2afc56a6b7a52086bb3f987d099a653c7cdf874bb4a6ebae72d9d573768d9f0a4a4db0d6337a0003e8132d1bf6c68f0825d0dd8217c61f861513009bc703bd891af2b91e0671953922ec10a36802c52fb5aab7dfcc4b2bebcf5bb45143c1997506bdb0d11ff0e50302a52a72f7c1eccb36d1e870fb2ba3beee2dcf4e7915890f84bd2ff9b8dffddb94adfa5585269afff9aa33aff0f047fe3b94aa0faea0784f3e7e1c8626198337303660335a45c866e5e703ecc71378a1da3670e86248ce36e5f532a69451a9d267b7e94785bf6e578291ecc84ad4cefa116be8a9b2574f39b058485428c103ef97dc871e9b0b34991e16d00028e47151f302aa5dae415b66cb64ac1b6c85c0760854aa4e3d5d2eaae2bd5d1ed86e7db074913cd1a9ce9443c8ea556c5e41c19e0fa842171df75f772263faa1511a855c90c0caa41f1124354197acb69ae235c38d8532714a36926d00f2ddcb46243c6703086d2ae004fb015dc1f5a8152c93c4c2d54563b1645d65ce2e077913342061c88a3447a1061a8dea4fa600d4d0acb9011ec211dbc42bc2e0e1f84377d671db33f24cca141b989ab5ca2695723313bc7a890c4beaacdd4890437c74d1172edc0a86e530efcf622423e18c59633ebda379dfb8b7237064abcef6407b8dda42b4df602b6f57ddcfd9d7a30601ec6dad2d475b9760cb9f85c7a93d9692702e1be5cffcb70ba03fbe7f1a5ebeb9916f89cb17a352e9b00b02d868c5ebfb1ce6afff097318d9c7e856f5bc79c2"}}, &(0x7f0000000200)=0x0) timer_gettime(r2, &(0x7f0000001280)) clone3(&(0x7f0000000080)={0x60004100, 0x0, 0x0, 0x0, {0x1c}, 0x0, 0x0, 0x0, 0x0}, 0x58) timer_delete(0x0) timer_gettime(r1, &(0x7f0000000000)) [ 3258.978482] FAULT_INJECTION: forcing a failure. [ 3258.978482] name failslab, interval 1, probability 0, space 0, times 0 [ 3258.981056] CPU: 0 PID: 17048 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3258.982588] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3258.984425] Call Trace: [ 3258.985013] dump_stack+0x107/0x167 [ 3258.985825] should_fail.cold+0x5/0xa [ 3258.986671] ? kvmalloc_node+0x119/0x170 [ 3258.987571] should_failslab+0x5/0x20 [ 3258.988423] __kmalloc_node+0x76/0x420 [ 3258.989283] ? lockdep_init_map_type+0x2c7/0x780 [ 3258.990334] kvmalloc_node+0x119/0x170 [ 3258.991219] pfifo_fast_init+0xea/0x3d0 [ 3258.992119] ? __netdev_watchdog_up+0x190/0x190 [ 3258.993136] qdisc_create_dflt+0x103/0x370 [ 3258.994075] dev_activate+0x7c3/0xd70 05:02:59 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0xfffffffffffffffe, 0x0}, 0x0) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) r4 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r7 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r7, 0x0, 0x0}, 0x0) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r4, 0x0) syz_io_uring_submit(r8, r6, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r9, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r9, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) syz_io_uring_submit(r8, r3, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd=r9, 0x0, 0x0, 0x8, 0x5, 0x1, {0x0, 0x0, r0}}, 0x21fe4f36) [ 3258.994914] __dev_open+0x38a/0x4e0 [ 3258.995863] ? dev_set_rx_mode+0x80/0x80 [ 3258.996758] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3258.997906] ? __local_bh_enable_ip+0x9d/0x100 [ 3258.998909] __dev_change_flags+0x521/0x6e0 [ 3258.999879] ? dev_set_allmulti+0x30/0x30 [ 3259.000787] ? cap_capable+0x1cd/0x230 [ 3259.001648] ? full_name_hash+0xb5/0xf0 [ 3259.002595] dev_change_flags+0x8a/0x160 [ 3259.003490] devinet_ioctl+0x14de/0x1db0 [ 3259.004399] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3259.005379] inet_ioctl+0x34f/0x390 [ 3259.006176] ? inet_dgram_connect+0x220/0x220 [ 3259.007177] ? __lock_acquire+0xbb1/0x5b00 [ 3259.008147] ? perf_trace_lock+0xac/0x490 [ 3259.009069] packet_ioctl+0xb3/0x260 [ 3259.009889] sock_do_ioctl+0xd3/0x300 [ 3259.010726] ? compat_ifr_data_ioctl+0x180/0x180 [ 3259.011779] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3259.013033] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3259.014162] ? do_vfs_ioctl+0x283/0x10d0 [ 3259.015074] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3259.016233] ? generic_block_fiemap+0x60/0x60 [ 3259.017226] sock_ioctl+0x3ea/0x700 [ 3259.018023] ? dlci_ioctl_set+0x30/0x30 [ 3259.018906] ? selinux_file_ioctl+0xb6/0x270 [ 3259.019888] ? dlci_ioctl_set+0x30/0x30 [ 3259.020768] __x64_sys_ioctl+0x19a/0x210 [ 3259.021675] do_syscall_64+0x33/0x40 [ 3259.022497] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3259.023669] RIP: 0033:0x7fa5db089b19 [ 3259.024491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3259.028534] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3259.030204] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3259.031783] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3259.033363] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3259.034941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3259.036525] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3259.038420] hpet: Lost 3 RTC interrupts [ 3259.039933] veth0_vlan: default qdisc (pfifo_fast) fail, fallback to noqueue 05:02:59 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb2308b81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:02:59 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:02:59 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x6, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3259.065483] device veth0_vlan entered promiscuous mode [ 3259.262197] sg_write: data in/out 196608/4 bytes for SCSI command 0x8-- guessing data in; [ 3259.262197] program syz-executor.7 not setting count and/or reply_len properly [ 3259.269343] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3259.292230] sg_write: data in/out 196608/4 bytes for SCSI command 0x8-- guessing data in; [ 3259.292230] program syz-executor.7 not setting count and/or reply_len properly 05:03:17 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:03:17 executing program 5: sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x0) r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000000440)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4655fe0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000002, 0x80010, r0, 0x8000000) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f00000001c0)={0x1f, 0x0, @fixed}, &(0x7f0000000300)=0xe, 0x0) syz_io_uring_setup(0x3a75, &(0x7f0000000500)={0x0, 0x1cb2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x5, 0x0, @fd, 0x0, 0x0, 0x3ff, 0x6, 0x0, {0x0, r4, r0}}, 0xfffff801) syz_io_uring_submit(r2, 0x0, &(0x7f0000000800)=@IORING_OP_MADVISE={0x19, 0x3, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x13, 0x1, {0x0, r4}}, 0x1f) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r5 = inotify_init1(0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x200681, 0x104) ioctl$FS_IOC_SETFSLABEL(r5, 0x41009432, &(0x7f0000000640)="28939d8563bdfbf6562ce86ebaa89e640e44cbd9025eca709d69f0296eb2d6804ea84e26a3a3495e3e7a15052c634fd2c1ad305b31b17e7112f9ede30a82aaee8bb54383b8dc0fcfaffb16763173fd61f6d056556af8e4e9522553b52662efb276b3750cc5ea696c5942ee103048815a05e4476f4406c933a2f91a9db5cf82d9532d81f8c24cdf6f3ea26f5d9e382fe764e64cb8477caf412d489ed74d1515380800f253a99cb4d160eb7253c7bb1a3e214776090eff939faca7f6680fd2c4363a1145ce4197704226f56942446c6a206ede10cd4538a92dcae5b6d70e99017d7cbf58a943b4c2224d60f6987b1db1246c2e7c894402a465c4a1fbb3d9cf3f0f") sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000280)={0x14, 0x7, 0x2, 0x201, 0x70bd25, 0x25dfdbff}, 0x14}}, 0x40004) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000080)) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x8000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x0) syz_io_uring_submit(r1, r3, &(0x7f00000004c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x3, 0x0, @fd_index=0x9, 0x0, 0x0, 0x5, 0x7}, 0x7) 05:03:17 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb230ab81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:03:17 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/sysrq', 0x422980, 0x0) copy_file_range(r3, 0x0, r4, 0x0, 0xa1, 0x0) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x8, @remote, 0x8}, 0x1c) dup2(r1, r0) dup2(r2, r2) 05:03:17 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x7, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:03:17 executing program 2: syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2154d4, 0x0) mount$9p_unix(0x0, &(0x7f0000000540)='./file0\x00', 0x0, 0x44000, 0x0) pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00') syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x2, &(0x7f0000001a80)=[{&(0x7f0000001900)='e', 0x1}, {&(0x7f0000001940)="b9", 0x1}], 0x0, 0x0) 05:03:17 executing program 0: mount$9p_unix(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x20004, &(0x7f0000000500)={'trans=unix,', {[{@cache_loose}, {@privport}, {@access_client}, {@dfltuid={'dfltuid', 0x3d, 0xffffffffffffffff}}], [{@obj_type={'obj_type', 0x3d, '&&'}}, {@smackfshat={'smackfshat', 0x3d, '{'}}, {@subj_user={'subj_user', 0x3d, '{'}}]}}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0x0, 0x1, 0x0, 0x0, "4fa2f8201eed6e500c32342a227989f18a88ab65bad4c23a441d66f462f1df77bc777d160562da8c50431b2a204f36c6ed27b00215909d75417aa68c9029c5fd", "176764fe8c2ff71a1633d53dafbecd823af97cf5831be9a6fed5449e9f77dd92", [0x0, 0x4cb4]}) r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/locks\x00', 0x0, 0x0) lseek(r1, 0x9e46, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000800)={{{@in=@remote, @in6=@dev}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f00000000c0)=0xfffffffffffffeca) getresgid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000900)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000680)={{{@in=@dev, @in6=@ipv4={""/10, ""/2, @initdev}}}, {{@in6=@private2}, 0x0, @in6=@dev}}, &(0x7f0000000a40)=0xe8) faccessat2(0xffffffffffffff9c, &(0x7f0000000a80)='./file0\x00', 0x102, 0x200) unlinkat(0xffffffffffffffff, &(0x7f0000000400)='./file1\x00', 0x200) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="abba801f9591e8a1c9a758086f9a3c265aef752392f2d6bd805991b06c841503204b67b2b1481290283ecdade5664ce9c0efa04e89ec12f635ba98322bb38630fd65bdb87c8d83bf6a77c3db3de884ab826973ab1ebc38a84600"]) 05:03:17 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 13) [ 3277.465795] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3277.470753] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:03:17 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x2, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3277.528870] FAULT_INJECTION: forcing a failure. [ 3277.528870] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3277.531150] CPU: 1 PID: 17095 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3277.532284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3277.533487] Call Trace: [ 3277.533976] dump_stack+0x107/0x167 [ 3277.534640] should_fail.cold+0x5/0xa [ 3277.535339] __alloc_pages_nodemask+0x182/0x600 [ 3277.535994] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3277.536876] alloc_pages_current+0x187/0x280 [ 3277.537525] allocate_slab+0x26f/0x380 [ 3277.538158] ___slab_alloc+0x470/0x700 [ 3277.538749] ? kvmalloc_node+0x119/0x170 [ 3277.539355] ? mark_held_locks+0x9e/0xe0 [ 3277.539977] ? kvmalloc_node+0x119/0x170 [ 3277.540597] ? __kmalloc_node+0x3ef/0x420 [ 3277.541225] ? kvmalloc_node+0x119/0x170 [ 3277.541843] __kmalloc_node+0x3ef/0x420 [ 3277.542461] sg_write: data in/out 196608/4 bytes for SCSI command 0xa-- guessing data in; [ 3277.542461] program syz-executor.7 not setting count and/or reply_len properly [ 3277.542482] kvmalloc_node+0x119/0x170 [ 3277.542515] pfifo_fast_init+0xea/0x3d0 [ 3277.546986] ? __netdev_watchdog_up+0x190/0x190 [ 3277.547740] qdisc_create_dflt+0x103/0x370 [ 3277.548573] dev_activate+0x7c3/0xd70 [ 3277.549161] __dev_open+0x38a/0x4e0 [ 3277.549655] ? dev_set_rx_mode+0x80/0x80 [ 3277.550325] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3277.551197] ? __local_bh_enable_ip+0x9d/0x100 [ 3277.551869] __dev_change_flags+0x521/0x6e0 [ 3277.552559] ? dev_set_allmulti+0x30/0x30 [ 3277.553177] ? cap_capable+0x1cd/0x230 [ 3277.553845] ? full_name_hash+0xb5/0xf0 [ 3277.554425] dev_change_flags+0x8a/0x160 [ 3277.554972] devinet_ioctl+0x14de/0x1db0 [ 3277.555639] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3277.556300] inet_ioctl+0x34f/0x390 [ 3277.556925] ? inet_dgram_connect+0x220/0x220 [ 3277.557664] ? __lock_acquire+0xbb1/0x5b00 [ 3277.558249] ? perf_trace_lock+0xac/0x490 [ 3277.558839] packet_ioctl+0xb3/0x260 [ 3277.559409] sock_do_ioctl+0xd3/0x300 [ 3277.559985] ? compat_ifr_data_ioctl+0x180/0x180 [ 3277.560732] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3277.561564] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3277.562280] ? do_vfs_ioctl+0x283/0x10d0 [ 3277.562857] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3277.563626] ? generic_block_fiemap+0x60/0x60 [ 3277.564220] sock_ioctl+0x3ea/0x700 [ 3277.564765] ? dlci_ioctl_set+0x30/0x30 [ 3277.565365] ? selinux_file_ioctl+0xb6/0x270 [ 3277.565973] ? dlci_ioctl_set+0x30/0x30 [ 3277.566553] __x64_sys_ioctl+0x19a/0x210 [ 3277.567088] do_syscall_64+0x33/0x40 [ 3277.567569] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3277.568235] RIP: 0033:0x7fa5db089b19 [ 3277.568713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3277.571156] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3277.572155] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3277.573097] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3277.574076] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3277.575013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3277.575969] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3277.582929] sg_write: data in/out 196608/4 bytes for SCSI command 0xa-- guessing data in; [ 3277.582929] program syz-executor.7 not setting count and/or reply_len properly 05:03:17 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0x250e, 0x3407, 0x2, &(0x7f0000000280)={[0x81]}, 0x8) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8, 0x2010, 0xffffffffffffffff, 0x10000000) write$binfmt_elf64(r1, &(0x7f00000006c0)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x1, 0x1f, 0x5, 0x5, 0x3, 0x3, 0x14, 0x22f, 0x40, 0x1c8, 0x101, 0x3f, 0x38, 0x1, 0x0, 0x3f, 0xda2e}, [{0x60000000, 0x7, 0x1ff, 0x0, 0x0, 0x2, 0x144e, 0x2e34}, {0x60000000, 0x2, 0x266a, 0x7ff, 0x9, 0x3, 0x81, 0x20}], "a06eefee2b9c"}, 0xb6) mknodat$loop(r0, &(0x7f0000000140)='./file0/../file0\x00', 0x1, 0x1) statfs(&(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/92) pwritev(r0, &(0x7f0000000640)=[{&(0x7f0000000440)="5e5c322f379f7c4e96112678dba32d46db4eb06318de712229ca7ab97111fe41bc695799947066abf8a79c8577c4464078e0e40daa4f00db069e9749bbf0506ea8b37e053af413380975f5a62a0d310f405ec8d1bec6f356c2cd02ba8a14994d45b49a00ffb50d0f94c84395b4ccd94b4d446da9f3e09e1ee2172fdb500d8321e30541149c64b61a318235f8dcf1db9a98f50c51878406fdacd0482e31ccad7fe968fef0f85a8bb6d762dab5b196f2dcc8830b52f7f2336be8c1f26a460043eec346c5c4bcacf4654b1b2f2f115168a6a3671e4a85cc0911640188", 0xdb}, {&(0x7f00000001c0)="7f41e8ce9a6b7f4cc5b916b6f3bb9d98353fd887a9410d1052cefec9a876eb463f5bd633739ebe6d8edcdbd711e508c9b52a", 0x32}, {&(0x7f0000000200)="33581c10cd4198bb83271dff931140fbcbcf9e9ee72a7d75c9f7cf40a92479c7757103ed171f8ae46e2e455989", 0x2d}, {&(0x7f0000000240)="516cec109feaaee0af66b250c8900cae2057547a70c9c93f99c63c326650d70a7f6ca1fcb6e447ff7305c0a6064e3892664624f27513", 0x36}, {&(0x7f0000000540)="76b9c8daa80f3a15bf207463e0b85c928cb46be9ef120cbb27d18417e2bbb67c9ae30c6885e79c0c265731c0feca935a09f6f87060cb614268cecc67e9c9afa4cacc2e8c9293aaa0c52a05efe672ce3e54f2dd8c7f07c23995d3dad170d200601ee0b38dca84f377adc38aac8a", 0x6d}, {&(0x7f00000005c0)="b025962a10de0e15f95a8f7a9877e263137b680f177c8daa2d7bbd7f15596108418acb070414c9060fec8874acd78e1d86478735455833e6c5c8a6dbe5e5eb", 0x3f}, {&(0x7f0000000600)="1fd7fcd62bf6e7b64d9ef19e954f90df2636659d3c02f945f04cd7ecc3d35e506c34b452f9e1dc592f0b29b01b9e2ff88eaf", 0x32}], 0x7, 0x6, 0x5) epoll_wait(0xffffffffffffffff, &(0x7f0000000080)=[{}], 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, {0x8000}}, 0x8) mount$9p_unix(&(0x7f00000002c0)='./file0/../file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x1001000, &(0x7f00000001c0)=ANY=[]) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'rose0\x00'}) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000780)={{0x1, 0x1, 0x18, r1, {0x6}}, './file0\x00'}) mount$bind(&(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x20, 0x0) 05:03:17 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x8, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:03:17 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb2315b81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:03:17 executing program 0: mount$9p_unix(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x20004, &(0x7f0000000500)={'trans=unix,', {[{@cache_loose}, {@privport}, {@access_client}, {@dfltuid={'dfltuid', 0x3d, 0xffffffffffffffff}}], [{@obj_type={'obj_type', 0x3d, '&&'}}, {@smackfshat={'smackfshat', 0x3d, '{'}}, {@subj_user={'subj_user', 0x3d, '{'}}]}}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0x0, 0x1, 0x0, 0x0, "4fa2f8201eed6e500c32342a227989f18a88ab65bad4c23a441d66f462f1df77bc777d160562da8c50431b2a204f36c6ed27b00215909d75417aa68c9029c5fd", "176764fe8c2ff71a1633d53dafbecd823af97cf5831be9a6fed5449e9f77dd92", [0x0, 0x4cb4]}) r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/locks\x00', 0x0, 0x0) lseek(r1, 0x9e46, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000800)={{{@in=@remote, @in6=@dev}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f00000000c0)=0xfffffffffffffeca) getresgid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000900)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000680)={{{@in=@dev, @in6=@ipv4={""/10, ""/2, @initdev}}}, {{@in6=@private2}, 0x0, @in6=@dev}}, &(0x7f0000000a40)=0xe8) faccessat2(0xffffffffffffff9c, &(0x7f0000000a80)='./file0\x00', 0x102, 0x200) unlinkat(0xffffffffffffffff, &(0x7f0000000400)='./file1\x00', 0x200) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040004", 0x1d, 0x2100}], 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="abba801f9591e8a1c9a758086f9a3c265aef752392f2d6bd805991b06c841503204b67b2b1481290283ecdade5664ce9c0efa04e89ec12f635ba98322bb38630fd65bdb87c8d83bf6a77c3db3de884ab826973ab1ebc38a84600"]) 05:03:17 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb230ab81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3277.699862] device veth0_vlan entered promiscuous mode [ 3277.703424] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:03:17 executing program 4: mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cifs\x00', 0x12, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r1, r0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r3, 0x0, r4, 0x0, 0xa1, 0x0) lseek(r4, 0x4, 0x4) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2, {r2}}, './file0\x00'}) [ 3277.710520] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:03:17 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3277.846087] sg_write: data in/out 196608/4 bytes for SCSI command 0x15-- guessing data in; [ 3277.846087] program syz-executor.7 not setting count and/or reply_len properly [ 3277.871262] sg_write: data in/out 196608/4 bytes for SCSI command 0x15-- guessing data in; [ 3277.871262] program syz-executor.7 not setting count and/or reply_len properly [ 3277.935955] sg_write: data in/out 196608/4 bytes for SCSI command 0xa-- guessing data in; [ 3277.935955] program syz-executor.5 not setting count and/or reply_len properly [ 3277.959405] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3277.962772] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:03:32 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 14) 05:03:32 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x783b}}, './file0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r4, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000080)={{0x1, 0x1, 0x18, r4, {0x1f}}, './file0\x00'}) 05:03:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x4, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:03:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb231bb81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:03:32 executing program 0: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x7, 0x80, 0x3, 0x0, 0x81, 0xee, 0x0, 0x8, 0x8c010, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6, 0x0, @perf_config_ext={0x9, 0x8}, 0x8008, 0x1b858, 0x6, 0x3, 0xe1, 0x32, 0x6, 0x0, 0x200, 0x0, 0xd9}, 0x0, 0x6, r0, 0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000040)=[r4], 0x1) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002900)=""/158, 0x9e}, 0x0, 0x2203, 0x0, {0x1}}, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/kexec_crash_size', 0x22902, 0x0) copy_file_range(r5, 0x0, r5, &(0x7f00000000c0)=0x6, 0x6, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/kexec_crash_size', 0x22902, 0x0) r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r7 = dup(r6) pidfd_send_signal(r7, 0x0, &(0x7f0000000040)={0xb, 0x5, 0x2000000}, 0x0) syz_io_uring_setup(0x15c, &(0x7f0000000080)={0x0, 0x0, 0x1, 0x0, 0x0, 0x0, r7}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000180), &(0x7f0000002a40)) write$P9_RREADLINK(r7, &(0x7f0000000300)=ANY=[@ANYBLOB="1000000017010007002e2f66696c65303ca51ca65b6ffcecc14f6d933428545b0bd6439afe9ab488c2b44074514dc704f2a9306d9be00de94d042392eda04ef2bc1cec836330efb9d19f5e426651a6d90e5635e340e48178aeb5b323130d86bc7c0a2390"], 0x10) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0x4) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) r8 = epoll_create1(0x0) sendfile(0xffffffffffffffff, r8, &(0x7f0000000740)=0x1f, 0x3) 05:03:32 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_mreq(r0, 0x29, 0x22, &(0x7f0000000080)={@private1={0xfc, 0x1, '\x00', 0xfc}}, 0x14) r1 = syz_io_uring_setup(0x7759, &(0x7f00000000c0)={0x0, 0x58c9, 0x2, 0x3, 0x3d3}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000340)=0x0, &(0x7f0000000180)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r5 = inotify_init1(0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000001) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x80) r6 = inotify_add_watch(r5, &(0x7f0000000040)='.\x00', 0x2000003) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_FALLOCATE={0x11, 0x59f5ee0a7c70a1ba, 0x0, @fd=r1, 0x3, 0x0, 0x1, 0x0, 0x1, {0x0, r7}}, 0xbd53) r8 = creat(&(0x7f0000000040)='./file0\x00', 0x10) inotify_rm_watch(r5, r6) pwrite64(r8, &(0x7f0000000200)="1eecd93735c44fb403292adf1183b1b37359fc5d952f72f57313fc71da00043824a7a91b66e3c15e690475706eacaa2a11516f6bdae1719641e9ca9ac07109a1c771750aea11c86edd4a2fe38badde5b051700e793ededbbc3e9658668347430b90c87a15deeaa274587570734535ff56936598d90b1bb184947987611e123040b62e1b5021d19c2e5c200"/150, 0x96, 0x0) dup3(r8, r5, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x12, r8, 0x8000000) syz_io_uring_submit(r9, r3, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x400e, @fd=r0, 0x2, 0x1ee, 0x5, 0x4, 0x0, {0x0, r4}}, 0x7) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x48a201, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ioctl$SNAPSHOT_S2RAM(0xffffffffffffffff, 0x330b) 05:03:32 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x9, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:03:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd=r1, 0x8, 0x0, 0x9, 0x3}, 0x3) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xa1, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) r4 = openat$incfs(r1, &(0x7f0000000200)='.log\x00', 0x80000, 0x104) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/spurious', 0x0, 0x42) copy_file_range(r5, 0x0, r6, 0x0, 0xa1, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wpan0\x00', 0x0}) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r8, 0x0, r9, 0x0, 0xa1, 0x0) r10 = gettid() process_vm_readv(r10, &(0x7f0000001a40)=[{&(0x7f00000018c0)=""/31, 0x1f}, {0x0}], 0x2, &(0x7f0000001ec0)=[{&(0x7f0000001a80)=""/93, 0x5d}, {&(0x7f0000002240)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/121, 0x79}, {&(0x7f0000001c40)=""/163, 0xd1}, {&(0x7f0000000300)=""/231, 0xe7}, {&(0x7f0000001e00)}, {&(0x7f0000001e40)=""/9, 0x9}, {&(0x7f0000001b00)=""/46, 0x2e}], 0x8, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x64, 0x0, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r4}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r9}, @NL802154_ATTR_PID={0x8, 0x1c, r10}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c00000a2000210c000001000000000002000000080000000000000020000c002f70726f632f7379732f6e65742f697076342f7463705f726d656d00"], 0x3c}}, 0x0) [ 3292.098029] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3292.116132] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3292.116938] sg_write: data in/out 196608/4 bytes for SCSI command 0x1b-- guessing data in; [ 3292.116938] program syz-executor.7 not setting count and/or reply_len properly [ 3292.126741] device veth0_vlan entered promiscuous mode [ 3292.127578] FAULT_INJECTION: forcing a failure. [ 3292.127578] name failslab, interval 1, probability 0, space 0, times 0 [ 3292.129255] CPU: 1 PID: 17146 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3292.130160] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3292.131329] Call Trace: [ 3292.131717] dump_stack+0x107/0x167 [ 3292.132231] should_fail.cold+0x5/0xa [ 3292.132745] ? __alloc_skb+0x6d/0x5b0 [ 3292.133258] should_failslab+0x5/0x20 [ 3292.133771] kmem_cache_alloc_node+0x55/0x330 [ 3292.134392] __alloc_skb+0x6d/0x5b0 [ 3292.134902] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3292.135500] rtmsg_ifinfo+0x83/0x120 [ 3292.136047] __dev_notify_flags+0x22a/0x2c0 [ 3292.136629] ? dev_change_name+0x660/0x660 [ 3292.137209] ? __dev_change_flags+0x4cf/0x6e0 [ 3292.137812] ? dev_set_allmulti+0x30/0x30 [ 3292.138388] ? cap_capable+0x1cd/0x230 [ 3292.138917] ? full_name_hash+0xb5/0xf0 [ 3292.139498] dev_change_flags+0x100/0x160 [ 3292.140067] devinet_ioctl+0x14de/0x1db0 [ 3292.140664] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3292.141247] inet_ioctl+0x34f/0x390 [ 3292.141748] ? inet_dgram_connect+0x220/0x220 [ 3292.142358] ? __lock_acquire+0xbb1/0x5b00 [ 3292.142974] ? perf_trace_lock+0xac/0x490 [ 3292.143515] packet_ioctl+0xb3/0x260 [ 3292.144062] sock_do_ioctl+0xd3/0x300 [ 3292.144553] ? compat_ifr_data_ioctl+0x180/0x180 [ 3292.145168] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3292.145979] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3292.146658] ? do_vfs_ioctl+0x283/0x10d0 [ 3292.147280] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3292.147977] ? generic_block_fiemap+0x60/0x60 [ 3292.148601] sock_ioctl+0x3ea/0x700 [ 3292.149076] ? dlci_ioctl_set+0x30/0x30 [ 3292.149622] ? selinux_file_ioctl+0xb6/0x270 [ 3292.150206] ? dlci_ioctl_set+0x30/0x30 [ 3292.150764] __x64_sys_ioctl+0x19a/0x210 [ 3292.151309] do_syscall_64+0x33/0x40 [ 3292.151830] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3292.152504] RIP: 0033:0x7fa5db089b19 [ 3292.153026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3292.155385] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3292.156459] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3292.157457] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3292.158479] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3292.159718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3292.160837] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 05:03:32 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0xf, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3292.184974] sg_write: data in/out 196608/4 bytes for SCSI command 0x1b-- guessing data in; [ 3292.184974] program syz-executor.7 not setting count and/or reply_len properly 05:03:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x5, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:03:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb2325b81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:03:32 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_freeze_timeout', 0x0, 0x110) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0xa1, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nf_conntrack_irc', 0x8080, 0x101) openat(r3, &(0x7f0000000040)='./file0\x00', 0x500, 0xa) ioctl$TCXONC(r0, 0x540a, 0x2) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 05:03:32 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000380)=0xd20) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) syz_io_uring_setup(0x200286f, &(0x7f0000000140)={0x0, 0xf292, 0x2, 0x0, 0x18f}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f00000000c0), &(0x7f00000001c0)) fcntl$getflags(0xffffffffffffffff, 0x40a) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fallocate(r0, 0x12, 0x2, 0x275) fsetxattr$security_selinux(r0, &(0x7f0000000000), &(0x7f0000000080)='system_u:object_r:syslogd_var_lib_t:s0\x00', 0x27, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000100)='blkio.bfq.time\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x4) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001400)={0x53, 0xfffffffffffffffc, 0x29, 0x3, @buffer={0x0, 0x1000, &(0x7f0000000400)=""/4096}, &(0x7f0000000040)="b943b59abc3d9d5bf64e4f8f087677b7c12e33893d55a9037a3a2cbcc995a4ff6894e6233204d8c769", &(0x7f0000001e00)=""/4096, 0x2, 0x10006, 0x1, &(0x7f0000000200)}) ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, &(0x7f0000000140)) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f00000003c0)={0x800, 0x1, 0x1f, 0xfffffff7, 0x4}) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000240)='syz0\x00', 0x200002, 0x0) ioctl$BTRFS_IOC_SEND(r2, 0x40489426, &(0x7f0000000300)={{}, 0x3, &(0x7f0000000280)=[0x5, 0x8000, 0xe3], 0x0, 0x3, [0x0, 0x81, 0x2]}) unshare(0x48020200) 05:03:32 executing program 0: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) signalfd4(r0, &(0x7f0000000080)={[0xfffffffffffffffc]}, 0x8, 0x0) getpgid(0x0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="680000001e00852e000000000000000000000000080000000000000008000c00", @ANYRES32=0x0, @ANYBLOB="d8e1b95d7093b2a4c0df989838ef06cac5c525ce503c89652c95ec4319edba7c3942807e0e3eaffcca0f36efd4b3e0876d4a079d23359eb14893804374ff394cc87ac40040db0ee9d766e10b63ae5fa111ca9755c824afdc98bc6843242c5dddce547ed7f2332f1b229422b36600000000045be2598acf28dec2b75deb3672664a07065b6cfd44bad7ac8d89292867ed986dacfdeb53ca4eac84fbc536473f2989f60f2c0998054d7da8de0ebfb88f94b2f7005f9ec2b283e0f4e7e2fa19d2f73711db9aacdc0e79b855bd4a41de7afec9319b9282309d24a428718ca667b7312e88b5b92fbce0a26532c3d190e00c7f868216e2ea074106dd4ca494ee7855b520fb9bfdb8f701c91fc4bc010fb0c8a0bf0f9da09127f6794e79c410906567ddb2083666970aba488c0b636900aa69e86877577a9da9883b32f879fe87a6aeee75185bac473eb9a7a5462a30e0087d270da86e5f99a591c4382737b1c028f591e7ff655bfe4cc9f5ed7948025c6c4aa262b9cf466896909a369e95a900c194dbea312991a4b0d320ec3d50ffee706b2f124447b3fe791c10a187439e2a92ce40b2bec8e23d35b1904c9f2ae6cc311ad7f6618237ecba669a9cc51da1f90487dab8b80000000000000000005dd207b9cc771601df6cf08dc5f2b25e9e9d9c72c961b4e8405f"], 0x68}, 0x1, 0x0, 0x0, 0x24040080}, 0x0) io_submit(0x0, 0x0, &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = creat(&(0x7f0000000240)='./file0\x00', 0x4) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) fsmount(r2, 0x1, 0x41) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, r3, 0x100, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x140}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}, @NL80211_ATTR_MCAST_RATE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20008000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1081030000000000) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xa1, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xc) 05:03:32 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x1a, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3292.368443] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3292.368443] program syz-executor.7 not setting count and/or reply_len properly [ 3292.374747] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3292.376371] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3292.380289] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3292.380289] program syz-executor.7 not setting count and/or reply_len properly 05:03:32 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 15) 05:03:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x6, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:03:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb2328b81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3292.480437] netlink: 'syz-executor.0': attribute type 12 has an invalid length. [ 3292.481832] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3292.525164] device veth0_vlan entered promiscuous mode [ 3292.525856] FAULT_INJECTION: forcing a failure. [ 3292.525856] name failslab, interval 1, probability 0, space 0, times 0 [ 3292.527059] CPU: 1 PID: 17185 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3292.527798] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3292.528686] Call Trace: [ 3292.528992] dump_stack+0x107/0x167 [ 3292.529387] should_fail.cold+0x5/0xa [ 3292.529794] ? create_object.isra.0+0x3a/0xa20 [ 3292.530297] should_failslab+0x5/0x20 [ 3292.530701] kmem_cache_alloc+0x5b/0x310 [ 3292.531149] create_object.isra.0+0x3a/0xa20 [ 3292.531620] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3292.532192] kmem_cache_alloc_node+0x169/0x330 [ 3292.532680] __alloc_skb+0x6d/0x5b0 [ 3292.533084] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3292.533569] rtmsg_ifinfo+0x83/0x120 [ 3292.533964] __dev_notify_flags+0x22a/0x2c0 [ 3292.534428] ? dev_change_name+0x660/0x660 [ 3292.534911] ? __dev_change_flags+0x4cf/0x6e0 [ 3292.535388] ? dev_set_allmulti+0x30/0x30 [ 3292.535864] ? cap_capable+0x1cd/0x230 [ 3292.536283] ? full_name_hash+0xb5/0xf0 [ 3292.536731] dev_change_flags+0x100/0x160 [ 3292.537187] devinet_ioctl+0x14de/0x1db0 [ 3292.537713] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3292.538200] inet_ioctl+0x34f/0x390 [ 3292.538616] ? inet_dgram_connect+0x220/0x220 [ 3292.539154] ? __lock_acquire+0xbb1/0x5b00 [ 3292.539682] ? perf_trace_lock+0xac/0x490 [ 3292.540164] packet_ioctl+0xb3/0x260 [ 3292.540580] sock_do_ioctl+0xd3/0x300 [ 3292.541011] ? compat_ifr_data_ioctl+0x180/0x180 [ 3292.541551] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3292.542222] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3292.542800] ? do_vfs_ioctl+0x283/0x10d0 [ 3292.543243] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3292.543807] ? generic_block_fiemap+0x60/0x60 [ 3292.544332] sock_ioctl+0x3ea/0x700 [ 3292.544753] ? dlci_ioctl_set+0x30/0x30 [ 3292.545207] ? selinux_file_ioctl+0xb6/0x270 [ 3292.545678] ? dlci_ioctl_set+0x30/0x30 [ 3292.546142] __x64_sys_ioctl+0x19a/0x210 [ 3292.546617] do_syscall_64+0x33/0x40 [ 3292.547049] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3292.547641] RIP: 0033:0x7fa5db089b19 [ 3292.548083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3292.550115] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3292.550978] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3292.551800] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3292.552584] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3292.553469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3292.554260] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 05:03:32 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0xf0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3292.585013] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3292.585013] program syz-executor.7 not setting count and/or reply_len properly [ 3292.610342] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3292.610342] program syz-executor.7 not setting count and/or reply_len properly 05:03:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232ab81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3292.677032] netlink: 'syz-executor.0': attribute type 12 has an invalid length. [ 3292.678221] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3292.680507] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:03:32 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x240800, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) openat$cgroup_procs(r2, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) 05:03:33 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x7, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:03:33 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x300, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3292.849969] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3292.849969] program syz-executor.7 not setting count and/or reply_len properly [ 3292.966759] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3292.977196] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3297.394621] Bluetooth: hci1: command 0x0409 tx timeout [ 3299.442630] Bluetooth: hci1: command 0x041b tx timeout [ 3301.491664] Bluetooth: hci1: command 0x040f tx timeout [ 3302.753138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3302.754910] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3302.770931] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 3302.821136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3302.822834] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3302.825639] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3303.570871] Bluetooth: hci1: command 0x0419 tx timeout 05:04:01 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb2330b81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:04:01 executing program 2: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_bp={&(0x7f0000000140), 0x8}, 0xdd48a83c10608be0, 0x0, 0x0, 0x2, 0x5, 0x1000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x45ae, 0x0, 0x2, 0x3b2, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000340)=0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, r3, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)="5224b66ba79b9e0e24cf04fc12a325a9d0ad6dcd07bb678f05f1f5cd10b249f8210145e6215a359b29358c799eec84b08e137abef8332947cc65a30f3b50698bfcc607a01d9d8176324df7c1f52a9fd33e59a5b3f6d0e4674fd2ee4f02680abeacaf57988fb8c2c58ceebfad0180f54d16962edbd2dcbf7d050063123e469777b214f250477a32b99cc71b7ad80e8fa9c3988edcc3e9352daefe2b8d29f93101281597afd1dd632ab49f11ab1b", 0xad}], 0x1, &(0x7f0000000440)=[{0x40, 0x116, 0x4, "5ce3af44101cf7b3a2fd251f93cdaf91adb5da22096fdaeb7a7624fe2f6b10621588516b9c43103e709394548dec80"}, {0x80, 0x10f, 0x80000001, "b66a82357945a1d25d27461d191cdda1afd928262345515fca72b47ffdc657147b745cfd84cf720fb76ee9087c3b87f691d7b0f4cb869261916e3bf2a5e47cc41fb8fc17b07fa801173b25dde00520fbcafdafe35ec61c8107ea6ae59ac2aa6cf921d3787bc41ba103e3"}, {0xb0, 0x88, 0x2, "5c9a7be0af0c7161434c242717bbdf7d3ea154b2071c91cb2a48fc0cb5713e03e4306707b92324d67b53172945abd9f6a23fefc0385e110a494bbea100f6d4caf1e42fe3ba0e5fb27190d457670649495fdad24e8355f810db0743da2ff923e33f83444c6e470699841799da18bd7456106ef91ae6f464cbb9b9001f14b3e6bf20bdc1819889a3d259b1ce19b8f6213c55ff1438a1f41902cc"}], 0x170}, 0x0, 0x28800, 0x0, {0x0, r4}}, 0x1) io_uring_enter(r0, 0x76d2, 0x0, 0x0, 0x0, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0) creat(&(0x7f0000000240)='./file1\x00', 0xc1) write$binfmt_elf64(r5, &(0x7f0000000100)=ANY=[], 0xfdef) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x230}, {r6}, {0xffffffffffffffff, 0x4}, {r5, 0x408}, {r5, 0x108}], 0x5, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)={[0x8]}, 0x8) fallocate(r5, 0x8, 0x0, 0x8000) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r6, 0x80286722, &(0x7f0000000300)={&(0x7f00000001c0)=""/89, 0x59, 0x80000001, 0x6}) openat(r5, &(0x7f0000000180)='./file0\x00', 0x351201, 0x3) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) 05:04:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = syz_open_dev$mouse(&(0x7f0000000180), 0x6, 0x480080) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r4, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYRES16, @ANYRESHEX, @ANYBLOB="ba0ca43c4dd124f62516950704d387d76723eec2915c30a3ca1d834771ba75c0475d21602ef5", @ANYBLOB="91dbbdfd6f0edc57b329bcb47fa7a2a46d56619d59c8cfedcbdf00ab15d7c3e592e5b3256688c604470a3ff2ba60db9d3222ec7050f3f616204c3f70db5e3ddb5d3f8fbc42f9ca", @ANYRESOCT=r3, @ANYRES32=r4], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0) 05:04:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x8, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:04:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) bind$inet6(r3, 0x0, 0xc) dup2(r1, r0) 05:04:01 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x4e5, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:04:01 executing program 5: r0 = syz_io_uring_setup(0x1d, &(0x7f0000000100), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_UNREGISTER_FILES(r0, 0x3, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_NOP={0x0, 0xfc292a8c574ae91a}, 0x0) syz_io_uring_setup(0x512f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)=0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0xa1, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r3, &(0x7f00000003c0)=@IORING_OP_CLOSE, 0x6) io_uring_enter(0xffffffffffffffff, 0x186e, 0x0, 0x0, 0x0, 0x0) 05:04:01 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 16) [ 3321.513921] device veth0_vlan entered promiscuous mode [ 3321.514779] FAULT_INJECTION: forcing a failure. [ 3321.514779] name failslab, interval 1, probability 0, space 0, times 0 [ 3321.515616] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3321.515616] program syz-executor.7 not setting count and/or reply_len properly [ 3321.516412] CPU: 1 PID: 17704 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3321.516421] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3321.516426] Call Trace: [ 3321.516447] dump_stack+0x107/0x167 [ 3321.516467] should_fail.cold+0x5/0xa [ 3321.516490] should_failslab+0x5/0x20 [ 3321.516506] __kmalloc_node_track_caller+0x74/0x3b0 [ 3321.516524] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3321.516547] __alloc_skb+0xb1/0x5b0 [ 3321.526142] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3321.526808] rtmsg_ifinfo+0x83/0x120 [ 3321.527342] __dev_notify_flags+0x22a/0x2c0 [ 3321.527956] ? dev_change_name+0x660/0x660 [ 3321.528559] ? __dev_change_flags+0x4cf/0x6e0 [ 3321.529199] ? dev_set_allmulti+0x30/0x30 [ 3321.529795] ? cap_capable+0x1cd/0x230 [ 3321.530357] ? full_name_hash+0xb5/0xf0 [ 3321.530939] dev_change_flags+0x100/0x160 [ 3321.531532] devinet_ioctl+0x14de/0x1db0 [ 3321.532118] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3321.532797] inet_ioctl+0x34f/0x390 [ 3321.533320] ? inet_dgram_connect+0x220/0x220 [ 3321.534017] ? __lock_acquire+0xbb1/0x5b00 [ 3321.534655] ? perf_trace_lock+0xac/0x490 [ 3321.535295] packet_ioctl+0xb3/0x260 [ 3321.535873] sock_do_ioctl+0xd3/0x300 [ 3321.536513] ? compat_ifr_data_ioctl+0x180/0x180 [ 3321.537236] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3321.538084] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3321.538888] ? do_vfs_ioctl+0x283/0x10d0 [ 3321.539487] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3321.540280] ? generic_block_fiemap+0x60/0x60 [ 3321.540922] sock_ioctl+0x3ea/0x700 [ 3321.541476] ? dlci_ioctl_set+0x30/0x30 [ 3321.542050] ? selinux_file_ioctl+0xb6/0x270 [ 3321.542740] ? dlci_ioctl_set+0x30/0x30 [ 3321.543313] __x64_sys_ioctl+0x19a/0x210 [ 3321.543930] do_syscall_64+0x33/0x40 [ 3321.544485] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3321.545242] RIP: 0033:0x7fa5db089b19 [ 3321.545793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3321.548519] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3321.549640] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3321.550845] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3321.552015] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3321.553125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3321.554419] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3321.564475] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3321.579294] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3321.579294] program syz-executor.7 not setting count and/or reply_len properly [ 3321.590867] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:04:01 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x500, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:04:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x9, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3321.798606] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3321.803525] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:04:19 executing program 0: ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x5, "f31a0000434ef9bab774bdcab95c000d00", 0x0, 0x8}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) r1 = socket$inet(0x2, 0xa, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)) r2 = getpgrp(0x0) r3 = pidfd_open(r2, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, 0x0) r4 = dup(r3) setns(r4, 0x2020000) r5 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) ioctl$SG_IO(r5, 0x2285, &(0x7f00000011c0)={0x53, 0xfffffffffffffffd, 0x0, 0x0, @buffer={0x0, 0x1031, &(0x7f0000001240)=""/4108}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000004c00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000004cc0)={0x0, 0x0, &(0x7f0000004c80)={&(0x7f0000004c40)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r5, &(0x7f0000000140)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x34, 0x0, 0x800, 0x70bd27, 0x25dfdbff, {{}, {@void, @void, @void}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x73}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3e}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x34}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x40) ioctl$DVD_READ_STRUCT(r5, 0x5390, &(0x7f0000000440)=@manufact={0x4, 0x2, 0x800, "00bc95e1d7c7526002994560cca3cb55b66678e5eaea2741345629a1cec02f007569e0842af897601b10179ce9c733b49449827210b73d70a774f7e48cea1c35a571cf104a8db9faf6c7f7a86647a7a3a4a1740d6e9722cbf84f0d9ec33b9bab22d97351d38686158264793722ee3b2516645cf01a1a9ae08aa9192b0aa2d521be5340caa28d3e9aca95d6c911bf19b56b60b59d718961708152c187c5ec50437a3df5039deb78aa1ff0d0c1dce7ff26bb1fbbd65861e3bd8db8c3eabd654b68db5d517f3cad2b86c70d81f32e2a06e473b6ca25df162c2c9c07bc413dca11294ad0405edf9d6960235bf04a490a886388edae8fe3dc39031f5cf8d64613ce9bd37486c957324e5f11cb734692496a2ea9f4a345751bc9c2fe871e70c7b6611549350cde91af83ff7b1c57a2b3fa51cb7019e32b4a56fc4a3f0f78c41e923aed5cb89ab79fb2b1d7d2264638ec688486438cb5bfcda5bd3336c0eca5c4eb49ec0284e9b1356de8e47797300221dae6b2dc5998e5616720ffc947ec2810b3c85b606781abf15f61154565f58d2492cc6a2c56dffa9ba7ab98278ed6ee13653b779b893d8494c76cebde9bc51ed405e27e8daf3d6a9c0e3a09f155d92887781b7e1d1bdca9c0618f5ed7e0c97917b349b694a3d9005f9a672cd522aee5946b70b962128c7702b069399bf489ddb076c5ea02fe2b9030823c4247a6d22cd8c59b4290c56d47ccfa5167f94e9bf5e66bf4fb99c0585598f1113e111eb23cff6482c3060b77f79a77f71e9a6d8fdf8a7311ef5c2eaf7b102e638b3cd28644c29855f14b30e9c0631ead0c314870a30615de4c1bda467575f75edaf7569a77ba047b8443d96d8c862006bfcc7c21b848904100527b69d39c5caf1c3aa038fec350da5c1cbcdec3def9c83b0fe0e3d5f044685ca4e3da91622fcf098a3d4a827740c771dcfc67298754a2a1601e363c35ba09e0191097ac1cb793653beb39885a70b00457010111f12223bc6d6b8dfc16c29e31e27a0bf6c35b421907f10cd41cedd40709d56d7b8e9e3531c1acebc0a5ad21dc1a18affe006320ea8b5d7c4fca00ba4028f802c97ca82c5b321867ae14d8ec57614c9bc5a8b0b7df20bc38585a32d3cf58ea3f9402c478d84c9312e1660648f67ad131560dc6a4932657afcda99b9d5cbf9c8d8e19798f86e62c1dcf4e4bfcdedefac0cd9d9d21cc692a1eb6b7d5b1b2c1a1a49ea7c3566fa56a9d2cc025332479e61fe3a750e20446ebece96faaa58a355e59fb83205c2b389243ecf8141c4a75ffe7281adb43074b88a501682b32c5153f9b79441306a130d17536eafbc70bfe91bb34cf4488d8624cc4fa287fa60b6502c2cc1a049b0afc6bee5a6240238d5ef0e762791121ed045a939dafdf1dfe996325fd552570887ffc7f3066e857015ee8cf082339375cc0989afe26e125bd66579d44c56c4ffe86507b5155ac7f47ef66629ed7b6b11db00c40ef262f5609733ef55b27370e8fbfea36500ba3e9687232eb9f2f6af04dfbfa79a64cd7bfab080648330776ff4088b0345f436f869f5aea2dbd1155bcd62cb858f694ea8e8ca34c418dc7ee051a1a041f0521abd04a7319f73d8fb902688e58a69c9043e8392ff1ddb95a9f6f7c72d5ca765c809901b9e4da6929e6ab98fdbed606854e05677b5fc04b46c7e77550bb2cac1747774d9f5bb41071a2edfdf7ca48303b65800ae56b1d4254d504555484040c8a6a7ff987cfd65e29c921d6aa356ab1ab3c9c3f493cb3c55b414d31cde83084e2183bc2e173f5872c252ffbc5c97ff6712d5934fdc512575dc5db977bf7d5d0b92fc13fcdfd04bafb59d28aeac0d8d5c105b1d648f07753c1fb731f883d0957b1c56138847f34b9b669511580ccbe523de0abf33ee0ae793d659cb2fae7bb1e546eb3d9c4b805499627618b9d0400ff60fdafaf975cb3a9663eb1efef94676dce8042f0d93f11e93d7fcd25d7535c7a37f57b2835b2aefa0108924efba0390da2d939630b6047eb7fff3395d421a27412fadd589e4673f4e3b86d92c51b8d2451812ce4623b2c5de86894519f6e72e381c8fa39ef43f95bd4c812936794f709556e89f9f1044fc59237da4b40406d74b630f4b558e0ca5a7e85f45968ee2162c5c787123f3165cea19f4998ba73ea99af14de50017ced399b32c65fcc3b0069f2393958c5b8fae29ce59e3de43ff2fe4f603b264190ca1ebf9763cef6d81b3b16e59210c72f53f064e3e877791cdbb836cfc3fa9ca97c8adf27f1d012fffc243a95e10adb0de9d1b375c15d4b94e6e1ff7a2b1a3162fccab6e526e8db185555acdf449e15f9fb8b60185c61fc2f838e9c258ab52ece9a38214b0e8d100da3681e215eee5a2052de65f2568d49744786e56185416a53934f627f3fbb460880e5e399993743cc048549a08f9a4a1e11210fdf0ed031a3c8f44cee83af55bf74948f51126d53e6808915d630a0ec0e31884c3ea8b9eacfbda96501b44c200bb7caf55032ae99324af341291df2183ef4a6b0cb2f0272007dac9589149953e61f01e027627dacb58d5edc892fbe29146b3bce72431ec4e2fb4fb7a03af2c2e94c7d68cf59c2f618eff3e7e06d0e03608ac678b325dc4c7bf5af32b215b65fa9a1bed17292a56e9131a8af0e22b79a91f66e5294c9dfd0ee6546978e0d3d5420649f10c1b9f917351cf824887011a8b4ed165b5db68d8f8d4dbd87d337e49f05873553fe5d0e34638851a273618f59ce5fe148ca149cce089a8f4301a5507404939cf4993b4afa6f9d2a76c40adcbf4607e0e293483194f7756ac3fa8f7e2eb28be0a251d0e70f428d06731a135a02b239ab8a0a79472002e08291a7242c41251cd36185a1b31a32ba3da99897886dc37fc9c4d2a8d1"}) ioctl$TUNSETLINK(r5, 0x400454cd, 0x339) dup3(r1, r0, 0x0) 05:04:19 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb2335b81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:04:19 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 17) 05:04:19 executing program 4: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x280) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000140)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r2, r1) 05:04:19 executing program 5: ftruncate(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x100, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$vcsn(0x0, 0x4, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) socket$nl_generic(0x10, 0x3, 0x10) r3 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38) lstat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000240)={r3, 0x5, 0x8, 0x3}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="ac7766646e6f3d", @ANYRESHEX=r3, @ANYBLOB=',posixacl,loose,version=9p2000.u,dfltgid=', @ANYRESHEX=r4, @ANYBLOB=',version=9p2000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',dont_hash,def#ontext=unconfined_u,measure,smackfshat=\',\'A,seclabel,pcr=00000000000000000051,defcontext=user_u,appraise,\x00']) setfsgid(r4) fchownat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', r1, r4, 0x100) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xfffffffc}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)) openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000005c0)={{{@in, @in6=@mcast2}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0xc, &(0x7f0000000480)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c0000001d00210c0000000000000000040002000000268000000000", @ANYRES32=r2, @ANYBLOB="1fde1d6c6fc02ddf24332086082f3d502fa1052f0d9676f885af7393ae874c01989744d9630a8dad542b71fee77049a5e39c4ede6fdd0ee1bff8124ece619b9ce50f8c84de314aad7f642e5ec7678954acc97800fe5d8c397177a9598177f9b7c086b33b065efbcea40bd1b1ba0dacd5a1b6bd6348dc6602a15ac60453314b8e18608d76677cafecf98c3df31db27a6534b646ade94f16dd8ace0177ebeeb94560cdd9645bb0b8cacd6dee67ca1c5bca1ce2396c02674c38cd61ea7959b65e758f0369af63902d46b28711f44fcddec8dfe83f382f8d44c6ce623a15c303a5430231a49be6721790fabd8dc78ff9dde9b1eca1b3b20df37c9327d861b5990b68e66e8aa05b3a76f5342fead7d6b6bc23af6b837eb47ed6a17292144865301c36d004cf34c5d24ca776537031a4a839b6df588ebf9120f8dad56652c50223e65f123e00052fe7fae6e655bab1a77cc95e33a290213a09c5eec051cbcbd1da65e76f072b5cfb7ddce0aaa5b9eafe22f6481adc88c2365d7a8b6057b5d80bd5e4426c9233f850fcf1aa9574a666a322604f7f0bd8e95bdd3122380c94c595c4ddd7cf20af4c4615fa76d7271c9dc634bd000f6792cb"], 0x1c}}, 0x0) 05:04:19 executing program 2: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_bp={&(0x7f0000000140), 0x8}, 0xdd48a83c10608be0, 0x0, 0x0, 0x2, 0x5, 0x1000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x45ae, 0x0, 0x2, 0x3b2, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000340)=0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, r3, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)="5224b66ba79b9e0e24cf04fc12a325a9d0ad6dcd07bb678f05f1f5cd10b249f8210145e6215a359b29358c799eec84b08e137abef8332947cc65a30f3b50698bfcc607a01d9d8176324df7c1f52a9fd33e59a5b3f6d0e4674fd2ee4f02680abeacaf57988fb8c2c58ceebfad0180f54d16962edbd2dcbf7d050063123e469777b214f250477a32b99cc71b7ad80e8fa9c3988edcc3e9352daefe2b8d29f93101281597afd1dd632ab49f11ab1b", 0xad}], 0x1, &(0x7f0000000440)=[{0x40, 0x116, 0x4, "5ce3af44101cf7b3a2fd251f93cdaf91adb5da22096fdaeb7a7624fe2f6b10621588516b9c43103e709394548dec80"}, {0x80, 0x10f, 0x80000001, "b66a82357945a1d25d27461d191cdda1afd928262345515fca72b47ffdc657147b745cfd84cf720fb76ee9087c3b87f691d7b0f4cb869261916e3bf2a5e47cc41fb8fc17b07fa801173b25dde00520fbcafdafe35ec61c8107ea6ae59ac2aa6cf921d3787bc41ba103e3"}, {0xb0, 0x88, 0x2, "5c9a7be0af0c7161434c242717bbdf7d3ea154b2071c91cb2a48fc0cb5713e03e4306707b92324d67b53172945abd9f6a23fefc0385e110a494bbea100f6d4caf1e42fe3ba0e5fb27190d457670649495fdad24e8355f810db0743da2ff923e33f83444c6e470699841799da18bd7456106ef91ae6f464cbb9b9001f14b3e6bf20bdc1819889a3d259b1ce19b8f6213c55ff1438a1f41902cc"}], 0x170}, 0x0, 0x28800, 0x0, {0x0, r4}}, 0x1) io_uring_enter(r0, 0x76d2, 0x0, 0x0, 0x0, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0) creat(&(0x7f0000000240)='./file1\x00', 0xc1) write$binfmt_elf64(r5, &(0x7f0000000100)=ANY=[], 0xfdef) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x230}, {r6}, {0xffffffffffffffff, 0x4}, {r5, 0x408}, {r5, 0x108}], 0x5, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)={[0x8]}, 0x8) fallocate(r5, 0x8, 0x0, 0x8000) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r6, 0x80286722, &(0x7f0000000300)={&(0x7f00000001c0)=""/89, 0x59, 0x80000001, 0x6}) openat(r5, &(0x7f0000000180)='./file0\x00', 0x351201, 0x3) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) 05:04:19 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0xf, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:04:19 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x600, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3339.004438] device veth0_vlan entered promiscuous mode [ 3339.005311] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3339.005311] program syz-executor.7 not setting count and/or reply_len properly [ 3339.006022] FAULT_INJECTION: forcing a failure. [ 3339.006022] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3339.006043] CPU: 0 PID: 17742 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3339.006054] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3339.006061] Call Trace: [ 3339.006086] dump_stack+0x107/0x167 [ 3339.006112] should_fail.cold+0x5/0xa [ 3339.006140] __alloc_pages_nodemask+0x182/0x600 [ 3339.006169] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3339.020312] ? __kmalloc_node_track_caller+0x393/0x3b0 [ 3339.021518] alloc_pages_current+0x187/0x280 [ 3339.022519] allocate_slab+0x26f/0x380 [ 3339.023405] ___slab_alloc+0x470/0x700 [ 3339.024301] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3339.025395] ? mark_held_locks+0x9e/0xe0 [ 3339.026337] ? __kmalloc_node_track_caller+0x393/0x3b0 [ 3339.027516] __kmalloc_node_track_caller+0x393/0x3b0 [ 3339.028703] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3339.029791] __alloc_skb+0xb1/0x5b0 [ 3339.030653] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3339.031695] rtmsg_ifinfo+0x83/0x120 [ 3339.032636] __dev_notify_flags+0x22a/0x2c0 [ 3339.033621] ? dev_change_name+0x660/0x660 [ 3339.034570] ? __dev_change_flags+0x4cf/0x6e0 [ 3339.035600] ? dev_set_allmulti+0x30/0x30 [ 3339.036547] ? cap_capable+0x1cd/0x230 [ 3339.037437] ? full_name_hash+0xb5/0xf0 [ 3339.038349] dev_change_flags+0x100/0x160 [ 3339.038760] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3339.038760] program syz-executor.7 not setting count and/or reply_len properly [ 3339.039277] devinet_ioctl+0x14de/0x1db0 [ 3339.039307] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3339.039342] inet_ioctl+0x34f/0x390 [ 3339.045175] ? inet_dgram_connect+0x220/0x220 [ 3339.046187] ? __lock_acquire+0xbb1/0x5b00 [ 3339.047142] ? perf_trace_lock+0xac/0x490 [ 3339.048056] packet_ioctl+0xb3/0x260 [ 3339.048875] sock_do_ioctl+0xd3/0x300 [ 3339.049716] ? compat_ifr_data_ioctl+0x180/0x180 [ 3339.050760] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3339.052023] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3339.053155] ? do_vfs_ioctl+0x283/0x10d0 [ 3339.054063] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3339.055212] ? generic_block_fiemap+0x60/0x60 [ 3339.056209] sock_ioctl+0x3ea/0x700 [ 3339.057020] ? dlci_ioctl_set+0x30/0x30 [ 3339.057906] ? selinux_file_ioctl+0xb6/0x270 [ 3339.058876] ? dlci_ioctl_set+0x30/0x30 [ 3339.059752] __x64_sys_ioctl+0x19a/0x210 [ 3339.060652] do_syscall_64+0x33/0x40 [ 3339.061472] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3339.062598] RIP: 0033:0x7fa5db089b19 [ 3339.063429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3339.067396] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3339.069034] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3339.070592] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3339.072158] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3339.073731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3339.075296] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3339.077145] hpet: Lost 3 RTC interrupts [ 3339.090930] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 3339.126160] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3339.150954] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:04:19 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb2355b81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3339.163573] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:04:19 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 18) [ 3339.250173] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 3339.307660] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3339.307660] program syz-executor.7 not setting count and/or reply_len properly [ 3339.357037] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3339.357037] program syz-executor.7 not setting count and/or reply_len properly [ 3339.470265] device veth0_vlan entered promiscuous mode [ 3339.471665] FAULT_INJECTION: forcing a failure. [ 3339.471665] name failslab, interval 1, probability 0, space 0, times 0 [ 3339.473741] CPU: 1 PID: 17762 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3339.474856] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3339.476364] Call Trace: [ 3339.476792] dump_stack+0x107/0x167 [ 3339.477411] should_fail.cold+0x5/0xa [ 3339.478144] should_failslab+0x5/0x20 [ 3339.478776] __kmalloc_node_track_caller+0x74/0x3b0 [ 3339.479836] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3339.480597] __alloc_skb+0xb1/0x5b0 [ 3339.481182] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3339.482036] rtmsg_ifinfo+0x83/0x120 [ 3339.482645] __dev_notify_flags+0x22a/0x2c0 [ 3339.483511] ? dev_change_name+0x660/0x660 [ 3339.484242] ? __dev_change_flags+0x4cf/0x6e0 [ 3339.484958] ? dev_set_allmulti+0x30/0x30 [ 3339.485623] ? cap_capable+0x1cd/0x230 [ 3339.486367] ? full_name_hash+0xb5/0xf0 [ 3339.487156] dev_change_flags+0x100/0x160 [ 3339.487895] devinet_ioctl+0x14de/0x1db0 [ 3339.488600] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3339.489285] inet_ioctl+0x34f/0x390 [ 3339.489870] ? inet_dgram_connect+0x220/0x220 [ 3339.490599] ? __lock_acquire+0xbb1/0x5b00 [ 3339.491252] ? perf_trace_lock+0xac/0x490 [ 3339.491923] packet_ioctl+0xb3/0x260 [ 3339.492509] sock_do_ioctl+0xd3/0x300 [ 3339.493124] ? compat_ifr_data_ioctl+0x180/0x180 [ 3339.493873] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3339.494795] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3339.495586] ? do_vfs_ioctl+0x283/0x10d0 [ 3339.496237] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3339.497066] ? generic_block_fiemap+0x60/0x60 [ 3339.497796] sock_ioctl+0x3ea/0x700 [ 3339.498382] ? dlci_ioctl_set+0x30/0x30 [ 3339.499011] ? selinux_file_ioctl+0xb6/0x270 [ 3339.499715] ? dlci_ioctl_set+0x30/0x30 [ 3339.500327] __x64_sys_ioctl+0x19a/0x210 [ 3339.500980] do_syscall_64+0x33/0x40 [ 3339.501581] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3339.502404] RIP: 0033:0x7fa5db089b19 [ 3339.502970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3339.505970] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3339.507125] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3339.508370] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3339.509745] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3339.510876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3339.512003] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 05:04:36 executing program 0: ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x5, "f31a0000434ef9bab774bdcab95c000d00", 0x0, 0x8}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) r1 = socket$inet(0x2, 0xa, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)) r2 = getpgrp(0x0) r3 = pidfd_open(r2, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, 0x0) r4 = dup(r3) setns(r4, 0x2020000) r5 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) ioctl$SG_IO(r5, 0x2285, &(0x7f00000011c0)={0x53, 0xfffffffffffffffd, 0x0, 0x0, @buffer={0x0, 0x1031, &(0x7f0000001240)=""/4108}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000004c00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000004cc0)={0x0, 0x0, &(0x7f0000004c80)={&(0x7f0000004c40)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r5, &(0x7f0000000140)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x34, 0x0, 0x800, 0x70bd27, 0x25dfdbff, {{}, {@void, @void, @void}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x73}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3e}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x34}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x40) ioctl$DVD_READ_STRUCT(r5, 0x5390, &(0x7f0000000440)=@manufact={0x4, 0x2, 0x800, "00bc95e1d7c7526002994560cca3cb55b66678e5eaea2741345629a1cec02f007569e0842af897601b10179ce9c733b49449827210b73d70a774f7e48cea1c35a571cf104a8db9faf6c7f7a86647a7a3a4a1740d6e9722cbf84f0d9ec33b9bab22d97351d38686158264793722ee3b2516645cf01a1a9ae08aa9192b0aa2d521be5340caa28d3e9aca95d6c911bf19b56b60b59d718961708152c187c5ec50437a3df5039deb78aa1ff0d0c1dce7ff26bb1fbbd65861e3bd8db8c3eabd654b68db5d517f3cad2b86c70d81f32e2a06e473b6ca25df162c2c9c07bc413dca11294ad0405edf9d6960235bf04a490a886388edae8fe3dc39031f5cf8d64613ce9bd37486c957324e5f11cb734692496a2ea9f4a345751bc9c2fe871e70c7b6611549350cde91af83ff7b1c57a2b3fa51cb7019e32b4a56fc4a3f0f78c41e923aed5cb89ab79fb2b1d7d2264638ec688486438cb5bfcda5bd3336c0eca5c4eb49ec0284e9b1356de8e47797300221dae6b2dc5998e5616720ffc947ec2810b3c85b606781abf15f61154565f58d2492cc6a2c56dffa9ba7ab98278ed6ee13653b779b893d8494c76cebde9bc51ed405e27e8daf3d6a9c0e3a09f155d92887781b7e1d1bdca9c0618f5ed7e0c97917b349b694a3d9005f9a672cd522aee5946b70b962128c7702b069399bf489ddb076c5ea02fe2b9030823c4247a6d22cd8c59b4290c56d47ccfa5167f94e9bf5e66bf4fb99c0585598f1113e111eb23cff6482c3060b77f79a77f71e9a6d8fdf8a7311ef5c2eaf7b102e638b3cd28644c29855f14b30e9c0631ead0c314870a30615de4c1bda467575f75edaf7569a77ba047b8443d96d8c862006bfcc7c21b848904100527b69d39c5caf1c3aa038fec350da5c1cbcdec3def9c83b0fe0e3d5f044685ca4e3da91622fcf098a3d4a827740c771dcfc67298754a2a1601e363c35ba09e0191097ac1cb793653beb39885a70b00457010111f12223bc6d6b8dfc16c29e31e27a0bf6c35b421907f10cd41cedd40709d56d7b8e9e3531c1acebc0a5ad21dc1a18affe006320ea8b5d7c4fca00ba4028f802c97ca82c5b321867ae14d8ec57614c9bc5a8b0b7df20bc38585a32d3cf58ea3f9402c478d84c9312e1660648f67ad131560dc6a4932657afcda99b9d5cbf9c8d8e19798f86e62c1dcf4e4bfcdedefac0cd9d9d21cc692a1eb6b7d5b1b2c1a1a49ea7c3566fa56a9d2cc025332479e61fe3a750e20446ebece96faaa58a355e59fb83205c2b389243ecf8141c4a75ffe7281adb43074b88a501682b32c5153f9b79441306a130d17536eafbc70bfe91bb34cf4488d8624cc4fa287fa60b6502c2cc1a049b0afc6bee5a6240238d5ef0e762791121ed045a939dafdf1dfe996325fd552570887ffc7f3066e857015ee8cf082339375cc0989afe26e125bd66579d44c56c4ffe86507b5155ac7f47ef66629ed7b6b11db00c40ef262f5609733ef55b27370e8fbfea36500ba3e9687232eb9f2f6af04dfbfa79a64cd7bfab080648330776ff4088b0345f436f869f5aea2dbd1155bcd62cb858f694ea8e8ca34c418dc7ee051a1a041f0521abd04a7319f73d8fb902688e58a69c9043e8392ff1ddb95a9f6f7c72d5ca765c809901b9e4da6929e6ab98fdbed606854e05677b5fc04b46c7e77550bb2cac1747774d9f5bb41071a2edfdf7ca48303b65800ae56b1d4254d504555484040c8a6a7ff987cfd65e29c921d6aa356ab1ab3c9c3f493cb3c55b414d31cde83084e2183bc2e173f5872c252ffbc5c97ff6712d5934fdc512575dc5db977bf7d5d0b92fc13fcdfd04bafb59d28aeac0d8d5c105b1d648f07753c1fb731f883d0957b1c56138847f34b9b669511580ccbe523de0abf33ee0ae793d659cb2fae7bb1e546eb3d9c4b805499627618b9d0400ff60fdafaf975cb3a9663eb1efef94676dce8042f0d93f11e93d7fcd25d7535c7a37f57b2835b2aefa0108924efba0390da2d939630b6047eb7fff3395d421a27412fadd589e4673f4e3b86d92c51b8d2451812ce4623b2c5de86894519f6e72e381c8fa39ef43f95bd4c812936794f709556e89f9f1044fc59237da4b40406d74b630f4b558e0ca5a7e85f45968ee2162c5c787123f3165cea19f4998ba73ea99af14de50017ced399b32c65fcc3b0069f2393958c5b8fae29ce59e3de43ff2fe4f603b264190ca1ebf9763cef6d81b3b16e59210c72f53f064e3e877791cdbb836cfc3fa9ca97c8adf27f1d012fffc243a95e10adb0de9d1b375c15d4b94e6e1ff7a2b1a3162fccab6e526e8db185555acdf449e15f9fb8b60185c61fc2f838e9c258ab52ece9a38214b0e8d100da3681e215eee5a2052de65f2568d49744786e56185416a53934f627f3fbb460880e5e399993743cc048549a08f9a4a1e11210fdf0ed031a3c8f44cee83af55bf74948f51126d53e6808915d630a0ec0e31884c3ea8b9eacfbda96501b44c200bb7caf55032ae99324af341291df2183ef4a6b0cb2f0272007dac9589149953e61f01e027627dacb58d5edc892fbe29146b3bce72431ec4e2fb4fb7a03af2c2e94c7d68cf59c2f618eff3e7e06d0e03608ac678b325dc4c7bf5af32b215b65fa9a1bed17292a56e9131a8af0e22b79a91f66e5294c9dfd0ee6546978e0d3d5420649f10c1b9f917351cf824887011a8b4ed165b5db68d8f8d4dbd87d337e49f05873553fe5d0e34638851a273618f59ce5fe148ca149cce089a8f4301a5507404939cf4993b4afa6f9d2a76c40adcbf4607e0e293483194f7756ac3fa8f7e2eb28be0a251d0e70f428d06731a135a02b239ab8a0a79472002e08291a7242c41251cd36185a1b31a32ba3da99897886dc37fc9c4d2a8d1"}) ioctl$TUNSETLINK(r5, 0x400454cd, 0x339) dup3(r1, r0, 0x0) 05:04:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x48, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:04:36 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 19) 05:04:36 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1810c1, 0x0) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x4040, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="af", 0x1}], 0x1) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x8000) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_io_uring_setup(0x5c49, &(0x7f0000000240)={0x0, 0x0, 0x23, 0x0, 0x27b}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000300)) ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4000006}) creat(&(0x7f0000000080)='./file1\x00', 0x80) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f000005fb40)={0x4, [], 0x0, "83da7ce32c2bd4"}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000340)={{0x3}, 'port0\x00', 0x24, 0x20440, 0x4, 0x3f, 0x3, 0x9, 0x89, 0x0, 0x1, 0xd4}) r6 = openat$cgroup_freezer_state(r0, &(0x7f0000000180), 0x2, 0x0) copy_file_range(0xffffffffffffffff, 0x0, r6, 0x0, 0x20, 0x0) setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x4, 0x4) pidfd_getfd(r1, r1, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000400)) syz_io_uring_submit(r5, 0x0, &(0x7f0000000500)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd=r3, 0x0, 0x0, 0x5, 0x3, 0x1, {0x0, 0x0, r2}}, 0x200) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x2}) 05:04:36 executing program 2: openat(0xffffffffffffffff, 0x0, 0x0, 0x3a1) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x101}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) lseek(r0, 0x3, 0xb5e46223464a3991) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000040), 0x4) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) shutdown(r2, 0x1) open(&(0x7f0000000240)='./file1\x00', 0x660002, 0x1a) setsockopt$inet6_udp_int(r1, 0x11, 0x1, &(0x7f0000000000)=0x8, 0x4) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xda8, @any, 0x0, 0x2}, 0xe) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_bond\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) sendmmsg$inet6(r1, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105142, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0) 05:04:36 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb23b6b81bf74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:04:36 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x700, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:04:36 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xc, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x9) [ 3356.548862] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3356.551695] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:04:36 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) ioctl$TCGETA(r3, 0x5405, &(0x7f0000000600)) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r4, 0x0, 0xa1, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r5, 0x0, r6, 0x0, 0xa1, 0x0) setsockopt$inet6_tcp_TLS_RX(r6, 0x6, 0x2, &(0x7f0000000640)=@gcm_128={{0x303}, "40f4882b63a257e1", "6527d2b3e132b3ecb5023c2e7058b44c", "b0bbe0e7", "32ff553e603a1920"}, 0x28) sendmsg$inet6(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0xa, 0x4e23, 0x9, @empty, 0x5}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)="a6e5cb251b4dfe76bc58dea53f3d48f4aef51047fad5775a39d2f55d81fc5f6c8864e1d74e73f0f00b613956b57f4f9fd9c834363aaea3b8a19acfb1b229e4c35c7e7d0ce54b793be436ecd78b130d4b7879f47fd45c5c6d88c487c5bd1b6077386c16ef8c8e7859900659d3f731c31856b989f5eb2e5e3ea3213b4977544315859a043f1d59c34868839260ed83d709a4442d279b643de99b5eaf0510e117421dd40eb7acea965c176bdee91f3b16306f4a72c30e380044f70d7c014ec9b0c06595895aeeff5b252483bb37e5b72e6e1e9bd449ab93c01d218d2663d3eade6c5cc725ac24", 0xe5}, {&(0x7f0000000280)="67251bb3988ed4d38b69a3cc388f863310a034b9864085f892e48e32bbae52def2f14ea38d9ef335128d6c9616f76ea0d9091996b300fa85816531eb67de195fca39fc144a9601fe8ce00cd974b6d17ea822a825e417601103e6f51ed28833e171a61984c61a5c6bbac4d6362c349063744519ef43e36991cab1c3c915cf9acca0ee7eca998a29f003e3975383b4659ec9bf6f1341f94d7f1f87806dd7ca59438d2e18dd6bb1e93319f9fa8df8f1089e59fa87d809345c734d7f3917dd078e8b", 0xc0}], 0x2, &(0x7f0000000340)=[@rthdrdstopts={{0x30, 0x29, 0x37, {0x0, 0x2, '\x00', [@hao={0xc9, 0x10, @private1}, @pad1]}}}, @dstopts_2292={{0x28, 0x29, 0x4, {0x87, 0x1, '\x00', [@enc_lim, @pad1, @pad1]}}}, @hopopts_2292={{0x150, 0x29, 0x36, {0x84, 0x26, '\x00', [@calipso={0x7, 0x40, {0x2, 0xe, 0x8, 0x2, [0x6, 0x6, 0x8000, 0x4, 0x5a2800000000, 0x5, 0x1]}}, @padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @mcast1}, @jumbo={0xc2, 0x4, 0x81}, @generic={0x3f, 0xba, "c5d466776be8e9408e533a6a66459fdb973838c300ba04aa33a56150e9da162e95cfff6dec1f470340cd5bc607d80c3ff768d9c8c5cc601858079b8284f5fb8e0818b368c9ff035185eaf2832aaa4cbc53eb592c8bd71886daf8bd9e8c2ad39e954bffc7f9f7b155e5bbe5c673a470ff021624929199264854bebb1c7a83fadd5ce0cb064f7545b19705dfd9722decd546d212ec1680d5ec41ff0d733a75174f502da27249aa1a8e17105253c9ba6cbb4f8acff2c649681eef6f"}, @hao={0xc9, 0x10, @loopback}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0xb7}}, @pktinfo={{0x24, 0x29, 0x32, {@private1={0xfc, 0x1, '\x00', 0x1}}}}, @hoplimit={{0x14, 0x29, 0x34, 0x6}}, @dstopts={{0x38, 0x29, 0x37, {0x0, 0x3, '\x00', [@jumbo={0xc2, 0x4, 0x3ff}, @jumbo={0xc2, 0x4, 0x3}, @pad1, @pad1, @padn={0x1, 0x2, [0x0, 0x0]}, @pad1]}}}, @dstopts_2292={{0x28, 0x29, 0x4, {0x33, 0x1, '\x00', [@jumbo={0xc2, 0x4, 0x8}, @ra={0x5, 0x2, 0x7f}]}}}], 0x260}, 0x8800) dup2(r1, r0) 05:04:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x4c, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3356.640458] device veth0_vlan entered promiscuous mode [ 3356.643491] FAULT_INJECTION: forcing a failure. [ 3356.643491] name failslab, interval 1, probability 0, space 0, times 0 [ 3356.646266] CPU: 0 PID: 17781 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3356.647919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3356.649837] Call Trace: [ 3356.650463] dump_stack+0x107/0x167 [ 3356.651282] should_fail.cold+0x5/0xa [ 3356.652164] should_failslab+0x5/0x20 [ 3356.653095] __kmalloc_node_track_caller+0x74/0x3b0 [ 3356.654217] ? netlink_trim+0x1ee/0x250 [ 3356.655122] pskb_expand_head+0x15a/0x1040 [ 3356.656128] netlink_trim+0x1ee/0x250 [ 3356.657016] netlink_broadcast_filtered+0x60/0xdc0 [ 3356.658114] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3356.659209] ? rtmsg_ifinfo_build_skb+0xd1/0x1a0 [ 3356.660271] nlmsg_notify+0x94/0x290 [ 3356.661123] rtmsg_ifinfo+0xf0/0x120 [ 3356.662005] __dev_notify_flags+0x22a/0x2c0 [ 3356.662948] ? dev_change_name+0x660/0x660 05:04:36 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb800400000d05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3356.663887] ? __dev_change_flags+0x4cf/0x6e0 [ 3356.664958] ? dev_set_allmulti+0x30/0x30 [ 3356.665875] ? cap_capable+0x1cd/0x230 [ 3356.666739] ? full_name_hash+0xb5/0xf0 [ 3356.667620] dev_change_flags+0x100/0x160 [ 3356.668596] devinet_ioctl+0x14de/0x1db0 [ 3356.669523] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3356.670532] inet_ioctl+0x34f/0x390 [ 3356.671330] ? inet_dgram_connect+0x220/0x220 [ 3356.672347] ? __lock_acquire+0xbb1/0x5b00 [ 3356.673350] ? perf_trace_lock+0xac/0x490 [ 3356.674283] packet_ioctl+0xb3/0x260 [ 3356.675115] sock_do_ioctl+0xd3/0x300 [ 3356.675949] ? compat_ifr_data_ioctl+0x180/0x180 [ 3356.677013] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3356.678307] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3356.679449] ? do_vfs_ioctl+0x283/0x10d0 [ 3356.680329] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3356.681488] ? generic_block_fiemap+0x60/0x60 [ 3356.682488] sock_ioctl+0x3ea/0x700 [ 3356.683295] ? dlci_ioctl_set+0x30/0x30 [ 3356.684177] ? selinux_file_ioctl+0xb6/0x270 [ 3356.685167] ? dlci_ioctl_set+0x30/0x30 [ 3356.686072] __x64_sys_ioctl+0x19a/0x210 [ 3356.686972] do_syscall_64+0x33/0x40 [ 3356.687791] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3356.688915] RIP: 0033:0x7fa5db089b19 [ 3356.689735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3356.693876] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3356.695532] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3356.697100] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3356.698654] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3356.700227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3356.701800] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3356.703655] hpet: Lost 2 RTC interrupts 05:04:36 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x900, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3356.715035] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. 05:04:37 executing program 5: ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x40, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x10001, 0x0) syz_io_uring_setup(0x45e0, &(0x7f0000000140)={0x0, 0xd1ed, 0x10, 0x3, 0xff}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)) r3 = io_uring_setup(0x5204, &(0x7f0000000100)) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0x5, 0x0, r4) syz_io_uring_submit(r2, 0x0, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x1, 0x0, r0, 0x80, &(0x7f00000001c0)=@ieee802154={0x24, @short}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x81) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r5, 0x0, 0x20d315) 05:04:37 executing program 2: fsetxattr$security_selinux(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$BTRFS_IOC_QUOTA_RESCAN(r0, 0x4040942c, &(0x7f00000000c0)={0x0, 0x0, [0x5]}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000040)=0x5, 0x4) fstatfs(0xffffffffffffffff, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) signalfd(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c40000001d00210ccde40000000000000400020014001180c09801a7c9c7dba09475f251c743092f0800310043e6cf345f13be85938dbd3913a463", @ANYRES32, @ANYRES32, @ANYBLOB], 0xc4}}, 0x0) 05:04:37 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 20) [ 3356.942328] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:04:37 executing program 0: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x1cbb43, 0x0) ioctl$DVD_READ_STRUCT(r1, 0x530d, &(0x7f0000000680)=@disckey={0x2, 0x0, "d816b4eeb5ed0f6cbd4aa21437a1e14b015ca67fbdafedda3167468b540217b989d8d25f6b7c121f1584375ac07d85cb35a73af1ec0c0d10cf1d15e7d48df0131c7b838100c2ac9bfd5f8ea08056123e373ba4f462ce2328ba5654f784e1290b0d9f0104049a2d5ec44cb10c3ccca633faa95bb1304e4bc3663d33048b95cc801dcc466ec7cddd7402d1f9b00e36d874450f021b1ec56fd8c95814e51cef00808bc3e790c8fa9a5bdc3ab3b82e8303b42f4ff8a51a5db6c0528ddff0c0fd3c4f39295afc0139bf481c202630225344949ec60860b9368ecf39c4fa52c7321ecb68b6e8d5dc42ac538bf6003260d528c2cfc416c364510d0a2305bd8183446be7276df89170abd783d8213661f210165ee3fb08905de8cdee62b03bab4cddf9707158f9bb031dc7db1623c5017d8e56e7ae1d267e7a60746b7fd1fbd755b15e56761b64b7691ad82d197d77b65342f868f184e11ebcb01efb123111040b6fc7a05e88566a2caac9a94211481a7850ff8d567ad3b8af5714fb4f5803b27ded8c2a53be0653e5f7bbac9f3d7d1c9cf7914d0f48301f011caa35aed450c46a539ce5090a8a890aefa285ddf902d68a33aef089f170bc293ef30786538aab9fc123aabe353a0a3d3b42b603d5af1fabe87d84f7f6b3892418922ada202f302e63c52e82618b82609eed5ecc214378f77eca4bb4b0f902a79d354c4e2ac84b20e441a48d260f0348b72d92f1da308797af336107bed13bfbb0a7526dea1ffbcb41c849f32c47d932c2058d042094fadc2502c035adf64161956c06849fb65040d10f7fa903dd736c7f3f56534d87917fb6287431a7f47b6c57cfc53c853ac159687a99493c863ec53c6ecee9ec63794b96c3c9b717112f3d8b1646bb6227cc51d2107d1222b07af3a1442108602720c864c1191b66da82d666f87d583a3addaa3c77e75f4d806cc3f57e7959d68fa71961d77d0e1517298a0ef33db33bbd4f87976f7b97bceb1918da6e42534abac8dfa34cb9773f530651ab030f9377d780195bf6b45c6b3bc28c3f36579ab2e987451480b42e02ec4e6af067e7f928fe7d2bb0ac4d4e69e049fb4db793020e7c552b10a43ee1dc5f385d44b9675239f751adc7d186a69b5c98435c69dde03c24e3f51d09fa68be94fdc1089f483a57ab8afa0e86d7e8f77cbb5824f9be148fc3bb0dc25554eb902a4b6bfef0ea2ed726a8c7e1bf047345b1af189ae2ca074ce02dd26fc75d9451cce326922ad17e2597af5644073421b0d3154d05672d698163a45ba8b9be9a39a02adb670cc3f204377dd127bb3834801e449cae9411fbd0f18e1fa3a4696c416c3c1ce2f190aa6adb9b16e0013506648044d454b8364efc5635a08725c6f56a759b712cd6be9a57fc38b56bcea0787d9238fe0c58a24d11947477aba806fc8d8b3cde3675e42cea7754dae1f989beb88cf63d0c7644e1fcfe89b0daa1363fbe250987ee553de68db91b164fbb63741be79c74a0fbbc3d0159a2392a4bc97c592581b0d68644fe106d5247ba4c8c5bf340f49baf666c697dd0a308c5593b88e2fa24588e7048e8dcdbe3a04e66e27afa9472029991e2c55f5ebd57fa43c6c34580ac5fbfec4fb42647ab6f9ab9ba89dc2bfea62b1f2ef1121f74d558053ce118f234aaba0beccc1fd1a3756a2863c278ac0daa1abe60117995b734fa9becdf28fc8b9b6b74d09735924af6993ceea5f28031788bb0da7c0ee42631d9a9b94d1894bdcfeb9a749875c9a808b00537e8a5e5683cb64edf1ec277c59c7785ea065300689ef68ab1dd88ef3eb0ef9308537cf94e325db0cebbbc9191b5b25f089ed6e2160531492a809e4c8620205538f22ad83de4f630a887a15598be630832a2c722384877b08e34158272fe30dea834b81bb1c0e72e20f7e797b367c76e7a8f4842aae503975f9468fafc54b413a7a4682bf57110217357643206f3458d47bfda33f1b7bb00e31bbcb00c852981e9621fddc409c89ccd8cd80a3cc8789521781ed9ed06457359869d9c1a825c2fee335ed34b58a478207b8fdbdf65cbbf13f3ecc3180b9b05ec3737225d98f3fe0f3191d814257e367b1d776264b9bdf7d13f72d5a6c3a25c2eff14bd3b6b390ecb69202de1c2361803f5fc1a2451c26fa07189d0c1d0487a40e4554049ed58b0b96b24979c1733088581ce160fe25558ff4abfb9163023ee5a399657a871b7e8656d1e1ab66abd679826d7d4ec0d45e64ba367c5496abbb4cbff84d90b048c0380b034ff2045a019fda0c889f91da736db35bff4fae836cb5b0b6f3b729461512d331b3e7fb75c48785c93f1abd7f5eb5266ca72b3e4c74e080010804855aea80162a776a791b2783de5755fea37d1f2fe4388a08e9a900d9bddfa2b51f71404f115b912759d6db1ddd65740a5e0dc98b7d02e822cdac9ed61fc56737b2eccad390e875fc6b29c7dca4c95f57a58dcbac155b13e37d312ceeba26423d1fe727880ae6b717cd2e2d14d411f8993937175f0e45c54d89bce23e423c7a0908f792531181e967adb8ea98bba790d7543884490e267af33088b039fbb13190da91f43fef1caf031a1e1fe6a681dbd88811b70357e01dceaa10531000eef7fdc9c127dcef089d00100b89ad38e774a768289770ad3b09c9e17d052f7868f0739e9b0b08a582f0e2757980486179d00f125f469f003163143b00087c816a81912cb2c2edd7c3f0857a9156fd6a956a93eac5de14ac884e0bf1f4241ac5267e75d1b167927b65e396175c9b1048275ad9319668f94395764f87834cd4645d153955af3843c20fc23f43cfb3c4400000080c0bb136d1341791782b3809987fda27aa4dac61ce13276470070e05ac4aca1ec4a9394f19e875800"}) r2 = creat(0x0, 0x0) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000002c0)=0x0) r4 = open_tree(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', 0x1000) perf_event_open(&(0x7f0000000240)={0x4, 0x80, 0x59, 0x2, 0xc0, 0x1f, 0x0, 0xb, 0x1c010, 0x4, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xffffdb55, 0x0, @perf_bp={&(0x7f0000000340), 0x4}, 0x688, 0x78, 0x6, 0x8, 0x9, 0x4, 0x0, 0x0, 0x40, 0x0, 0x3}, r3, 0x6, r4, 0x9) sendmsg$NFT_MSG_GETTABLE(0xffffffffffffffff, 0x0, 0x4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0xc) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000380)=ANY=[@ANYBLOB="e10000000100000018000000", @ANYRES32=r0, @ANYBLOB="02000000000000002e2366696c653000ac62014fff4df25470616c116bcf52a6b280afcaa57a4cabbb3931c0a6f496b3b0ac251ca3149c6866c106a3187b7e8084d5"]) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x1, 0x40, 0x80, 0x3f, 0x0, 0x4, 0x0, 0xe, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, @perf_config_ext={0xfffffffffffffffe, 0x6}, 0x6002, 0x800001, 0x1, 0x9, 0x6, 0x1, 0x6, 0x0, 0x4, 0x0, 0x10000}, r5, 0xe, r6, 0x3) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0) r7 = openat(r1, &(0x7f0000000000)='./file0\x00', 0x208000, 0x100) bind$unix(r7, &(0x7f0000000180)=@file={0x0, './file1\x00'}, 0x6e) [ 3356.964933] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3356.965169] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3356.965169] program syz-executor.7 not setting count and/or reply_len properly [ 3356.989980] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3356.989980] program syz-executor.7 not setting count and/or reply_len properly 05:04:37 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb830f74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:04:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x68, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:04:37 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0xf00, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:04:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) [ 3357.207656] device veth0_vlan entered promiscuous mode [ 3357.219627] FAULT_INJECTION: forcing a failure. [ 3357.219627] name failslab, interval 1, probability 0, space 0, times 0 [ 3357.222366] CPU: 0 PID: 17816 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3357.223884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3357.225804] Call Trace: [ 3357.226399] dump_stack+0x107/0x167 [ 3357.227211] should_fail.cold+0x5/0xa [ 3357.228043] ? ____ip_mc_inc_group+0x277/0xca0 [ 3357.229062] ? ____ip_mc_inc_group+0x277/0xca0 [ 3357.230059] should_failslab+0x5/0x20 [ 3357.230898] kmem_cache_alloc_trace+0x55/0x320 [ 3357.231948] ____ip_mc_inc_group+0x277/0xca0 05:04:37 executing program 2: ftruncate(0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000040)={0x0, @loopback, @loopback}, 0xc) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r1 = fsmount(0xffffffffffffffff, 0x0, 0x4) lseek(r0, 0x800, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x75, 0x0, 0x3f, 0x4c, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f00000000c0)) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0) lseek(r4, 0x2, 0x0) mknodat$null(r4, &(0x7f0000000000)='./file1\x00', 0x2000, 0x103) r5 = openat(r1, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r5, 0x0, 0x100000001) [ 3357.232934] ? kfree_skbmem+0xef/0x1b0 [ 3357.233910] ? ip_mc_add_src+0xe00/0xe00 [ 3357.234813] ip_mc_up+0x14b/0x3a0 [ 3357.235577] inetdev_event+0xbe3/0x1610 [ 3357.236459] ? devinet_init_net+0x650/0x650 [ 3357.237429] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3357.238595] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3357.239728] ? nh_netdev_event+0x8c/0x370 [ 3357.240658] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3357.241816] raw_notifier_call_chain+0xb3/0x110 [ 3357.242848] call_netdevice_notifiers_info+0xb5/0x130 [ 3357.243972] __dev_notify_flags+0x110/0x2c0 [ 3357.244930] ? dev_change_name+0x660/0x660 [ 3357.245860] ? __dev_change_flags+0x4cf/0x6e0 [ 3357.246865] ? dev_set_allmulti+0x30/0x30 [ 3357.247785] ? cap_capable+0x1cd/0x230 [ 3357.248681] ? full_name_hash+0xb5/0xf0 [ 3357.249575] dev_change_flags+0x100/0x160 [ 3357.250526] devinet_ioctl+0x14de/0x1db0 [ 3357.251433] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3357.252432] inet_ioctl+0x34f/0x390 [ 3357.253242] ? inet_dgram_connect+0x220/0x220 [ 3357.254303] ? __lock_acquire+0xbb1/0x5b00 [ 3357.255279] ? perf_trace_lock+0xac/0x490 [ 3357.256228] packet_ioctl+0xb3/0x260 [ 3357.257062] sock_do_ioctl+0xd3/0x300 [ 3357.257889] ? compat_ifr_data_ioctl+0x180/0x180 [ 3357.258925] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3357.260227] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3357.261360] ? do_vfs_ioctl+0x283/0x10d0 [ 3357.262282] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3357.263418] ? generic_block_fiemap+0x60/0x60 [ 3357.264425] sock_ioctl+0x3ea/0x700 [ 3357.265226] ? dlci_ioctl_set+0x30/0x30 [ 3357.266105] ? selinux_file_ioctl+0xb6/0x270 [ 3357.267093] ? dlci_ioctl_set+0x30/0x30 [ 3357.267965] __x64_sys_ioctl+0x19a/0x210 [ 3357.268874] do_syscall_64+0x33/0x40 [ 3357.269694] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3357.270809] RIP: 0033:0x7fa5db089b19 [ 3357.271630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3357.275754] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3357.277449] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3357.279016] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3357.280594] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3357.282160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3357.283731] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3357.285598] hpet: Lost 3 RTC interrupts [ 3357.294878] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 3357.370887] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:04:37 executing program 0: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0xb, 0x80, 0x20, 0x20, 0x9, 0x8, 0x0, 0x8000000000000000, 0x8201, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, @perf_config_ext={0x81eb, 0x2}, 0x12b4f, 0x3, 0x8000, 0x2, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x3, r0, 0x8) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) read(r1, 0x0, 0xd) [ 3357.376609] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3357.386446] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3357.386446] program syz-executor.7 not setting count and/or reply_len properly 05:04:37 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 21) [ 3357.410512] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3357.410512] program syz-executor.7 not setting count and/or reply_len properly 05:04:37 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x1a00, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:04:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x6c, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:04:37 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb8b6f74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:04:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r1, r0) r3 = dup2(r2, r1) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e21, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c) [ 3357.604152] device veth0_vlan entered promiscuous mode [ 3357.605909] FAULT_INJECTION: forcing a failure. [ 3357.605909] name failslab, interval 1, probability 0, space 0, times 0 [ 3357.607800] CPU: 1 PID: 17846 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3357.608973] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3357.610319] Call Trace: [ 3357.610720] dump_stack+0x107/0x167 [ 3357.611284] should_fail.cold+0x5/0xa [ 3357.611886] ? create_object.isra.0+0x3a/0xa20 [ 3357.612674] ? create_object.isra.0+0x3a/0xa20 [ 3357.613484] should_failslab+0x5/0x20 [ 3357.614131] kmem_cache_alloc+0x5b/0x310 [ 3357.614760] create_object.isra.0+0x3a/0xa20 [ 3357.615460] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3357.616281] kmem_cache_alloc_trace+0x151/0x320 [ 3357.617017] ____ip_mc_inc_group+0x277/0xca0 [ 3357.617806] ? kfree_skbmem+0xef/0x1b0 [ 3357.618425] ? ip_mc_add_src+0xe00/0xe00 [ 3357.619056] ip_mc_up+0x14b/0x3a0 [ 3357.619599] inetdev_event+0xbe3/0x1610 [ 3357.620239] ? devinet_init_net+0x650/0x650 [ 3357.620921] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3357.621725] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3357.622531] ? nh_netdev_event+0x8c/0x370 [ 3357.623174] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3357.623986] raw_notifier_call_chain+0xb3/0x110 [ 3357.624713] call_netdevice_notifiers_info+0xb5/0x130 [ 3357.625504] __dev_notify_flags+0x110/0x2c0 [ 3357.626187] ? dev_change_name+0x660/0x660 [ 3357.626833] ? __dev_change_flags+0x4cf/0x6e0 [ 3357.627515] ? dev_set_allmulti+0x30/0x30 [ 3357.628213] ? cap_capable+0x1cd/0x230 [ 3357.628836] ? full_name_hash+0xb5/0xf0 [ 3357.629459] dev_change_flags+0x100/0x160 [ 3357.630109] devinet_ioctl+0x14de/0x1db0 [ 3357.630740] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3357.631439] inet_ioctl+0x34f/0x390 [ 3357.632001] ? inet_dgram_connect+0x220/0x220 [ 3357.632734] ? __lock_acquire+0xbb1/0x5b00 [ 3357.633405] ? perf_trace_lock+0xac/0x490 [ 3357.634075] packet_ioctl+0xb3/0x260 [ 3357.634678] sock_do_ioctl+0xd3/0x300 [ 3357.635287] ? compat_ifr_data_ioctl+0x180/0x180 [ 3357.636041] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3357.636962] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3357.637777] ? do_vfs_ioctl+0x283/0x10d0 [ 3357.638424] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3357.639265] ? generic_block_fiemap+0x60/0x60 [ 3357.639974] sock_ioctl+0x3ea/0x700 [ 3357.640565] ? dlci_ioctl_set+0x30/0x30 [ 3357.641213] ? selinux_file_ioctl+0xb6/0x270 [ 3357.641928] ? dlci_ioctl_set+0x30/0x30 [ 3357.642557] __x64_sys_ioctl+0x19a/0x210 [ 3357.643200] do_syscall_64+0x33/0x40 [ 3357.643891] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3357.644720] RIP: 0033:0x7fa5db089b19 [ 3357.645323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3357.648269] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3357.648287] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3357.648296] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3357.648305] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3357.648314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3357.648343] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 05:04:37 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1810c1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="af", 0x1}], 0x1) lsetxattr$security_capability(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v1={0x1000000, [{0x1, 0x4}]}, 0xc, 0x2) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x40) fallocate(r2, 0x0, 0x0, 0x8000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4000006}) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x2}) [ 3357.707669] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3357.707669] program syz-executor.7 not setting count and/or reply_len properly [ 3357.714034] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3357.716420] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3357.761309] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3357.761309] program syz-executor.7 not setting count and/or reply_len properly 05:04:57 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x1f00, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:04:57 executing program 5: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x2, 0x0, 0x0}, 0xfffffa65) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) fcntl$F_GET_RW_HINT(r3, 0x40b, &(0x7f0000000040)) 05:04:57 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 22) 05:04:57 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xe, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) perf_event_open(&(0x7f0000000080)={0x6, 0x80, 0x20, 0x3, 0x81, 0x7f, 0x0, 0x3f, 0x60040, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x101, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x0, 0x8, 0x6d, 0x5, 0x9, 0x7, 0x8001, 0x0, 0x7ff, 0x0, 0x1155}, 0xffffffffffffffff, 0x7, r2, 0xb) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 05:04:57 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf7b6bdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:04:57 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb8b6f74ebdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:04:57 executing program 2: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x4000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000300)='./file0\x00', 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x81, 0x0, 0x1, 0xf9, 0x0, 0x1, 0x8000, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000100), 0x2}, 0x2028, 0x7, 0x3, 0x0, 0x0, 0x6, 0x2, 0x0, 0x3, 0x0, 0x4}, 0x0, 0x0, r3, 0x0) 05:04:57 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x74, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3377.024384] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3377.048509] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3377.048509] program syz-executor.7 not setting count and/or reply_len properly [ 3377.051863] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3377.070714] device veth0_vlan entered promiscuous mode [ 3377.078229] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3377.078229] program syz-executor.7 not setting count and/or reply_len properly [ 3377.089680] FAULT_INJECTION: forcing a failure. [ 3377.089680] name failslab, interval 1, probability 0, space 0, times 0 [ 3377.092198] CPU: 1 PID: 17881 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3377.093735] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3377.095440] Call Trace: [ 3377.096070] dump_stack+0x107/0x167 [ 3377.096831] should_fail.cold+0x5/0xa [ 3377.097630] ? ipv6_add_addr+0x329/0x1cf0 [ 3377.098496] should_failslab+0x5/0x20 [ 3377.099307] kmem_cache_alloc_trace+0x55/0x320 [ 3377.100274] ? blocking_notifier_call_chain+0x13a/0x190 [ 3377.101416] ipv6_add_addr+0x329/0x1cf0 [ 3377.102233] ? lock_chain_count+0x20/0x20 [ 3377.103107] ? perf_trace_lock+0xac/0x490 [ 3377.103962] ? lock_chain_count+0x20/0x20 [ 3377.104841] ? inet6_dump_ifaddr+0x20/0x20 [ 3377.105713] ? find_held_lock+0x2c/0x110 [ 3377.106575] add_addr+0xcf/0x2c0 [ 3377.107309] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3377.108357] ? mark_held_locks+0x9e/0xe0 [ 3377.109196] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3377.110302] ? __local_bh_enable_ip+0x9d/0x100 [ 3377.111304] addrconf_notify+0x1a95/0x2410 [ 3377.112193] ? inet6_ifinfo_notify+0x150/0x150 [ 3377.113126] ? failover_register+0x530/0x530 [ 3377.114035] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3377.115165] ? ipmr_device_event+0x18b/0x1f0 [ 3377.116090] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3377.117151] raw_notifier_call_chain+0xb3/0x110 [ 3377.118141] call_netdevice_notifiers_info+0xb5/0x130 [ 3377.119211] __dev_notify_flags+0x110/0x2c0 [ 3377.120139] ? dev_change_name+0x660/0x660 [ 3377.121016] ? __dev_change_flags+0x4cf/0x6e0 [ 3377.121983] ? dev_set_allmulti+0x30/0x30 [ 3377.122832] ? cap_capable+0x1cd/0x230 [ 3377.123667] ? full_name_hash+0xb5/0xf0 [ 3377.124527] dev_change_flags+0x100/0x160 [ 3377.125401] devinet_ioctl+0x14de/0x1db0 [ 3377.126303] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3377.127300] inet_ioctl+0x34f/0x390 [ 3377.128039] ? inet_dgram_connect+0x220/0x220 [ 3377.129006] ? __lock_acquire+0xbb1/0x5b00 [ 3377.129877] ? perf_trace_lock+0xac/0x490 [ 3377.130742] packet_ioctl+0xb3/0x260 [ 3377.131517] sock_do_ioctl+0xd3/0x300 [ 3377.132309] ? compat_ifr_data_ioctl+0x180/0x180 [ 3377.133374] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3377.134576] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3377.135633] ? do_vfs_ioctl+0x283/0x10d0 [ 3377.136490] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3377.137570] ? generic_block_fiemap+0x60/0x60 [ 3377.138524] sock_ioctl+0x3ea/0x700 [ 3377.139314] ? dlci_ioctl_set+0x30/0x30 [ 3377.140185] ? selinux_file_ioctl+0xb6/0x270 [ 3377.141109] ? dlci_ioctl_set+0x30/0x30 [ 3377.141950] __x64_sys_ioctl+0x19a/0x210 [ 3377.142851] do_syscall_64+0x33/0x40 [ 3377.143652] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3377.144767] RIP: 0033:0x7fa5db089b19 [ 3377.145556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3377.149474] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3377.151080] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3377.152632] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3377.154125] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3377.155657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3377.157186] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3377.165858] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3377.165858] program syz-executor.0 not setting count and/or reply_len properly 05:05:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x7a, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:05:15 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0xe504, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:05:15 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd00a7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:05:15 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1810c1, 0x0) r2 = creat(&(0x7f0000000040)='./file1\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x8000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4000006}) fallocate(r1, 0x0, 0x10001, 0x100) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x0, 0x0, 0x6}) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000080)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) 05:05:15 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf7b6bdd05b7677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:05:15 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x551080, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x10120}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0xfff, 0x5, &(0x7f00000003c0)=[{&(0x7f0000000100)="2156b38429a268a2e888aa19fa2dae5c819d88139903441af0fcd28d763d9f05ce08c24619b79169ccf8797a2bdab7e3c7a397769ba0cca90ca87bcdbf692110529bc4a3d07672f82344677f147d5dc6874b4a292084307e24d2afb3839c7381330731a731e1275e910c3d842e3f91fd94f7502b8814", 0x76, 0x5}, {&(0x7f0000000180)="a4298421fed6b288765b02aff5d8f7668fbc1f460cb014c0259d0b7cb604d6c0337d5e92176eb4b70208dc697c9cc974881f745dfb327549e768af597dafa3481f40aef827bad7d5593966b51419daff531ae94dac4bb1a31fd1026d74ea5f5beac6eb6101e908f246c2aa5cf79ac13cc0607130e75329e179d1b8a9b4", 0x7d}, {&(0x7f0000000280)="4a9e4c0151b0cd7754eff8c5c57c5f091869b2", 0x13, 0xff}, {&(0x7f00000002c0)="c6d1683e38e1a72650adaa97fe28be1b8df85dd065821707b8f4e77cf82536163d480b4f0585fcb12855df68e633e0e66f5ce3e5d21ccc5f289e117684031317ab6e899c2ad8ba951ae1b8862fcd1e3f6e52d774cad43df576efd3445dc1afd565b7ca8b9ce347bd330b6422ab42f12a1656671aa5fafe87c459c31dc7a070692b21e25c3778ae89f8a74537fdb13db378e6cd9b48b374840857ecf1797dac26538fa60e5b2a13138e31d2c04bf75843046b953a457d6f40de", 0xb9, 0x3}, {&(0x7f0000000380)="d7882d67c5f8e471cf2f3238e7ce2cc11976312282a381a3f86c266925630442a42ee48cd333bc66f54a5ae3aa26", 0x2e, 0x4}], 0x200000, &(0x7f0000000440)={[{@grpjquota_path={'grpjquota', 0x3d, './file0'}}, {@block_validity}, {@init_itable_val={'init_itable', 0x3d, 0xd0b1}}, {@auto_da_alloc}, {@nomblk_io_submit}, {@noload}, {@nojournal_checksum}, {@dioread_nolock}, {@nouser_xattr}], [{@smackfsfloor={'smackfsfloor', 0x3d, '/dev/ptmx\x00'}}, {@dont_measure}]}) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000040)) chmod(&(0x7f0000000500)='./file0\x00', 0x2) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 05:05:15 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 23) 05:05:15 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x12) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000000301010120000000000000000a000000010000802544b90fcde5b4e2f609cea1d5ed9da75bec794af0874240d81988f3076d09e76108c7bdb49308380f4f17f9014e1b53f33117f15f6b18eb61e0489c9d75da28806206a78d183c6073455cd5ff1584b9fc"], 0x18}}, 0x84) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x20, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x80000000, 0x6f}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20004801}, 0x20008000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x16c, 0x0, 0x300, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x401}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x100}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xf6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x800}]}, @TIPC_NLA_LINK={0xb0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x30906967}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}]}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff01}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x89}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xde}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}]}, @TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x2000004c}, 0xc004) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/diskstats\x00', 0x0, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, 0x0) sendmsg$nl_generic(r2, &(0x7f00000006c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000680)={&(0x7f00000004c0)={0x190, 0x17, 0x4, 0x70bd2b, 0x25dfdbfe, {0xe}, [@nested={0x2c, 0x50, 0x0, 0x1, [@typed={0x19, 0x90, 0x0, 0x0, @binary="2d30fdb967b4d2979b51c4e11f6a42cbee4bb689c0"}, @typed={0x4, 0x5a}, @typed={0x8, 0x1c, 0x0, 0x0, @uid=r3}]}, @nested={0x18, 0x1a, 0x0, 0x1, [@typed={0x14, 0x81, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}]}, @typed={0x8, 0x7c, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x8, 0x53, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x14, 0xf, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @broadcast}}, @nested={0x113, 0x92, 0x0, 0x1, [@generic="20616a7ca18820c8fe870d08fd66144e856f06956c6fce42ecb5faac9c6b23470386cce65251949a38626fcc06c1037751a8ce933129d6f61b17d48e", @generic="9dcbdfde7046b8d1423b4ccad9707d1c7201220e2017ef49254c2478e8242b9084114493bb130b7b16d9c4e2f79adae717395f1d548b9184f1e23d54c23f24e149a2571c752a4ecb3bcc079b83e5494441e49e767c9cf2dc0e4767006127db75aaae90cd229279cfc1f613578a130eb43c3e69fbe5fa7b950e0ed38f973b1d5864295a48fb5172b99dbd4f2752c4b6caf46faa91dcae7130a116f0be35a2108ceb015b57943c89e4210730081e31f8912932b3f6693ea6", @generic="27c285dd951b929961cd99cf448697b7bfb46455", @typed={0x8, 0x43, 0x0, 0x0, @fd=r1}]}]}, 0x190}, 0x1, 0x0, 0x0, 0x20000000}, 0x24004800) [ 3395.461052] device veth0_vlan entered promiscuous mode [ 3395.463077] FAULT_INJECTION: forcing a failure. [ 3395.463077] name failslab, interval 1, probability 0, space 0, times 0 [ 3395.465488] CPU: 1 PID: 17912 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3395.466973] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3395.468718] Call Trace: [ 3395.469294] dump_stack+0x107/0x167 [ 3395.470167] should_fail.cold+0x5/0xa [ 3395.471001] ? ipv6_add_addr+0x329/0x1cf0 [ 3395.471890] should_failslab+0x5/0x20 [ 3395.472732] kmem_cache_alloc_trace+0x55/0x320 [ 3395.472997] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3395.472997] program syz-executor.5 not setting count and/or reply_len properly [ 3395.473677] ? blocking_notifier_call_chain+0x13a/0x190 [ 3395.473716] ipv6_add_addr+0x329/0x1cf0 [ 3395.473748] ? lock_chain_count+0x20/0x20 [ 3395.473785] ? perf_trace_lock+0xac/0x490 [ 3395.480832] ? lock_chain_count+0x20/0x20 [ 3395.481698] ? inet6_dump_ifaddr+0x20/0x20 [ 3395.482577] ? find_held_lock+0x2c/0x110 [ 3395.483433] add_addr+0xcf/0x2c0 [ 3395.484131] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3395.485156] ? mark_held_locks+0x9e/0xe0 [ 3395.486090] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3395.487198] ? __local_bh_enable_ip+0x9d/0x100 [ 3395.488150] addrconf_notify+0x1a95/0x2410 [ 3395.489033] ? inet6_ifinfo_notify+0x150/0x150 [ 3395.490013] ? failover_register+0x530/0x530 [ 3395.490882] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3395.491950] ? ipmr_device_event+0x18b/0x1f0 [ 3395.492808] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3395.493816] raw_notifier_call_chain+0xb3/0x110 [ 3395.494738] call_netdevice_notifiers_info+0xb5/0x130 [ 3395.495742] __dev_notify_flags+0x110/0x2c0 [ 3395.496590] ? dev_change_name+0x660/0x660 [ 3395.497467] ? __dev_change_flags+0x4cf/0x6e0 [ 3395.498336] ? dev_set_allmulti+0x30/0x30 [ 3395.499219] ? cap_capable+0x1cd/0x230 [ 3395.499986] ? full_name_hash+0xb5/0xf0 [ 3395.500816] dev_change_flags+0x100/0x160 [ 3395.501699] devinet_ioctl+0x14de/0x1db0 [ 3395.502553] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3395.503458] inet_ioctl+0x34f/0x390 [ 3395.504162] ? inet_dgram_connect+0x220/0x220 [ 3395.505043] ? __lock_acquire+0xbb1/0x5b00 [ 3395.505882] ? perf_trace_lock+0xac/0x490 [ 3395.506716] packet_ioctl+0xb3/0x260 [ 3395.507440] sock_do_ioctl+0xd3/0x300 [ 3395.508176] ? compat_ifr_data_ioctl+0x180/0x180 [ 3395.509155] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3395.510265] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3395.511346] ? do_vfs_ioctl+0x283/0x10d0 [ 3395.512130] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3395.513218] ? generic_block_fiemap+0x60/0x60 [ 3395.514090] sock_ioctl+0x3ea/0x700 [ 3395.514846] ? dlci_ioctl_set+0x30/0x30 [ 3395.515622] ? selinux_file_ioctl+0xb6/0x270 [ 3395.516535] ? dlci_ioctl_set+0x30/0x30 [ 3395.517387] __x64_sys_ioctl+0x19a/0x210 [ 3395.518179] do_syscall_64+0x33/0x40 [ 3395.518960] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3395.519953] RIP: 0033:0x7fa5db089b19 [ 3395.520713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3395.524227] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3395.525773] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3395.527143] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3395.528497] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3395.529935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3395.531306] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3395.539867] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3395.547141] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3395.563886] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3395.563886] program syz-executor.7 not setting count and/or reply_len properly [ 3395.588436] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3395.588436] program syz-executor.7 not setting count and/or reply_len properly 05:05:15 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1700b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x20}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r1, r0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @broadcast, @local}, &(0x7f0000000080)=0xc) setsockopt$inet6_mreq(r2, 0x29, 0x74d169e403b88ef2, &(0x7f00000000c0)={@dev={0xfe, 0x80, '\x00', 0x33}, r3}, 0x14) 05:05:15 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0xf000, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:05:15 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd0257677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:05:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0xf0, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:05:15 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1020, 0x0, 0x3, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x2, 0x81, 0x5, 0xfe, 0x0, 0xd, 0x12204, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_config_ext={0x3, 0xef}, 0x201, 0x3, 0x4, 0x5, 0x8, 0x800, 0x4, 0x0, 0x101, 0x0, 0x9}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x90e793f41a1351b2) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, 0x0, 0x0) pipe2(0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) 05:05:15 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 24) 05:05:15 executing program 0: creat(0x0, 0x0) r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x248e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x700, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000002000390a0000000000000000020000000c000080f000000000000200"], 0x20}}, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x80000, 0x28) dup2(0xffffffffffffffff, r2) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x200080c0}, 0x4040000) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000140)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0x0, 0x7}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000240)=0x2, 0x4) shutdown(0xffffffffffffffff, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000340)={0x0, 0x0, 0x1, 0x9, 0x2, [{0x4, 0x0, 0x0, '\x00', 0x1002}, {0x800, 0x0, 0x8, '\x00', 0x1580}]}) unshare(0x48020200) 05:05:15 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0x8, 0x0, 0x0) sendto(r1, &(0x7f0000000040)="5ea18a99", 0x4, 0x0, &(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80) r2 = accept$packet(0xffffffffffffffff, &(0x7f0000000000), 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000000340)={{r2}, 0x0, 0xa, @inherit={0x50, &(0x7f00000013c0)=ANY=[@ANYBLOB="01000000000000000100200000000000000000000000000008000000000000001800000000000000aa5ba10002000000000000aa0000000000000040000000000000000000000000000000f100000000000000be78ee59cd118ff3b75bd6dd74d7d2319ff6e4f8d8a61b71efd255f48ecbf8a9e3b70f4c5597f6f3cef77daea652d873b2e44aed215e59554fb9cf776d0911e87f95cf0c28d01f9e72f2"]}, @devid}) recvmmsg(r1, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}], 0x35f, 0x10062, 0x0) syz_io_uring_setup(0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x41}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x5, 0x0, r1, &(0x7f00000001c0)=0x80, &(0x7f0000001340)=@generic, 0x0, 0x80000, 0x1}, 0x80000000) ioctl$SIOCGSTAMP(r1, 0x8906, &(0x7f0000000080)) dup2(r0, r1) bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(0xffffffffffffffff, 0xf505, 0x0) [ 3395.812983] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3395.818500] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3395.844075] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3395.844075] program syz-executor.7 not setting count and/or reply_len properly [ 3395.931120] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3395.931120] program syz-executor.7 not setting count and/or reply_len properly [ 3395.973090] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3396.010615] device veth0_vlan entered promiscuous mode [ 3396.012990] FAULT_INJECTION: forcing a failure. [ 3396.012990] name failslab, interval 1, probability 0, space 0, times 0 [ 3396.015757] CPU: 0 PID: 17947 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3396.017451] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3396.019326] Call Trace: [ 3396.019928] dump_stack+0x107/0x167 [ 3396.020754] should_fail.cold+0x5/0xa [ 3396.021618] ? fib6_info_alloc+0x3c/0x110 [ 3396.022549] should_failslab+0x5/0x20 [ 3396.023430] __kmalloc+0x72/0x390 [ 3396.024215] fib6_info_alloc+0x3c/0x110 [ 3396.025118] ip6_route_info_create+0x37a/0x1a00 [ 3396.026157] ? fib6_nh_init+0x19e0/0x19e0 [ 3396.027098] ? dev_change_flags+0x100/0x160 [ 3396.028050] ? devinet_ioctl+0x14de/0x1db0 [ 3396.029004] ? inet_ioctl+0x34f/0x390 [ 3396.029857] ? packet_ioctl+0xb3/0x260 [ 3396.030748] ? sock_do_ioctl+0xd3/0x300 [ 3396.031626] ? sock_ioctl+0x3ea/0x700 [ 3396.032493] ? __x64_sys_ioctl+0x19a/0x210 [ 3396.033431] ? do_syscall_64+0x33/0x40 [ 3396.034320] addrconf_f6i_alloc+0x28f/0x430 [ 3396.035299] ? ipv6_route_ioctl+0x510/0x510 [ 3396.036312] ? trace_hardirqs_on+0x5b/0x180 [ 3396.037286] ? kasan_unpoison_shadow+0x33/0x50 [ 3396.038327] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3396.039479] ipv6_add_addr+0x36c/0x1cf0 [ 3396.040391] ? lock_chain_count+0x20/0x20 [ 3396.041327] ? perf_trace_lock+0xac/0x490 [ 3396.042275] ? lock_chain_count+0x20/0x20 [ 3396.043212] ? inet6_dump_ifaddr+0x20/0x20 [ 3396.044189] ? find_held_lock+0x2c/0x110 [ 3396.045119] add_addr+0xcf/0x2c0 [ 3396.045888] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3396.047013] ? mark_held_locks+0x9e/0xe0 [ 3396.047943] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3396.049110] ? __local_bh_enable_ip+0x9d/0x100 [ 3396.050163] addrconf_notify+0x1a95/0x2410 [ 3396.051139] ? inet6_ifinfo_notify+0x150/0x150 [ 3396.052183] ? failover_register+0x530/0x530 [ 3396.053161] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3396.054403] ? ipmr_device_event+0x18b/0x1f0 [ 3396.055394] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3396.056573] raw_notifier_call_chain+0xb3/0x110 [ 3396.057612] call_netdevice_notifiers_info+0xb5/0x130 [ 3396.058810] __dev_notify_flags+0x110/0x2c0 [ 3396.059789] ? dev_change_name+0x660/0x660 [ 3396.060741] ? __dev_change_flags+0x4cf/0x6e0 [ 3396.061758] ? dev_set_allmulti+0x30/0x30 [ 3396.062717] ? cap_capable+0x1cd/0x230 [ 3396.063605] ? full_name_hash+0xb5/0xf0 [ 3396.064509] dev_change_flags+0x100/0x160 [ 3396.065454] devinet_ioctl+0x14de/0x1db0 [ 3396.066380] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3396.067415] inet_ioctl+0x34f/0x390 [ 3396.068241] ? inet_dgram_connect+0x220/0x220 [ 3396.069275] ? __lock_acquire+0xbb1/0x5b00 [ 3396.070258] ? perf_trace_lock+0xac/0x490 [ 3396.071210] packet_ioctl+0xb3/0x260 [ 3396.072063] sock_do_ioctl+0xd3/0x300 [ 3396.072933] ? compat_ifr_data_ioctl+0x180/0x180 [ 3396.074009] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3396.075285] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3396.076456] ? do_vfs_ioctl+0x283/0x10d0 [ 3396.077361] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3396.078547] ? generic_block_fiemap+0x60/0x60 [ 3396.079589] sock_ioctl+0x3ea/0x700 [ 3396.080406] ? dlci_ioctl_set+0x30/0x30 [ 3396.081314] ? selinux_file_ioctl+0xb6/0x270 [ 3396.082322] ? dlci_ioctl_set+0x30/0x30 [ 3396.083236] __x64_sys_ioctl+0x19a/0x210 [ 3396.084163] do_syscall_64+0x33/0x40 [ 3396.085011] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3396.086152] RIP: 0033:0x7fa5db089b19 [ 3396.087015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3396.091109] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3396.092852] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3396.094431] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3396.096021] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3396.097605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3396.099206] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3396.101099] hpet: Lost 5 RTC interrupts [ 3396.298980] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 05:05:34 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r1, r0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000040)={{{@in=@local, @in=@multicast2}}, {{@in6=@private1}, 0x0, @in=@loopback}}, &(0x7f0000000140)=0xe8) 05:05:34 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x300, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:05:34 executing program 5: syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="73686f6a650200000000"]) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1, 0x5, &(0x7f0000000340)=[{&(0x7f0000000140)="665bcbdf217f0df8e93d5b4cb1103c58b68f66721ecb0747711b28625f5bd44343da4a09e3bf2820964887ab333c54c3c02ce937574f73e26be061c9596127a87cfb6b1b88c05fbcd317ecaef26eb4b8b5abc53758ccf1c74e6ed845007be0ab3fce6f0701229ae06226795a77c0044278d98987bbb41ad04f5204ba6ebb076639a1e1367d402c4372c4c4199f3c3b4b19e1274a5dffef991f1c955969675f8620789177c291095a09fd1b1bc64906bf5844b29fdb779d51ffc77931dc8719d1a1671566dee6d9a5f0b87991a7ea64c4b93e3742168f9101b14fad141f0c7f", 0xdf, 0x8000}, {&(0x7f0000000240)="27051555199bf7a8e6395b37dd06e4d726608e0a2edc7aceec3a1b50bfce260bcc171f22cf002cdc351f9de87bc597d4549522b5d40ac7fd860bdc4836906ccc99b85392876b9376af00bfbc6f1d4f724d817b9a8c837da2ee0f66ea64bd0d", 0x5f, 0x6}, {&(0x7f0000000080)="ef7536662976f0016e94fa6381cd6f90af31c5f51cb24a39c9dc262151dc24641da767484599cbbe2db44f6198136ae531da701c", 0x34, 0x6}, {&(0x7f00000002c0)="c5705269", 0x4, 0x6f}, {&(0x7f0000000300)="a456c7ca3fe282be2f3cb3e5adf815dc008882f7", 0x14, 0x2}], 0x200000, &(0x7f00000003c0)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x34, 0x35, 0x32, 0x35, 0x37]}}}}, {@nr_blocks={'nr_blocks', 0x3d, [0x37, 0x33, 0x32, 0x39, 0x6d, 0x33, 0x78]}}, {@size={'size', 0x3d, [0x78, 0x65, 0x67, 0x33, 0x65, 0x74, 0x0, 0x37]}}, {@huge_advise}, {@mode={'mode', 0x3d, 0x5}}, {@uid={'uid', 0x3d, 0xee00}}, {@mpol={'mpol', 0x3d, {'local', '=relative', @void}}}, {@size={'size', 0x3d, [0x65, 0x67, 0x38, 0x79, 0x78, 0x2d]}}, {}, {@size={'size', 0x3d, [0x36, 0x25, 0x38, 0x0, 0x33, 0x37, 0x60]}}], [{@smackfstransmute={'smackfstransmute', 0x3d, '{#'}}]}) chdir(&(0x7f00000004c0)='./file0\x00') 05:05:34 executing program 0: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f0000000000)='\x00', 0x6) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x9}}, './file0\x00'}) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0xff, 0x0, 0x3, 0x9, 0x0, 0xb6d, 0x80, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x400, 0x4, 0x5, 0x0, 0x3, 0x10001, 0x4, 0x0, 0x10000, 0x0, 0x8}, 0xffffffffffffffff, 0xe, r2, 0x8) dup3(r0, r1, 0x0) 05:05:34 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd0b67677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:05:34 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd0257677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:05:34 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 25) 05:05:34 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x30000, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3414.674058] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3414.678972] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3414.678972] program syz-executor.7 not setting count and/or reply_len properly [ 3414.691775] device veth0_vlan entered promiscuous mode [ 3414.696813] FAULT_INJECTION: forcing a failure. [ 3414.696813] name failslab, interval 1, probability 0, space 0, times 0 [ 3414.699391] CPU: 0 PID: 17965 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3414.700914] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3414.702747] Call Trace: [ 3414.703360] dump_stack+0x107/0x167 [ 3414.704163] should_fail.cold+0x5/0xa [ 3414.705003] ? create_object.isra.0+0x3a/0xa20 [ 3414.706026] should_failslab+0x5/0x20 [ 3414.706876] kmem_cache_alloc+0x5b/0x310 [ 3414.707772] create_object.isra.0+0x3a/0xa20 [ 3414.708745] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3414.709909] __kmalloc+0x16e/0x390 [ 3414.710702] fib6_info_alloc+0x3c/0x110 [ 3414.711604] ip6_route_info_create+0x37a/0x1a00 [ 3414.712637] ? fib6_nh_init+0x19e0/0x19e0 [ 3414.713364] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3414.713364] program syz-executor.2 not setting count and/or reply_len properly [ 3414.713574] ? dev_change_flags+0x100/0x160 [ 3414.713590] ? devinet_ioctl+0x14de/0x1db0 [ 3414.713611] ? inet_ioctl+0x34f/0x390 [ 3414.718789] ? packet_ioctl+0xb3/0x260 [ 3414.719671] ? sock_do_ioctl+0xd3/0x300 [ 3414.720571] ? sock_ioctl+0x3ea/0x700 [ 3414.721438] ? __x64_sys_ioctl+0x19a/0x210 [ 3414.722410] ? do_syscall_64+0x33/0x40 [ 3414.723304] addrconf_f6i_alloc+0x28f/0x430 [ 3414.724290] ? ipv6_route_ioctl+0x510/0x510 [ 3414.725287] ? trace_hardirqs_on+0x5b/0x180 [ 3414.726292] ? kasan_unpoison_shadow+0x33/0x50 [ 3414.727332] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3414.728488] ipv6_add_addr+0x36c/0x1cf0 [ 3414.729395] ? lock_chain_count+0x20/0x20 [ 3414.730345] ? perf_trace_lock+0xac/0x490 [ 3414.731287] ? lock_chain_count+0x20/0x20 [ 3414.732220] ? inet6_dump_ifaddr+0x20/0x20 [ 3414.733188] ? find_held_lock+0x2c/0x110 [ 3414.734110] add_addr+0xcf/0x2c0 [ 3414.734880] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3414.735986] ? mark_held_locks+0x9e/0xe0 [ 3414.736923] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3414.738072] ? __local_bh_enable_ip+0x9d/0x100 [ 3414.739119] addrconf_notify+0x1a95/0x2410 [ 3414.740062] ? inet6_ifinfo_notify+0x150/0x150 [ 3414.741096] ? failover_register+0x530/0x530 [ 3414.742104] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3414.743351] ? ipmr_device_event+0x18b/0x1f0 [ 3414.744352] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3414.745533] raw_notifier_call_chain+0xb3/0x110 [ 3414.746602] call_netdevice_notifiers_info+0xb5/0x130 [ 3414.747773] __dev_notify_flags+0x110/0x2c0 [ 3414.748749] ? dev_change_name+0x660/0x660 [ 3414.749705] ? __dev_change_flags+0x4cf/0x6e0 [ 3414.750742] ? dev_set_allmulti+0x30/0x30 [ 3414.751685] ? cap_capable+0x1cd/0x230 [ 3414.752574] ? full_name_hash+0xb5/0xf0 [ 3414.753482] dev_change_flags+0x100/0x160 [ 3414.754438] devinet_ioctl+0x14de/0x1db0 [ 3414.755367] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3414.756372] inet_ioctl+0x34f/0x390 [ 3414.757188] ? inet_dgram_connect+0x220/0x220 [ 3414.758242] ? __lock_acquire+0xbb1/0x5b00 [ 3414.759208] ? perf_trace_lock+0xac/0x490 [ 3414.760149] packet_ioctl+0xb3/0x260 [ 3414.760975] sock_do_ioctl+0xd3/0x300 [ 3414.761844] ? compat_ifr_data_ioctl+0x180/0x180 [ 3414.762895] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3414.764191] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3414.765336] ? do_vfs_ioctl+0x283/0x10d0 [ 3414.766245] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3414.767434] ? generic_block_fiemap+0x60/0x60 [ 3414.768436] sock_ioctl+0x3ea/0x700 [ 3414.769257] ? dlci_ioctl_set+0x30/0x30 [ 3414.770162] ? selinux_file_ioctl+0xb6/0x270 [ 3414.771171] ? dlci_ioctl_set+0x30/0x30 [ 3414.772053] __x64_sys_ioctl+0x19a/0x210 [ 3414.772981] do_syscall_64+0x33/0x40 [ 3414.773819] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3414.774987] RIP: 0033:0x7fa5db089b19 [ 3414.775835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3414.779843] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3414.781581] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3414.783147] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3414.784767] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3414.786402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3414.788022] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3414.789961] hpet: Lost 5 RTC interrupts 05:05:35 executing program 2: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x5, 0x2) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x1, 0x7, 0x9, 0x40, 0x0, 0x4, 0x200, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x100, 0x5}, 0x80, 0x8c, 0x40, 0x1, 0xff, 0x80, 0x5, 0x0, 0x30, 0x0, 0x4}, 0x0, 0x5, 0xffffffffffffffff, 0x3) 05:05:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x500, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:05:35 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0x0, 0x7}, 0x0, 0x6, 0xffffffffffffffff, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, &(0x7f0000000080)={0x2, 0x0, 0x1b, 0x1, 0x194, &(0x7f0000000280)="2bda5fd9a4ce293b2f8c5f1ac65975c4351ae368538aca1860b59ade17e6a8da52e402a2449a1193db1bf93667d0fb9b39757b593feb13bfcdf5a7fba5684b66dc96d2e99191ae3a31e501035b34db03b522d3a615a3afe1142f841a3b56d85d99562a20c7ecd722f6745e27fcf1b272fd64d8f30c2de1f987046d6f4f300c7423ca9ff0c98efb32fecd77d53c1bc251e880fd172ba5c44361b7a06b813e97b70d7ac3a645446d87639f7b265348c6b2600bec091e11b0ba9fad1fb2eb5b3effa30e1d097011ae48e4b6b35b79d18a8df246ecc0e0cb509e7dee2d74bd4c7ac4dcd5613c3601d05f3ba1e59f7413d11caf93bb7d5dc71acf4a45eab2e5d9557378677ec3bfbbaa238a0c8f247e0baac4794a5c78557e2584a60d2fc0de30090c522d5c62892f3c86a7ed63b93b1a4203a46ef1bb4cf907551205a72f261a804c8120f700244538db34b5fcc558378980d56878a9ed68c55ce92c61948c341096fd248d059ea98f5a34a4a7dca3589a7caea3fb4c9e0314cb3021543f53f6c4d438d152e45a1d6e5ff507864f2a8de4e71b2b44b1407c0f47a2f73f1b8ec97a180d49ae2b601ffffb3ee817ec8c727a898372c1de4034b3ed0328d1602d01dec353a1fe1f95158e4c25b6744dc9e00509c97e607826441f3951659434787c29fdfcfe28551bfe91607d993070e302bc5da0628825c0d5951291ffa81b62015bb1dd6f177542bc30085e990af6348ef06f848996d32a2870cd9a3c1bbc81a2f5b6dcfda917a99d6f616fee3b945351d0417ecf65c760297ea3e0fec5d068767d53be4043ce175035a225745bc220ca7c17e781474db20d0e95fa87f955b7fd7cb45a34421c7716a3f5e9484728ed01f946b1e08ce18f69c1f00fce83bfc34c32ec60b0463fe7b097efe62957bb0f4f91fe49b42b91cf6edd3b549d022cb775f3c17dee15d642efb7402ca4fb9a4f6acc2f3be1efc4cf0f01132ac303534364cf14e0ae9289ca1856aa62614fce51e073dc282c940a4d760e16509325c37ed55428d4686f290721761d07c93ad0503bce117df91553fbe041f3171e05b1ae7bb9cad86408cd6a2e5df8b10d26fb6428b3bcbcca793586f377d0b67e4cf551738d937da29306e4d87054834e98958d0c2fe7fdc9be89e3fa3cec509c63f9e0ce15ac17e00c9cc93088ba44c59d3ae339922de779bda095322080e80f26419b763df57e664506095d3099a28aab786061c1f5feb6ad979a9d9b490218092558f70d4b730e431511cbef68dd7287bfd9054fd75b526c9339ee05a9f58e597ed5909b131e40b54fd7084911f151625b6340f6c829f697023e084ba06d8e3887cf5f01ca54c9e78e6d5f6a35b8d19fa6abdee07db7dbfb318ddfe387cbb6a1a2c416b4acad7a10ef28bbd6031dd7e2505062bd70541819b0a61668191446e4c99acb53dc"}) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x200000, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r4, 0xc0c89425, &(0x7f0000000100)={"12dd1bb94a0312c2ba18831012b7092b", 0x0, 0x0, {0x5, 0xfffffff7}, {0x6, 0x21841c31}, 0x0, [0x0, 0x4, 0x7, 0x22b0, 0xd663, 0x9, 0x6, 0x0, 0x9, 0x7, 0x0, 0x0, 0x6, 0x2aba, 0x51f, 0x5]}) dup2(r1, r0) 05:05:35 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x30, 0x10, 0x1, 0x6, 0x0, {}, [@typed={0x4, 0x31, 0x0, 0x0, @str}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x90, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x3b}}]}]}, 0x30}}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000000), 0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_GET_INTERFACE(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x5c, 0x0, 0x8, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x80) bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7}, 0x1c) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/warn_count', 0x4080, 0x1) write$cgroup_pid(r2, &(0x7f00000004c0)=0xffffffffffffffff, 0x12) ioctl$sock_inet_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000100)) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[], 0x100}, 0x1, 0x0, 0x0, 0x4804}, 0x0) r3 = socket$nl_audit(0x10, 0x3, 0x9) finit_module(r3, &(0x7f0000000340)='\x00', 0x0) unshare(0x48020200) bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) signalfd4(0xffffffffffffffff, &(0x7f0000000380)={[0x8]}, 0x8, 0x800) [ 3414.813276] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3414.813276] program syz-executor.7 not setting count and/or reply_len properly 05:05:35 executing program 0: r0 = syz_io_uring_setup(0x498b, &(0x7f0000000400), &(0x7f00000a0000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000003c0)=0x0, &(0x7f0000000000)=0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0xc6da2cc48da8a1c7}, 0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x20000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0xa1, 0x0) write$bt_hci(r4, &(0x7f0000000040)={0x1, @user_passkey_reply={{0x42e, 0xa}}}, 0xe) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r3, 0x8983, &(0x7f0000000080)={0x1, 'vlan0\x00', {}, 0x7fff}) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) io_uring_enter(r0, 0x76d3, 0x0, 0x0, 0x0, 0x0) 05:05:35 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd05bb677", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:05:35 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x80000, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:05:35 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 26) [ 3414.961713] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3414.967375] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3414.978355] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3415.033084] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3415.033084] program syz-executor.7 not setting count and/or reply_len properly [ 3415.122897] device veth0_vlan entered promiscuous mode 05:05:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x51c, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3415.144898] FAULT_INJECTION: forcing a failure. [ 3415.144898] name failslab, interval 1, probability 0, space 0, times 0 [ 3415.147779] CPU: 0 PID: 17998 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3415.149066] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3415.149066] program syz-executor.7 not setting count and/or reply_len properly [ 3415.149411] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3415.149423] Call Trace: [ 3415.153716] dump_stack+0x107/0x167 [ 3415.154560] should_fail.cold+0x5/0xa [ 3415.155394] ? create_object.isra.0+0x3a/0xa20 [ 3415.156506] should_failslab+0x5/0x20 [ 3415.157336] kmem_cache_alloc+0x5b/0x310 [ 3415.158304] create_object.isra.0+0x3a/0xa20 [ 3415.159273] kmemleak_alloc_percpu+0xa0/0x100 [ 3415.160306] pcpu_alloc+0x4e2/0x1240 [ 3415.161140] fib_nh_common_init+0x2d/0x160 [ 3415.162113] fib6_nh_init+0xa18/0x19e0 [ 3415.162989] ? icmp6_dst_alloc+0x650/0x650 [ 3415.163948] ? ip_fib_metrics_init+0x3ca/0x7d0 [ 3415.164940] ? gre_gro_complete+0x530/0x530 [ 3415.165937] ? kasan_unpoison_shadow+0x33/0x50 [ 3415.166930] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3415.168097] ip6_route_info_create+0x1185/0x1a00 [ 3415.169133] ? fib6_nh_init+0x19e0/0x19e0 [ 3415.170099] ? dev_change_flags+0x100/0x160 [ 3415.171036] ? devinet_ioctl+0x14de/0x1db0 [ 3415.171994] ? inet_ioctl+0x34f/0x390 [ 3415.172812] ? packet_ioctl+0xb3/0x260 [ 3415.173690] ? sock_do_ioctl+0xd3/0x300 [ 3415.174553] ? sock_ioctl+0x3ea/0x700 [ 3415.175424] ? __x64_sys_ioctl+0x19a/0x210 [ 3415.176384] ? do_syscall_64+0x33/0x40 [ 3415.177245] addrconf_f6i_alloc+0x28f/0x430 [ 3415.178254] ? ipv6_route_ioctl+0x510/0x510 [ 3415.179273] ? trace_hardirqs_on+0x5b/0x180 [ 3415.180257] ? kasan_unpoison_shadow+0x33/0x50 [ 3415.181319] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3415.182466] ipv6_add_addr+0x36c/0x1cf0 [ 3415.183379] ? lock_chain_count+0x20/0x20 [ 3415.184303] ? perf_trace_lock+0xac/0x490 [ 3415.185263] ? lock_chain_count+0x20/0x20 [ 3415.186200] ? inet6_dump_ifaddr+0x20/0x20 [ 3415.187186] ? find_held_lock+0x2c/0x110 [ 3415.188099] add_addr+0xcf/0x2c0 [ 3415.188876] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3415.190001] ? mark_held_locks+0x9e/0xe0 [ 3415.190940] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3415.192106] ? __local_bh_enable_ip+0x9d/0x100 [ 3415.193166] addrconf_notify+0x1a95/0x2410 [ 3415.194135] ? inet6_ifinfo_notify+0x150/0x150 [ 3415.195181] ? failover_register+0x530/0x530 [ 3415.196146] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3415.197392] ? ipmr_device_event+0x18b/0x1f0 [ 3415.198359] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3415.199535] raw_notifier_call_chain+0xb3/0x110 [ 3415.200552] call_netdevice_notifiers_info+0xb5/0x130 [ 3415.201722] __dev_notify_flags+0x110/0x2c0 [ 3415.202672] ? dev_change_name+0x660/0x660 [ 3415.203625] ? __dev_change_flags+0x4cf/0x6e0 [ 3415.204609] ? dev_set_allmulti+0x30/0x30 [ 3415.205550] ? cap_capable+0x1cd/0x230 [ 3415.206420] ? full_name_hash+0xb5/0xf0 [ 3415.207327] dev_change_flags+0x100/0x160 [ 3415.208254] devinet_ioctl+0x14de/0x1db0 [ 3415.209188] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3415.210189] inet_ioctl+0x34f/0x390 [ 3415.211015] ? inet_dgram_connect+0x220/0x220 [ 3415.212030] ? __lock_acquire+0xbb1/0x5b00 [ 3415.213010] ? perf_trace_lock+0xac/0x490 [ 3415.213957] packet_ioctl+0xb3/0x260 [ 3415.214809] sock_do_ioctl+0xd3/0x300 [ 3415.215654] ? compat_ifr_data_ioctl+0x180/0x180 [ 3415.216733] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3415.218025] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3415.219171] ? do_vfs_ioctl+0x283/0x10d0 [ 3415.220097] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3415.221261] ? generic_block_fiemap+0x60/0x60 [ 3415.222290] sock_ioctl+0x3ea/0x700 [ 3415.223103] ? dlci_ioctl_set+0x30/0x30 [ 3415.224014] ? selinux_file_ioctl+0xb6/0x270 [ 3415.224995] ? dlci_ioctl_set+0x30/0x30 [ 3415.225883] __x64_sys_ioctl+0x19a/0x210 [ 3415.226785] do_syscall_64+0x33/0x40 [ 3415.227633] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3415.228763] RIP: 0033:0x7fa5db089b19 [ 3415.229608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3415.233662] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3415.235392] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3415.236970] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3415.238616] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3415.240201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3415.241826] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3415.243764] hpet: Lost 5 RTC interrupts 05:05:35 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x109080, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000040)={0x1, 0x10000}) r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2000, 0x80) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r2, 0xc0c89425, &(0x7f00000000c0)={"8fbe4af0f486740e0643df824ef5f43c", 0x0, 0x0, {0x5, 0x20}, {0x100000000, 0x2}, 0xccf, [0x7, 0x9, 0x1, 0x7c2fa97e, 0x0, 0x7f, 0x10000, 0x6c2, 0x4, 0x1000, 0x8, 0x1, 0xffff, 0x65fe6fbb, 0x800000000000000, 0x4]}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000000280)={{r3}, r4, 0x1e, @unused=[0x8, 0x2000000000000000, 0xffff], @subvolid=0x3}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000001280)={0x0, 0x3, r2, 0x6}) dup2(r2, r0) [ 3415.442979] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3415.451028] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3419.442642] Bluetooth: hci1: command 0x0406 tx timeout [ 3420.402598] Bluetooth: hci6: command 0x0409 tx timeout [ 3422.450653] Bluetooth: hci6: command 0x041b tx timeout [ 3424.498585] Bluetooth: hci6: command 0x040f tx timeout [ 3425.554716] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3425.557829] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3425.564537] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 3425.613159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3425.615453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3425.618827] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3426.546741] Bluetooth: hci6: command 0x0419 tx timeout 05:06:02 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0xf0ffff, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:06:02 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000000)=0x5, 0x4) r1 = open(&(0x7f0000000040)='./file0\x00', 0x4000, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x2f, 0x0) 05:06:02 executing program 5: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x60103, 0x0) dup2(r0, r1) r2 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x5000)=nil, &(0x7f0000000300)="2b8ab83578538407a413c8a1a2bbf634fb29be76878eef19e9535856aa2207908760db3f72f0abef07d4087bea8b99bc363d34369f01130415bad2ca544216c9bf74856c60ab15f2c236999c92293df1e5831e4ed2fe732283629f3f191148350e6e5751297f1ed625eec26ea4286e03fa74277823381a593e19f931dbc18182eb0165f2c282b3243d77078bb5e3dc0c6fab5394af95d478702e2da56476fb75de7b9d18feaa313147c20a2fc6e298a2d077c338b4c106fda0a3e608e1", 0xbd, r2}, 0x68) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x21e000, 0x88) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r5, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r4, 0x2405, r5) write$binfmt_script(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="2321202e2f66696c6530202f64650a1dd6c96d78000d0de583aaf1a327e1ca2259818bc410cda4ac3381ee872279480229599ed48805a4daa64ebfea58f07b8f80fa3fa2a3bfd6e4d7883fe3c4c5a09ae60c20f224ec01257c3b57e505f0fc5d275279ecdc2e40c349261aa69637dae8830d48b0c7c9d533b2690173e95fd696e8ffe7fb5fc8958d764bf64449aef02355cb56a0a8f9847adc7a30c2d65818f4410021ebcd311131045d50557d07d15fc2450c82149f77143a4292ba466bb7680e2f3c69a52f7aac76b381af687ec56d9bdfedd2389e1c166c91c3019c6a99c11b99a30f1a024c6d9cc71e202f6465762f70746d7800202f64762f73723000202da3202f6465762fc35b6d78000a503787744c4cf7000000000000db630000000000"], 0x122) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000140)=""/106, 0x6a, 0x2, &(0x7f00000000c0)={0x77359400}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x20010, r3, 0x0) 05:06:02 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x600, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:06:02 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd05b760a", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:06:02 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000180)=0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x7, 0x59, 0x0, 0xfd, 0x0, 0x3, 0x10c01, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x8, 0x0, @perf_bp={&(0x7f00000000c0), 0xe}, 0x10004, 0x2, 0x4, 0x9, 0x7, 0x6, 0x2, 0x0, 0x7ff, 0x0, 0x3}, r3, 0xffffffffffffffff, r1, 0x9) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[@ANYRESOCT=r0, @ANYRESDEC, @ANYRES32=r2, @ANYRES32=r0], 0xfdef) dup3(r0, r1, 0x80000) 05:06:02 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0x70, 0x0, 0x0, 0x2, 0x0, 0x7ff, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) ioctl$BTRFS_IOC_DEFRAG(r1, 0x50009402, 0x0) dup2(r1, r0) 05:06:02 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 27) [ 3441.946006] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3441.946006] program syz-executor.7 not setting count and/or reply_len properly [ 3441.978427] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3441.988563] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3442.009559] device veth0_vlan entered promiscuous mode [ 3442.028736] FAULT_INJECTION: forcing a failure. [ 3442.028736] name failslab, interval 1, probability 0, space 0, times 0 [ 3442.031648] CPU: 1 PID: 18493 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3442.033236] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3442.035095] Call Trace: [ 3442.035701] dump_stack+0x107/0x167 [ 3442.036539] should_fail.cold+0x5/0xa [ 3442.037406] ? create_object.isra.0+0x3a/0xa20 [ 3442.038430] should_failslab+0x5/0x20 [ 3442.039289] kmem_cache_alloc+0x5b/0x310 [ 3442.040214] create_object.isra.0+0x3a/0xa20 [ 3442.041227] kmemleak_alloc_percpu+0xa0/0x100 [ 3442.042239] pcpu_alloc+0x4e2/0x1240 [ 3442.043105] fib_nh_common_init+0x2d/0x160 [ 3442.044062] fib6_nh_init+0xa18/0x19e0 [ 3442.045078] ? icmp6_dst_alloc+0x650/0x650 [ 3442.046207] ? ip_fib_metrics_init+0x3ca/0x7d0 [ 3442.047293] ? gre_gro_complete+0x530/0x530 [ 3442.048422] ? kasan_unpoison_shadow+0x33/0x50 [ 3442.049583] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3442.050837] ip6_route_info_create+0x1185/0x1a00 [ 3442.052102] ? fib6_nh_init+0x19e0/0x19e0 [ 3442.053144] ? dev_change_flags+0x100/0x160 [ 3442.054228] ? devinet_ioctl+0x14de/0x1db0 [ 3442.055204] ? inet_ioctl+0x34f/0x390 [ 3442.056138] ? packet_ioctl+0xb3/0x260 [ 3442.057194] ? sock_do_ioctl+0xd3/0x300 [ 3442.058123] ? sock_ioctl+0x3ea/0x700 [ 3442.059083] ? __x64_sys_ioctl+0x19a/0x210 [ 3442.060134] ? do_syscall_64+0x33/0x40 [ 3442.061104] addrconf_f6i_alloc+0x28f/0x430 [ 3442.062317] ? ipv6_route_ioctl+0x510/0x510 [ 3442.063352] ? trace_hardirqs_on+0x5b/0x180 [ 3442.064473] ? kasan_unpoison_shadow+0x33/0x50 [ 3442.065625] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3442.066869] ipv6_add_addr+0x36c/0x1cf0 [ 3442.067929] ? lock_chain_count+0x20/0x20 [ 3442.068862] ? lock_chain_count+0x20/0x20 [ 3442.069890] ? mld_del_delrec+0x49a/0x730 [ 3442.070879] ? inet6_dump_ifaddr+0x20/0x20 [ 3442.071951] ? find_held_lock+0x2c/0x110 [ 3442.072868] add_addr+0xcf/0x2c0 [ 3442.073658] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3442.074938] ? mark_held_locks+0x9e/0xe0 [ 3442.075892] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3442.077059] ? __local_bh_enable_ip+0x9d/0x100 [ 3442.078147] addrconf_notify+0x1a95/0x2410 [ 3442.079098] ? inet6_ifinfo_notify+0x150/0x150 [ 3442.080109] ? failover_register+0x530/0x530 [ 3442.081106] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3442.082322] ? ipmr_device_event+0x18b/0x1f0 [ 3442.083295] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3442.084444] raw_notifier_call_chain+0xb3/0x110 [ 3442.085614] call_netdevice_notifiers_info+0xb5/0x130 [ 3442.086761] __dev_notify_flags+0x110/0x2c0 [ 3442.087716] ? dev_change_name+0x660/0x660 [ 3442.088773] ? __dev_change_flags+0x4cf/0x6e0 [ 3442.089972] ? dev_set_allmulti+0x30/0x30 [ 3442.090977] ? cap_capable+0x1cd/0x230 [ 3442.091915] ? full_name_hash+0xb5/0xf0 [ 3442.092962] dev_change_flags+0x100/0x160 [ 3442.093915] devinet_ioctl+0x14de/0x1db0 [ 3442.094937] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3442.095996] inet_ioctl+0x34f/0x390 [ 3442.096902] ? inet_dgram_connect+0x220/0x220 [ 3442.098069] ? __lock_acquire+0xbb1/0x5b00 [ 3442.099051] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3442.100399] packet_ioctl+0xb3/0x260 [ 3442.101275] sock_do_ioctl+0xd3/0x300 [ 3442.102166] ? compat_ifr_data_ioctl+0x180/0x180 [ 3442.103160] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3442.104567] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3442.105880] ? do_vfs_ioctl+0x283/0x10d0 [ 3442.106853] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3442.108184] ? generic_block_fiemap+0x60/0x60 [ 3442.109243] sock_ioctl+0x3ea/0x700 [ 3442.110178] ? dlci_ioctl_set+0x30/0x30 [ 3442.111196] ? selinux_file_ioctl+0xb6/0x270 [ 3442.112238] ? dlci_ioctl_set+0x30/0x30 [ 3442.113232] __x64_sys_ioctl+0x19a/0x210 [ 3442.114208] do_syscall_64+0x33/0x40 [ 3442.115075] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3442.116362] RIP: 0033:0x7fa5db089b19 [ 3442.117258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3442.121593] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3442.123283] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3442.125090] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3442.126841] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3442.128588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3442.130364] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3442.143206] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3442.143206] program syz-executor.7 not setting count and/or reply_len properly 05:06:19 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e23, 0x8, @remote, 0x1}, 0x1c) dup2(r1, r0) 05:06:19 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x1000000, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:06:19 executing program 5: r0 = fsmount(0xffffffffffffffff, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000180)=0x2, 0x4) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f00000001c0)=ANY=[@ANYBLOB="6d616e676c65000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600"/120], 0x78) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)) ioctl$sock_inet6_SIOCSIFDSTADDR(r2, 0x8918, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x4004f506, &(0x7f0000000100)) sendfile(r2, r1, 0x0, 0x9bbb) getsockopt(0xffffffffffffffff, 0x4, 0x0, 0x0, 0xffffffffffffffff) ioctl$BTRFS_IOC_SEND(r2, 0x40489426, &(0x7f00000002c0)={{r0}, 0xa, &(0x7f0000000240)=[0x6, 0x9, 0x4, 0x5, 0x3, 0x8, 0x10000, 0x1f, 0x84, 0x1], 0x3f, 0x3, [0x7b4, 0x9, 0xfffffffffffffc01, 0x4]}) 05:06:19 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 28) 05:06:19 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000001900)=[{0x0, 0x0, 0x7fff}]) r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) dup(r0) pidfd_send_signal(0xffffffffffffffff, 0x19, &(0x7f0000000040)={0x8, 0x5, 0x2000100}, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000140)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000740)='/sys/class/drm', 0x970c7917c8cb9e10, 0x2) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0xfdef) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000001c0)=@nl=@unspec}, 0x1) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, {0x200}}, 0x10000009) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000004, 0x4000010, 0xffffffffffffffff, 0x8000000) newfstatat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) 05:06:19 executing program 0: ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wg0\x00'}) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000000bf0a040000050000000000020000025d018131403dec55dc16371fc10d6bf4f484c795fb843d50fcd3daee093ea4bb117adae3aff0853aa980d65bda7f23a500"/80], 0x14}, 0x1, 0x0, 0x0, 0x4008000}, 0x10004000) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0xfffffffc, 0x0, 0x0, 0xfffffffe, 0xffffffff}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x0) openat$hpet(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r2 = creat(&(0x7f0000000000)='./file2\x00', 0x0) fcntl$setlease(r2, 0x400, 0x1) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) copy_file_range(r1, &(0x7f00000000c0)=0x56cb, r3, &(0x7f0000000100)=0x6aa, 0x2, 0x0) fcntl$setown(r2, 0x8, 0xffffffffffffffff) close(r2) perf_event_open(&(0x7f0000000240)={0x6, 0x80, 0x0, 0x5, 0x0, 0x4, 0x0, 0x10001, 0xa2050, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_bp={&(0x7f0000000200), 0x9}, 0x240, 0x7, 0x0, 0x7, 0x0, 0x7, 0x9, 0x0, 0x2}, 0x0, 0xc, 0xffffffffffffffff, 0x3) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x104, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x80489439, &(0x7f0000000340)) lseek(r1, 0x0, 0x2) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x0) copy_file_range(r4, 0x0, r1, 0x0, 0x200f5ef, 0x0) 05:06:19 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd05b7625", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:06:19 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x700, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3459.229431] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3459.231276] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3459.264218] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3459.264218] program syz-executor.7 not setting count and/or reply_len properly 05:06:19 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x900, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3459.284866] device veth0_vlan entered promiscuous mode [ 3459.295073] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3459.295073] program syz-executor.7 not setting count and/or reply_len properly [ 3459.307463] FAULT_INJECTION: forcing a failure. [ 3459.307463] name failslab, interval 1, probability 0, space 0, times 0 [ 3459.309868] CPU: 1 PID: 18529 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3459.311717] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3459.314409] Call Trace: [ 3459.315134] dump_stack+0x107/0x167 [ 3459.316328] should_fail.cold+0x5/0xa [ 3459.317360] ? create_object.isra.0+0x3a/0xa20 [ 3459.318616] should_failslab+0x5/0x20 [ 3459.319388] kmem_cache_alloc+0x5b/0x310 [ 3459.320240] ? mark_held_locks+0x9e/0xe0 [ 3459.321073] create_object.isra.0+0x3a/0xa20 [ 3459.321975] kmemleak_alloc_percpu+0xa0/0x100 [ 3459.322890] pcpu_alloc+0x4e2/0x1240 [ 3459.323728] fib_nh_common_init+0x2d/0x160 [ 3459.324740] fib6_nh_init+0xa18/0x19e0 [ 3459.325739] ? icmp6_dst_alloc+0x650/0x650 [ 3459.326735] ? ip_fib_metrics_init+0x3ca/0x7d0 [ 3459.327818] ? gre_gro_complete+0x530/0x530 [ 3459.328913] ? kasan_unpoison_shadow+0x33/0x50 [ 3459.329959] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3459.331099] ip6_route_info_create+0x1185/0x1a00 [ 3459.332184] ? fib6_nh_init+0x19e0/0x19e0 [ 3459.333029] ? dev_change_flags+0x100/0x160 [ 3459.333895] ? devinet_ioctl+0x14de/0x1db0 [ 3459.334735] ? inet_ioctl+0x34f/0x390 [ 3459.335497] ? packet_ioctl+0xb3/0x260 [ 3459.336283] ? sock_do_ioctl+0xd3/0x300 [ 3459.337084] ? sock_ioctl+0x3ea/0x700 [ 3459.337907] ? __x64_sys_ioctl+0x19a/0x210 [ 3459.338832] ? do_syscall_64+0x33/0x40 [ 3459.339646] addrconf_f6i_alloc+0x28f/0x430 [ 3459.340619] ? ipv6_route_ioctl+0x510/0x510 [ 3459.341532] ? trace_hardirqs_on+0x5b/0x180 [ 3459.342440] ? kasan_unpoison_shadow+0x33/0x50 [ 3459.343361] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3459.344516] ipv6_add_addr+0x36c/0x1cf0 [ 3459.345344] ? lock_chain_count+0x20/0x20 [ 3459.346185] ? lock_chain_count+0x20/0x20 [ 3459.347022] ? mld_del_delrec+0x49a/0x730 [ 3459.347948] ? inet6_dump_ifaddr+0x20/0x20 [ 3459.348912] ? find_held_lock+0x2c/0x110 [ 3459.349734] add_addr+0xcf/0x2c0 [ 3459.350421] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3459.351432] ? mark_held_locks+0x9e/0xe0 [ 3459.352357] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3459.353531] ? __local_bh_enable_ip+0x9d/0x100 [ 3459.354636] addrconf_notify+0x1a95/0x2410 [ 3459.355671] ? inet6_ifinfo_notify+0x150/0x150 [ 3459.356711] ? failover_register+0x530/0x530 [ 3459.357712] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3459.359022] ? ipmr_device_event+0x18b/0x1f0 [ 3459.360118] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3459.361275] raw_notifier_call_chain+0xb3/0x110 [ 3459.362325] call_netdevice_notifiers_info+0xb5/0x130 [ 3459.363622] __dev_notify_flags+0x110/0x2c0 [ 3459.364762] ? dev_change_name+0x660/0x660 [ 3459.365705] ? __dev_change_flags+0x4cf/0x6e0 [ 3459.366710] ? dev_set_allmulti+0x30/0x30 [ 3459.367638] ? cap_capable+0x1cd/0x230 [ 3459.368584] ? full_name_hash+0xb5/0xf0 [ 3459.369642] dev_change_flags+0x100/0x160 [ 3459.370568] devinet_ioctl+0x14de/0x1db0 [ 3459.371486] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3459.372496] inet_ioctl+0x34f/0x390 [ 3459.373325] ? inet_dgram_connect+0x220/0x220 [ 3459.374344] ? __lock_acquire+0xbb1/0x5b00 [ 3459.375320] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3459.376503] packet_ioctl+0xb3/0x260 [ 3459.377335] sock_do_ioctl+0xd3/0x300 [ 3459.378255] ? compat_ifr_data_ioctl+0x180/0x180 [ 3459.379416] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3459.380728] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3459.381877] ? do_vfs_ioctl+0x283/0x10d0 [ 3459.382788] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3459.384030] ? generic_block_fiemap+0x60/0x60 [ 3459.385083] sock_ioctl+0x3ea/0x700 [ 3459.385815] ? dlci_ioctl_set+0x30/0x30 [ 3459.386624] ? selinux_file_ioctl+0xb6/0x270 [ 3459.387519] ? dlci_ioctl_set+0x30/0x30 [ 3459.388335] __x64_sys_ioctl+0x19a/0x210 [ 3459.389208] do_syscall_64+0x33/0x40 [ 3459.390041] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3459.391166] RIP: 0033:0x7fa5db089b19 [ 3459.391920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3459.395728] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3459.397278] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3459.398694] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3459.400132] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3459.401546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3459.402961] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 05:06:19 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x2000000, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:06:19 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = dup(r1) r3 = ioctl$TIOCGPTPEER(r2, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fcntl$F_GET_FILE_RW_HINT(r3, 0x40d, &(0x7f0000000040)) dup2(r1, r0) [ 3459.432464] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3459.435951] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:06:19 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd05b76b6", 0x2e}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:06:19 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x5c, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x52483, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20102, 0x2) 05:06:19 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0xf00, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:06:19 executing program 0: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0xc0) fchmod(r0, 0x12) memfd_create(0x0, 0x3) fadvise64(r1, 0x1000000000007, 0x10000000002000, 0x5) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) sendfile(r3, r2, 0x0, 0x500000001) socket$inet6_tcp(0xa, 0x1, 0x0) 05:06:19 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 05:06:19 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 29) 05:06:19 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x3000000, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3459.552860] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3459.552860] program syz-executor.7 not setting count and/or reply_len properly [ 3459.580938] sg_write: data in/out 33555249/24 bytes for SCSI command 0xfd-- guessing data in; [ 3459.580938] program syz-executor.7 not setting count and/or reply_len properly [ 3459.648635] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3459.650451] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3459.736179] device veth0_vlan entered promiscuous mode [ 3459.737126] FAULT_INJECTION: forcing a failure. [ 3459.737126] name failslab, interval 1, probability 0, space 0, times 0 [ 3459.738708] CPU: 0 PID: 18564 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3459.739637] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3459.740691] Call Trace: [ 3459.741026] dump_stack+0x107/0x167 [ 3459.741496] should_fail.cold+0x5/0xa [ 3459.741976] ? create_object.isra.0+0x3a/0xa20 [ 3459.742545] ? create_object.isra.0+0x3a/0xa20 [ 3459.743111] should_failslab+0x5/0x20 [ 3459.743587] kmem_cache_alloc+0x5b/0x310 [ 3459.744103] ? mark_held_locks+0x9e/0xe0 [ 3459.744610] create_object.isra.0+0x3a/0xa20 [ 3459.745154] kmemleak_alloc_percpu+0xa0/0x100 [ 3459.745697] pcpu_alloc+0x4e2/0x1240 [ 3459.746176] fib6_nh_init+0xa48/0x19e0 [ 3459.746651] ? icmp6_dst_alloc+0x650/0x650 [ 3459.747182] ? ip_fib_metrics_init+0x3ca/0x7d0 [ 3459.747802] ? gre_gro_complete+0x530/0x530 [ 3459.748368] ? kasan_unpoison_shadow+0x33/0x50 [ 3459.749001] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3459.749694] ip6_route_info_create+0x1185/0x1a00 [ 3459.750340] ? fib6_nh_init+0x19e0/0x19e0 [ 3459.750844] ? dev_change_flags+0x100/0x160 [ 3459.751446] ? devinet_ioctl+0x14de/0x1db0 [ 3459.752031] ? inet_ioctl+0x34f/0x390 [ 3459.752507] ? packet_ioctl+0xb3/0x260 [ 3459.753050] ? sock_do_ioctl+0xd3/0x300 [ 3459.753596] ? sock_ioctl+0x3ea/0x700 [ 3459.754113] ? __x64_sys_ioctl+0x19a/0x210 [ 3459.754688] ? do_syscall_64+0x33/0x40 [ 3459.755212] addrconf_f6i_alloc+0x28f/0x430 [ 3459.755804] ? ipv6_route_ioctl+0x510/0x510 [ 3459.756364] ? trace_hardirqs_on+0x5b/0x180 [ 3459.756972] ? kasan_unpoison_shadow+0x33/0x50 [ 3459.757597] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3459.758218] ipv6_add_addr+0x36c/0x1cf0 [ 3459.758773] ? lock_chain_count+0x20/0x20 [ 3459.759283] ? lock_chain_count+0x20/0x20 [ 3459.759863] ? mld_del_delrec+0x49a/0x730 [ 3459.760448] ? inet6_dump_ifaddr+0x20/0x20 [ 3459.761020] ? find_held_lock+0x2c/0x110 [ 3459.761571] add_addr+0xcf/0x2c0 [ 3459.762019] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3459.762683] ? mark_held_locks+0x9e/0xe0 [ 3459.763234] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3459.763943] ? __local_bh_enable_ip+0x9d/0x100 [ 3459.764589] addrconf_notify+0x1a95/0x2410 [ 3459.765165] ? inet6_ifinfo_notify+0x150/0x150 [ 3459.765783] ? failover_register+0x530/0x530 [ 3459.766378] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3459.767119] ? ipmr_device_event+0x18b/0x1f0 [ 3459.767706] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3459.768422] raw_notifier_call_chain+0xb3/0x110 [ 3459.768987] call_netdevice_notifiers_info+0xb5/0x130 [ 3459.769702] __dev_notify_flags+0x110/0x2c0 [ 3459.770306] ? dev_change_name+0x660/0x660 [ 3459.770882] ? __dev_change_flags+0x4cf/0x6e0 [ 3459.771484] ? dev_set_allmulti+0x30/0x30 [ 3459.772052] ? cap_capable+0x1cd/0x230 [ 3459.772526] ? full_name_hash+0xb5/0xf0 [ 3459.773077] dev_change_flags+0x100/0x160 [ 3459.773632] devinet_ioctl+0x14de/0x1db0 [ 3459.774182] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3459.774780] inet_ioctl+0x34f/0x390 [ 3459.775276] ? inet_dgram_connect+0x220/0x220 [ 3459.775874] ? __lock_acquire+0xbb1/0x5b00 [ 3459.776484] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3459.777162] packet_ioctl+0xb3/0x260 [ 3459.777675] sock_do_ioctl+0xd3/0x300 [ 3459.778174] ? compat_ifr_data_ioctl+0x180/0x180 [ 3459.778804] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3459.779535] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3459.780251] ? do_vfs_ioctl+0x283/0x10d0 [ 3459.780799] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3459.781488] ? generic_block_fiemap+0x60/0x60 [ 3459.782094] sock_ioctl+0x3ea/0x700 [ 3459.782562] ? dlci_ioctl_set+0x30/0x30 [ 3459.783090] ? selinux_file_ioctl+0xb6/0x270 [ 3459.783657] ? dlci_ioctl_set+0x30/0x30 [ 3459.784201] __x64_sys_ioctl+0x19a/0x210 [ 3459.784715] do_syscall_64+0x33/0x40 [ 3459.785204] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3459.785870] RIP: 0033:0x7fa5db089b19 [ 3459.786386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3459.788805] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3459.789825] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3459.790767] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3459.791719] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3459.792678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3459.793621] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3459.794675] hpet: Lost 2 RTC interrupts 05:06:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x1c05, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:06:37 executing program 2: acct(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00') syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', 0x7fffffff, 0x0, &(0x7f00000000c0), 0xa8000, &(0x7f0000000100)=ANY=[@ANYBLOB="646973636172002cad816e745f686173682c00"]) acct(0x0) mount$bind(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000140)='./cgroup.cpu/cgroup.procs/file0\x00', &(0x7f0000000180), 0x21020, 0x0) 05:06:37 executing program 0: pwrite64(0xffffffffffffffff, &(0x7f0000000440)="2827ded11a9d85b9fab4813f06c901f461201024eb4eb68dad217742848c7122cc1e703c04232e5acbf81b970af3da4754ae5927914e6825a834c3b81298873332e992c185dee94f57fc0d778985c8cbef0d54cffd57fd85", 0x58, 0x6) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_ethernet(0x15, &(0x7f0000000680)=ANY=[@ANYBLOB="bbbbbbbb0400000000000000890600000805000000ce1070d8f9883bbe3e3b27626b9de8695e4e12d8eed53ef61f865f89d65b37fba3f8f74b5a7c99239a0f5cdffe8cb7bf2ff99c9c3466559e7c82bcc31c380f9c7fb78c81bb8799bae5c7fc1d7bb7ffcd02efa47bdaf2f84dcfb20fd4ecd9a9fd42697a6befa078a6dfab604f8450391b32604e04c65c781e0d85dc103a2714a2c610e8d8372c7ee5377e49ac6b874a2e911e61217e7fd8f4636629a23bf18745e99387530b231f70206c3df61a89c1d230009794eba691eeb38bace1e01760f9d437c65f0344e4b02945f79b253114eba274f197e6f9801cd2bd69e3c075dd4ed389b2b1d56ac20d600000000000000000000000000093691180211596d9c6d8a034775fee6923588478949b5a21b37bc8448b283f45efca6927b9ed4d761f9336deaf7b753a80ac93a86f16449e65c57aea80b84584d7fd80fb2e0356cf6bfb418123abf34fdb6a38d1138c8f9e1f80f1349860adf6f2122dbb072215c86b865e427a6500f7a32620f7f939e94c0558bafdb9837b3268a9a81673"], 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) readv(r1, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_GET(r0, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, [{@pci, {0xd}, {0x5, 0x83, 0x1}}, {@pci, {0xd}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0x11, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x10}, 0xc885) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}, 0x40008, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0xffffffff, @mcast1, 0x2000000}}, {{0xa, 0xfffd, 0xfffffffd, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}}}, 0x108) ftruncate(r0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000300)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x1, [{{0xa, 0x0, 0x0, @mcast1}}]}, 0x110) clone3(&(0x7f0000000140)={0x11060900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) gettid() 05:06:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x5, @local, 0x400}, 0x1c) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r6, &(0x7f0000000040)={0x1f, @none}, 0x8) setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) copy_file_range(r6, 0x0, r5, 0x0, 0x1f, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000000c0)=0x5) copy_file_range(r2, 0x0, r3, 0x0, 0xa1, 0x0) recvfrom$inet6(r3, &(0x7f0000000280)=""/4096, 0x1000, 0x40010002, &(0x7f0000000080)={0xa, 0x4e23, 0x8000, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x96}, 0x1c) dup2(r1, r0) r7 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) open_by_handle_at(r7, &(0x7f0000000140)=@reiserfs_6={0x18, 0x6, {0x4, 0x1000, 0x80000000, 0x7, 0xffff, 0x10001}}, 0xc8182) 05:06:37 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x4000000, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:06:37 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 30) 05:06:37 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x10160}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/power/pm_freeze_timeout', 0x0, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x22902, 0x0) copy_file_range(r6, 0x0, r7, 0x0, 0xa1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r7, 0xc0189379, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r8 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r11 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r11, 0x0, 0x0}, 0x0) r12 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r8, 0x0) syz_io_uring_submit(r12, r10, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) pipe(&(0x7f0000000080)) syz_io_uring_submit(0x0, r10, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index=0x1, 0x3, 0x0, 0xffffffff, 0x1}, 0x3e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT={0xb, 0x3, 0x0, 0x0, 0x1, &(0x7f0000000240), 0x1, 0x1}, 0x8001) dup3(r0, r3, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:06:37 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd05b7677", 0xa}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3477.055819] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3477.060081] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3477.084654] Process accounting resumed [ 3477.096703] device veth0_vlan entered promiscuous mode 05:06:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x4800, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3477.099153] FAULT_INJECTION: forcing a failure. [ 3477.099153] name failslab, interval 1, probability 0, space 0, times 0 [ 3477.100528] CPU: 1 PID: 18583 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3477.101358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3477.102365] Call Trace: [ 3477.102679] dump_stack+0x107/0x167 [ 3477.103116] should_fail.cold+0x5/0xa [ 3477.103609] ? create_object.isra.0+0x3a/0xa20 [ 3477.104167] should_failslab+0x5/0x20 [ 3477.104632] kmem_cache_alloc+0x5b/0x310 [ 3477.105106] ? mark_held_locks+0x9e/0xe0 [ 3477.105590] create_object.isra.0+0x3a/0xa20 [ 3477.106126] kmemleak_alloc_percpu+0xa0/0x100 [ 3477.106680] pcpu_alloc+0x4e2/0x1240 [ 3477.107212] fib6_nh_init+0xa48/0x19e0 [ 3477.107708] ? icmp6_dst_alloc+0x650/0x650 [ 3477.108235] ? ip_fib_metrics_init+0x3ca/0x7d0 [ 3477.108799] ? gre_gro_complete+0x530/0x530 [ 3477.109328] ? kasan_unpoison_shadow+0x33/0x50 [ 3477.109898] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3477.110532] ip6_route_info_create+0x1185/0x1a00 [ 3477.111131] ? fib6_nh_init+0x19e0/0x19e0 [ 3477.111649] ? dev_change_flags+0x100/0x160 [ 3477.112178] ? devinet_ioctl+0x14de/0x1db0 [ 3477.112696] ? inet_ioctl+0x34f/0x390 [ 3477.113164] ? packet_ioctl+0xb3/0x260 [ 3477.113646] ? sock_do_ioctl+0xd3/0x300 [ 3477.114134] ? sock_ioctl+0x3ea/0x700 [ 3477.114602] ? __x64_sys_ioctl+0x19a/0x210 [ 3477.115127] ? do_syscall_64+0x33/0x40 [ 3477.115625] addrconf_f6i_alloc+0x28f/0x430 [ 3477.116148] ? ipv6_route_ioctl+0x510/0x510 [ 3477.116688] ? trace_hardirqs_on+0x5b/0x180 [ 3477.117210] ? kasan_unpoison_shadow+0x33/0x50 [ 3477.117761] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3477.118378] ipv6_add_addr+0x36c/0x1cf0 [ 3477.118860] ? lock_chain_count+0x20/0x20 [ 3477.119368] ? lock_chain_count+0x20/0x20 [ 3477.119867] ? mld_del_delrec+0x49a/0x730 [ 3477.120367] ? inet6_dump_ifaddr+0x20/0x20 [ 3477.120886] ? find_held_lock+0x2c/0x110 [ 3477.121380] add_addr+0xcf/0x2c0 [ 3477.121790] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3477.122394] ? mark_held_locks+0x9e/0xe0 [ 3477.122948] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3477.123586] ? __local_bh_enable_ip+0x9d/0x100 [ 3477.124145] addrconf_notify+0x1a95/0x2410 [ 3477.124664] ? inet6_ifinfo_notify+0x150/0x150 [ 3477.125215] ? failover_register+0x530/0x530 [ 3477.125749] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3477.126416] ? ipmr_device_event+0x18b/0x1f0 [ 3477.126954] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3477.127591] raw_notifier_call_chain+0xb3/0x110 [ 3477.128161] call_netdevice_notifiers_info+0xb5/0x130 [ 3477.128790] __dev_notify_flags+0x110/0x2c0 [ 3477.129317] ? dev_change_name+0x660/0x660 [ 3477.129828] ? __dev_change_flags+0x4cf/0x6e0 [ 3477.130380] ? dev_set_allmulti+0x30/0x30 [ 3477.130888] ? cap_capable+0x1cd/0x230 [ 3477.131378] ? full_name_hash+0xb5/0xf0 [ 3477.131863] dev_change_flags+0x100/0x160 [ 3477.132370] devinet_ioctl+0x14de/0x1db0 [ 3477.132875] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3477.133416] inet_ioctl+0x34f/0x390 [ 3477.133863] ? inet_dgram_connect+0x220/0x220 [ 3477.134415] ? __lock_acquire+0xbb1/0x5b00 [ 3477.134943] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3477.135598] packet_ioctl+0xb3/0x260 [ 3477.136055] sock_do_ioctl+0xd3/0x300 [ 3477.136516] ? compat_ifr_data_ioctl+0x180/0x180 [ 3477.137094] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3477.137811] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3477.138499] ? do_vfs_ioctl+0x283/0x10d0 [ 3477.139003] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3477.139650] ? generic_block_fiemap+0x60/0x60 [ 3477.140211] sock_ioctl+0x3ea/0x700 [ 3477.140659] ? dlci_ioctl_set+0x30/0x30 [ 3477.141146] ? selinux_file_ioctl+0xb6/0x270 [ 3477.141688] ? dlci_ioctl_set+0x30/0x30 [ 3477.142178] __x64_sys_ioctl+0x19a/0x210 [ 3477.142679] do_syscall_64+0x33/0x40 [ 3477.143135] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3477.143753] RIP: 0033:0x7fa5db089b19 [ 3477.144199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3477.146422] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3477.147368] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3477.148256] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3477.149124] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3477.149970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3477.150805] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3477.152688] Process accounting resumed 05:06:37 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 31) 05:06:37 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x23}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) [ 3477.317044] netlink: 'syz-executor.1': attribute type 22 has an invalid length. 05:06:37 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x5000000, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) 05:06:37 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x2c, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000700100000f000000000000000000000004000000000002000020000020000000d1f4655fd1f4655f0100ffff53ef010001000000d1f4655f000000000000000001000000000000000b0000000004000008000000d2c20100120300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e33343135323238343000"/192, 0xc0, 0x400}, {&(0x7f0000010100)="000000000000000000000000d0a9da48497c4915a7449265c083aec0010040000c00000000000000d1f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000003800000000000000", 0x40, 0x540}, {&(0x7f0000010300)="0300000004000000000000000000000000000000010400"/32, 0x20, 0x640}, {&(0x7f0000010400)="03000000040000000500000017000f000300040000000000000000000f008551", 0x20, 0x800}, {&(0x7f0000010500)="ff010000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d1f4655fd1f4655fd1f4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d1f4655fd1f4655fd1f4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000030000000", 0x40, 0x1800}, {&(0x7f0000010f00)="2000000038fad6a438fad6a400000000d1f4655f00"/32, 0x20, 0x1880}, {&(0x7f0000011000)="8081000000180000d1f4655fd1f4655fd1f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000500000000200000004000000520000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d1f4655f00"/160, 0xa0, 0x1c00}, {&(0x7f0000011100)="8081000000180000d1f4655fd1f4655fd1f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000600000000200000004000000620000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d1f4655f00"/160, 0xa0, 0x2000}, {&(0x7f0000011200)="c0410000002c0000d1f4655fd1f4655fd1f4655f00000000000002002000000000000800000000000af301000400000000000000000000000b00000040000000", 0x40, 0x3c00}, {&(0x7f0000011300)="20000000000000000000000000000000d1f4655f000000000000000000000000000002ea00"/64, 0x40, 0x3c80}, {&(0x7f0000011400)="ed4100003c000000d1f4655fd1f4655fd1f4655f0000000000000200000000000000001003000000020000000d0000001000050166696c65300000000e0000002800050766696c6531000000000000000000000000000000000000000000000000000000e50617fa0000000000000000000000000000000000000000000000002000000038fad6a438fad6a438fad6a4d1f4655f38fad6a40000000000000000000002ea04070000000000000000000000000000646174610000000000000000", 0xc0, 0x4000}, {&(0x7f0000011500)="ed8100001a040000d1f4655fd1f4655fd1f4655f00000000000001002000000000000800010000000af3010004000000000000000000000002000000700000000000000000000000000000000000000000000000000000000000000000000000000000000281944c0000000000000000000000000000000000000000000000002000000038fad6a438fad6a438fad6a4d1f4655f38fad6a40000000000000000", 0xa0, 0x4400}, {&(0x7f0000011600)="ffa1000026000000d1f4655fd1f4655fd1f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3334313532323834302f66696c65302f66696c6530000000000000000000000000000000000000000000007dfbeec50000000000000000000000000000000000000000000000002000000038fad6a438fad6a438fad6a4d1f4655f38fad6a40000000000000000", 0xa0, 0x4800}, {&(0x7f0000011700)="ed8100000a000000d1f4655fd1f4655fd1f4655f000000000000010000000000000000100100000073797a6b616c6c6572730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cf6b9f150000000000000000000000000000000000000000000000002000000038fad6a438fad6a438fad6a4d1f4655f38fad6a40000000000000000000002ea040700000000000000000000000000006461746106015403000000000600000000000000786174747231000006014c0300000000060000000000000078617474723200"/256, 0x100, 0x4c00}, {&(0x7f0000011800)="0000000000000000000000000000000078617474723200007861747472310000ed81000028230000d1f4655fd1f4655fd1f4655f00000000000002002000000000000800010000000af3010004000000000000000000000009000000800000000000000000000000000000000000000000000000000000000000000000000000000000009b745a560000000000000000000000000000000000000000000000002000000038fad6a438fad6a438fad6a4d1f4655f38fad6a40000000000000000", 0xc0, 0x4fe0}, {&(0x7f0000011900)="ed81000064000000d1f4655fd1f4655fd1f4655f000000000000010000000000000000100100000073797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c2cc444b00000000000000000000000000000000000000000000000002000000038fad6a438fad6a438fad6a4d1f4655f38fad6a40000000000000000000002ea04073403000000002800000000000000646174610000000000000000", 0xc0, 0x5400}, {&(0x7f0000011a00)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lersyzkallersyzkallersyzkallersyzkallers', 0x40, 0x57c0}, {&(0x7f0000011b00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0xc000}, {&(0x7f0000011c00)="0b0000000c0001022e000000020000000c0002022e2e000000000000e8030000", 0x20, 0x10000}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0x10400}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0x10800}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0x10c00}, {&(0x7f0000012000)="00000000000400"/32, 0x20, 0x11000}, {&(0x7f0000012100)="00000000000400"/32, 0x20, 0x11400}, {&(0x7f0000012200)="00000000000400"/32, 0x20, 0x11800}, {&(0x7f0000012300)="00000000000400"/32, 0x20, 0x11c00}, {&(0x7f0000012400)="00000000000400"/32, 0x20, 0x12000}, {&(0x7f0000012500)="00000000000400"/32, 0x20, 0x12400}, {&(0x7f0000012600)="00000000000400"/32, 0x20, 0x12800}, {&(0x7f0000012700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x14000}, {&(0x7f0000012800)="0200"/32, 0x20, 0x14400}, {&(0x7f0000012900)="0300"/32, 0x20, 0x14800}, {&(0x7f0000012a00)="0400"/32, 0x20, 0x14c00}, {&(0x7f0000012b00)="0500"/32, 0x20, 0x15000}, {&(0x7f0000012c00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000100"/96, 0x60, 0x15400}, {&(0x7f0000012d00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x18000}, {&(0x7f0000012e00)="0200"/32, 0x20, 0x18400}, {&(0x7f0000012f00)="0300"/32, 0x20, 0x18800}, {&(0x7f0000013000)="0400"/32, 0x20, 0x18c00}, {&(0x7f0000013100)="0500"/32, 0x20, 0x19000}, {&(0x7f0000013200)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000100"/96, 0x60, 0x19400}, {&(0x7f0000013300)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x1c000}], 0x0, &(0x7f0000013800)) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="553250a04f93cd5033d71d000605020ff3c84e5ca9a39d24b96e869655206f5f1df22c72da7f9d440ac2cea64c4f1452b3c92a2b92717728cf", 0x39, 0x9}], 0x8064, &(0x7f0000000640)={[{@uid={'uid', 0x3d, 0xee00}}, {@size}, {@mpol={'mpol', 0x3d, {'default', '=static', @void}}}, {@huge_within_size}, {@huge_always}, {@mpol={'mpol', 0x3d, {'local', '=static', @val={0x3a, [0x32, 0x32]}}}}], [{@smackfsdef={'smackfsdef', 0x3d, 'ext4\x00'}}]}) [ 3477.329684] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3477.343091] device veth0_vlan entered promiscuous mode [ 3477.345428] FAULT_INJECTION: forcing a failure. 05:06:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, 0x0, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) r2 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), r0) sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="ac8bb246f6a27c97e4d41c3a60997005205c24c44e5145b7b3e87cce48db77c727f0dec7da400ee46a234878", @ANYRES16=r3, @ANYBLOB="000428bd7000fbdbdf25020000000900030073214c3000000000"], 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x2400c810) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$rfkill(r1, &(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1}, 0x8) syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r2) [ 3477.345428] name failslab, interval 1, probability 0, space 0, times 0 [ 3477.348643] CPU: 0 PID: 18607 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3477.350277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3477.352241] Call Trace: [ 3477.352863] dump_stack+0x107/0x167 [ 3477.353722] should_fail.cold+0x5/0xa [ 3477.354607] ? SOFTIRQ_verbose+0x10/0x10 [ 3477.355574] ? create_object.isra.0+0x3a/0xa20 [ 3477.356641] should_failslab+0x5/0x20 [ 3477.357541] kmem_cache_alloc+0x5b/0x310 [ 3477.358492] create_object.isra.0+0x3a/0xa20 [ 3477.359522] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3477.360707] kmem_cache_alloc_node+0x169/0x330 [ 3477.361779] __alloc_skb+0x6d/0x5b0 [ 3477.362632] inet6_ifa_notify+0x118/0x220 [ 3477.363601] ? inet6_fill_ifaddr+0xd60/0xd60 [ 3477.364628] ? __ipv6_ifa_notify+0xb10/0xb10 [ 3477.365657] __ipv6_ifa_notify+0x17b/0xb10 [ 3477.366634] ? __fib6_clean_all+0x138/0x2a0 [ 3477.367652] ? modify_prefix_route+0x590/0x590 [ 3477.368719] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3477.369957] ? trace_hardirqs_on+0x5b/0x180 05:06:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x4c00, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) 05:06:37 executing program 5: ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000500)={{}, 0x0, 0x10, @inherit={0x0, 0x0}, @subvolid}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) open(0x0, 0x20800, 0x0) poll(0x0, 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x1010, 0xffffffffffffffff, 0x8000000) shutdown(r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f00000029c0)={0x0, 0x0, 0x0}, 0x0, 0x2203, 0x0, {0x1}}, 0x0) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, 0x0) io_uring_enter(r0, 0x2b62, 0x0, 0x2, 0x0, 0x0) [ 3477.370993] ipv6_ifa_notify+0xd7/0x240 [ 3477.371980] add_addr+0x1c2/0x2c0 [ 3477.372796] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3477.373967] ? mark_held_locks+0x9e/0xe0 [ 3477.374922] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3477.376156] ? __local_bh_enable_ip+0x9d/0x100 [ 3477.377225] addrconf_notify+0x1a95/0x2410 [ 3477.378234] ? inet6_ifinfo_notify+0x150/0x150 [ 3477.379352] ? failover_register+0x530/0x530 [ 3477.380421] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3477.381749] ? ipmr_device_event+0x18b/0x1f0 [ 3477.382813] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3477.384078] raw_notifier_call_chain+0xb3/0x110 [ 3477.385213] call_netdevice_notifiers_info+0xb5/0x130 [ 3477.386464] __dev_notify_flags+0x110/0x2c0 [ 3477.387511] ? dev_change_name+0x660/0x660 [ 3477.388429] ? __dev_change_flags+0x4cf/0x6e0 [ 3477.389408] ? dev_set_allmulti+0x30/0x30 [ 3477.390315] ? cap_capable+0x1cd/0x230 [ 3477.391168] ? full_name_hash+0xb5/0xf0 [ 3477.392049] dev_change_flags+0x100/0x160 [ 3477.392958] devinet_ioctl+0x14de/0x1db0 [ 3477.393851] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3477.394826] inet_ioctl+0x34f/0x390 [ 3477.395625] ? inet_dgram_connect+0x220/0x220 [ 3477.396645] ? __lock_acquire+0xbb1/0x5b00 [ 3477.397696] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3477.398973] packet_ioctl+0xb3/0x260 [ 3477.399894] sock_do_ioctl+0xd3/0x300 [ 3477.400816] ? compat_ifr_data_ioctl+0x180/0x180 [ 3477.401969] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3477.403362] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3477.404611] ? do_vfs_ioctl+0x283/0x10d0 [ 3477.405593] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3477.406858] ? generic_block_fiemap+0x60/0x60 [ 3477.407972] sock_ioctl+0x3ea/0x700 [ 3477.408840] ? dlci_ioctl_set+0x30/0x30 [ 3477.409771] ? selinux_file_ioctl+0xb6/0x270 [ 3477.410794] ? dlci_ioctl_set+0x30/0x30 [ 3477.411726] __x64_sys_ioctl+0x19a/0x210 [ 3477.412680] do_syscall_64+0x33/0x40 [ 3477.413545] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3477.414734] RIP: 0033:0x7fa5db089b19 [ 3477.415609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3477.419884] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3477.421653] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3477.423310] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3477.424969] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3477.426613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3477.428270] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3477.430181] hpet: Lost 4 RTC interrupts 05:06:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(r1, r0) 05:06:37 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000000ffff00000000000000000007"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x161}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) r1 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x8914, &(0x7f00000001c0)={'veth0_vlan\x00', {0x2, 0x0, @empty}}) (fail_nth: 32) 05:06:37 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r1, &(0x7f0000000600)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = fcntl$dupfd(r0, 0x0, r2) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)="0000abe02400030021206cda3b5e5672b89aeddb2a535fbd0706006dff0043a9d7cceb232fb81bf74ebdd05b7677", 0x25}, {&(0x7f0000000680)="7fd41c04550300020000000000000000010046e92ed2616f72657d044129471d4fd47924fd0900e09e0068deec025f2400113680b0eb4d4627baf31afc6413da00240bc010c515c4", 0x48}], 0x2) 05:06:37 executing program 6: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000003c0)={0x0, 0x6000000, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5}]}, 0x2c}}, 0x0) [ 3477.644453] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3477.659989] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3477.710246] [ 3477.710449] ====================================================== [ 3477.711113] WARNING: possible circular locking dependency detected [ 3477.711791] 5.10.207 #1 Not tainted [ 3477.712180] ------------------------------------------------------ [ 3477.712852] syz-executor.0/18638 is trying to acquire lock: [ 3477.713454] ffff8880159ccb78 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xdd/0xa90 [ 3477.714567] [ 3477.714567] but task is already holding lock: [ 3477.715196] ffffffff85619628 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0xff/0x4b0 [ 3477.716152] [ 3477.716152] which lock already depends on the new lock. [ 3477.716152] [ 3477.717074] [ 3477.717074] the existing dependency chain (in reverse order) is: [ 3477.717874] [ 3477.717874] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 3477.718591] __mutex_lock+0x13d/0x10b0 [ 3477.719065] rfkill_register+0x36/0xa10 [ 3477.719553] hci_register_dev+0x42e/0xc00 [ 3477.720058] __vhci_create_device+0x2c8/0x5c0 [ 3477.720600] vhci_open_timeout+0x38/0x50 [ 3477.721099] process_one_work+0x9a9/0x14b0 [ 3477.721643] worker_thread+0x61d/0x1310 [ 3477.722185] kthread+0x38f/0x470 [ 3477.722605] ret_from_fork+0x22/0x30 [ 3477.723054] [ 3477.723054] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 3477.723759] __mutex_lock+0x13d/0x10b0 [ 3477.726458] vhci_send_frame+0x63/0xa0 [ 3477.728237] hci_send_frame+0x1b9/0x320 [ 3477.728719] hci_tx_work+0x10af/0x1660 [ 3477.729188] process_one_work+0x9a9/0x14b0 [ 3477.729682] worker_thread+0x61d/0x1310 [ 3477.730163] kthread+0x38f/0x470 [ 3477.730572] ret_from_fork+0x22/0x30 [ 3477.731031] [ 3477.731031] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 3477.731875] __flush_work+0x105/0xa90 [ 3477.732395] hci_dev_do_close+0x131/0x1240 [ 3477.732899] hci_unregister_dev+0x149/0x430 [ 3477.733437] vhci_release+0x70/0xf0 [ 3477.733875] __fput+0x285/0x980 [ 3477.734298] task_work_run+0xe2/0x1a0 [ 3477.734766] do_exit+0xb6f/0x2600 [ 3477.735213] do_group_exit+0x125/0x310 [ 3477.735711] get_signal+0x4bc/0x22e0 [ 3477.736257] arch_do_signal_or_restart+0x2b7/0x1990 [ 3477.737171] exit_to_user_mode_prepare+0x10f/0x190 [ 3477.738057] syscall_exit_to_user_mode+0x38/0x1e0 [ 3477.738933] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3477.739872] [ 3477.739872] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 3477.740834] __mutex_lock+0x13d/0x10b0 [ 3477.741493] bg_scan_update+0x82/0x500 [ 3477.742153] process_one_work+0x9a9/0x14b0 [ 3477.742871] worker_thread+0x61d/0x1310 [ 3477.743551] kthread+0x38f/0x470 [ 3477.744132] ret_from_fork+0x22/0x30 [ 3477.744763] [ 3477.744763] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 3477.746036] __lock_acquire+0x29e7/0x5b00 [ 3477.746744] lock_acquire+0x197/0x470 [ 3477.747412] __flush_work+0x105/0xa90 [ 3477.748102] __cancel_work_timer+0x368/0x4c0 [ 3477.748622] hci_request_cancel_all+0x73/0x230 [ 3477.749167] hci_dev_do_close+0xd9/0x1240 [ 3477.749667] hci_rfkill_set_block+0x166/0x1a0 [ 3477.750206] rfkill_set_block+0x1fd/0x540 [ 3477.750707] rfkill_fop_write+0x253/0x4b0 [ 3477.751207] vfs_write+0x29a/0xa70 [ 3477.751645] ksys_write+0x1f6/0x260 [ 3477.752092] do_syscall_64+0x33/0x40 [ 3477.752542] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3477.753147] [ 3477.753147] other info that might help us debug this: [ 3477.753147] [ 3477.754003] Chain exists of: [ 3477.754003] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 3477.754003] [ 3477.755457] Possible unsafe locking scenario: [ 3477.755457] [ 3477.756090] CPU0 CPU1 [ 3477.756581] ---- ---- [ 3477.757063] lock(rfkill_global_mutex); [ 3477.757501] lock(&data->open_mutex); [ 3477.758177] lock(rfkill_global_mutex); [ 3477.758877] lock((work_completion)(&hdev->bg_scan_update)); [ 3477.759506] [ 3477.759506] *** DEADLOCK *** [ 3477.759506] [ 3477.760148] 1 lock held by syz-executor.0/18638: [ 3477.760653] #0: ffffffff85619628 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0xff/0x4b0 [ 3477.761662] [ 3477.761662] stack backtrace: [ 3477.762147] CPU: 1 PID: 18638 Comm: syz-executor.0 Not tainted 5.10.207 #1 [ 3477.762889] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3477.763834] Call Trace: [ 3477.764114] dump_stack+0x107/0x167 [ 3477.764518] check_noncircular+0x263/0x2e0 [ 3477.764983] ? register_lock_class+0xbb/0x17b0 [ 3477.765483] ? print_circular_bug+0x470/0x470 [ 3477.765977] ? find_first_zero_bit+0x94/0xb0 [ 3477.766471] ? add_lock_to_list.constprop.0+0x68/0x500 [ 3477.767050] __lock_acquire+0x29e7/0x5b00 [ 3477.767531] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3477.768110] ? SOFTIRQ_verbose+0x10/0x10 [ 3477.768552] ? lock_chain_count+0x20/0x20 [ 3477.769129] ? mark_lock+0xf5/0x2df0 [ 3477.769549] lock_acquire+0x197/0x470 [ 3477.769973] ? __flush_work+0xdd/0xa90 [ 3477.770503] ? lock_release+0x680/0x680 [ 3477.770976] ? __flush_work+0x78c/0xa90 [ 3477.771418] ? lock_downgrade+0x6d0/0x6d0 [ 3477.771879] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3477.772450] __flush_work+0x105/0xa90 [ 3477.772872] ? __flush_work+0xdd/0xa90 [ 3477.773307] ? lock_chain_count+0x20/0x20 [ 3477.773765] ? queue_delayed_work_on+0xe0/0xe0 [ 3477.774275] ? mark_lock+0xf5/0x2df0 [ 3477.774696] ? mark_lock+0xf5/0x2df0 [ 3477.775100] ? lock_chain_count+0x20/0x20 [ 3477.775567] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3477.776147] ? lock_chain_count+0x20/0x20 [ 3477.776610] ? lock_acquire+0x197/0x470 [ 3477.777047] ? rfkill_send_events+0x1e8/0x390 [ 3477.777539] ? mark_held_locks+0x9e/0xe0 [ 3477.777990] __cancel_work_timer+0x368/0x4c0 [ 3477.778476] ? cancel_delayed_work+0x20/0x20 [ 3477.779023] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3477.779614] ? __cancel_work+0x250/0x2b0 [ 3477.780062] ? trace_hardirqs_on+0x5b/0x180 [ 3477.780538] ? __cancel_work+0x1bb/0x2b0 [ 3477.780983] ? try_to_grab_pending+0xe0/0xe0 [ 3477.781475] hci_request_cancel_all+0x73/0x230 [ 3477.781975] hci_dev_do_close+0xd9/0x1240 [ 3477.782436] ? rfkill_set_block+0x18f/0x540 [ 3477.782915] ? hci_dev_open+0x350/0x350 [ 3477.783366] ? mark_held_locks+0x9e/0xe0 [ 3477.783811] hci_rfkill_set_block+0x166/0x1a0 [ 3477.784304] ? hci_power_off+0x20/0x20 [ 3477.784727] rfkill_set_block+0x1fd/0x540 [ 3477.785196] rfkill_fop_write+0x253/0x4b0 [ 3477.785739] ? rfkill_sync_work+0xa0/0xa0 [ 3477.786201] ? rfkill_sync_work+0xa0/0xa0 [ 3477.786727] ? rfkill_sync_work+0xa0/0xa0 [ 3477.787278] vfs_write+0x29a/0xa70 [ 3477.787680] ksys_write+0x1f6/0x260 [ 3477.788080] ? __ia32_sys_read+0xb0/0xb0 [ 3477.788535] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3477.789112] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3477.789677] do_syscall_64+0x33/0x40 [ 3477.790093] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3477.790656] RIP: 0033:0x7fc64b9bcb19 [ 3477.791064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3477.793051] RSP: 002b:00007fc648f11188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3477.793872] RAX: ffffffffffffffda RBX: 00007fc64bad0020 RCX: 00007fc64b9bcb19 [ 3477.794699] RDX: 0000000000000008 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3477.795501] RBP: 00007fc64ba16f6d R08: 0000000000000000 R09: 0000000000000000 [ 3477.796284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3477.797067] R13: 00007ffed82db11f R14: 00007fc648f11300 R15: 0000000000022000 05:06:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_open_pts(r0, 0x40400) ioctl$KDDELIO(r1, 0x4b35, 0x8) r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x27392833}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) dup2(r2, r0) 05:06:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x6800, &(0x7f00000000c0)={&(0x7f0000000580)={0x3c, 0x21, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x20, 0x16, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_rmem\x00'}]}, 0x3c}}, 0x0) [ 3477.827384] device veth0_vlan entered promiscuous mode [ 3477.828251] FAULT_INJECTION: forcing a failure. [ 3477.828251] name failslab, interval 1, probability 0, space 0, times 0 [ 3477.829490] CPU: 1 PID: 18645 Comm: syz-executor.3 Not tainted 5.10.207 #1 [ 3477.830256] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3477.831133] Call Trace: [ 3477.831434] dump_stack+0x107/0x167 [ 3477.831828] should_fail.cold+0x5/0xa [ 3477.832237] should_failslab+0x5/0x20 [ 3477.832643] __kmalloc_node_track_caller+0x74/0x3b0 [ 3477.833184] ? inet6_ifa_notify+0x118/0x220 [ 3477.833650] __alloc_skb+0xb1/0x5b0 [ 3477.834040] inet6_ifa_notify+0x118/0x220 [ 3477.834474] ? inet6_fill_ifaddr+0xd60/0xd60 [ 3477.834958] ? lock_acquire+0x3ef/0x470 [ 3477.835403] __ipv6_ifa_notify+0x17b/0xb10 [ 3477.835856] ? __fib6_clean_all+0x138/0x2a0 [ 3477.836308] ? modify_prefix_route+0x590/0x590 [ 3477.836791] ? do_raw_spin_lock+0x121/0x260 [ 3477.837258] ? __local_bh_enable_ip+0x9d/0x100 [ 3477.837740] ? trace_hardirqs_on+0x5b/0x180 [ 3477.838207] ipv6_ifa_notify+0xd7/0x240 [ 3477.838628] add_addr+0x1c2/0x2c0 [ 3477.838998] ? inet6_ifa_finish_destroy+0x1b0/0x1b0 [ 3477.839550] ? mld_del_delrec+0x453/0x730 [ 3477.840013] ? __local_bh_enable_ip+0x9d/0x100 [ 3477.840510] ? trace_hardirqs_on+0x5b/0x180 [ 3477.840972] ? ipv6_find_idev+0x174/0x220 [ 3477.841498] addrconf_notify+0x1a95/0x2410 [ 3477.841981] ? inet6_ifinfo_notify+0x150/0x150 [ 3477.842482] ? failover_register+0x530/0x530 [ 3477.842949] ? cfg80211_netdev_notifier_call+0x298/0x10c0 [ 3477.843556] ? ipmr_device_event+0x18b/0x1f0 [ 3477.844028] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3477.844582] raw_notifier_call_chain+0xb3/0x110 [ 3477.845100] call_netdevice_notifiers_info+0xb5/0x130 [ 3477.845683] __dev_notify_flags+0x110/0x2c0 [ 3477.846164] ? dev_change_name+0x660/0x660 [ 3477.846625] ? __dev_change_flags+0x4cf/0x6e0 [ 3477.847116] ? dev_set_allmulti+0x30/0x30 [ 3477.847566] ? cap_capable+0x1cd/0x230 [ 3477.847988] ? full_name_hash+0xb5/0xf0 [ 3477.848425] dev_change_flags+0x100/0x160 [ 3477.848877] devinet_ioctl+0x14de/0x1db0 [ 3477.849317] ? inet_ifa_byprefix+0x2e0/0x2e0 [ 3477.849794] inet_ioctl+0x34f/0x390 [ 3477.850204] ? inet_dgram_connect+0x220/0x220 [ 3477.850690] ? perf_trace_lock_acquire+0xbc/0x590 [ 3477.851215] ? SOFTIRQ_verbose+0x10/0x10 [ 3477.851667] ? lock_acquire+0x3ef/0x470 [ 3477.852107] ? perf_trace_lock_acquire+0xbc/0x590 [ 3477.852630] packet_ioctl+0xb3/0x260 [ 3477.853035] sock_do_ioctl+0xd3/0x300 [ 3477.853444] ? compat_ifr_data_ioctl+0x180/0x180 [ 3477.853958] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 3477.854598] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3477.855157] ? do_vfs_ioctl+0x283/0x10d0 [ 3477.855607] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3477.856170] ? generic_block_fiemap+0x60/0x60 [ 3477.856654] sock_ioctl+0x3ea/0x700 [ 3477.857117] ? dlci_ioctl_set+0x30/0x30 [ 3477.857562] ? selinux_file_ioctl+0xb6/0x270 [ 3477.858033] ? dlci_ioctl_set+0x30/0x30 [ 3477.858458] __x64_sys_ioctl+0x19a/0x210 [ 3477.858896] do_syscall_64+0x33/0x40 [ 3477.859316] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 3477.859862] RIP: 0033:0x7fa5db089b19 [ 3477.860276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3477.862261] RSP: 002b:00007fa5d85ff188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3477.863079] RAX: ffffffffffffffda RBX: 00007fa5db19cf60 RCX: 00007fa5db089b19 [ 3477.863867] RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 [ 3477.864637] RBP: 00007fa5d85ff1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3477.865425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3477.866191] R13: 00007ffefd79e6ef R14: 00007fa5d85ff300 R15: 0000000000022000 [ 3478.018928] netlink: 'syz-executor.1': attribute type 22 has an invalid length. [ 3478.027999] netlink: 'syz-executor.1': attribute type 22 has an invalid length. VM DIAGNOSIS: 05:06:38 Registers: info registers vcpu 0 RAX=ffffffff8447ccca RBX=dffffc0000000000 RCX=0000000000000002 RDX=0000000000000006 RSI=ffffffff84ff85e0 RDI=ffffffff8447ccc0 RBP=ffffffff8447ccc0 RSP=ffff8880392b74d0 R8 =0000000000000002 R9 =0000000000000000 R10=fffffbfff0ace4f1 R11=0000000000000001 R12=ffff8880392b75b0 R13=ffffffff84ff85e0 R14=0000000000000000 R15=ffffffff84efeb60 RIP=ffffffff81ff2684 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe3900000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f206b87f570 CR3=000000003c43a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000dd060a EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000073 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822cb781 RDI=ffffffff879e8240 RBP=ffffffff879e8200 RSP=ffff8880392bf1d0 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000001 R12=0000000000000073 R13=0000000000000073 R14=ffffffff879e8200 R15=dffffc0000000000 RIP=ffffffff822cb7d8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc648f11700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe3300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b31822000 CR3=000000004ecb2000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fc64baa37c000007fc64baa37c8 XMM02=00007fc64baa37e000007fc64baa37c0 XMM03=00007fc64baa37c800007fc64baa37c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000