ILY={0x5, 0x5, 0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x40, 0x7, 0x0, 0x1, [@IPSET_ATTR_PROTO={0x5, 0x7, 0x1d}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x9}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast1}}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x3f}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async) syz_usb_connect$hid(0x6, 0xffffffffffffffa7, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x6, 0x20, 0x56a, 0x44, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x66, 0x0, 0x3, 0x1, 0x1, 0xfc, {0x9}}}]}}]}}, 0x0) 19:27:29 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) (async) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) r1 = open_tree(0xffffffffffffffff, &(0x7f0000000200)='./bus/file0\x00', 0x800) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000280)={0x1, 0x0, [{0xf000, 0x93, &(0x7f0000000400)=""/147}]}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r3, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r7, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async) io_submit(0x0, 0x6, &(0x7f0000001980)=[&(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x7, 0xffffffffffffffff, &(0x7f0000000540)="f29b887cc0a03c0bfc9e5841b9dcd6245458369153d0403e277f4d9ffa0213a97bea74bd126d32daf70f356f13b7f1bba2cb1af22e76d88c23f709c47a248d7d99cf6a7f92d175ee7375b10713f6e14f9af0d6483f84d3db702569e2ba2930f83c049258e489ed5ed9c7cd4e7cffda7023dceb9ae902385cc507a54a0e03667cf577e1d5da7ae73340ac3e372ee636067e3b80d04fc922fa9eafeab7c4a7a4d01307edf772e3bdfaa93ecefd3adc683352d90870e6eb443a3609412a48d7d37f209a15b3305b6275ae1ca6f3c3c230fa43c4c752fa0d66bb19409ea0d40e5687b8b715b1bd11c85340d77cb80f4074e975d1b0361a3ffcd2af54285fa8b4aca2f1fe0820f3cf1e1c01081418664de59a355a12494098c88a519d3cffd137d7ada25b8547570240a340d80d341fb07fcdc779c930ee3030bce4bc8ad4c243ec2ce73e0902e885a933e3c7e79186366f3a0e5e8c6b727777dfd40a7c6bb3c1859b4ec5594914bbbf126ea1f165a8f2f169a121e3b2baabaf08a7dedceb08437ab00dd92aa963a35c1f5c6ddf4bd67cad4e2c1c2eb71822549f6ba7035d29b88d691d68f375735df84df4fd1fecfaed8042ca0eb044591eb47e9b5da1dae5b3c79fc112f1de09dbdaa121544e7a34b94a765133870234aba612de745b2289abac29362e69a0f1b6c629383baa3a9f3ca8168ed8b8ec6f5c2ef8d9c0eb64c2d15a27cc5226506c46154648d35b32b0e5ec0cdd45d668903cd720a91f6360df73853e2ead257b17a4fc851bbbe7ff0a20184942c484ca35e94cc9e7eedcf491f7858f0d05a0c4d638a7205c43ca7de25fcad64785c84a11bb38c04adf0b1459593062d596db4d0cae83747d2d4b354789e5daf48456ac1a54f9e791bb40ec67bc9b6c5316def520ed85a717dd4ef0a2faff1c7c27cb58203b3080176631596f63f9461d969cc0888d10c7151daf17540a08275af4b133f9463968735de0da152be5bd475c6695cd467c8d4669ab1edabf23eb7cadacdbe042389fa8c79f5d7e9a3540ed3209617c1bdee7be1cac8908c0b12b64b7ffb96913b064d923f36ee2430dbc1e7bd02acf2d56d737a8be25402a04ad01d5c30c3bb1804c4f8afea30a84640ca6f2f906c4f2b2853c4f1327230f6ec803f6001f897d5f16c6b95bbb0e61a7d000587542dbfe3c8ca164a6eb3405e1fb60bd3bba03d20b577584a373328f02bbd54fa5bb1930d83ac85ef871613ef466bce8e01be6d439d411ba2c1d6c1e36883579ccaeaf5af739c09fef609ce78963e61c46cd2550a96964a2b110348f27e75b852ab3dec96e1447fef8b790df9e08a5a9020e37006ce5d2918863d8daa656ecb33dc6efb959a80a65c288cd079487de2a0e21417d4e246c2254b462546f30c4a7570f7e3c61950c881275d92be8615d1be92184d1bb498fc27ad542952acf93582c72176261a562f80fee5c6286d7cacfbf294884abf235d982a3d908cac6bff2b3cde81552a2a19e04325c54fab5402ef42eb26b0590fa97719cd3d038a5f76d96f1d64fa7985270f4fbf8b67835a9b844e59e0af7164d8cc869bd8f2dae4d870da8011918532ad0b753581f9bdf01abb836f7f05081592cbfd8e4e77d2213e264f8bfe25a558ff8ba363d8568794cb9430298fb24df289c9481582176966986e11c05cd7105ad2e1f9470fe656e6c23cf3b6f1689b8f353135110c142739f81f70ebcba74ea121ec7cfecbdb49adb4360571be8a1eb634b512a456973e89dbc1f2e0ec6256602bb13f7af6271eb588f00774aaebd78fb3ee282d8d37206f8f9dc72af9599d1663ed9cfe04abd84c3458c26b950cbd50342d22519421fce3330648d70c512f15ce1f75d62fcf346746bcd930f21b5fb6940fb83cd9194e8e8498f714a9052c3ada621795d84fb9d5cf726000586b480bb46dfd73f057296b179e31412f5e22ebe0bb20993c23c2f831094495a826568dd2974c1d8bc2b42d2fbb27c29aa768dd16c53e3e752af80191302ed751ff9200eebb4c898e55569d1c2fc1f00d488c544ce87c987391cd654a441e4ef1024e78a51a2522373ba3abe12dee96b47505217ecc475900427ff5c809cdde3f68f85a43e3b34ee2345e914a7f20fb21322618a53abee11cfcc5904e38a457fb7308908b4cc4787d649cd718243de41b9c20477f3f5726176db18b0fa0714731c7a6b63efa2b1a987a0aa38000b7bdf12f8d53ac6cb9f2caec9fef84252a50abfea7e14b1955ab2d22db7edcb7a4bd070b6c2837bb5d5aeb6f3f204d26b144206dae185287c630f87548ff588693d62662b1779ca343b39c5dc3d6670a32b98bee8170741af8b115e89fc2137dd7c5fac240607e25bd015d2726b70c72964e72e3a7025420926b320f7a7edaf04d83c1cb74c9103e6ac7e101aff2215a79b29f8ebd5520c384458b4e86a5e624d42fe08644fb841a5fa71bf53bce67648d6dabbc9aa7ed7c4a95c0d273ae1c1785cbf3d4b1e7e5e7579b9579d92a357aa8a0ad6f24afd1fd4030f886636dfe5009013f1bddeb828483c46ec45b5f040beb2f5cb72b6578b450633a4ea7b99a709c4cee7068c892bbf8f6f5d227bed9858276381fd5c208cf010099f9666bb1870606c2f26ed3927a845bc23be8647ee43c5fa8de9b10065fe8da921bcebebe0441ba9dbd741205ff85cadcd0b17d481ae238e2d3c2f594bef4e7d5993106dcafd14f1aab044f8ff9e128804a4fd67eecbec9d14a88e4702662862aabb5ab5003874f539f2e81646bc66abaebe549e14b00a5ef19d739270da25b2f1a7cc790529ba910b26a9e10416cb0795e46b7af2aca7c4637142782c027db79d0125b799f2728150499a17d2baabfc0c8e414ee3aeee7bb95e5a0933270d5e0fc06e549f77ab5f939b371984e85b3d2c5fbadb21caf0a038d847305a7b6caf002703c8cf2a29fa461d8aa31c00d50b5ba347fb3684ecbb5e6dabcbc45fadb2b5473623e0a70a3a86e288afcb7a02e0d6f99b4a455ef0189db92ea1066e2f1b06f12f098acc847fbd9260a5f6d8600484396de6f2f4b73723463b30c210a1e34e774418e0fd8e36870377f525eb1bfd46578c53bf7008d4dc29c5f58e5950e4b5bc92c9e23a9c5d54d62b0afcd815df559cbf2c21147b7acf1a781193a9ccedff3db3dc085113708a08163dc7ab14eb8f2e0e3c1c30c27979232eeb90902729909105a3586f0b54e96a7825d4fc18502a0971ece1fed9a1bcc16edd21f86dccf4b37cf153bbeb0b3305ef5ef0e0a61e790ee284fc3ba0a34a68ed4451c940102596bd1d2863c8f805889188d555ed2b02bc0e7910a604e5c4f09b6167c55ce3339684087392442a067cec0a403e18054f47ea8ecd6ab2e12dd0dfa784cf8a8a460cd9804bd572e1d57c7157ea42b41c60bce270c73dc24ff174eaebeafd0c04ee00d315f0b7c39f3eb0d066ef517fff05ca64dc7107600f33e32303e636f4bb93ad13a5c420dc38fac963ec9dd41674a23c03800ca7352a4606d791088a81369b41889f713dbd5652103bd709ef5799f91712358b2be041adb962622d15296e7fa09cd83a31226c29bd1b2d89a2192cce8ef9f36e450c20fc77b17b8bfd5fc20b85bf712555f31393a4d8b49a87a41c8a485290a15d1adca8a6985f39159297c64587e7aeb6ccacc9f449f25a1dd0d6f49111afcacf282c6a4800bd8b530c8b2c2874a76b8327552f5f086d1b13c1687174e467b6620efe8861861f314e9c27c5be9b8a0579ca457d64ea648fe00cb7ea01e7fa4b3b76aaba1caccbd256f2b5436484b29af137086c7b1706ebc00867a736fb099add72210cea7c95c59c0434463cee45847c41e7f1bc93ef7ee816cab42ff75803b4387af1286b695bcdef1c65d2458d4d9126f3bca7abcd6a688e067009287b932975e19d8d40fde8abd3a6103d30f2321a61674424af874e491370c60bf35c484205fe96eeb2aa87da87cfe86057db2e0ba260f72881ae53a0dcb55fcab2e186a0cfc22e0cb56b5e6675a4593e255ae2b4cea5e5bfe45f0b4d0022c6d482a418702f45cff8e0da8381476168fa346a1ed5231197e26dd5baa3a337949e1555a54524e3169d3c296689dfb61bed653823a26d410477bf76ffd76d1636a84397c5a61c15ae6aa83c2dd0f0324ea71e0f5d14347c324ca58221c081f57251dd95589fd7fcf907dc7ecc48a33cfe2b3e6f9cdf07799ef8f4bcd3dea2537c30cabcaf365d6eb8d16417be09735cd78db0432e76960ef6628055ab10e950d947420ccb0fe01868a79396cb766c7d06431e183257c9b3926df32f4e67aad971751aa1f99329954b682795be4304a71dd9b0b77d257affc8f9db507e9e4e2a0bece164836335e866ceb98938d5d778f6e76a241e43f721d369e4bf5bb5ff6fbc6c73b086c2f67b5f4721117534bc7fc262adbcd53bdd5902eb25697d9cad16ef61eea3af2bf62088495df9d21966aebc540f3baa9959b888ef51d6b10aa56afe6e7d07953e7f16e89cd7f88b926f345cbd8ff14e9152e60af85d025afea6e5c36057e8df85419ec4330930d52d4bae1de6f9491880f4065b0175f8928eb014b0e293f5d1aadd90da2418260b7006671218bbd0357a7cdad2a235f3f7cac05d5ebe88fb7ea420512ba32e53ab9ec52db45df9dcfe03184c947fad7f56d4de14b4014db9f5a578d69e0e02b8cc539cf1155fba9e1d3b7a1b52de57a67dd40eb9d61531b46cb5a06c283362371d6ebbb4fc507a2ef5a957f290129c24f1c7dc47811e63fe4d932594ae1367cc6a2e5c10adec5ea6cae8293a9f0ecf6f5a88a4828bb5bff6feda3a7348b495ad43056b9677473c1caf518ced4809f7b19aaecec5796e3596db795c87c43e5ab03d26afffa823c85fbc63e364d5ccfbe2468cb43509de61a8627ed721deead2e083a15f0edff8ca76be0397d8803208c4d47865e04c333b9f8e3c640ba3982bdb817244cc02161bb7983fece108999b17fe79863c0f55b08076518f2a457adf63c4e8fc0e057ccee610b220539dd1254f132d93377f92f2527bd5ff125471fe7ac7f910dd40f271e998fd1e16ce93cbd6966ea61922e01b6ad57ba932edb6f615aff131e5478658602a02c497cfa8880e4707bf94fc3f5d453ed5c2bf9923a9689b5e45e28ba03795551747b702a142b6341408cd85c78e583af47e74a2c7a38db25f2fc25b3b6c3c1c79da026c2404144b9230768358abbf80e43af3bc029230867126c5ade39354d9d29b2ff1a9fdb5663d966b6b1cd34f22b2df43abf6de7017020c7798b79a37e340d7d90c0453507d31b74e70cd9c79a1b5231f22de2cdbde3a2721345c6ee538e8f4edfaf56edce627dc433a7f1eb0f51755d47ddf9227aa6eade2fa9f46fe12c8379922a37d39616bcec06f5c65ae6c5151e587a701fb7d5fdbb11d78db0bd370db5a14ca699008770ec1c0d3e84293758df83be7b9d6469dd6b931ddb151e451567cd522aaeee06f4f8fa4cf82d7044b54ef3afdfc34ac0d3574f2f61b5b485722563f47a2ff3c7972f9e4d9592c3bceede5c6055a0e09d1051e2d4065ac93b410d153fa6e2162c11806d88df0d8f1bce60236cf5b228306462cc7fd87a169d7d6ca05592684f862b9a8e411e2e1e7ff674a42587567e4c24d4358cac39e384bed7f527b6639f9bb84972c57ad99121db3208ea2b19755e8c82e95acea4bcb2ea36b28198fc68aad00a0906af24a5f9470b92b54a6ab039626856603dfda14d97b2aa179c1d8b35fa3b7c05c48a97de9ea1583f58300dac17aadb839d2", 0x1000, 0x1000, 0x0, 0x1, r1}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x2, 0x2864, r2, &(0x7f0000001540)="c8521a3821f88cde52f66001ed41d5de33097f1625c9f05bc71fbe06ea843901dd859afd65d838917008a7a958a793e443ef9939ea1ef530bbe1aedb6801cc451af778a0064f93db190877b22e75f30d2fa56b3ae16fcdf49f862767dd66180ae2", 0x61, 0x800, 0x0, 0x1}, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x6, 0x1000, 0xffffffffffffffff, &(0x7f0000001600)="2292b05d5b2208e1c05f3a56e61bc8023adcdd88d61dcf5dc19ad0f9178a7bc742567b683ddbdec5", 0x28, 0x1, 0x0, 0x2}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x5, 0x1000, r2, &(0x7f0000001680)="5f5f2111ba003c5eb6330e82e5958f9befef445d28523036a21d7c7c4c9872e2fd4205c8ee33d08876ea61281ab23f8b0ce36aa6de336f4d5fdc4b693c996c88b90745c717ebf1d8b08c403e31398583121a33a0594d6383a9da1660fd3d718ce24b52e19e43364b55d4", 0x6a, 0x2, 0x0, 0x0, r1}, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x1, 0x20, r6, &(0x7f0000001780)="b138cb33ac5fa181ee8f94501f64c3c14af52687508adbb34db2268f934d59370983e1ef42a5c3f457ca8798e57e78e862ce9f00be2803f2e0a451de7f5d47e184608978405d4a2a0d904f7311ef76384984c05f5f83cbd8ed48b4cc2804e966a1655beb9dd2934c5dcbb2f14141f3d03d434ac670f5685b87267980d8b7507a45925edb8be6591f44b838", 0x8b, 0x9, 0x0, 0x3}, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x5, 0x8, 0xffffffffffffffff, &(0x7f0000001880)="272e262ffc47ceaff4e764d2924512f0fdc5de1b80df0bf11e74072b51d2e8eb8057bcb84f0a3a964c7d0aa66c5d74dfa0fcb874c02067bc3e0af8c6a0c6a5a7843974d7e549cd2bc19adb4d66e053dd31fff5dec07bbc490f29eef62a62", 0x5e, 0x4, 0x0, 0x1}]) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)) (async) mlock(&(0x7f00005e1000/0x2000)=nil, 0x2000) ftruncate(0xffffffffffffffff, 0x208200) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f00000000c0)={0x3}) (async) r10 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r10, 0x208200) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r10, 0x4008af23, &(0x7f0000000180)={0x2, 0x496f}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000240)=""/53, 0x0}) ioctl$UFFDIO_WAKE(r10, 0x8010aa02, &(0x7f0000000340)={&(0x7f0000c00000/0x2000)=nil, 0x2000}) (async) ioctl$F2FS_IOC_RESIZE_FS(0xffffffffffffffff, 0x4008f510, &(0x7f0000000040)=0x7) (async) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000100)={0x1, 0x1, 0x0, &(0x7f0000000500)=""/57, &(0x7f00000002c0)=""/90}) (async) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) (async) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000058988a205e047704566f0102030109021200018000000009040000007501c100"], 0x0) 19:27:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x300, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:29 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) keyctl$restrict_keyring(0x1d, 0xfffffffffffffff9, &(0x7f0000000040)='user\x00', &(0x7f0000000100)='W+)\'@&+%:%$-)}%!^]\x00') r1 = socket(0x1, 0x5, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYRES16=r0, @ANYRES32=r2, @ANYRESOCT=r1], 0x38}, 0x1, 0x0, 0x0, 0x4004804}, 0x4000080) sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x404008c}, 0x10) r3 = open(&(0x7f0000000200)='./bus\x00', 0x602c2, 0x80) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/vmallocinfo\x00', 0x0, 0x0) r5 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000080)={0x7fe}, 0x10) write(r5, &(0x7f0000000340)="1c0000001a009b8a14e5f40700090000000000000400ff0000000100", 0x1c) sendfile(0xffffffffffffffff, r5, &(0x7f0000000140)=0x800, 0xa) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendfile(r3, r4, 0x0, 0x400000000001004a) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r6 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r7, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r7, r6, 0x0, 0x800100020013) sendmsg$nl_route(r6, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000400)=@ipv6_newrule={0x40, 0x20, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x80, 0x20, 0x6, 0x1, 0x0, 0x0, 0x1, 0x12}, [@FRA_SRC={0x14, 0x2, @mcast1}, @FIB_RULE_POLICY=@FRA_PROTOCOL={0x5, 0x15, 0x3}, @FIB_RULE_POLICY=@FRA_PROTOCOL={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x5) r8 = socket(0x11, 0x5, 0x8000003) r9 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r9, 0x81e8943c, &(0x7f0000000500)) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000780)=@gcm_128={{0x304}, "1ced83a7616f4264", "9961a788a354fb83660bededc000a7b0", "b246e317", "3300826c13eac1ed"}, 0x28) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r8) 19:27:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x44d, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:29 executing program 4: arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x3f) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a0c00005989c41a8b5026a3f52164ce311c1c5d305f973495c47f350b783bd1c78965a487b85270cedfd56b828fdfeb49a6a3d9d4c538ae842d3339a1acc67a76cb581a8b97fbb9c107c99350f4ce2c210c67acff5d7cf9be5abb684bf224d4ccd218daa4c1819ee7df4655d1d562116e94a596afb87d1801716a3cb1f34b1b4470024614bee3f0e825cad641998a725315306d323b5b8e9f9f9a70799f90a62c2c246fb4e30ea8c11ef594d1967b91072bf2a814cd768b6b50d186e637cd62daebe7128d48d7b0ee15ec92e656701930ae503ed6841e62e8c64f8d910ded162100650d099500167921cbb6730d76d3f2ec8955"], 0x8) 19:27:29 executing program 1: syz_clone(0x0, &(0x7f00000001c0)="8c3b16010c43b9890bcae39d4ca26b5c42c5ec1fc38675f136a89f7ecc2be8ea5eb40a869cd98bbe5dcf51eb6be9e1228aa6768eb42ae595e711593312a7cf41c05f19ef11042c15dd9ee06e4a089e049de723879ecbddbf4a84dbf428f28d07c834010400003a110000000000000000386acc9d59b9b4b502fc59b23e60bd54716d2002a5d1f000de8628628fb5ac72679a695c9efeb6d5ce51e349a74273a4c1ce692b0e382d7ceb4f01621f57f8d6558f2460f54ffd5a0d69b1ebea1f51c15632ac3e5193f1999a05d86b6700526ad75d5f2a39c97296d375870724fa6c4c15d8664579142b78ff36c534c37c6138de89f7deb9e97c4d5a278aa36f6b9ece553f0bf4601cec266631525a039d0a37131fbc0b06bf49d25bf32ec340e09dd81201a04dccb33fc471680f377da4530bf3eb5d2fe477224e0ae108ac06a880a8aeb8ded8ff2f212bf5a4e3964564f0f5c96b59fbde521002bc6f697a11dcb1ac25f80f9c5d2a16608f57a851a24cfc7de874552086", 0x175, 0x0, &(0x7f00000015c0), &(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x00') bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00'}, 0x10) syz_clone(0x1421aa000, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)="ac662089ffa25a8ddf26b92e9d5c4c31bf3f6bb0ccc9d76d1f6ec26208775997f6a5f5c22077f8212e386b24") bpf$PROG_LOAD_XDP(0x5, &(0x7f00000032c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000003280)={0x2, 0xfffffffe, 0x9}, 0x10}, 0x80) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) 19:27:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x500, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:29 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(0x0, 0xc) 19:27:29 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(0x0, 0xc) shmctl$SHM_LOCK(r3, 0xb) shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000)=""/15) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, &(0x7f00000003c0)) shmdt(0x0) 19:27:29 executing program 4: arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x3f) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a0c00005989c41a8b5026a3f52164ce311c1c5d305f973495c47f350b783bd1c78965a487b85270cedfd56b828fdfeb49a6a3d9d4c538ae842d3339a1acc67a76cb581a8b97fbb9c107c99350f4ce2c210c67acff5d7cf9be5abb684bf224d4ccd218daa4c1819ee7df4655d1d562116e94a596afb87d1801716a3cb1f34b1b4470024614bee3f0e825cad641998a725315306d323b5b8e9f9f9a70799f90a62c2c246fb4e30ea8c11ef594d1967b91072bf2a814cd768b6b50d186e637cd62daebe7128d48d7b0ee15ec92e656701930ae503ed6841e62e8c64f8d910ded162100650d099500167921cbb6730d76d3f2ec8955"], 0x8) 19:27:29 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) (async) keyctl$restrict_keyring(0x1d, 0xfffffffffffffff9, &(0x7f0000000040)='user\x00', &(0x7f0000000100)='W+)\'@&+%:%$-)}%!^]\x00') (async) r1 = socket(0x1, 0x5, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) (async) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYRES16=r0, @ANYRES32=r2, @ANYRESOCT=r1], 0x38}, 0x1, 0x0, 0x0, 0x4004804}, 0x4000080) sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x404008c}, 0x10) (async, rerun: 64) r3 = open(&(0x7f0000000200)='./bus\x00', 0x602c2, 0x80) (async, rerun: 64) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/vmallocinfo\x00', 0x0, 0x0) r5 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000080)={0x7fe}, 0x10) (async, rerun: 64) write(r5, &(0x7f0000000340)="1c0000001a009b8a14e5f40700090000000000000400ff0000000100", 0x1c) (rerun: 64) sendfile(0xffffffffffffffff, r5, &(0x7f0000000140)=0x800, 0xa) (async) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendfile(r3, r4, 0x0, 0x400000000001004a) (async) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64) r6 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r7, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async, rerun: 32) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async, rerun: 32) sendfile(r7, r6, 0x0, 0x800100020013) (async) sendmsg$nl_route(r6, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000400)=@ipv6_newrule={0x40, 0x20, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x80, 0x20, 0x6, 0x1, 0x0, 0x0, 0x1, 0x12}, [@FRA_SRC={0x14, 0x2, @mcast1}, @FIB_RULE_POLICY=@FRA_PROTOCOL={0x5, 0x15, 0x3}, @FIB_RULE_POLICY=@FRA_PROTOCOL={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x5) (async) r8 = socket(0x11, 0x5, 0x8000003) (async) r9 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r9, 0x81e8943c, &(0x7f0000000500)) (async) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000780)=@gcm_128={{0x304}, "1ced83a7616f4264", "9961a788a354fb83660bededc000a7b0", "b246e317", "3300826c13eac1ed"}, 0x28) (async, rerun: 64) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r8) (rerun: 64) 19:27:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x600, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:29 executing program 4: arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x3f) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a0c00005989c41a8b5026a3f52164ce311c1c5d305f973495c47f350b783bd1c78965a487b85270cedfd56b828fdfeb49a6a3d9d4c538ae842d3339a1acc67a76cb581a8b97fbb9c107c99350f4ce2c210c67acff5d7cf9be5abb684bf224d4ccd218daa4c1819ee7df4655d1d562116e94a596afb87d1801716a3cb1f34b1b4470024614bee3f0e825cad641998a725315306d323b5b8e9f9f9a70799f90a62c2c246fb4e30ea8c11ef594d1967b91072bf2a814cd768b6b50d186e637cd62daebe7128d48d7b0ee15ec92e656701930ae503ed6841e62e8c64f8d910ded162100650d099500167921cbb6730d76d3f2ec8955"], 0x8) 19:27:29 executing program 4: openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:27:29 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) (async) keyctl$restrict_keyring(0x1d, 0xfffffffffffffff9, &(0x7f0000000040)='user\x00', &(0x7f0000000100)='W+)\'@&+%:%$-)}%!^]\x00') (async) r1 = socket(0x1, 0x5, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYRES16=r0, @ANYRES32=r2, @ANYRESOCT=r1], 0x38}, 0x1, 0x0, 0x0, 0x4004804}, 0x4000080) sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x404008c}, 0x10) (async) r3 = open(&(0x7f0000000200)='./bus\x00', 0x602c2, 0x80) (async) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/vmallocinfo\x00', 0x0, 0x0) (async) r5 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000080)={0x7fe}, 0x10) (async) write(r5, &(0x7f0000000340)="1c0000001a009b8a14e5f40700090000000000000400ff0000000100", 0x1c) sendfile(0xffffffffffffffff, r5, &(0x7f0000000140)=0x800, 0xa) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendfile(r3, r4, 0x0, 0x400000000001004a) socket$nl_route(0x10, 0x3, 0x0) (async) socket$netlink(0x10, 0x3, 0x0) (async) r6 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) (async) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r7, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) (async) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r7, r6, 0x0, 0x800100020013) (async) sendmsg$nl_route(r6, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000400)=@ipv6_newrule={0x40, 0x20, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x80, 0x20, 0x6, 0x1, 0x0, 0x0, 0x1, 0x12}, [@FRA_SRC={0x14, 0x2, @mcast1}, @FIB_RULE_POLICY=@FRA_PROTOCOL={0x5, 0x15, 0x3}, @FIB_RULE_POLICY=@FRA_PROTOCOL={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x5) (async) r8 = socket(0x11, 0x5, 0x8000003) (async) r9 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r9, 0x81e8943c, &(0x7f0000000500)) (async) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000780)=@gcm_128={{0x304}, "1ced83a7616f4264", "9961a788a354fb83660bededc000a7b0", "b246e317", "3300826c13eac1ed"}, 0x28) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r8) 19:27:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x700, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:29 executing program 4: openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:27:29 executing program 1: syz_clone(0x0, &(0x7f00000001c0)="8c3b16010c43b9890bcae39d4ca26b5c42c5ec1fc38675f136a89f7ecc2be8ea5eb40a869cd98bbe5dcf51eb6be9e1228aa6768eb42ae595e711593312a7cf41c05f19ef11042c15dd9ee06e4a089e049de723879ecbddbf4a84dbf428f28d07c834010400003a110000000000000000386acc9d59b9b4b502fc59b23e60bd54716d2002a5d1f000de8628628fb5ac72679a695c9efeb6d5ce51e349a74273a4c1ce692b0e382d7ceb4f01621f57f8d6558f2460f54ffd5a0d69b1ebea1f51c15632ac3e5193f1999a05d86b6700526ad75d5f2a39c97296d375870724fa6c4c15d8664579142b78ff36c534c37c6138de89f7deb9e97c4d5a278aa36f6b9ece553f0bf4601cec266631525a039d0a37131fbc0b06bf49d25bf32ec340e09dd81201a04dccb33fc471680f377da4530bf3eb5d2fe477224e0ae108ac06a880a8aeb8ded8ff2f212bf5a4e3964564f0f5c96b59fbde521002bc6f697a11dcb1ac25f80f9c5d2a16608f57a851a24cfc7de874552086", 0x175, 0x0, &(0x7f00000015c0), &(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x00') bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00'}, 0x10) syz_clone(0x1421aa000, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)="ac662089ffa25a8ddf26b92e9d5c4c31bf3f6bb0ccc9d76d1f6ec26208775997f6a5f5c22077f8212e386b24") (async) syz_clone(0x1421aa000, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)="ac662089ffa25a8ddf26b92e9d5c4c31bf3f6bb0ccc9d76d1f6ec26208775997f6a5f5c22077f8212e386b24") bpf$PROG_LOAD_XDP(0x5, &(0x7f00000032c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000003280)={0x2, 0xfffffffe, 0x9}, 0x10}, 0x80) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) (async) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) 19:27:29 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$vsock(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)=@deltaction={0x174, 0x31, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x14, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fff}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}, @TCA_ACT_TAB={0x60, 0x1, [{0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xe3f}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x14, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @TCA_ACT_TAB={0x38, 0x1, [{0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x10, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1000}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x800000}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x20008c00}, 0x20008010) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) r4 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r4, 0x208200) sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@bridge_delneigh={0x3c, 0x1d, 0x10, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, 0x10, 0x0, 0x2a3f561a2c4e5c9b}, [@NDA_MASTER={0x8, 0x9, 0x4840}, @NDA_DST_IPV4={0x8, 0x1, @broadcast}, @NDA_PROBES={0x8, 0x4, 0x4}, @NDA_PROBES={0x8, 0x4, 0xd38}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) connect$l2tp(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @private=0xa010100, 0x2}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000028000100"/20, @ANYRES32=r3, @ANYBLOB="000007000000f2ff000000000c000100526b627072696f00060005003f00000006000500ff200000"], 0x40}}, 0x0) 19:27:30 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) 19:27:30 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(0x0, 0xc) shmctl$SHM_LOCK(r3, 0xb) shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000)=""/15) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, &(0x7f00000003c0)) 19:27:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x900, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:30 executing program 4: openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:27:30 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x1, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x4, 0xa}, {0x800, 0x5, 0x2, 0x6, 0x40}}}}, 0x17) 19:27:30 executing program 2: socket$inet6_udp(0xa, 0x2, 0x0) (async) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$vsock(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)=@deltaction={0x174, 0x31, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x14, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fff}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}, @TCA_ACT_TAB={0x60, 0x1, [{0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xe3f}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x14, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @TCA_ACT_TAB={0x38, 0x1, [{0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x10, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1000}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x800000}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x20008c00}, 0x20008010) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) r4 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r4, 0x208200) sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@bridge_delneigh={0x3c, 0x1d, 0x10, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, 0x10, 0x0, 0x2a3f561a2c4e5c9b}, [@NDA_MASTER={0x8, 0x9, 0x4840}, @NDA_DST_IPV4={0x8, 0x1, @broadcast}, @NDA_PROBES={0x8, 0x4, 0x4}, @NDA_PROBES={0x8, 0x4, 0xd38}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) connect$l2tp(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @private=0xa010100, 0x2}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000028000100"/20, @ANYRES32=r3, @ANYBLOB="000007000000f2ff000000000c000100526b627072696f00060005003f00000006000500ff200000"], 0x40}}, 0x0) (async) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000028000100"/20, @ANYRES32=r3, @ANYBLOB="000007000000f2ff000000000c000100526b627072696f00060005003f00000006000500ff200000"], 0x40}}, 0x0) 19:27:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xa00, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:30 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x1, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x4, 0xa}, {0x800, 0x5, 0x2, 0x6, 0x40}}}}, 0x17) 19:27:30 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) (async) r2 = openat$vsock(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)=@deltaction={0x174, 0x31, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x14, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fff}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}, @TCA_ACT_TAB={0x60, 0x1, [{0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xe3f}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x14, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @TCA_ACT_TAB={0x38, 0x1, [{0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x10, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1000}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x800000}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x20008c00}, 0x20008010) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) r4 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r4, 0x208200) (async) sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@bridge_delneigh={0x3c, 0x1d, 0x10, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, 0x10, 0x0, 0x2a3f561a2c4e5c9b}, [@NDA_MASTER={0x8, 0x9, 0x4840}, @NDA_DST_IPV4={0x8, 0x1, @broadcast}, @NDA_PROBES={0x8, 0x4, 0x4}, @NDA_PROBES={0x8, 0x4, 0xd38}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) (async) connect$l2tp(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @private=0xa010100, 0x2}, 0x10) (async) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000028000100"/20, @ANYRES32=r3, @ANYBLOB="000007000000f2ff000000000c000100526b627072696f00060005003f00000006000500ff200000"], 0x40}}, 0x0) 19:27:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xb00, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:33 executing program 1: syz_clone(0x0, &(0x7f00000001c0)="8c3b16010c43b9890bcae39d4ca26b5c42c5ec1fc38675f136a89f7ecc2be8ea5eb40a869cd98bbe5dcf51eb6be9e1228aa6768eb42ae595e711593312a7cf41c05f19ef11042c15dd9ee06e4a089e049de723879ecbddbf4a84dbf428f28d07c834010400003a110000000000000000386acc9d59b9b4b502fc59b23e60bd54716d2002a5d1f000de8628628fb5ac72679a695c9efeb6d5ce51e349a74273a4c1ce692b0e382d7ceb4f01621f57f8d6558f2460f54ffd5a0d69b1ebea1f51c15632ac3e5193f1999a05d86b6700526ad75d5f2a39c97296d375870724fa6c4c15d8664579142b78ff36c534c37c6138de89f7deb9e97c4d5a278aa36f6b9ece553f0bf4601cec266631525a039d0a37131fbc0b06bf49d25bf32ec340e09dd81201a04dccb33fc471680f377da4530bf3eb5d2fe477224e0ae108ac06a880a8aeb8ded8ff2f212bf5a4e3964564f0f5c96b59fbde521002bc6f697a11dcb1ac25f80f9c5d2a16608f57a851a24cfc7de874552086", 0x175, 0x0, &(0x7f00000015c0), &(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x00') bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00'}, 0x10) syz_clone(0x1421aa000, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)="ac662089ffa25a8ddf26b92e9d5c4c31bf3f6bb0ccc9d76d1f6ec26208775997f6a5f5c22077f8212e386b24") bpf$PROG_LOAD_XDP(0x5, &(0x7f00000032c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000003280)={0x2, 0xfffffffe, 0x9}, 0x10}, 0x80) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) syz_clone(0x0, &(0x7f00000001c0)="8c3b16010c43b9890bcae39d4ca26b5c42c5ec1fc38675f136a89f7ecc2be8ea5eb40a869cd98bbe5dcf51eb6be9e1228aa6768eb42ae595e711593312a7cf41c05f19ef11042c15dd9ee06e4a089e049de723879ecbddbf4a84dbf428f28d07c834010400003a110000000000000000386acc9d59b9b4b502fc59b23e60bd54716d2002a5d1f000de8628628fb5ac72679a695c9efeb6d5ce51e349a74273a4c1ce692b0e382d7ceb4f01621f57f8d6558f2460f54ffd5a0d69b1ebea1f51c15632ac3e5193f1999a05d86b6700526ad75d5f2a39c97296d375870724fa6c4c15d8664579142b78ff36c534c37c6138de89f7deb9e97c4d5a278aa36f6b9ece553f0bf4601cec266631525a039d0a37131fbc0b06bf49d25bf32ec340e09dd81201a04dccb33fc471680f377da4530bf3eb5d2fe477224e0ae108ac06a880a8aeb8ded8ff2f212bf5a4e3964564f0f5c96b59fbde521002bc6f697a11dcb1ac25f80f9c5d2a16608f57a851a24cfc7de874552086", 0x175, 0x0, &(0x7f00000015c0), &(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x00') (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00'}, 0x10) (async) syz_clone(0x1421aa000, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)="ac662089ffa25a8ddf26b92e9d5c4c31bf3f6bb0ccc9d76d1f6ec26208775997f6a5f5c22077f8212e386b24") (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000032c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000003280)={0x2, 0xfffffffe, 0x9}, 0x10}, 0x80) (async) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) (async) 19:27:33 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x1, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x4, 0xa}, {0x800, 0x5, 0x2, 0x6, 0x40}}}}, 0x17) 19:27:33 executing program 2: unshare(0x6c060000) unshare(0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000180)=ANY=[@ANYBLOB="0600000000000000040100e0bc6809"], 0x10) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0) preadv2(r1, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/169, 0xa9}], 0x1, 0x8, 0x0, 0x2) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000200)=ANY=[@ANYBLOB="7365637572690000000000000000000863694fa88a6e4e483985ef5c35bc6644680a890aa8ab80cc7300000000002000000036f8d63b98223f96863d8545e48e67747837bdf3bc3fc3a775d5470e54268b0c3f54851aa85c913da67b096bb2a576a1867ba8c42ffa9bee6f18ec29ac1a8e24ecafd316fff966e44439c881593aab520819e2387f70411d198fcd918ba3b6de7a9c7ced2e6e31a82627d91eafcf2131588e1d6d96ce7b5e69e711353558c8152453e3192bdd800d84395122176fb4ec3dfdf31c8b7c512c6289a47d3b14218bd0996c555338ed9ca96afe5ac07910372bcc7b7f97341c190bd28d229f4cf0b0be1ce05643f149216b4302e4c5e057776f2112ba246a923cef95610332a4a82298faafb547e62a560554012410c8b327a3634f25fa78c622a5a02e9a66ff1d2d7ded7acd4f395da878c1b54af8ad975fe7793dc519b591bdb2ada1"], &(0x7f0000000000)=0x44) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.idle_time\x00', 0x0, 0x0) r2 = dup(0xffffffffffffffff) write$6lowpan_enable(r2, 0x0, 0x0) write$FUSE_POLL(r2, &(0x7f0000000080)={0x18}, 0x18) recvfrom$inet6(r2, &(0x7f0000000400)=""/155, 0x9b, 0x10121, &(0x7f0000000100)={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x140e}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0x7, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x24000004, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 19:27:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xe00, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:33 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(0x0, 0xc) shmctl$SHM_LOCK(r3, 0xb) shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000)=""/15) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) 19:27:33 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) 19:27:33 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x7, 0xc9, 0x5, 0x9}}}, 0x9) 19:27:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xf00, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:33 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x7, 0xc9, 0x5, 0x9}}}, 0x9) 19:27:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x1100, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:33 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x7, 0xc9, 0x5, 0x9}}}, 0x9) 19:27:33 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) 19:27:36 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) 19:27:36 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(0x0, 0xc) shmctl$SHM_LOCK(r3, 0xb) shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000)=""/15) 19:27:36 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_complete={{0x3, 0xb}, {0x3d, 0xc8, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x1, 0x6}}}, 0xe) 19:27:36 executing program 2: unshare(0x6c060000) unshare(0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000180)=ANY=[@ANYBLOB="0600000000000000040100e0bc6809"], 0x10) (async) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) (async) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0) preadv2(r1, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/169, 0xa9}], 0x1, 0x8, 0x0, 0x2) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000200)=ANY=[@ANYBLOB="7365637572690000000000000000000863694fa88a6e4e483985ef5c35bc6644680a890aa8ab80cc7300000000002000000036f8d63b98223f96863d8545e48e67747837bdf3bc3fc3a775d5470e54268b0c3f54851aa85c913da67b096bb2a576a1867ba8c42ffa9bee6f18ec29ac1a8e24ecafd316fff966e44439c881593aab520819e2387f70411d198fcd918ba3b6de7a9c7ced2e6e31a82627d91eafcf2131588e1d6d96ce7b5e69e711353558c8152453e3192bdd800d84395122176fb4ec3dfdf31c8b7c512c6289a47d3b14218bd0996c555338ed9ca96afe5ac07910372bcc7b7f97341c190bd28d229f4cf0b0be1ce05643f149216b4302e4c5e057776f2112ba246a923cef95610332a4a82298faafb547e62a560554012410c8b327a3634f25fa78c622a5a02e9a66ff1d2d7ded7acd4f395da878c1b54af8ad975fe7793dc519b591bdb2ada1"], &(0x7f0000000000)=0x44) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) (async) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) r2 = dup(0xffffffffffffffff) write$6lowpan_enable(r2, 0x0, 0x0) write$FUSE_POLL(r2, &(0x7f0000000080)={0x18}, 0x18) recvfrom$inet6(r2, &(0x7f0000000400)=""/155, 0x9b, 0x10121, &(0x7f0000000100)={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x140e}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0) (async) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0x7, 0x4) (async) sendto$inet6(r0, 0x0, 0x0, 0x24000004, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 19:27:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x1300, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:36 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) 19:27:36 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_complete={{0x3, 0xb}, {0x3d, 0xc8, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x1, 0x6}}}, 0xe) 19:27:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x3f00, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:36 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_complete={{0x3, 0xb}, {0x3d, 0xc8, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x1, 0x6}}}, 0xe) (rerun: 64) 19:27:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x4d04, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:36 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) socket$inet_udplite(0x2, 0x2, 0x88) 19:27:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x6000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:36 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(0x0, 0xc) shmctl$SHM_LOCK(r3, 0xb) shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000)=""/15) 19:27:36 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) socket$inet_udplite(0x2, 0x2, 0x88) 19:27:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xf000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:38 executing program 2: unshare(0x6c060000) unshare(0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000180)=ANY=[@ANYBLOB="0600000000000000040100e0bc6809"], 0x10) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0) preadv2(r1, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/169, 0xa9}], 0x1, 0x8, 0x0, 0x2) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000200)=ANY=[@ANYBLOB="7365637572690000000000000000000863694fa88a6e4e483985ef5c35bc6644680a890aa8ab80cc7300000000002000000036f8d63b98223f96863d8545e48e67747837bdf3bc3fc3a775d5470e54268b0c3f54851aa85c913da67b096bb2a576a1867ba8c42ffa9bee6f18ec29ac1a8e24ecafd316fff966e44439c881593aab520819e2387f70411d198fcd918ba3b6de7a9c7ced2e6e31a82627d91eafcf2131588e1d6d96ce7b5e69e711353558c8152453e3192bdd800d84395122176fb4ec3dfdf31c8b7c512c6289a47d3b14218bd0996c555338ed9ca96afe5ac07910372bcc7b7f97341c190bd28d229f4cf0b0be1ce05643f149216b4302e4c5e057776f2112ba246a923cef95610332a4a82298faafb547e62a560554012410c8b327a3634f25fa78c622a5a02e9a66ff1d2d7ded7acd4f395da878c1b54af8ad975fe7793dc519b591bdb2ada1"], &(0x7f0000000000)=0x44) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.idle_time\x00', 0x0, 0x0) r2 = dup(0xffffffffffffffff) write$6lowpan_enable(r2, 0x0, 0x0) write$FUSE_POLL(r2, &(0x7f0000000080)={0x18}, 0x18) recvfrom$inet6(r2, &(0x7f0000000400)=""/155, 0x9b, 0x10121, &(0x7f0000000100)={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x140e}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0x7, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x24000004, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) unshare(0x6c060000) (async) unshare(0x0) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000180)=ANY=[@ANYBLOB="0600000000000000040100e0bc6809"], 0x10) (async) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0) (async) preadv2(r1, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/169, 0xa9}], 0x1, 0x8, 0x0, 0x2) (async) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000200)=ANY=[@ANYBLOB="7365637572690000000000000000000863694fa88a6e4e483985ef5c35bc6644680a890aa8ab80cc7300000000002000000036f8d63b98223f96863d8545e48e67747837bdf3bc3fc3a775d5470e54268b0c3f54851aa85c913da67b096bb2a576a1867ba8c42ffa9bee6f18ec29ac1a8e24ecafd316fff966e44439c881593aab520819e2387f70411d198fcd918ba3b6de7a9c7ced2e6e31a82627d91eafcf2131588e1d6d96ce7b5e69e711353558c8152453e3192bdd800d84395122176fb4ec3dfdf31c8b7c512c6289a47d3b14218bd0996c555338ed9ca96afe5ac07910372bcc7b7f97341c190bd28d229f4cf0b0be1ce05643f149216b4302e4c5e057776f2112ba246a923cef95610332a4a82298faafb547e62a560554012410c8b327a3634f25fa78c622a5a02e9a66ff1d2d7ded7acd4f395da878c1b54af8ad975fe7793dc519b591bdb2ada1"], &(0x7f0000000000)=0x44) (async) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) (async) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.idle_time\x00', 0x0, 0x0) (async) dup(0xffffffffffffffff) (async) write$6lowpan_enable(r2, 0x0, 0x0) (async) write$FUSE_POLL(r2, &(0x7f0000000080)={0x18}, 0x18) (async) recvfrom$inet6(r2, &(0x7f0000000400)=""/155, 0x9b, 0x10121, &(0x7f0000000100)={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x140e}, 0x1c) (async) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0) (async) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0x7, 0x4) (async) sendto$inet6(r0, 0x0, 0x0, 0x24000004, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) (async) 19:27:38 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) 19:27:38 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(0x0, 0xc) shmctl$SHM_LOCK(r3, 0xb) 19:27:38 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) socket$inet_udplite(0x2, 0x2, 0x88) 19:27:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x30000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:38 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(0x0, 0xc) shmctl$SHM_LOCK(r3, 0xb) shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000)=""/15) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) 19:27:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x34000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:38 executing program 4: syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{}, {0x90, 0xc8, 0x6}}}, 0xd3) syz_emit_vhci(&(0x7f0000000140)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x62}, "b332b4f272462c97b9a6e6536b33fc122205e4796e4c621ea4e9432fc8e579be05140742a25b413d2a8112832843b17f3497817a54fa66e4d71a89f6c0adcf0c0e9ddb260bdf0ec40e6c515d90cab5187ebb9a261bfb06281730a197cc94669d5016"}, 0x66) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xbb}, "258f7a62be26f8e81fb07d198a2efe40ade0732f734b68ef9f6fe950d78223636e2582a623cf68e9f68627fa199a183a09df404d9e8225f1aab5a27162138dec5533bb716c4647a2e018d9f3da9147b45b64730fb9f85f8ad49c9fce5b17cfccd0b9f610737a934fc5854b830da92dfca7f7472812993ec8fd28a18e006e5ead45a16b99620bee9761084a10df9a94a4c7fa056ddf45e4a15016600d19af5141213f7a5ba934637b98aa36c9ef1541849b5f82cf09d2536a66f05b"}, 0xbf) 19:27:38 executing program 4: syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{}, {0x90, 0xc8, 0x6}}}, 0xd3) syz_emit_vhci(&(0x7f0000000140)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x62}, "b332b4f272462c97b9a6e6536b33fc122205e4796e4c621ea4e9432fc8e579be05140742a25b413d2a8112832843b17f3497817a54fa66e4d71a89f6c0adcf0c0e9ddb260bdf0ec40e6c515d90cab5187ebb9a261bfb06281730a197cc94669d5016"}, 0x66) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xbb}, "258f7a62be26f8e81fb07d198a2efe40ade0732f734b68ef9f6fe950d78223636e2582a623cf68e9f68627fa199a183a09df404d9e8225f1aab5a27162138dec5533bb716c4647a2e018d9f3da9147b45b64730fb9f85f8ad49c9fce5b17cfccd0b9f610737a934fc5854b830da92dfca7f7472812993ec8fd28a18e006e5ead45a16b99620bee9761084a10df9a94a4c7fa056ddf45e4a15016600d19af5141213f7a5ba934637b98aa36c9ef1541849b5f82cf09d2536a66f05b"}, 0xbf) 19:27:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x400300, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:38 executing program 4: syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{}, {0x90, 0xc8, 0x6}}}, 0xd3) syz_emit_vhci(&(0x7f0000000140)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x62}, "b332b4f272462c97b9a6e6536b33fc122205e4796e4c621ea4e9432fc8e579be05140742a25b413d2a8112832843b17f3497817a54fa66e4d71a89f6c0adcf0c0e9ddb260bdf0ec40e6c515d90cab5187ebb9a261bfb06281730a197cc94669d5016"}, 0x66) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xbb}, "258f7a62be26f8e81fb07d198a2efe40ade0732f734b68ef9f6fe950d78223636e2582a623cf68e9f68627fa199a183a09df404d9e8225f1aab5a27162138dec5533bb716c4647a2e018d9f3da9147b45b64730fb9f85f8ad49c9fce5b17cfccd0b9f610737a934fc5854b830da92dfca7f7472812993ec8fd28a18e006e5ead45a16b99620bee9761084a10df9a94a4c7fa056ddf45e4a15016600d19af5141213f7a5ba934637b98aa36c9ef1541849b5f82cf09d2536a66f05b"}, 0xbf) 19:27:38 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(0x0, 0xc) 19:27:40 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) 19:27:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xf0ffff, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:40 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r10, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r15 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r15, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r14, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r16}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESOCT=r4, @ANYRES8=r6, @ANYRES32=r16, @ANYBLOB="4490fba226949167fcf62c46e9d0dcef6851a24775ef336dc00eeab7b4d3341dcc98e09d4c5aa08d0ecd7affc40be645e9e060e874181dc1385000f4d3688d73ab0b3443fdffd4aa65f9da33f3ff47e2ab085b43b3aa8cc33c805b5f1113342cb02d8107306013f20aa1e408305d350ede6d78961588cb2ff61d0de4", @ANYRES64=r8, @ANYRES32=r1], 0x9df09c4963e13fc2) 19:27:40 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) 19:27:40 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) 19:27:40 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) 19:27:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x1000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:40 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) (async) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r10, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r15 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r15, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r14, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r16}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async) sendmsg$NL80211_CMD_SET_TID_CONFIG(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r14, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r16}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESOCT=r4, @ANYRES8=r6, @ANYRES32=r16, @ANYBLOB="4490fba226949167fcf62c46e9d0dcef6851a24775ef336dc00eeab7b4d3341dcc98e09d4c5aa08d0ecd7affc40be645e9e060e874181dc1385000f4d3688d73ab0b3443fdffd4aa65f9da33f3ff47e2ab085b43b3aa8cc33c805b5f1113342cb02d8107306013f20aa1e408305d350ede6d78961588cb2ff61d0de4", @ANYRES64=r8, @ANYRES32=r1], 0x9df09c4963e13fc2) 19:27:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x2000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x3000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:40 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) (async) r9 = socket$nl_generic(0x10, 0x3, 0x10) (async) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r10, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r13 = socket$nl_generic(0x10, 0x3, 0x10) (async) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r15 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r15, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r14, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r16}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESOCT=r4, @ANYRES8=r6, @ANYRES32=r16, @ANYBLOB="4490fba226949167fcf62c46e9d0dcef6851a24775ef336dc00eeab7b4d3341dcc98e09d4c5aa08d0ecd7affc40be645e9e060e874181dc1385000f4d3688d73ab0b3443fdffd4aa65f9da33f3ff47e2ab085b43b3aa8cc33c805b5f1113342cb02d8107306013f20aa1e408305d350ede6d78961588cb2ff61d0de4", @ANYRES64=r8, @ANYRES32=r1], 0x9df09c4963e13fc2) 19:27:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x4000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:41 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) 19:27:41 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) 19:27:41 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) 19:27:41 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) 19:27:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x5000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x6000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:41 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xa1}, "b5e0dbe4ae6542ac38441153cdd98f8405d1fa46c78c2cbf682b95e736d5dc268cbb597713d80cfc991ed95129af8dbcc42b1875bf03bb14302f1fa40c5c3160873f89b0557aaed99ac03f23b143ed76524ab1e2dacb073504cb61319e5d2a314ae14e06a0f08827f3d6b9c39478d90dd4e4d88e0685395061f3486c2a6151111a5eb3a272e3f3efa64b585dab156cfe51bbf4547da27e159a8eb8516f6d50bd26"}, 0xa5) 19:27:41 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xa1}, "b5e0dbe4ae6542ac38441153cdd98f8405d1fa46c78c2cbf682b95e736d5dc268cbb597713d80cfc991ed95129af8dbcc42b1875bf03bb14302f1fa40c5c3160873f89b0557aaed99ac03f23b143ed76524ab1e2dacb073504cb61319e5d2a314ae14e06a0f08827f3d6b9c39478d90dd4e4d88e0685395061f3486c2a6151111a5eb3a272e3f3efa64b585dab156cfe51bbf4547da27e159a8eb8516f6d50bd26"}, 0xa5) 19:27:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x7000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:41 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xa1}, "b5e0dbe4ae6542ac38441153cdd98f8405d1fa46c78c2cbf682b95e736d5dc268cbb597713d80cfc991ed95129af8dbcc42b1875bf03bb14302f1fa40c5c3160873f89b0557aaed99ac03f23b143ed76524ab1e2dacb073504cb61319e5d2a314ae14e06a0f08827f3d6b9c39478d90dd4e4d88e0685395061f3486c2a6151111a5eb3a272e3f3efa64b585dab156cfe51bbf4547da27e159a8eb8516f6d50bd26"}, 0xa5) 19:27:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x8000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:41 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x3}, @l2cap_cid_signaling={{}, [@l2cap_move_chan_cfm={{0x10, 0x39}, {0x692, 0xff}}, @l2cap_cmd_rej_unk={{0x1, 0xa0}, {0x3ff}}]}}, 0x2) 19:27:41 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) 19:27:41 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) 19:27:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x9000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:41 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) 19:27:41 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x3}, @l2cap_cid_signaling={{}, [@l2cap_move_chan_cfm={{0x10, 0x39}, {0x692, 0xff}}, @l2cap_cmd_rej_unk={{0x1, 0xa0}, {0x3ff}}]}}, 0x2) 19:27:41 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) 19:27:41 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x3}, @l2cap_cid_signaling={{}, [@l2cap_move_chan_cfm={{0x10, 0x39}, {0x692, 0xff}}, @l2cap_cmd_rej_unk={{0x1, 0xa0}, {0x3ff}}]}}, 0x2) 19:27:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xa000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:41 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRESDEC], 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0xff, 0xc8, 0x1f4, 0x401, 0x8000, 0xff7f}}}, 0xe) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xeb}, "084d9a121ff879e31309089a198fd04e379c80a06936d02fb007d9c025dad5ed7150a70d9dd32f6be5097a6bad6d4f8c2ff5d4c623fb86f09f9cfe7234fad7ae855a8b19206259b24ed1b4dd0e5608477db240128ec1ef3bf86cff038fbabffde6e33ed8577fea1cc9e6df31936967fa0b748c9a398da0ca4ab3f06c34f86ac80bb97d4e05f87d235037b1faddae0340202e718bf254add8a7d1be193d8e57635dfc72c2ddfb8794b485772f4860cea168e3cc81bae90736a6d5bf226bc91c8e70ef94a94f9e03707d4db921eeaad5df8d19d3e092e7463e27bbe41409a597d9d95e9721dedd75e8f215b2"}, 0xef) 19:27:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xb000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:42 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRESDEC], 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0xff, 0xc8, 0x1f4, 0x401, 0x8000, 0xff7f}}}, 0xe) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xeb}, "084d9a121ff879e31309089a198fd04e379c80a06936d02fb007d9c025dad5ed7150a70d9dd32f6be5097a6bad6d4f8c2ff5d4c623fb86f09f9cfe7234fad7ae855a8b19206259b24ed1b4dd0e5608477db240128ec1ef3bf86cff038fbabffde6e33ed8577fea1cc9e6df31936967fa0b748c9a398da0ca4ab3f06c34f86ac80bb97d4e05f87d235037b1faddae0340202e718bf254add8a7d1be193d8e57635dfc72c2ddfb8794b485772f4860cea168e3cc81bae90736a6d5bf226bc91c8e70ef94a94f9e03707d4db921eeaad5df8d19d3e092e7463e27bbe41409a597d9d95e9721dedd75e8f215b2"}, 0xef) 19:27:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xe000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:42 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) 19:27:42 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRESDEC], 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0xff, 0xc8, 0x1f4, 0x401, 0x8000, 0xff7f}}}, 0xe) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0xff, 0xc8, 0x1f4, 0x401, 0x8000, 0xff7f}}}, 0xe) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xeb}, "084d9a121ff879e31309089a198fd04e379c80a06936d02fb007d9c025dad5ed7150a70d9dd32f6be5097a6bad6d4f8c2ff5d4c623fb86f09f9cfe7234fad7ae855a8b19206259b24ed1b4dd0e5608477db240128ec1ef3bf86cff038fbabffde6e33ed8577fea1cc9e6df31936967fa0b748c9a398da0ca4ab3f06c34f86ac80bb97d4e05f87d235037b1faddae0340202e718bf254add8a7d1be193d8e57635dfc72c2ddfb8794b485772f4860cea168e3cc81bae90736a6d5bf226bc91c8e70ef94a94f9e03707d4db921eeaad5df8d19d3e092e7463e27bbe41409a597d9d95e9721dedd75e8f215b2"}, 0xef) 19:27:42 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) 19:27:42 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) 19:27:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xf000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:42 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)) creat(&(0x7f0000000140)='./bus\x00', 0x0) 19:27:42 executing program 4: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@ipv4_getnetconf={0x24, 0x52, 0x300, 0x70bd2b, 0x25dfdbfc, {}, [@NETCONFA_IFINDEX={0x8}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x7fff}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x800) getrandom(&(0x7f0000000000)=""/95, 0x5f, 0x1) 19:27:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x10000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:42 executing program 4: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@ipv4_getnetconf={0x24, 0x52, 0x300, 0x70bd2b, 0x25dfdbfc, {}, [@NETCONFA_IFINDEX={0x8}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x7fff}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x800) getrandom(&(0x7f0000000000)=""/95, 0x5f, 0x1) 19:27:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x11000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:42 executing program 4: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@ipv4_getnetconf={0x24, 0x52, 0x300, 0x70bd2b, 0x25dfdbfc, {}, [@NETCONFA_IFINDEX={0x8}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x7fff}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x800) getrandom(&(0x7f0000000000)=""/95, 0x5f, 0x1) (async) getrandom(&(0x7f0000000000)=""/95, 0x5f, 0x1) 19:27:42 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) 19:27:42 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) 19:27:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x13000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:42 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x1, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x8000, 0x2}}}}, 0x11) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xf4}, "79c6dd2fb77babe37f2aec04f92af0933d3b9829028abdac86cdcdcd3d5fb6d01a15571855ebd236177e0244edbbd2445961cd098193340a7b0196d4e4ed7638b101ace5d8e8aacbe0665e74095c07335f77005531425a2471d517f296fd684e47448479d72fb68071f63f97856a5190291ac2bef3d6acff5295f6238143f96a65d52f484036ad26a62f2343cf8b09bc042114ba3c48e9866d6ec1c74b10de49a5311fa4d6beaa518fd1620a8acca26378bce2d80dadbada44c81df2cd7fda34674f761f03f302089a3e04edc871ce491bacb5f64a6ba5a0325dbc40369125191dcc4af6435f07ad123e692256003a0a8d3c8505"}, 0xf8) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0xfb, 0xc8, 0xc9, 0x93}}}, 0x8) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0x94, 0xc8, 0x4, 0x20, 0x8, 0x4}}}, 0xe) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x82}, "3bd20a71cfb85c3ffcfc5f69e23583564a8b82fe820cc1b5328e6a9fd8c238d4fabd5fefe3cc8237a0eb8b429728883f756901e21c62678788ac60a4483fda5ace3e2547d8104e57eb8498249a75756f282838b084832feadedda5d2d968aa232fb33a0a2481b8f5ccbf215cf9f5c2ddad1cbf3d01b147eb155f1f52e2517c5e6d64"}, 0x86) 19:27:43 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)) 19:27:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x3f000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:43 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x1, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x8000, 0x2}}}}, 0x11) (async) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xf4}, "79c6dd2fb77babe37f2aec04f92af0933d3b9829028abdac86cdcdcd3d5fb6d01a15571855ebd236177e0244edbbd2445961cd098193340a7b0196d4e4ed7638b101ace5d8e8aacbe0665e74095c07335f77005531425a2471d517f296fd684e47448479d72fb68071f63f97856a5190291ac2bef3d6acff5295f6238143f96a65d52f484036ad26a62f2343cf8b09bc042114ba3c48e9866d6ec1c74b10de49a5311fa4d6beaa518fd1620a8acca26378bce2d80dadbada44c81df2cd7fda34674f761f03f302089a3e04edc871ce491bacb5f64a6ba5a0325dbc40369125191dcc4af6435f07ad123e692256003a0a8d3c8505"}, 0xf8) (async) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0xfb, 0xc8, 0xc9, 0x93}}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0x94, 0xc8, 0x4, 0x20, 0x8, 0x4}}}, 0xe) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x82}, "3bd20a71cfb85c3ffcfc5f69e23583564a8b82fe820cc1b5328e6a9fd8c238d4fabd5fefe3cc8237a0eb8b429728883f756901e21c62678788ac60a4483fda5ace3e2547d8104e57eb8498249a75756f282838b084832feadedda5d2d968aa232fb33a0a2481b8f5ccbf215cf9f5c2ddad1cbf3d01b147eb155f1f52e2517c5e6d64"}, 0x86) 19:27:43 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) 19:27:43 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) 19:27:43 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) 19:27:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x4d040000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:43 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x1, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x8000, 0x2}}}}, 0x11) (async) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xf4}, "79c6dd2fb77babe37f2aec04f92af0933d3b9829028abdac86cdcdcd3d5fb6d01a15571855ebd236177e0244edbbd2445961cd098193340a7b0196d4e4ed7638b101ace5d8e8aacbe0665e74095c07335f77005531425a2471d517f296fd684e47448479d72fb68071f63f97856a5190291ac2bef3d6acff5295f6238143f96a65d52f484036ad26a62f2343cf8b09bc042114ba3c48e9866d6ec1c74b10de49a5311fa4d6beaa518fd1620a8acca26378bce2d80dadbada44c81df2cd7fda34674f761f03f302089a3e04edc871ce491bacb5f64a6ba5a0325dbc40369125191dcc4af6435f07ad123e692256003a0a8d3c8505"}, 0xf8) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0xfb, 0xc8, 0xc9, 0x93}}}, 0x8) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0x94, 0xc8, 0x4, 0x20, 0x8, 0x4}}}, 0xe) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x82}, "3bd20a71cfb85c3ffcfc5f69e23583564a8b82fe820cc1b5328e6a9fd8c238d4fabd5fefe3cc8237a0eb8b429728883f756901e21c62678788ac60a4483fda5ace3e2547d8104e57eb8498249a75756f282838b084832feadedda5d2d968aa232fb33a0a2481b8f5ccbf215cf9f5c2ddad1cbf3d01b147eb155f1f52e2517c5e6d64"}, 0x86) 19:27:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x60000000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:43 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) write$sequencer(0xffffffffffffffff, &(0x7f0000000280)=[@e={0xff, 0xb, 0x6, 0x7d, @SEQ_CONTROLLER=0xff, 0xc0, 0x1}, @x={0x94, 0x1, "57d2cff4bff6"}, @generic={0x4}, @generic={0x8a}, @v={0x93, 0xc, 0xa0, 0x7, @MIDI_NOTEON=@special, 0x40, 0x7}], 0x1a) ftruncate(r0, 0x208200) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r1, 0x208200) ioctl$VIDIOC_TRY_FMT(r1, 0xc0cc5640, &(0x7f0000000180)={0xc, @vbi={0xfff, 0xfffffffe, 0x7, 0x31303553, [0x6, 0x800], [0x2b1, 0xa88b], 0x2}}) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$UI_SET_ABSBIT(r2, 0x40045567, 0x6) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x2, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x5, 0x4}, {0x40, 0xd51}}}}, 0x11) 19:27:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x9effffff, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:43 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) write$sequencer(0xffffffffffffffff, &(0x7f0000000280)=[@e={0xff, 0xb, 0x6, 0x7d, @SEQ_CONTROLLER=0xff, 0xc0, 0x1}, @x={0x94, 0x1, "57d2cff4bff6"}, @generic={0x4}, @generic={0x8a}, @v={0x93, 0xc, 0xa0, 0x7, @MIDI_NOTEON=@special, 0x40, 0x7}], 0x1a) (async) ftruncate(r0, 0x208200) (async) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r1, 0x208200) (async) ioctl$VIDIOC_TRY_FMT(r1, 0xc0cc5640, &(0x7f0000000180)={0xc, @vbi={0xfff, 0xfffffffe, 0x7, 0x31303553, [0x6, 0x800], [0x2b1, 0xa88b], 0x2}}) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$UI_SET_ABSBIT(r2, 0x40045567, 0x6) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x2, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x5, 0x4}, {0x40, 0xd51}}}}, 0x11) 19:27:43 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xf0ffffff, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:43 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) (async) write$sequencer(0xffffffffffffffff, &(0x7f0000000280)=[@e={0xff, 0xb, 0x6, 0x7d, @SEQ_CONTROLLER=0xff, 0xc0, 0x1}, @x={0x94, 0x1, "57d2cff4bff6"}, @generic={0x4}, @generic={0x8a}, @v={0x93, 0xc, 0xa0, 0x7, @MIDI_NOTEON=@special, 0x40, 0x7}], 0x1a) ftruncate(r0, 0x208200) (async) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r1, 0x208200) ioctl$VIDIOC_TRY_FMT(r1, 0xc0cc5640, &(0x7f0000000180)={0xc, @vbi={0xfff, 0xfffffffe, 0x7, 0x31303553, [0x6, 0x800], [0x2b1, 0xa88b], 0x2}}) (async) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$UI_SET_ABSBIT(r2, 0x40045567, 0x6) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x2, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x5, 0x4}, {0x40, 0xd51}}}}, 0x11) 19:27:43 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) 19:27:43 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) 19:27:43 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)) creat(&(0x7f0000000140)='./bus\x00', 0x0) 19:27:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xfffff000, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) dup(r0) read$eventfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x81, 0xc9, 0x20, 0x5205}}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x63}, "15c0d12b5a1cbf3c98efb5ff3e5a8e60ebceb45c74a6147939397d45d50d2e2a315ec95eb7dc02ec080ef79cceb29585eac8673a615b3e4eb91a31fccaacceb03cd5c10babcd127dcb3e149e5cb55a7a462830971cb3200598beaba68392a911277547"}, 0x67) 19:27:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xffffff7f, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:44 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) (async) dup(r0) read$eventfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x81, 0xc9, 0x20, 0x5205}}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x63}, "15c0d12b5a1cbf3c98efb5ff3e5a8e60ebceb45c74a6147939397d45d50d2e2a315ec95eb7dc02ec080ef79cceb29585eac8673a615b3e4eb91a31fccaacceb03cd5c10babcd127dcb3e149e5cb55a7a462830971cb3200598beaba68392a911277547"}, 0x67) 19:27:44 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) dup(r0) read$eventfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x81, 0xc9, 0x20, 0x5205}}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x63}, "15c0d12b5a1cbf3c98efb5ff3e5a8e60ebceb45c74a6147939397d45d50d2e2a315ec95eb7dc02ec080ef79cceb29585eac8673a615b3e4eb91a31fccaacceb03cd5c10babcd127dcb3e149e5cb55a7a462830971cb3200598beaba68392a911277547"}, 0x67) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) (async) dup(r0) (async) read$eventfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x81, 0xc9, 0x20, 0x5205}}}, 0x9) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x63}, "15c0d12b5a1cbf3c98efb5ff3e5a8e60ebceb45c74a6147939397d45d50d2e2a315ec95eb7dc02ec080ef79cceb29585eac8673a615b3e4eb91a31fccaacceb03cd5c10babcd127dcb3e149e5cb55a7a462830971cb3200598beaba68392a911277547"}, 0x67) (async) 19:27:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xffffff9e, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:44 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:44 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)) 19:27:44 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e05005a0c0000485f7ec6e839e7659a4b131a"], 0x8) 19:27:44 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) 19:27:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xfffffff0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:44 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) 19:27:44 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e05005a0c0000485f7ec6e839e7659a4b131a"], 0x8) 19:27:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0xffffffff, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:44 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:44 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e05005a0c0000485f7ec6e839e7659a4b131a"], 0x8) 19:27:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0xf, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:44 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:44 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e852a3e39005a"], 0x8) 19:27:44 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x14, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:44 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)) creat(&(0x7f0000000140)='./bus\x00', 0x0) 19:27:44 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:44 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e852a3e39005a"], 0x8) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e852a3e39005a"], 0x8) (async) 19:27:44 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) 19:27:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x117, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:44 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e852a3e39005a"], 0x8) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e852a3e39005a"], 0x8) (async) 19:27:44 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x140, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:45 executing program 4: pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000240)=0x0) process_vm_writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000280)=""/55, 0x37}, {&(0x7f0000001880)=""/205, 0xcd}], 0x3, &(0x7f0000002cc0)=[{&(0x7f0000001980)=""/4096, 0x1000}, {&(0x7f0000002980)=""/249, 0xf9}, {&(0x7f0000000500)=""/159, 0x9f}, {&(0x7f0000002a80)=""/151, 0x97}, {&(0x7f0000002b40)=""/105, 0x69}, {&(0x7f0000002bc0)=""/230, 0xe6}], 0x6, 0x0) process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)=""/142, 0x8e}, {&(0x7f0000000140)=""/237, 0xed}, {&(0x7f0000000240)=""/142, 0x8e}, {&(0x7f0000000300)=""/138, 0x8a}], 0x4, &(0x7f0000000a40)=[{&(0x7f00000003c0)=""/223, 0xdf}, {&(0x7f00000004c0)=""/120, 0x78}, {&(0x7f0000000540)=""/184, 0xb8}, {&(0x7f0000000600)=""/35, 0x23}, {&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/139, 0x8b}, {&(0x7f0000000740)=""/184, 0xb8}, {&(0x7f0000000800)=""/226, 0xe2}, {&(0x7f0000000900)=""/96, 0x60}, {&(0x7f0000000980)=""/191, 0xbf}], 0xa, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:27:45 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:45 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:45 executing program 4: pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000240)=0x0) process_vm_writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000280)=""/55, 0x37}, {&(0x7f0000001880)=""/205, 0xcd}], 0x3, &(0x7f0000002cc0)=[{&(0x7f0000001980)=""/4096, 0x1000}, {&(0x7f0000002980)=""/249, 0xf9}, {&(0x7f0000000500)=""/159, 0x9f}, {&(0x7f0000002a80)=""/151, 0x97}, {&(0x7f0000002b40)=""/105, 0x69}, {&(0x7f0000002bc0)=""/230, 0xe6}], 0x6, 0x0) process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)=""/142, 0x8e}, {&(0x7f0000000140)=""/237, 0xed}, {&(0x7f0000000240)=""/142, 0x8e}, {&(0x7f0000000300)=""/138, 0x8a}], 0x4, &(0x7f0000000a40)=[{&(0x7f00000003c0)=""/223, 0xdf}, {&(0x7f00000004c0)=""/120, 0x78}, {&(0x7f0000000540)=""/184, 0xb8}, {&(0x7f0000000600)=""/35, 0x23}, {&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/139, 0x8b}, {&(0x7f0000000740)=""/184, 0xb8}, {&(0x7f0000000800)=""/226, 0xe2}, {&(0x7f0000000900)=""/96, 0x60}, {&(0x7f0000000980)=""/191, 0xbf}], 0xa, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:27:45 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)) 19:27:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x142, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:45 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) mlockall(0x2) r2 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:45 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) 19:27:45 executing program 4: pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000240)=0x0) process_vm_writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000280)=""/55, 0x37}, {&(0x7f0000001880)=""/205, 0xcd}], 0x3, &(0x7f0000002cc0)=[{&(0x7f0000001980)=""/4096, 0x1000}, {&(0x7f0000002980)=""/249, 0xf9}, {&(0x7f0000000500)=""/159, 0x9f}, {&(0x7f0000002a80)=""/151, 0x97}, {&(0x7f0000002b40)=""/105, 0x69}, {&(0x7f0000002bc0)=""/230, 0xe6}], 0x6, 0x0) (async) process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)=""/142, 0x8e}, {&(0x7f0000000140)=""/237, 0xed}, {&(0x7f0000000240)=""/142, 0x8e}, {&(0x7f0000000300)=""/138, 0x8a}], 0x4, &(0x7f0000000a40)=[{&(0x7f00000003c0)=""/223, 0xdf}, {&(0x7f00000004c0)=""/120, 0x78}, {&(0x7f0000000540)=""/184, 0xb8}, {&(0x7f0000000600)=""/35, 0x23}, {&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/139, 0x8b}, {&(0x7f0000000740)=""/184, 0xb8}, {&(0x7f0000000800)=""/226, 0xe2}, {&(0x7f0000000900)=""/96, 0x60}, {&(0x7f0000000980)=""/191, 0xbf}], 0xa, 0x0) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:27:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0xec0, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:45 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:45 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) sendmsg$can_raw(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@canfd={{0x2, 0x0, 0x1}, 0x1b, 0x1, 0x0, 0x0, "22b12af15616fb446a51728ba853ed19909b95caa1f44885354ec077273bd4f1a21d8ac85c499bc0cf6990a4dfa6be150a93232508c39d974900ae968710c62b"}, 0x48}, 0x1, 0x0, 0x0, 0x40010}, 0x80) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) ftruncate(r1, 0x7fff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)={0x270, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_REKEY_DATA={0x48, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="b6e825f008333d0899d4526a99fb39dc"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "2b994ad948a6b446"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="d7dbbc0bae5c715205a46412dc8e89b3"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="7e51be08f2852f7a7302cd4ca13fca4d"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x8}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x3f}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="cf2bdb7f46b510b56634ed88a724de1b"}]}, @NL80211_ATTR_REKEY_DATA={0x40, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "1f6b55591cb4368b"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "9fa6aced614d09cb"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="c90fd5cef34e2ff19be4df127016f1c741187db43c962ee2ebbd565416b7d17f"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="98d6d0c74dcff3ed35db2e7c8bd129a8"}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="7b54e41e379f770a2d781df64406d902cfbbd40dcebf8c5e"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="619a3eff561f663d135ad075807e00e7"}]}, @NL80211_ATTR_REKEY_DATA={0x54, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "2dfbe1ed9d08f12a"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="ec5ef8634946bb087e62d81be777896db95e2bba37a61273"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "61538780a603a244"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1f}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "5fa6a8abc2a5e451"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="ddfc65c5604c894ca461f8ef95eeab27"}]}, @NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x20}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xc065}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "894279d2306d15ff"}]}, @NL80211_ATTR_REKEY_DATA={0xb0, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="3f721177fe3777184ba1933842e29eea"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="1b955c0608615ab8ccfeb25d1182f378"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="93e0b93a9e7c6ea6d9881ce9bc4bc01ab2f559eb3c07b90b"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="f07551afce7025161aa290ea2db2ef68900bbed94f09003d"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="abb3c174adb3c5da7023d1819da7a83e5c47c0b406033773"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "5c0fb870573c0f92"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="7b29b0742331611f7c9495159d0971ff252bcef68c3ea05c57c42e2ea22fd6e1"}]}]}, 0x270}}, 0x4000840) r2 = openat$rdma_cm(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) sendfile(r2, r0, &(0x7f0000000100)=0x1, 0x9) 19:27:45 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x33fe0, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:45 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) (async) sendmsg$can_raw(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@canfd={{0x2, 0x0, 0x1}, 0x1b, 0x1, 0x0, 0x0, "22b12af15616fb446a51728ba853ed19909b95caa1f44885354ec077273bd4f1a21d8ac85c499bc0cf6990a4dfa6be150a93232508c39d974900ae968710c62b"}, 0x48}, 0x1, 0x0, 0x0, 0x40010}, 0x80) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) (async) ftruncate(r1, 0x7fff) (async) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)={0x270, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_REKEY_DATA={0x48, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="b6e825f008333d0899d4526a99fb39dc"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "2b994ad948a6b446"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="d7dbbc0bae5c715205a46412dc8e89b3"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="7e51be08f2852f7a7302cd4ca13fca4d"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x8}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x3f}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="cf2bdb7f46b510b56634ed88a724de1b"}]}, @NL80211_ATTR_REKEY_DATA={0x40, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "1f6b55591cb4368b"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "9fa6aced614d09cb"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="c90fd5cef34e2ff19be4df127016f1c741187db43c962ee2ebbd565416b7d17f"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="98d6d0c74dcff3ed35db2e7c8bd129a8"}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="7b54e41e379f770a2d781df64406d902cfbbd40dcebf8c5e"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="619a3eff561f663d135ad075807e00e7"}]}, @NL80211_ATTR_REKEY_DATA={0x54, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "2dfbe1ed9d08f12a"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="ec5ef8634946bb087e62d81be777896db95e2bba37a61273"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "61538780a603a244"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1f}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "5fa6a8abc2a5e451"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="ddfc65c5604c894ca461f8ef95eeab27"}]}, @NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x20}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xc065}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "894279d2306d15ff"}]}, @NL80211_ATTR_REKEY_DATA={0xb0, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="3f721177fe3777184ba1933842e29eea"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="1b955c0608615ab8ccfeb25d1182f378"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="93e0b93a9e7c6ea6d9881ce9bc4bc01ab2f559eb3c07b90b"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="f07551afce7025161aa290ea2db2ef68900bbed94f09003d"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="abb3c174adb3c5da7023d1819da7a83e5c47c0b406033773"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "5c0fb870573c0f92"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="7b29b0742331611f7c9495159d0971ff252bcef68c3ea05c57c42e2ea22fd6e1"}]}]}, 0x270}}, 0x4000840) (async) r2 = openat$rdma_cm(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) sendfile(r2, r0, &(0x7f0000000100)=0x1, 0x9) 19:27:45 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:45 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x7ffff000, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:45 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) sendmsg$can_raw(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@canfd={{0x2, 0x0, 0x1}, 0x1b, 0x1, 0x0, 0x0, "22b12af15616fb446a51728ba853ed19909b95caa1f44885354ec077273bd4f1a21d8ac85c499bc0cf6990a4dfa6be150a93232508c39d974900ae968710c62b"}, 0x48}, 0x1, 0x0, 0x0, 0x40010}, 0x80) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) ftruncate(r1, 0x7fff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)={0x270, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_REKEY_DATA={0x48, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="b6e825f008333d0899d4526a99fb39dc"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "2b994ad948a6b446"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="d7dbbc0bae5c715205a46412dc8e89b3"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="7e51be08f2852f7a7302cd4ca13fca4d"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x8}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x3f}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="cf2bdb7f46b510b56634ed88a724de1b"}]}, @NL80211_ATTR_REKEY_DATA={0x40, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "1f6b55591cb4368b"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "9fa6aced614d09cb"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="c90fd5cef34e2ff19be4df127016f1c741187db43c962ee2ebbd565416b7d17f"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="98d6d0c74dcff3ed35db2e7c8bd129a8"}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="7b54e41e379f770a2d781df64406d902cfbbd40dcebf8c5e"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="619a3eff561f663d135ad075807e00e7"}]}, @NL80211_ATTR_REKEY_DATA={0x54, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "2dfbe1ed9d08f12a"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="ec5ef8634946bb087e62d81be777896db95e2bba37a61273"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "61538780a603a244"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1f}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "5fa6a8abc2a5e451"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="ddfc65c5604c894ca461f8ef95eeab27"}]}, @NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x20}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xc065}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "894279d2306d15ff"}]}, @NL80211_ATTR_REKEY_DATA={0xb0, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="3f721177fe3777184ba1933842e29eea"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="1b955c0608615ab8ccfeb25d1182f378"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="93e0b93a9e7c6ea6d9881ce9bc4bc01ab2f559eb3c07b90b"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="f07551afce7025161aa290ea2db2ef68900bbed94f09003d"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="abb3c174adb3c5da7023d1819da7a83e5c47c0b406033773"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "5c0fb870573c0f92"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="7b29b0742331611f7c9495159d0971ff252bcef68c3ea05c57c42e2ea22fd6e1"}]}]}, 0x270}}, 0x4000840) (async) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)={0x270, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_REKEY_DATA={0x48, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="b6e825f008333d0899d4526a99fb39dc"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "2b994ad948a6b446"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="d7dbbc0bae5c715205a46412dc8e89b3"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="7e51be08f2852f7a7302cd4ca13fca4d"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x8}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x3f}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="cf2bdb7f46b510b56634ed88a724de1b"}]}, @NL80211_ATTR_REKEY_DATA={0x40, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "1f6b55591cb4368b"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "9fa6aced614d09cb"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="c90fd5cef34e2ff19be4df127016f1c741187db43c962ee2ebbd565416b7d17f"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="98d6d0c74dcff3ed35db2e7c8bd129a8"}]}, @NL80211_ATTR_REKEY_DATA={0x3c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="7b54e41e379f770a2d781df64406d902cfbbd40dcebf8c5e"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="619a3eff561f663d135ad075807e00e7"}]}, @NL80211_ATTR_REKEY_DATA={0x54, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "2dfbe1ed9d08f12a"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="ec5ef8634946bb087e62d81be777896db95e2bba37a61273"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "61538780a603a244"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1f}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "5fa6a8abc2a5e451"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="ddfc65c5604c894ca461f8ef95eeab27"}]}, @NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x20}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xc065}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "894279d2306d15ff"}]}, @NL80211_ATTR_REKEY_DATA={0xb0, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="3f721177fe3777184ba1933842e29eea"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="1b955c0608615ab8ccfeb25d1182f378"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="93e0b93a9e7c6ea6d9881ce9bc4bc01ab2f559eb3c07b90b"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="f07551afce7025161aa290ea2db2ef68900bbed94f09003d"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="abb3c174adb3c5da7023d1819da7a83e5c47c0b406033773"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "5c0fb870573c0f92"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="7b29b0742331611f7c9495159d0971ff252bcef68c3ea05c57c42e2ea22fd6e1"}]}]}, 0x270}}, 0x4000840) r2 = openat$rdma_cm(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) sendfile(r2, r0, &(0x7f0000000100)=0x1, 0x9) 19:27:45 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) 19:27:45 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) mlockall(0x2) r2 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:45 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0xfffffdef, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:45 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./bus\x00', 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = memfd_secret(0x80000) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f00000001c0)={0x5100, r0}, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r1, r0, 0x0, 0x800100020013) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000080)=""/255) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{0x5, 0x4}, {0x1, 0xc8, 0x10}}}, 0x7) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x2, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}}}, 0xa) 19:27:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x2, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:46 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:46 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) (async) creat(&(0x7f0000000180)='./bus\x00', 0x1c) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) (async) r2 = memfd_secret(0x80000) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f00000001c0)={0x5100, r0}, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async) sendfile(r1, r0, 0x0, 0x800100020013) (async) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000080)=""/255) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{0x5, 0x4}, {0x1, 0xc8, 0x10}}}, 0x7) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x2, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}}}, 0xa) 19:27:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:46 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:46 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) mlockall(0x2) r2 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:46 executing program 4: open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) (async) r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./bus\x00', 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = memfd_secret(0x80000) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f00000001c0)={0x5100, r0}, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) (async) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r1, r0, 0x0, 0x800100020013) (async) sendfile(r1, r0, 0x0, 0x800100020013) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000080)=""/255) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{0x5, 0x4}, {0x1, 0xc8, 0x10}}}, 0x7) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x2, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}}}, 0xa) 19:27:46 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) 19:27:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x4, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:46 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:46 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0x21}, {0x0, 0x5, [{0xc9, 0xffff, 0x8000}, {0xc9, 0x7, 0x3}, {0xc9, 0x1000, 0x8}, {0xc8, 0x5, 0x4}, {0xc9, 0x993f, 0x45}]}}}, 0x24) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9) 19:27:46 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x6, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:46 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0x21}, {0x0, 0x5, [{0xc9, 0xffff, 0x8000}, {0xc9, 0x7, 0x3}, {0xc9, 0x1000, 0x8}, {0xc8, 0x5, 0x4}, {0xc9, 0x993f, 0x45}]}}}, 0x24) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9) 19:27:46 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x7, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:46 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0x21}, {0x0, 0x5, [{0xc9, 0xffff, 0x8000}, {0xc9, 0x7, 0x3}, {0xc9, 0x1000, 0x8}, {0xc8, 0x5, 0x4}, {0xc9, 0x993f, 0x45}]}}}, 0x24) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0x21}, {0x0, 0x5, [{0xc9, 0xffff, 0x8000}, {0xc9, 0x7, 0x3}, {0xc9, 0x1000, 0x8}, {0xc8, 0x5, 0x4}, {0xc9, 0x993f, 0x45}]}}}, 0x24) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9) (async) 19:27:46 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:47 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)) creat(&(0x7f0000000140)='./bus\x00', 0x0) 19:27:47 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) fanotify_init(0x4, 0x1000) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:47 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) mlockall(0x2) r2 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:47 executing program 4: ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9700000000001000a05000000000a400000070034c2fffbe7cb0b9b61901332c85358387733655411382192d5beea31fd620584d8c5bcdad4b5abe00fc7a1b6561ab51942ab18e12dafee8d0082cc414a07a6a845c293b1000925d599afb33a4bcbe01206a6ff533aba28ef7e3133de688fab54f8423bfb1574d3e357ae90b2c35e0e0ab3d9871f081015dce7c443ce7167dec296f2a0e2613a0139e9f263be11f7ce5e29ebb1c9ec4895ff203e26829540e95e63bd23f794a2202c6d52d646ecfbac8dc14ac48da3a59df18385526446c8644493d6b81f3b5aa9643f6f752ac42925ff99379ec9342a25422d1fefd40cd2577189c7f10a831ac7b6aa8ee3e852806e1df5b492f14e4a0468a14b03936d6a73"], 0xbd) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0x3c}, @l2cap_cid_signaling={{0x38}, [@l2cap_info_req={{0xa, 0xff, 0x2}, {0x4000}}, @l2cap_conn_req={{0x2, 0x81, 0x4}, {0x7, 0x1}}, @l2cap_disconn_rsp={{0x7, 0x9, 0x4}, {0xffff, 0x9}}, @l2cap_info_req={{0xa, 0x5, 0x2}, {0x5}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x4, 0x2}, {0x81}}, @l2cap_disconn_rsp={{0x7, 0x2, 0x4}, {0x1, 0x2}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x0, 0x2}, {0x6}}, @l2cap_conn_req={{0x2, 0x6, 0x4}, {0xec, 0x9}}]}}, 0x41) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x1000}, "4c935c6efc13a92891214743a40e5085c023773e41afff2721cb8afdaef57d20559882149adb1d4d9150e888404b2e427bced1b42b45eb6e4e56c57fb8a646717912b0799fa5d7422215095c69b9451c811d798574a2c6fbfbdaa03b1e5bb49199bb3e3e11201076d7f9b06fab1b3f8acafd969d7bfc1e104fd3fdf08c3954d3cb455efaafede1bf67e84df636b6b1485bd440fe7e2d2456e46305a8ec6bf773a1142c63bebea29f076ec768d3655b4430c07438ce89bc4d58aa00bfc8f3b19ce93735a71dca44d3b5a8e6d0b945bce61a0a1837336c4da87077f4d13601d708a61b1637c13e51c3363614a89088bc93e46d94591265ff2b5a939ea73a15066742365e1be6abb321cc86793492be927e78523a5bc236cdd1180f537a210c9efbd9b966b33a5724d20b787a1ab072538b2b08720934a2eb332979152b56b1b20c0512c171978d7feda73748293eca9e15cfa2fd62438cee6d41435330dffefa2e7ae5da9d7d0845e727682d76810b57601f5a0603ccb5c6ae675a7e02d4f1e3a4cf5dd34fbcb757c7758e43721a506279d3647cfcc3e317060295083dca428909b9e49c32080248eb0d8ff1e8913eec659097c8bf540d09a707a9b9cafb41d0cf62e44ead251211183f1ada347c1ae5c5365eb02f1d1a4660e4416d9f8ff19a60158d7913533a3a511d2b612db7140339a11ba390a59e46c3a2d2fedda344a64a3ecae3e49e2c58541ae119ff831814cc9f86729a87f5a48133e794dee1b037e64095d18d66bf8e63993a573f2dd447ba74a44149e0d768a2d9415d8fe1d558a0886fb1615a406f7f4f0573e02a174ba4a88c476c1c93846cb7298fbbf0dc30eaa92c11fa75ecb57f8e8986f83f3083ba52f2231c4d7d3067b3b266db6bfe2bacf8a26ea0dee90258fe4fe3bf4d02345f72a012ff94a725a51d3b0efb1961c2dc8b83de1ca29b25391b0cf271f7105e0a26336a11d5cffd43c6adcb0f4445d08521cfd5d9e06483e0a0b81864e53bcc9acdf981caa9432360eb3c0a666dd0eeb00a94585f1dffd9ae493237a456403af534568bf84077911fb422d44d99af88a44dce7e624e483d4e31693bd142ff89d70ab303b16d5a79b1fe1aa0e2f234b4fd03d42e8f64cbc85a2919b74e239e9752f058cd05fab468ffda8d0b8d4105ddedd68bdc0387319a9ed8eeeaed189d683d0e1cc9c3c75a6bca13edacadf5317f8ddb07a72d17cfb551f3315d2179835ba93de488d43042becd8ee103a705dd2b5d73b9a55d73714f3ce02ecc174ebf8a56b56aaca243ca1d2cd1137b3a70000e39713312aa8d1495cddd66644cc6b777917e89e521a89008677c6f3cd26ff13fd9ef01d0e71a1bb625acf3244c1a9ca5efdf27d2a18ea613eb3a1fbaed56c9df9bf8a1483e81000a98ef2eaf25b7d049c11487911b423505dc43517002e6df4af4dad18894fa89639eaea50b668c8515193b168ed36f57ef45f7eb34361312ceebbb596028c37f72b9ccd94e1cfdd7faeb5bb3044ca9ab2bad9b97b9473fbefeacdf6a6c20403506852b3bbbc3a2443f7f08791b82a1cdf53d71d6cb8d32bee8a707f20167ef20ae85ab2ced30c60afe1e144da12e22bc50e838870f3ed2b1699c3f0e71ee93bfa55707e621317c4c98a001b5028634db14297d3dbdadeca76012c666cc07e3b3496d3144f4a552bba5b7c5b8a02e3e11804cf66c215529f7a120be90835b0d5d0f96f003677c02f3ab91cb131d1e644a826ad713cf8f4b46489e914ec8b18b91fe113a1ede08ef8a28523c0aa0dce6a6a628d3fd2ac98779acd545f3a333b7686f21e835c3671345ea712744e25e64f8cc2a4c79b550ac5d0a36e811ef6e37f33790fd104f1a72dfad9be43c230a6be7e05ef6d740bcedec88057fb413214b835975dfd33b0f877ab433026b62ac98d154baa7008954722be98c4e87dc69cadf1b26a7aca80e8cbb95f35a0ba36ec269d2ad9f4c0fdf657a0701f342dc06faeb167a01f0d633dc69035af50c136ca3fcbf80e5127462365a396e2bdeb889b8cf79ec17672bd54b55e46e2f8f2993614e7d5c5bdef2ead7d14880be6de6b8fdf363737d538d9ad884a1de044664b49dcc2b9e78f4ab6c592e501f4b7170908fb4866298a42b1d4fd59cfd093ef10b7ba9bed025b5584f08fec49a864eb52ef07b74838e384af180fe0b2b5f2b144cc3bfcfec9125073259521fda72f82cfc791b1d791d70c6d0ec514dea5ebbb37e154bde72b0b8fda6e3517ba53c2d7aa40b7680cf8da6fcf78c36ae9d8c11d05556515f9dc64fd522eed26e8e048b005d36fb700360b36615da874425a2dc5a4cc1ba251311dbe3bb205ba6504cbb3367ed34229e86ee680db75f6563b5f78e86b22598b211ba3716f1da15e2c4612d54a1aa81ebbba0d517a675da42e846605957ad0ceac3e3f45d9333fdec6030f619b40fd42889480eb8f4d5ef5ccd609c08744edb9cfb8d925f4b4121e0ed7635f87343233284992527b9f2ce52d44df7a56ca4de03a0555118c5afe86364d545d4bec516ef14195baa0aaeb58a52267cf34071c76af0b08d74e8221ec9bce28622aad356bfeff8a10a2504e4eaed90169147fc85f48ced00121634f0de39266c3f10145c19908fc0ec310ba4b8b0dd09614bb19e54cdb86f8470390cf490304487bdc57247d289b7e868d84395d3e7e965550225bc7d15031272e4be2c36924a923ff94a232361f5559bcef68b8d70c59e4ecd931975c6aa55f93f65e517c818d9090b9a78854ccabf90a50e174d260ec525f66429eb44f54842900228c9c4b02a3973d3b3976cf18119292758f8049fb88386bc747499277433fcd7e29faa6696f48bc8dd8cd1c06ec84f9b16ed01e2d9f533c30845f9fc5c82f260fa308cd6af74e591f66bcc2b9d6daa1d18f38d69a6233b2271ce0704337c532e74f738de7ae6a3e445be7d4b65f98901230f219624eed571cfb39a65fb3876242f5b5e21a645cd5f1e99b70b4fe8b332f91d2b32e8e8cfe482cfe9dec9ebf5a52a06650bfadcbf352d8c18a9ef827c656b1fa47c07468db1036cdabc103a87b2b58effe36380737b432d44e5ef64c0cf1de7ea1160dd1d6bfbdb2107d8a7177333b80814d015cf9d21bf72bd378ca8ddf2f6e71e6f2a68a861c85a6eb991fe3312a34e8444c096fac5dd515acfd086b5a504231072e45e86e58e7b2712ddbf7973132b6c8ceda5254362dda6dfd4985f8cda2d3019bc8d3dda98c4e7b149de3160771a558483771e7fa91b10a2d25c35484190e62d5c81d054d96029bfd16a967e49e9a71db5f764abb9ddbff8096bb0fbd4934152c8c23fe0d350dd97a71a6aee99451a0a681207f669d9c21fed07c8f97c53038d4a24d1ff73eacfd0fed11696cf6200f0adfebef99c2b94e977a07ff85083584b6ba42a25de1a8c9211a145214da6c726da9d4ca0fc0ee5e2151f71a046a5902b5f066808302d57fc24559e0944542922743a37fc8a9c0e38e44bcf2311c2696082b4236ad92ef72e70989c6d223b6fdc349db07beb8043d792d49406fa8cb3da47e65377dbe064cdb48eb3ec384fb5506b2f82aa4684d0c3e0d44b07e3d8caba5a81bf9b090c33a01f397e7755f20639245705c2276284785757f67f8786df7a7ae8a109c39e635232d585fe0df2bb20a0303468c0cbe243e8f8c28f83e8a22aa4726bd944e151f3f5e04e50a63b2a35de919fccb293bfa6e6433057ef7c1e0f3e2c1b4cef653644124e02f98653037873db1b3ccc9f883d7a1cea09243908232ccf6f8d00a05e103da51477312efd3fee50eae9a3297f851c12c45542e4cbb6fb4c6c003a62091d58394ecdfe674bd6f8bf2401bf3b7c3faf574ebc34763c11f158bc06e66865f92e8a75d6891cbd461fb7e2b083831d79aad503bb129f43b569e6a01c56a7907e5e458a2206def0334dc32a80bcc1d0c98d83ac9bd64aaf936dd72b5dcb4e5d78db5307040ff8a8df8af7a27e0ec743c048fc2c745f736131a2cdb8ce1d961b15768a6a99ce0bcaa01074ad7e5b1d6e33d9e77a89221e64a07f2715c3e3e8ddbf03616cd5baef7590d0c9b5ceb6ebc0258b546d287dd654e6c21b6c37909a45088418a3a8714401a1865cabc568000708a14797438a6c8060f94430f49df65e59a8119a33f3cb56be1b907b296ac099687ceea1e90b7381c6012e31bd3a80c027a086015e9a5cef33c80342d5dafc81f7252133ca2102f596fbcabf98ec8e0c7b11c6ed1e1e3466e910b05259317a52dd99ad83c659e26828ea4addc0ca0f162f1af0f75162dac51e52b6879d2b3b89a69dd0e5d0c79609503ab6cb5aae13bdf41e2c8cf0ef006c24cda5d4b5fad98641c4ab7718c779582a94ad627cac05f6b458e46a4fafce4f96ce5249a34e606dadea0a91642681e5118764ec885ec0ea22c28cd4b3d9d86ecfd001d15c47b4acbd934e694fae85aacf128f65bfdbea8bdf5f0accc21b840f793dc8dd939a14129c607a982a2e50bf7c8927666e63cb533ade2645a435458d21902eacf1c07f3946526aa01e1c96f5fb31876abf0abcb38e48cb3e472435a85f57a1fae350f927a66ad0ddf0dbb86c2d5fe450323b10419445271bb91d247a687216078b3775cc8697fbd01257265793b97f3d53fa908b8f83ae25b4f556215779d43480e949953242df463a362d90c16abfb7c2003559e2dfeb9ee338136d020f5fb88a962a526d4b6de8c1662b115e7c8aabba1e60d2b5cc3a81013584bf78e2765de500ca7ea18a5ca07deef284b97d6f6f9f4bdfdfcbf2742d974216b533d4b1e4a8492f8978a66e27abfd896bdca6fb5f9daaa52c87119b537848566434c6b50d73861eaad3dc8c7e2c367db6b146f697fb29b52a8827cb136636f9f1d0f136a5c18cd1fe2c2258b068c399e60c48a6f190d99d3e3ca8be405a0d9127c6c5e65520aacae23fe3b6f3bb1e781b6b7bc3d98b7d9602abbf0e794f35dc5af28a0aa9b8324319e3dbdc6ba5259e8474aca20ba48195ce7498322ec3deaee5732434a9a81393f8077e24973027761c2385aa916e01a97135b9443de097256059c5ad9491be822c7e0312b6bfe62da968cccef7a419a3a66333398b06f5cd15210ecfe3dd35703d6c624f00dae39dada9c3bf3628f416fa999181ad0257b410d66f040d9adbd5857c9cd845f52e4b66efe9a00c92bc0723a7a4335e17ab6aad39817bb1597631e6f03289b41af1a181f9e22832ba787dd302b746db2efa85148404909ae65b96631493b83039e71b0b7834ddbf048277f4c1b9f60c8a403269b60d1a023944865ad28a110eefdfb7603a552aa5300b36aa4149b0780f402df258335856739f8f3263255739a8a0f458e319f0790d83867df7092181a0eab3c014a25993cb24badc21df38504b5ad4a916fa8ef4b365c72241d2bc6cbc65d0d674c5808ee2672850dc06973419990353c03d15dfd0a2001672a61eccd4e360951c7ed4592f19e52a3d5e034be32d4d60cfa14c22de6dc000c01b8803f53105f4267df7401f7289483c79d8bce42fe7767b9626c60dcf34b765683abb7e089b4d754fa12aa3bd0e746f148cf4c442bcc82ac32d35cfb949e6b22ab48ae99eb01a636f400d3284f71e5d5f57c3ca217f3f91f47330e5c53b615689c050724f9c4ee029188608330bef9a2fe1a10913ac0f10b26db7adde700e6c6ddd8a574544ec27ef629d2c4fb50986cdc8dcaf8cf6df394fca547f29ca18592e39bd6fa191c44a1abfb206df82b2a050ba89453ad1bf08bb94e96d6862f684df1f935d"}, 0x1004) 19:27:47 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:47 executing program 4: ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9700000000001000a05000000000a400000070034c2fffbe7cb0b9b61901332c85358387733655411382192d5beea31fd620584d8c5bcdad4b5abe00fc7a1b6561ab51942ab18e12dafee8d0082cc414a07a6a845c293b1000925d599afb33a4bcbe01206a6ff533aba28ef7e3133de688fab54f8423bfb1574d3e357ae90b2c35e0e0ab3d9871f081015dce7c443ce7167dec296f2a0e2613a0139e9f263be11f7ce5e29ebb1c9ec4895ff203e26829540e95e63bd23f794a2202c6d52d646ecfbac8dc14ac48da3a59df18385526446c8644493d6b81f3b5aa9643f6f752ac42925ff99379ec9342a25422d1fefd40cd2577189c7f10a831ac7b6aa8ee3e852806e1df5b492f14e4a0468a14b03936d6a73"], 0xbd) (async) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0x3c}, @l2cap_cid_signaling={{0x38}, [@l2cap_info_req={{0xa, 0xff, 0x2}, {0x4000}}, @l2cap_conn_req={{0x2, 0x81, 0x4}, {0x7, 0x1}}, @l2cap_disconn_rsp={{0x7, 0x9, 0x4}, {0xffff, 0x9}}, @l2cap_info_req={{0xa, 0x5, 0x2}, {0x5}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x4, 0x2}, {0x81}}, @l2cap_disconn_rsp={{0x7, 0x2, 0x4}, {0x1, 0x2}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x0, 0x2}, {0x6}}, @l2cap_conn_req={{0x2, 0x6, 0x4}, {0xec, 0x9}}]}}, 0x41) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) (async, rerun: 32) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x1000}, "4c935c6efc13a92891214743a40e5085c023773e41afff2721cb8afdaef57d20559882149adb1d4d9150e888404b2e427bced1b42b45eb6e4e56c57fb8a646717912b0799fa5d7422215095c69b9451c811d798574a2c6fbfbdaa03b1e5bb49199bb3e3e11201076d7f9b06fab1b3f8acafd969d7bfc1e104fd3fdf08c3954d3cb455efaafede1bf67e84df636b6b1485bd440fe7e2d2456e46305a8ec6bf773a1142c63bebea29f076ec768d3655b4430c07438ce89bc4d58aa00bfc8f3b19ce93735a71dca44d3b5a8e6d0b945bce61a0a1837336c4da87077f4d13601d708a61b1637c13e51c3363614a89088bc93e46d94591265ff2b5a939ea73a15066742365e1be6abb321cc86793492be927e78523a5bc236cdd1180f537a210c9efbd9b966b33a5724d20b787a1ab072538b2b08720934a2eb332979152b56b1b20c0512c171978d7feda73748293eca9e15cfa2fd62438cee6d41435330dffefa2e7ae5da9d7d0845e727682d76810b57601f5a0603ccb5c6ae675a7e02d4f1e3a4cf5dd34fbcb757c7758e43721a506279d3647cfcc3e317060295083dca428909b9e49c32080248eb0d8ff1e8913eec659097c8bf540d09a707a9b9cafb41d0cf62e44ead251211183f1ada347c1ae5c5365eb02f1d1a4660e4416d9f8ff19a60158d7913533a3a511d2b612db7140339a11ba390a59e46c3a2d2fedda344a64a3ecae3e49e2c58541ae119ff831814cc9f86729a87f5a48133e794dee1b037e64095d18d66bf8e63993a573f2dd447ba74a44149e0d768a2d9415d8fe1d558a0886fb1615a406f7f4f0573e02a174ba4a88c476c1c93846cb7298fbbf0dc30eaa92c11fa75ecb57f8e8986f83f3083ba52f2231c4d7d3067b3b266db6bfe2bacf8a26ea0dee90258fe4fe3bf4d02345f72a012ff94a725a51d3b0efb1961c2dc8b83de1ca29b25391b0cf271f7105e0a26336a11d5cffd43c6adcb0f4445d08521cfd5d9e06483e0a0b81864e53bcc9acdf981caa9432360eb3c0a666dd0eeb00a94585f1dffd9ae493237a456403af534568bf84077911fb422d44d99af88a44dce7e624e483d4e31693bd142ff89d70ab303b16d5a79b1fe1aa0e2f234b4fd03d42e8f64cbc85a2919b74e239e9752f058cd05fab468ffda8d0b8d4105ddedd68bdc0387319a9ed8eeeaed189d683d0e1cc9c3c75a6bca13edacadf5317f8ddb07a72d17cfb551f3315d2179835ba93de488d43042becd8ee103a705dd2b5d73b9a55d73714f3ce02ecc174ebf8a56b56aaca243ca1d2cd1137b3a70000e39713312aa8d1495cddd66644cc6b777917e89e521a89008677c6f3cd26ff13fd9ef01d0e71a1bb625acf3244c1a9ca5efdf27d2a18ea613eb3a1fbaed56c9df9bf8a1483e81000a98ef2eaf25b7d049c11487911b423505dc43517002e6df4af4dad18894fa89639eaea50b668c8515193b168ed36f57ef45f7eb34361312ceebbb596028c37f72b9ccd94e1cfdd7faeb5bb3044ca9ab2bad9b97b9473fbefeacdf6a6c20403506852b3bbbc3a2443f7f08791b82a1cdf53d71d6cb8d32bee8a707f20167ef20ae85ab2ced30c60afe1e144da12e22bc50e838870f3ed2b1699c3f0e71ee93bfa55707e621317c4c98a001b5028634db14297d3dbdadeca76012c666cc07e3b3496d3144f4a552bba5b7c5b8a02e3e11804cf66c215529f7a120be90835b0d5d0f96f003677c02f3ab91cb131d1e644a826ad713cf8f4b46489e914ec8b18b91fe113a1ede08ef8a28523c0aa0dce6a6a628d3fd2ac98779acd545f3a333b7686f21e835c3671345ea712744e25e64f8cc2a4c79b550ac5d0a36e811ef6e37f33790fd104f1a72dfad9be43c230a6be7e05ef6d740bcedec88057fb413214b835975dfd33b0f877ab433026b62ac98d154baa7008954722be98c4e87dc69cadf1b26a7aca80e8cbb95f35a0ba36ec269d2ad9f4c0fdf657a0701f342dc06faeb167a01f0d633dc69035af50c136ca3fcbf80e5127462365a396e2bdeb889b8cf79ec17672bd54b55e46e2f8f2993614e7d5c5bdef2ead7d14880be6de6b8fdf363737d538d9ad884a1de044664b49dcc2b9e78f4ab6c592e501f4b7170908fb4866298a42b1d4fd59cfd093ef10b7ba9bed025b5584f08fec49a864eb52ef07b74838e384af180fe0b2b5f2b144cc3bfcfec9125073259521fda72f82cfc791b1d791d70c6d0ec514dea5ebbb37e154bde72b0b8fda6e3517ba53c2d7aa40b7680cf8da6fcf78c36ae9d8c11d05556515f9dc64fd522eed26e8e048b005d36fb700360b36615da874425a2dc5a4cc1ba251311dbe3bb205ba6504cbb3367ed34229e86ee680db75f6563b5f78e86b22598b211ba3716f1da15e2c4612d54a1aa81ebbba0d517a675da42e846605957ad0ceac3e3f45d9333fdec6030f619b40fd42889480eb8f4d5ef5ccd609c08744edb9cfb8d925f4b4121e0ed7635f87343233284992527b9f2ce52d44df7a56ca4de03a0555118c5afe86364d545d4bec516ef14195baa0aaeb58a52267cf34071c76af0b08d74e8221ec9bce28622aad356bfeff8a10a2504e4eaed90169147fc85f48ced00121634f0de39266c3f10145c19908fc0ec310ba4b8b0dd09614bb19e54cdb86f8470390cf490304487bdc57247d289b7e868d84395d3e7e965550225bc7d15031272e4be2c36924a923ff94a232361f5559bcef68b8d70c59e4ecd931975c6aa55f93f65e517c818d9090b9a78854ccabf90a50e174d260ec525f66429eb44f54842900228c9c4b02a3973d3b3976cf18119292758f8049fb88386bc747499277433fcd7e29faa6696f48bc8dd8cd1c06ec84f9b16ed01e2d9f533c30845f9fc5c82f260fa308cd6af74e591f66bcc2b9d6daa1d18f38d69a6233b2271ce0704337c532e74f738de7ae6a3e445be7d4b65f98901230f219624eed571cfb39a65fb3876242f5b5e21a645cd5f1e99b70b4fe8b332f91d2b32e8e8cfe482cfe9dec9ebf5a52a06650bfadcbf352d8c18a9ef827c656b1fa47c07468db1036cdabc103a87b2b58effe36380737b432d44e5ef64c0cf1de7ea1160dd1d6bfbdb2107d8a7177333b80814d015cf9d21bf72bd378ca8ddf2f6e71e6f2a68a861c85a6eb991fe3312a34e8444c096fac5dd515acfd086b5a504231072e45e86e58e7b2712ddbf7973132b6c8ceda5254362dda6dfd4985f8cda2d3019bc8d3dda98c4e7b149de3160771a558483771e7fa91b10a2d25c35484190e62d5c81d054d96029bfd16a967e49e9a71db5f764abb9ddbff8096bb0fbd4934152c8c23fe0d350dd97a71a6aee99451a0a681207f669d9c21fed07c8f97c53038d4a24d1ff73eacfd0fed11696cf6200f0adfebef99c2b94e977a07ff85083584b6ba42a25de1a8c9211a145214da6c726da9d4ca0fc0ee5e2151f71a046a5902b5f066808302d57fc24559e0944542922743a37fc8a9c0e38e44bcf2311c2696082b4236ad92ef72e70989c6d223b6fdc349db07beb8043d792d49406fa8cb3da47e65377dbe064cdb48eb3ec384fb5506b2f82aa4684d0c3e0d44b07e3d8caba5a81bf9b090c33a01f397e7755f20639245705c2276284785757f67f8786df7a7ae8a109c39e635232d585fe0df2bb20a0303468c0cbe243e8f8c28f83e8a22aa4726bd944e151f3f5e04e50a63b2a35de919fccb293bfa6e6433057ef7c1e0f3e2c1b4cef653644124e02f98653037873db1b3ccc9f883d7a1cea09243908232ccf6f8d00a05e103da51477312efd3fee50eae9a3297f851c12c45542e4cbb6fb4c6c003a62091d58394ecdfe674bd6f8bf2401bf3b7c3faf574ebc34763c11f158bc06e66865f92e8a75d6891cbd461fb7e2b083831d79aad503bb129f43b569e6a01c56a7907e5e458a2206def0334dc32a80bcc1d0c98d83ac9bd64aaf936dd72b5dcb4e5d78db5307040ff8a8df8af7a27e0ec743c048fc2c745f736131a2cdb8ce1d961b15768a6a99ce0bcaa01074ad7e5b1d6e33d9e77a89221e64a07f2715c3e3e8ddbf03616cd5baef7590d0c9b5ceb6ebc0258b546d287dd654e6c21b6c37909a45088418a3a8714401a1865cabc568000708a14797438a6c8060f94430f49df65e59a8119a33f3cb56be1b907b296ac099687ceea1e90b7381c6012e31bd3a80c027a086015e9a5cef33c80342d5dafc81f7252133ca2102f596fbcabf98ec8e0c7b11c6ed1e1e3466e910b05259317a52dd99ad83c659e26828ea4addc0ca0f162f1af0f75162dac51e52b6879d2b3b89a69dd0e5d0c79609503ab6cb5aae13bdf41e2c8cf0ef006c24cda5d4b5fad98641c4ab7718c779582a94ad627cac05f6b458e46a4fafce4f96ce5249a34e606dadea0a91642681e5118764ec885ec0ea22c28cd4b3d9d86ecfd001d15c47b4acbd934e694fae85aacf128f65bfdbea8bdf5f0accc21b840f793dc8dd939a14129c607a982a2e50bf7c8927666e63cb533ade2645a435458d21902eacf1c07f3946526aa01e1c96f5fb31876abf0abcb38e48cb3e472435a85f57a1fae350f927a66ad0ddf0dbb86c2d5fe450323b10419445271bb91d247a687216078b3775cc8697fbd01257265793b97f3d53fa908b8f83ae25b4f556215779d43480e949953242df463a362d90c16abfb7c2003559e2dfeb9ee338136d020f5fb88a962a526d4b6de8c1662b115e7c8aabba1e60d2b5cc3a81013584bf78e2765de500ca7ea18a5ca07deef284b97d6f6f9f4bdfdfcbf2742d974216b533d4b1e4a8492f8978a66e27abfd896bdca6fb5f9daaa52c87119b537848566434c6b50d73861eaad3dc8c7e2c367db6b146f697fb29b52a8827cb136636f9f1d0f136a5c18cd1fe2c2258b068c399e60c48a6f190d99d3e3ca8be405a0d9127c6c5e65520aacae23fe3b6f3bb1e781b6b7bc3d98b7d9602abbf0e794f35dc5af28a0aa9b8324319e3dbdc6ba5259e8474aca20ba48195ce7498322ec3deaee5732434a9a81393f8077e24973027761c2385aa916e01a97135b9443de097256059c5ad9491be822c7e0312b6bfe62da968cccef7a419a3a66333398b06f5cd15210ecfe3dd35703d6c624f00dae39dada9c3bf3628f416fa999181ad0257b410d66f040d9adbd5857c9cd845f52e4b66efe9a00c92bc0723a7a4335e17ab6aad39817bb1597631e6f03289b41af1a181f9e22832ba787dd302b746db2efa85148404909ae65b96631493b83039e71b0b7834ddbf048277f4c1b9f60c8a403269b60d1a023944865ad28a110eefdfb7603a552aa5300b36aa4149b0780f402df258335856739f8f3263255739a8a0f458e319f0790d83867df7092181a0eab3c014a25993cb24badc21df38504b5ad4a916fa8ef4b365c72241d2bc6cbc65d0d674c5808ee2672850dc06973419990353c03d15dfd0a2001672a61eccd4e360951c7ed4592f19e52a3d5e034be32d4d60cfa14c22de6dc000c01b8803f53105f4267df7401f7289483c79d8bce42fe7767b9626c60dcf34b765683abb7e089b4d754fa12aa3bd0e746f148cf4c442bcc82ac32d35cfb949e6b22ab48ae99eb01a636f400d3284f71e5d5f57c3ca217f3f91f47330e5c53b615689c050724f9c4ee029188608330bef9a2fe1a10913ac0f10b26db7adde700e6c6ddd8a574544ec27ef629d2c4fb50986cdc8dcaf8cf6df394fca547f29ca18592e39bd6fa191c44a1abfb206df82b2a050ba89453ad1bf08bb94e96d6862f684df1f935d"}, 0x1004) (rerun: 32) 19:27:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x9, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:47 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:47 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) mlockall(0x2) r2 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0xa, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:47 executing program 4: ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9700000000001000a05000000000a400000070034c2fffbe7cb0b9b61901332c85358387733655411382192d5beea31fd620584d8c5bcdad4b5abe00fc7a1b6561ab51942ab18e12dafee8d0082cc414a07a6a845c293b1000925d599afb33a4bcbe01206a6ff533aba28ef7e3133de688fab54f8423bfb1574d3e357ae90b2c35e0e0ab3d9871f081015dce7c443ce7167dec296f2a0e2613a0139e9f263be11f7ce5e29ebb1c9ec4895ff203e26829540e95e63bd23f794a2202c6d52d646ecfbac8dc14ac48da3a59df18385526446c8644493d6b81f3b5aa9643f6f752ac42925ff99379ec9342a25422d1fefd40cd2577189c7f10a831ac7b6aa8ee3e852806e1df5b492f14e4a0468a14b03936d6a73"], 0xbd) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0x3c}, @l2cap_cid_signaling={{0x38}, [@l2cap_info_req={{0xa, 0xff, 0x2}, {0x4000}}, @l2cap_conn_req={{0x2, 0x81, 0x4}, {0x7, 0x1}}, @l2cap_disconn_rsp={{0x7, 0x9, 0x4}, {0xffff, 0x9}}, @l2cap_info_req={{0xa, 0x5, 0x2}, {0x5}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x4, 0x2}, {0x81}}, @l2cap_disconn_rsp={{0x7, 0x2, 0x4}, {0x1, 0x2}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x0, 0x2}, {0x6}}, @l2cap_conn_req={{0x2, 0x6, 0x4}, {0xec, 0x9}}]}}, 0x41) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x1000}, "4c935c6efc13a92891214743a40e5085c023773e41afff2721cb8afdaef57d20559882149adb1d4d9150e888404b2e427bced1b42b45eb6e4e56c57fb8a646717912b0799fa5d7422215095c69b9451c811d798574a2c6fbfbdaa03b1e5bb49199bb3e3e11201076d7f9b06fab1b3f8acafd969d7bfc1e104fd3fdf08c3954d3cb455efaafede1bf67e84df636b6b1485bd440fe7e2d2456e46305a8ec6bf773a1142c63bebea29f076ec768d3655b4430c07438ce89bc4d58aa00bfc8f3b19ce93735a71dca44d3b5a8e6d0b945bce61a0a1837336c4da87077f4d13601d708a61b1637c13e51c3363614a89088bc93e46d94591265ff2b5a939ea73a15066742365e1be6abb321cc86793492be927e78523a5bc236cdd1180f537a210c9efbd9b966b33a5724d20b787a1ab072538b2b08720934a2eb332979152b56b1b20c0512c171978d7feda73748293eca9e15cfa2fd62438cee6d41435330dffefa2e7ae5da9d7d0845e727682d76810b57601f5a0603ccb5c6ae675a7e02d4f1e3a4cf5dd34fbcb757c7758e43721a506279d3647cfcc3e317060295083dca428909b9e49c32080248eb0d8ff1e8913eec659097c8bf540d09a707a9b9cafb41d0cf62e44ead251211183f1ada347c1ae5c5365eb02f1d1a4660e4416d9f8ff19a60158d7913533a3a511d2b612db7140339a11ba390a59e46c3a2d2fedda344a64a3ecae3e49e2c58541ae119ff831814cc9f86729a87f5a48133e794dee1b037e64095d18d66bf8e63993a573f2dd447ba74a44149e0d768a2d9415d8fe1d558a0886fb1615a406f7f4f0573e02a174ba4a88c476c1c93846cb7298fbbf0dc30eaa92c11fa75ecb57f8e8986f83f3083ba52f2231c4d7d3067b3b266db6bfe2bacf8a26ea0dee90258fe4fe3bf4d02345f72a012ff94a725a51d3b0efb1961c2dc8b83de1ca29b25391b0cf271f7105e0a26336a11d5cffd43c6adcb0f4445d08521cfd5d9e06483e0a0b81864e53bcc9acdf981caa9432360eb3c0a666dd0eeb00a94585f1dffd9ae493237a456403af534568bf84077911fb422d44d99af88a44dce7e624e483d4e31693bd142ff89d70ab303b16d5a79b1fe1aa0e2f234b4fd03d42e8f64cbc85a2919b74e239e9752f058cd05fab468ffda8d0b8d4105ddedd68bdc0387319a9ed8eeeaed189d683d0e1cc9c3c75a6bca13edacadf5317f8ddb07a72d17cfb551f3315d2179835ba93de488d43042becd8ee103a705dd2b5d73b9a55d73714f3ce02ecc174ebf8a56b56aaca243ca1d2cd1137b3a70000e39713312aa8d1495cddd66644cc6b777917e89e521a89008677c6f3cd26ff13fd9ef01d0e71a1bb625acf3244c1a9ca5efdf27d2a18ea613eb3a1fbaed56c9df9bf8a1483e81000a98ef2eaf25b7d049c11487911b423505dc43517002e6df4af4dad18894fa89639eaea50b668c8515193b168ed36f57ef45f7eb34361312ceebbb596028c37f72b9ccd94e1cfdd7faeb5bb3044ca9ab2bad9b97b9473fbefeacdf6a6c20403506852b3bbbc3a2443f7f08791b82a1cdf53d71d6cb8d32bee8a707f20167ef20ae85ab2ced30c60afe1e144da12e22bc50e838870f3ed2b1699c3f0e71ee93bfa55707e621317c4c98a001b5028634db14297d3dbdadeca76012c666cc07e3b3496d3144f4a552bba5b7c5b8a02e3e11804cf66c215529f7a120be90835b0d5d0f96f003677c02f3ab91cb131d1e644a826ad713cf8f4b46489e914ec8b18b91fe113a1ede08ef8a28523c0aa0dce6a6a628d3fd2ac98779acd545f3a333b7686f21e835c3671345ea712744e25e64f8cc2a4c79b550ac5d0a36e811ef6e37f33790fd104f1a72dfad9be43c230a6be7e05ef6d740bcedec88057fb413214b835975dfd33b0f877ab433026b62ac98d154baa7008954722be98c4e87dc69cadf1b26a7aca80e8cbb95f35a0ba36ec269d2ad9f4c0fdf657a0701f342dc06faeb167a01f0d633dc69035af50c136ca3fcbf80e5127462365a396e2bdeb889b8cf79ec17672bd54b55e46e2f8f2993614e7d5c5bdef2ead7d14880be6de6b8fdf363737d538d9ad884a1de044664b49dcc2b9e78f4ab6c592e501f4b7170908fb4866298a42b1d4fd59cfd093ef10b7ba9bed025b5584f08fec49a864eb52ef07b74838e384af180fe0b2b5f2b144cc3bfcfec9125073259521fda72f82cfc791b1d791d70c6d0ec514dea5ebbb37e154bde72b0b8fda6e3517ba53c2d7aa40b7680cf8da6fcf78c36ae9d8c11d05556515f9dc64fd522eed26e8e048b005d36fb700360b36615da874425a2dc5a4cc1ba251311dbe3bb205ba6504cbb3367ed34229e86ee680db75f6563b5f78e86b22598b211ba3716f1da15e2c4612d54a1aa81ebbba0d517a675da42e846605957ad0ceac3e3f45d9333fdec6030f619b40fd42889480eb8f4d5ef5ccd609c08744edb9cfb8d925f4b4121e0ed7635f87343233284992527b9f2ce52d44df7a56ca4de03a0555118c5afe86364d545d4bec516ef14195baa0aaeb58a52267cf34071c76af0b08d74e8221ec9bce28622aad356bfeff8a10a2504e4eaed90169147fc85f48ced00121634f0de39266c3f10145c19908fc0ec310ba4b8b0dd09614bb19e54cdb86f8470390cf490304487bdc57247d289b7e868d84395d3e7e965550225bc7d15031272e4be2c36924a923ff94a232361f5559bcef68b8d70c59e4ecd931975c6aa55f93f65e517c818d9090b9a78854ccabf90a50e174d260ec525f66429eb44f54842900228c9c4b02a3973d3b3976cf18119292758f8049fb88386bc747499277433fcd7e29faa6696f48bc8dd8cd1c06ec84f9b16ed01e2d9f533c30845f9fc5c82f260fa308cd6af74e591f66bcc2b9d6daa1d18f38d69a6233b2271ce0704337c532e74f738de7ae6a3e445be7d4b65f98901230f219624eed571cfb39a65fb3876242f5b5e21a645cd5f1e99b70b4fe8b332f91d2b32e8e8cfe482cfe9dec9ebf5a52a06650bfadcbf352d8c18a9ef827c656b1fa47c07468db1036cdabc103a87b2b58effe36380737b432d44e5ef64c0cf1de7ea1160dd1d6bfbdb2107d8a7177333b80814d015cf9d21bf72bd378ca8ddf2f6e71e6f2a68a861c85a6eb991fe3312a34e8444c096fac5dd515acfd086b5a504231072e45e86e58e7b2712ddbf7973132b6c8ceda5254362dda6dfd4985f8cda2d3019bc8d3dda98c4e7b149de3160771a558483771e7fa91b10a2d25c35484190e62d5c81d054d96029bfd16a967e49e9a71db5f764abb9ddbff8096bb0fbd4934152c8c23fe0d350dd97a71a6aee99451a0a681207f669d9c21fed07c8f97c53038d4a24d1ff73eacfd0fed11696cf6200f0adfebef99c2b94e977a07ff85083584b6ba42a25de1a8c9211a145214da6c726da9d4ca0fc0ee5e2151f71a046a5902b5f066808302d57fc24559e0944542922743a37fc8a9c0e38e44bcf2311c2696082b4236ad92ef72e70989c6d223b6fdc349db07beb8043d792d49406fa8cb3da47e65377dbe064cdb48eb3ec384fb5506b2f82aa4684d0c3e0d44b07e3d8caba5a81bf9b090c33a01f397e7755f20639245705c2276284785757f67f8786df7a7ae8a109c39e635232d585fe0df2bb20a0303468c0cbe243e8f8c28f83e8a22aa4726bd944e151f3f5e04e50a63b2a35de919fccb293bfa6e6433057ef7c1e0f3e2c1b4cef653644124e02f98653037873db1b3ccc9f883d7a1cea09243908232ccf6f8d00a05e103da51477312efd3fee50eae9a3297f851c12c45542e4cbb6fb4c6c003a62091d58394ecdfe674bd6f8bf2401bf3b7c3faf574ebc34763c11f158bc06e66865f92e8a75d6891cbd461fb7e2b083831d79aad503bb129f43b569e6a01c56a7907e5e458a2206def0334dc32a80bcc1d0c98d83ac9bd64aaf936dd72b5dcb4e5d78db5307040ff8a8df8af7a27e0ec743c048fc2c745f736131a2cdb8ce1d961b15768a6a99ce0bcaa01074ad7e5b1d6e33d9e77a89221e64a07f2715c3e3e8ddbf03616cd5baef7590d0c9b5ceb6ebc0258b546d287dd654e6c21b6c37909a45088418a3a8714401a1865cabc568000708a14797438a6c8060f94430f49df65e59a8119a33f3cb56be1b907b296ac099687ceea1e90b7381c6012e31bd3a80c027a086015e9a5cef33c80342d5dafc81f7252133ca2102f596fbcabf98ec8e0c7b11c6ed1e1e3466e910b05259317a52dd99ad83c659e26828ea4addc0ca0f162f1af0f75162dac51e52b6879d2b3b89a69dd0e5d0c79609503ab6cb5aae13bdf41e2c8cf0ef006c24cda5d4b5fad98641c4ab7718c779582a94ad627cac05f6b458e46a4fafce4f96ce5249a34e606dadea0a91642681e5118764ec885ec0ea22c28cd4b3d9d86ecfd001d15c47b4acbd934e694fae85aacf128f65bfdbea8bdf5f0accc21b840f793dc8dd939a14129c607a982a2e50bf7c8927666e63cb533ade2645a435458d21902eacf1c07f3946526aa01e1c96f5fb31876abf0abcb38e48cb3e472435a85f57a1fae350f927a66ad0ddf0dbb86c2d5fe450323b10419445271bb91d247a687216078b3775cc8697fbd01257265793b97f3d53fa908b8f83ae25b4f556215779d43480e949953242df463a362d90c16abfb7c2003559e2dfeb9ee338136d020f5fb88a962a526d4b6de8c1662b115e7c8aabba1e60d2b5cc3a81013584bf78e2765de500ca7ea18a5ca07deef284b97d6f6f9f4bdfdfcbf2742d974216b533d4b1e4a8492f8978a66e27abfd896bdca6fb5f9daaa52c87119b537848566434c6b50d73861eaad3dc8c7e2c367db6b146f697fb29b52a8827cb136636f9f1d0f136a5c18cd1fe2c2258b068c399e60c48a6f190d99d3e3ca8be405a0d9127c6c5e65520aacae23fe3b6f3bb1e781b6b7bc3d98b7d9602abbf0e794f35dc5af28a0aa9b8324319e3dbdc6ba5259e8474aca20ba48195ce7498322ec3deaee5732434a9a81393f8077e24973027761c2385aa916e01a97135b9443de097256059c5ad9491be822c7e0312b6bfe62da968cccef7a419a3a66333398b06f5cd15210ecfe3dd35703d6c624f00dae39dada9c3bf3628f416fa999181ad0257b410d66f040d9adbd5857c9cd845f52e4b66efe9a00c92bc0723a7a4335e17ab6aad39817bb1597631e6f03289b41af1a181f9e22832ba787dd302b746db2efa85148404909ae65b96631493b83039e71b0b7834ddbf048277f4c1b9f60c8a403269b60d1a023944865ad28a110eefdfb7603a552aa5300b36aa4149b0780f402df258335856739f8f3263255739a8a0f458e319f0790d83867df7092181a0eab3c014a25993cb24badc21df38504b5ad4a916fa8ef4b365c72241d2bc6cbc65d0d674c5808ee2672850dc06973419990353c03d15dfd0a2001672a61eccd4e360951c7ed4592f19e52a3d5e034be32d4d60cfa14c22de6dc000c01b8803f53105f4267df7401f7289483c79d8bce42fe7767b9626c60dcf34b765683abb7e089b4d754fa12aa3bd0e746f148cf4c442bcc82ac32d35cfb949e6b22ab48ae99eb01a636f400d3284f71e5d5f57c3ca217f3f91f47330e5c53b615689c050724f9c4ee029188608330bef9a2fe1a10913ac0f10b26db7adde700e6c6ddd8a574544ec27ef629d2c4fb50986cdc8dcaf8cf6df394fca547f29ca18592e39bd6fa191c44a1abfb206df82b2a050ba89453ad1bf08bb94e96d6862f684df1f935d"}, 0x1004) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9700000000001000a05000000000a400000070034c2fffbe7cb0b9b61901332c85358387733655411382192d5beea31fd620584d8c5bcdad4b5abe00fc7a1b6561ab51942ab18e12dafee8d0082cc414a07a6a845c293b1000925d599afb33a4bcbe01206a6ff533aba28ef7e3133de688fab54f8423bfb1574d3e357ae90b2c35e0e0ab3d9871f081015dce7c443ce7167dec296f2a0e2613a0139e9f263be11f7ce5e29ebb1c9ec4895ff203e26829540e95e63bd23f794a2202c6d52d646ecfbac8dc14ac48da3a59df18385526446c8644493d6b81f3b5aa9643f6f752ac42925ff99379ec9342a25422d1fefd40cd2577189c7f10a831ac7b6aa8ee3e852806e1df5b492f14e4a0468a14b03936d6a73"], 0xbd) (async) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0x3c}, @l2cap_cid_signaling={{0x38}, [@l2cap_info_req={{0xa, 0xff, 0x2}, {0x4000}}, @l2cap_conn_req={{0x2, 0x81, 0x4}, {0x7, 0x1}}, @l2cap_disconn_rsp={{0x7, 0x9, 0x4}, {0xffff, 0x9}}, @l2cap_info_req={{0xa, 0x5, 0x2}, {0x5}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x4, 0x2}, {0x81}}, @l2cap_disconn_rsp={{0x7, 0x2, 0x4}, {0x1, 0x2}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x0, 0x2}, {0x6}}, @l2cap_conn_req={{0x2, 0x6, 0x4}, {0xec, 0x9}}]}}, 0x41) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) (async) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x1000}, "4c935c6efc13a92891214743a40e5085c023773e41afff2721cb8afdaef57d20559882149adb1d4d9150e888404b2e427bced1b42b45eb6e4e56c57fb8a646717912b0799fa5d7422215095c69b9451c811d798574a2c6fbfbdaa03b1e5bb49199bb3e3e11201076d7f9b06fab1b3f8acafd969d7bfc1e104fd3fdf08c3954d3cb455efaafede1bf67e84df636b6b1485bd440fe7e2d2456e46305a8ec6bf773a1142c63bebea29f076ec768d3655b4430c07438ce89bc4d58aa00bfc8f3b19ce93735a71dca44d3b5a8e6d0b945bce61a0a1837336c4da87077f4d13601d708a61b1637c13e51c3363614a89088bc93e46d94591265ff2b5a939ea73a15066742365e1be6abb321cc86793492be927e78523a5bc236cdd1180f537a210c9efbd9b966b33a5724d20b787a1ab072538b2b08720934a2eb332979152b56b1b20c0512c171978d7feda73748293eca9e15cfa2fd62438cee6d41435330dffefa2e7ae5da9d7d0845e727682d76810b57601f5a0603ccb5c6ae675a7e02d4f1e3a4cf5dd34fbcb757c7758e43721a506279d3647cfcc3e317060295083dca428909b9e49c32080248eb0d8ff1e8913eec659097c8bf540d09a707a9b9cafb41d0cf62e44ead251211183f1ada347c1ae5c5365eb02f1d1a4660e4416d9f8ff19a60158d7913533a3a511d2b612db7140339a11ba390a59e46c3a2d2fedda344a64a3ecae3e49e2c58541ae119ff831814cc9f86729a87f5a48133e794dee1b037e64095d18d66bf8e63993a573f2dd447ba74a44149e0d768a2d9415d8fe1d558a0886fb1615a406f7f4f0573e02a174ba4a88c476c1c93846cb7298fbbf0dc30eaa92c11fa75ecb57f8e8986f83f3083ba52f2231c4d7d3067b3b266db6bfe2bacf8a26ea0dee90258fe4fe3bf4d02345f72a012ff94a725a51d3b0efb1961c2dc8b83de1ca29b25391b0cf271f7105e0a26336a11d5cffd43c6adcb0f4445d08521cfd5d9e06483e0a0b81864e53bcc9acdf981caa9432360eb3c0a666dd0eeb00a94585f1dffd9ae493237a456403af534568bf84077911fb422d44d99af88a44dce7e624e483d4e31693bd142ff89d70ab303b16d5a79b1fe1aa0e2f234b4fd03d42e8f64cbc85a2919b74e239e9752f058cd05fab468ffda8d0b8d4105ddedd68bdc0387319a9ed8eeeaed189d683d0e1cc9c3c75a6bca13edacadf5317f8ddb07a72d17cfb551f3315d2179835ba93de488d43042becd8ee103a705dd2b5d73b9a55d73714f3ce02ecc174ebf8a56b56aaca243ca1d2cd1137b3a70000e39713312aa8d1495cddd66644cc6b777917e89e521a89008677c6f3cd26ff13fd9ef01d0e71a1bb625acf3244c1a9ca5efdf27d2a18ea613eb3a1fbaed56c9df9bf8a1483e81000a98ef2eaf25b7d049c11487911b423505dc43517002e6df4af4dad18894fa89639eaea50b668c8515193b168ed36f57ef45f7eb34361312ceebbb596028c37f72b9ccd94e1cfdd7faeb5bb3044ca9ab2bad9b97b9473fbefeacdf6a6c20403506852b3bbbc3a2443f7f08791b82a1cdf53d71d6cb8d32bee8a707f20167ef20ae85ab2ced30c60afe1e144da12e22bc50e838870f3ed2b1699c3f0e71ee93bfa55707e621317c4c98a001b5028634db14297d3dbdadeca76012c666cc07e3b3496d3144f4a552bba5b7c5b8a02e3e11804cf66c215529f7a120be90835b0d5d0f96f003677c02f3ab91cb131d1e644a826ad713cf8f4b46489e914ec8b18b91fe113a1ede08ef8a28523c0aa0dce6a6a628d3fd2ac98779acd545f3a333b7686f21e835c3671345ea712744e25e64f8cc2a4c79b550ac5d0a36e811ef6e37f33790fd104f1a72dfad9be43c230a6be7e05ef6d740bcedec88057fb413214b835975dfd33b0f877ab433026b62ac98d154baa7008954722be98c4e87dc69cadf1b26a7aca80e8cbb95f35a0ba36ec269d2ad9f4c0fdf657a0701f342dc06faeb167a01f0d633dc69035af50c136ca3fcbf80e5127462365a396e2bdeb889b8cf79ec17672bd54b55e46e2f8f2993614e7d5c5bdef2ead7d14880be6de6b8fdf363737d538d9ad884a1de044664b49dcc2b9e78f4ab6c592e501f4b7170908fb4866298a42b1d4fd59cfd093ef10b7ba9bed025b5584f08fec49a864eb52ef07b74838e384af180fe0b2b5f2b144cc3bfcfec9125073259521fda72f82cfc791b1d791d70c6d0ec514dea5ebbb37e154bde72b0b8fda6e3517ba53c2d7aa40b7680cf8da6fcf78c36ae9d8c11d05556515f9dc64fd522eed26e8e048b005d36fb700360b36615da874425a2dc5a4cc1ba251311dbe3bb205ba6504cbb3367ed34229e86ee680db75f6563b5f78e86b22598b211ba3716f1da15e2c4612d54a1aa81ebbba0d517a675da42e846605957ad0ceac3e3f45d9333fdec6030f619b40fd42889480eb8f4d5ef5ccd609c08744edb9cfb8d925f4b4121e0ed7635f87343233284992527b9f2ce52d44df7a56ca4de03a0555118c5afe86364d545d4bec516ef14195baa0aaeb58a52267cf34071c76af0b08d74e8221ec9bce28622aad356bfeff8a10a2504e4eaed90169147fc85f48ced00121634f0de39266c3f10145c19908fc0ec310ba4b8b0dd09614bb19e54cdb86f8470390cf490304487bdc57247d289b7e868d84395d3e7e965550225bc7d15031272e4be2c36924a923ff94a232361f5559bcef68b8d70c59e4ecd931975c6aa55f93f65e517c818d9090b9a78854ccabf90a50e174d260ec525f66429eb44f54842900228c9c4b02a3973d3b3976cf18119292758f8049fb88386bc747499277433fcd7e29faa6696f48bc8dd8cd1c06ec84f9b16ed01e2d9f533c30845f9fc5c82f260fa308cd6af74e591f66bcc2b9d6daa1d18f38d69a6233b2271ce0704337c532e74f738de7ae6a3e445be7d4b65f98901230f219624eed571cfb39a65fb3876242f5b5e21a645cd5f1e99b70b4fe8b332f91d2b32e8e8cfe482cfe9dec9ebf5a52a06650bfadcbf352d8c18a9ef827c656b1fa47c07468db1036cdabc103a87b2b58effe36380737b432d44e5ef64c0cf1de7ea1160dd1d6bfbdb2107d8a7177333b80814d015cf9d21bf72bd378ca8ddf2f6e71e6f2a68a861c85a6eb991fe3312a34e8444c096fac5dd515acfd086b5a504231072e45e86e58e7b2712ddbf7973132b6c8ceda5254362dda6dfd4985f8cda2d3019bc8d3dda98c4e7b149de3160771a558483771e7fa91b10a2d25c35484190e62d5c81d054d96029bfd16a967e49e9a71db5f764abb9ddbff8096bb0fbd4934152c8c23fe0d350dd97a71a6aee99451a0a681207f669d9c21fed07c8f97c53038d4a24d1ff73eacfd0fed11696cf6200f0adfebef99c2b94e977a07ff85083584b6ba42a25de1a8c9211a145214da6c726da9d4ca0fc0ee5e2151f71a046a5902b5f066808302d57fc24559e0944542922743a37fc8a9c0e38e44bcf2311c2696082b4236ad92ef72e70989c6d223b6fdc349db07beb8043d792d49406fa8cb3da47e65377dbe064cdb48eb3ec384fb5506b2f82aa4684d0c3e0d44b07e3d8caba5a81bf9b090c33a01f397e7755f20639245705c2276284785757f67f8786df7a7ae8a109c39e635232d585fe0df2bb20a0303468c0cbe243e8f8c28f83e8a22aa4726bd944e151f3f5e04e50a63b2a35de919fccb293bfa6e6433057ef7c1e0f3e2c1b4cef653644124e02f98653037873db1b3ccc9f883d7a1cea09243908232ccf6f8d00a05e103da51477312efd3fee50eae9a3297f851c12c45542e4cbb6fb4c6c003a62091d58394ecdfe674bd6f8bf2401bf3b7c3faf574ebc34763c11f158bc06e66865f92e8a75d6891cbd461fb7e2b083831d79aad503bb129f43b569e6a01c56a7907e5e458a2206def0334dc32a80bcc1d0c98d83ac9bd64aaf936dd72b5dcb4e5d78db5307040ff8a8df8af7a27e0ec743c048fc2c745f736131a2cdb8ce1d961b15768a6a99ce0bcaa01074ad7e5b1d6e33d9e77a89221e64a07f2715c3e3e8ddbf03616cd5baef7590d0c9b5ceb6ebc0258b546d287dd654e6c21b6c37909a45088418a3a8714401a1865cabc568000708a14797438a6c8060f94430f49df65e59a8119a33f3cb56be1b907b296ac099687ceea1e90b7381c6012e31bd3a80c027a086015e9a5cef33c80342d5dafc81f7252133ca2102f596fbcabf98ec8e0c7b11c6ed1e1e3466e910b05259317a52dd99ad83c659e26828ea4addc0ca0f162f1af0f75162dac51e52b6879d2b3b89a69dd0e5d0c79609503ab6cb5aae13bdf41e2c8cf0ef006c24cda5d4b5fad98641c4ab7718c779582a94ad627cac05f6b458e46a4fafce4f96ce5249a34e606dadea0a91642681e5118764ec885ec0ea22c28cd4b3d9d86ecfd001d15c47b4acbd934e694fae85aacf128f65bfdbea8bdf5f0accc21b840f793dc8dd939a14129c607a982a2e50bf7c8927666e63cb533ade2645a435458d21902eacf1c07f3946526aa01e1c96f5fb31876abf0abcb38e48cb3e472435a85f57a1fae350f927a66ad0ddf0dbb86c2d5fe450323b10419445271bb91d247a687216078b3775cc8697fbd01257265793b97f3d53fa908b8f83ae25b4f556215779d43480e949953242df463a362d90c16abfb7c2003559e2dfeb9ee338136d020f5fb88a962a526d4b6de8c1662b115e7c8aabba1e60d2b5cc3a81013584bf78e2765de500ca7ea18a5ca07deef284b97d6f6f9f4bdfdfcbf2742d974216b533d4b1e4a8492f8978a66e27abfd896bdca6fb5f9daaa52c87119b537848566434c6b50d73861eaad3dc8c7e2c367db6b146f697fb29b52a8827cb136636f9f1d0f136a5c18cd1fe2c2258b068c399e60c48a6f190d99d3e3ca8be405a0d9127c6c5e65520aacae23fe3b6f3bb1e781b6b7bc3d98b7d9602abbf0e794f35dc5af28a0aa9b8324319e3dbdc6ba5259e8474aca20ba48195ce7498322ec3deaee5732434a9a81393f8077e24973027761c2385aa916e01a97135b9443de097256059c5ad9491be822c7e0312b6bfe62da968cccef7a419a3a66333398b06f5cd15210ecfe3dd35703d6c624f00dae39dada9c3bf3628f416fa999181ad0257b410d66f040d9adbd5857c9cd845f52e4b66efe9a00c92bc0723a7a4335e17ab6aad39817bb1597631e6f03289b41af1a181f9e22832ba787dd302b746db2efa85148404909ae65b96631493b83039e71b0b7834ddbf048277f4c1b9f60c8a403269b60d1a023944865ad28a110eefdfb7603a552aa5300b36aa4149b0780f402df258335856739f8f3263255739a8a0f458e319f0790d83867df7092181a0eab3c014a25993cb24badc21df38504b5ad4a916fa8ef4b365c72241d2bc6cbc65d0d674c5808ee2672850dc06973419990353c03d15dfd0a2001672a61eccd4e360951c7ed4592f19e52a3d5e034be32d4d60cfa14c22de6dc000c01b8803f53105f4267df7401f7289483c79d8bce42fe7767b9626c60dcf34b765683abb7e089b4d754fa12aa3bd0e746f148cf4c442bcc82ac32d35cfb949e6b22ab48ae99eb01a636f400d3284f71e5d5f57c3ca217f3f91f47330e5c53b615689c050724f9c4ee029188608330bef9a2fe1a10913ac0f10b26db7adde700e6c6ddd8a574544ec27ef629d2c4fb50986cdc8dcaf8cf6df394fca547f29ca18592e39bd6fa191c44a1abfb206df82b2a050ba89453ad1bf08bb94e96d6862f684df1f935d"}, 0x1004) (async) 19:27:47 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)) 19:27:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0xb, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:47 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8}}, 0x4) 19:27:47 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:47 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:47 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8}}, 0x4) 19:27:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0xc, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:47 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) mlockall(0x2) r2 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:47 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8}}, 0x4) (rerun: 64) 19:27:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0xf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:47 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0a90d22bb423326b81c9b2bb781ff9a2abb20c1a44464644466372a7a9a092e99258ded6f9a70a6b40f7b549022a8f6e874b5add23a56802487e91b0df010d0bba4bb8fd2ecfb67fbeb68c388035ab420f57b293cd8ef84d74c0e5918b63c62edec56140f521f87bf8c73ece50211c16a922b8c1cda9f6d735a17bff03e9b1af168cdeab125e72a58aac0af927d9c3347ed3436c975c44c977"], 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @HCI_EV_INQUIRY_COMPLETE={{0x1, 0x1}, 0x1}}, 0x4) 19:27:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x10, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:48 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:48 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:48 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) fanotify_init(0x4, 0x1000) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x11, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:48 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0a90d22bb423326b81c9b2bb781ff9a2abb20c1a44464644466372a7a9a092e99258ded6f9a70a6b40f7b549022a8f6e874b5add23a56802487e91b0df010d0bba4bb8fd2ecfb67fbeb68c388035ab420f57b293cd8ef84d74c0e5918b63c62edec56140f521f87bf8c73ece50211c16a922b8c1cda9f6d735a17bff03e9b1af168cdeab125e72a58aac0af927d9c3347ed3436c975c44c977"], 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @HCI_EV_INQUIRY_COMPLETE={{0x1, 0x1}, 0x1}}, 0x4) 19:27:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x12, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:48 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:48 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0a90d22bb423326b81c9b2bb781ff9a2abb20c1a44464644466372a7a9a092e99258ded6f9a70a6b40f7b549022a8f6e874b5add23a56802487e91b0df010d0bba4bb8fd2ecfb67fbeb68c388035ab420f57b293cd8ef84d74c0e5918b63c62edec56140f521f87bf8c73ece50211c16a922b8c1cda9f6d735a17bff03e9b1af168cdeab125e72a58aac0af927d9c3347ed3436c975c44c977"], 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @HCI_EV_INQUIRY_COMPLETE={{0x1, 0x1}, 0x1}}, 0x4) 19:27:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x13, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:48 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x52}, "9891b3ed12d1b2afa4327c789b52559d95a10938fac0d821fe3b28ba13f7fe5afe94a79b3a526f1efc42c2eefa5ff1cd6a18bfc599b6d052575d517f5108fb5b86a56f59da44f3dc0241ce82ef9d76602970"}, 0x56) 19:27:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x70, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:48 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x52}, "9891b3ed12d1b2afa4327c789b52559d95a10938fac0d821fe3b28ba13f7fe5afe94a79b3a526f1efc42c2eefa5ff1cd6a18bfc599b6d052575d517f5108fb5b86a56f59da44f3dc0241ce82ef9d76602970"}, 0x56) (rerun: 64) 19:27:48 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:48 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x300, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:48 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:48 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x52}, "9891b3ed12d1b2afa4327c789b52559d95a10938fac0d821fe3b28ba13f7fe5afe94a79b3a526f1efc42c2eefa5ff1cd6a18bfc599b6d052575d517f5108fb5b86a56f59da44f3dc0241ce82ef9d76602970"}, 0x56) 19:27:48 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) fanotify_init(0x4, 0x1000) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:48 executing program 4: r0 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r2, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r6, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) sendmsg$tipc(r9, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000440)="b25b69b74f1b0fd1e96b4329d9b9f98897ddb4a7adbe643a7646d97e9e908134b47b585827eeda56ecee32bdea710a20bd9853453abd4b022000df8efc7d28ffdd9b2ae4241343c441ffddfe2b59114e9a0c56b7ce29e3db42a83aaabdcf7e009333e27eef512e284566fe40fbffcf14e07f3e14e8a74de94d", 0x79}, {&(0x7f00000004c0)="10f0e991a7e0659f82264716200dc7b22c7320423f917ecd72572a06c3a6ca96a10d492a1a5801e4fece6c533f9abd0551269d35c7579c9555540bd320269d4099c5c6b45205f2d6291a42e153cb2d5db1edacad7aae29ababdea7dbb2439e293a26a8c69b0bde4147edad74a5e3", 0x6e}, {&(0x7f0000000540)="e29dbed86e37edf374776f10931241d97f52bf72e88baf8e96ea972388ff8171f938c06eef70dc60a7c73a5b6ce356437eaf806d8480fce40cf75a841845399cfd9d24", 0x43}, {&(0x7f00000005c0)="b251fd7ae245891b0f4565ca6334ee", 0xf}, {&(0x7f0000000600)="cc9160970f", 0x5}], 0x5, &(0x7f0000000680)="7e19759af4a50535a4efec8abcf2ccf59dcbe597e604199e77aa89aac68ecee01cb129f4d1c46ae97e4873e15dbfa7c8ebbfe1648baa95847388956b2fe25d2b89d9ad1d3b274daeb46066b3c2f4ea009b50682e11999cca930e51f49b9a8c617b1cbf5e7315f4a90caafff7f6af85d8911a8caa834e0fe5968ac47756740c0a544753065f85172cf890551286ab346a44563174b116444e291266dc83b1ec9260b333fd5f22f5e0a6eca836f4eec32a372fe272d6a29428cdaace0fbc046f526bd77fadae68f479ad121f752171e8bc6f40c117180b6425d5e689961c190c33b4bfcb1a03b2e339a4e53d8370b6", 0xee, 0x10}, 0x8084) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r2, 0x20, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4004890) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r0, 0x300, 0x70bd29, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc8c4}, 0x4004080) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0xac, r10, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x0, 0x2, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_ADDR={0x18, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x6, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}]}, 0xac}, 0x1, 0x0, 0x0, 0x20000010}, 0x10000001) 19:27:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:48 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:48 executing program 4: r0 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r2, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async, rerun: 32) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 64) r7 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r6, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) sendmsg$tipc(r9, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000440)="b25b69b74f1b0fd1e96b4329d9b9f98897ddb4a7adbe643a7646d97e9e908134b47b585827eeda56ecee32bdea710a20bd9853453abd4b022000df8efc7d28ffdd9b2ae4241343c441ffddfe2b59114e9a0c56b7ce29e3db42a83aaabdcf7e009333e27eef512e284566fe40fbffcf14e07f3e14e8a74de94d", 0x79}, {&(0x7f00000004c0)="10f0e991a7e0659f82264716200dc7b22c7320423f917ecd72572a06c3a6ca96a10d492a1a5801e4fece6c533f9abd0551269d35c7579c9555540bd320269d4099c5c6b45205f2d6291a42e153cb2d5db1edacad7aae29ababdea7dbb2439e293a26a8c69b0bde4147edad74a5e3", 0x6e}, {&(0x7f0000000540)="e29dbed86e37edf374776f10931241d97f52bf72e88baf8e96ea972388ff8171f938c06eef70dc60a7c73a5b6ce356437eaf806d8480fce40cf75a841845399cfd9d24", 0x43}, {&(0x7f00000005c0)="b251fd7ae245891b0f4565ca6334ee", 0xf}, {&(0x7f0000000600)="cc9160970f", 0x5}], 0x5, &(0x7f0000000680)="7e19759af4a50535a4efec8abcf2ccf59dcbe597e604199e77aa89aac68ecee01cb129f4d1c46ae97e4873e15dbfa7c8ebbfe1648baa95847388956b2fe25d2b89d9ad1d3b274daeb46066b3c2f4ea009b50682e11999cca930e51f49b9a8c617b1cbf5e7315f4a90caafff7f6af85d8911a8caa834e0fe5968ac47756740c0a544753065f85172cf890551286ab346a44563174b116444e291266dc83b1ec9260b333fd5f22f5e0a6eca836f4eec32a372fe272d6a29428cdaace0fbc046f526bd77fadae68f479ad121f752171e8bc6f40c117180b6425d5e689961c190c33b4bfcb1a03b2e339a4e53d8370b6", 0xee, 0x10}, 0x8084) (async, rerun: 32) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r2, 0x20, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4004890) (async, rerun: 32) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r0, 0x300, 0x70bd29, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc8c4}, 0x4004080) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0xac, r10, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x0, 0x2, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_ADDR={0x18, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x6, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}]}, 0xac}, 0x1, 0x0, 0x0, 0x20000010}, 0x10000001) 19:27:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x2, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:48 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 4: r0 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 32) r3 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r2, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 32) r7 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r6, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async, rerun: 32) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) (rerun: 32) sendmsg$tipc(r9, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000440)="b25b69b74f1b0fd1e96b4329d9b9f98897ddb4a7adbe643a7646d97e9e908134b47b585827eeda56ecee32bdea710a20bd9853453abd4b022000df8efc7d28ffdd9b2ae4241343c441ffddfe2b59114e9a0c56b7ce29e3db42a83aaabdcf7e009333e27eef512e284566fe40fbffcf14e07f3e14e8a74de94d", 0x79}, {&(0x7f00000004c0)="10f0e991a7e0659f82264716200dc7b22c7320423f917ecd72572a06c3a6ca96a10d492a1a5801e4fece6c533f9abd0551269d35c7579c9555540bd320269d4099c5c6b45205f2d6291a42e153cb2d5db1edacad7aae29ababdea7dbb2439e293a26a8c69b0bde4147edad74a5e3", 0x6e}, {&(0x7f0000000540)="e29dbed86e37edf374776f10931241d97f52bf72e88baf8e96ea972388ff8171f938c06eef70dc60a7c73a5b6ce356437eaf806d8480fce40cf75a841845399cfd9d24", 0x43}, {&(0x7f00000005c0)="b251fd7ae245891b0f4565ca6334ee", 0xf}, {&(0x7f0000000600)="cc9160970f", 0x5}], 0x5, &(0x7f0000000680)="7e19759af4a50535a4efec8abcf2ccf59dcbe597e604199e77aa89aac68ecee01cb129f4d1c46ae97e4873e15dbfa7c8ebbfe1648baa95847388956b2fe25d2b89d9ad1d3b274daeb46066b3c2f4ea009b50682e11999cca930e51f49b9a8c617b1cbf5e7315f4a90caafff7f6af85d8911a8caa834e0fe5968ac47756740c0a544753065f85172cf890551286ab346a44563174b116444e291266dc83b1ec9260b333fd5f22f5e0a6eca836f4eec32a372fe272d6a29428cdaace0fbc046f526bd77fadae68f479ad121f752171e8bc6f40c117180b6425d5e689961c190c33b4bfcb1a03b2e339a4e53d8370b6", 0xee, 0x10}, 0x8084) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r2, 0x20, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4004890) (async, rerun: 64) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r0, 0x300, 0x70bd29, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc8c4}, 0x4004080) (rerun: 64) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0xac, r10, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x0, 0x2, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_ADDR={0x18, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x6, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}]}, 0xac}, 0x1, 0x0, 0x0, 0x20000010}, 0x10000001) 19:27:49 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x3, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:49 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x4, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:49 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00', {0x1, 0x2, 0x1, 0x3}, 0x42, [0x55e8d14e, 0x2, 0x6, 0x2, 0x4, 0x800, 0x5, 0x7f, 0x1ff, 0x1f, 0x4, 0x4, 0xcd8, 0x4, 0x4, 0xd0, 0x4, 0x8, 0x7fffffff, 0x1, 0x2, 0x80000000, 0xfffffe35, 0x10001, 0x5, 0xfb, 0xfffffff7, 0xffffff88, 0x6, 0x0, 0x8, 0x8, 0x8, 0xffffff01, 0x5, 0x1ff, 0xfffffffa, 0x2, 0x5, 0x5, 0x5, 0x5, 0x1000, 0x0, 0x4, 0xffff, 0xffffe369, 0x1, 0x1, 0x3, 0x0, 0x6, 0x7ff, 0x0, 0xb174, 0x200000, 0x8001, 0xece4, 0x3ff, 0x0, 0xfffff6c1, 0xffffcb59, 0x80000000, 0x81], [0x71, 0x7fff, 0x506cf840, 0x81, 0x7, 0x3, 0x2, 0xfffffffd, 0x7, 0x3, 0x3, 0x9, 0x5c7b4d72, 0x1, 0x1, 0x4, 0x5, 0x9, 0x4, 0x7, 0x0, 0xff, 0x5, 0x58eb, 0x400, 0x0, 0x13dd, 0x60e0, 0x6, 0x7f, 0x3f, 0x4, 0x200, 0x0, 0x5, 0xf36, 0x7, 0x0, 0x4, 0x101, 0x6, 0x6, 0x47fff, 0xfffffffe, 0x5, 0x211e, 0x1ff, 0x6, 0x3, 0x100, 0x9, 0x7, 0x80000001, 0x9, 0x3, 0x101, 0x4, 0x9, 0x5, 0x0, 0x2, 0xfff, 0x100], [0x20, 0x9, 0x8, 0x9, 0x6, 0x5, 0x6, 0x9, 0x1, 0x8, 0x7, 0xb, 0x81, 0x3, 0x6, 0xffff, 0x1c000000, 0x3, 0x8001, 0x1f, 0x80000000, 0x4, 0x5, 0x80000000, 0x10001, 0x100, 0x2, 0x2, 0x8001, 0x0, 0x101, 0x4b3, 0x7fff, 0x8000, 0x20, 0x7, 0x1eb0000, 0x0, 0x1, 0x81, 0x9, 0x8, 0x7ff, 0x100, 0x3bf0, 0x8000, 0x79, 0x6, 0x7, 0x2149, 0x1f, 0x10000, 0x8, 0x9, 0x4, 0x3, 0x4, 0xffff, 0x8, 0x6, 0x3, 0xff, 0x3, 0x4], [0x1, 0x9, 0x8, 0x6, 0x2, 0x1000, 0x2, 0x6, 0x7, 0x1000, 0xfff, 0x80000000, 0x9a9, 0x8001, 0x3, 0x4, 0x9, 0x2, 0x0, 0x1, 0x9, 0x8000, 0x4, 0x7, 0x1f, 0x53, 0x800, 0x1f, 0x6, 0xfffffffa, 0x800, 0xffffffff, 0x9, 0x9, 0x4, 0x3, 0x9, 0x3, 0x100, 0x9, 0x43e7, 0xfffffff8, 0x9, 0x8001, 0x1, 0x8, 0x0, 0x45, 0x1, 0x0, 0x1, 0x1, 0x10001, 0x200, 0x7, 0xffffffff, 0x5, 0x7ee4, 0x401, 0x7fff, 0xfffffffa, 0x200, 0x8, 0x101]}, 0x45c) ioctl$UI_END_FF_UPLOAD(r0, 0x406055c9, &(0x7f0000000500)={0x6, 0x6, {0x54, 0x3ff, 0x6, {0x0, 0x6}, {0x9, 0x2}, @period={0x1, 0x7, 0x200, 0x1, 0x0, {0x1, 0x1000, 0x7fff, 0x1}, 0x3, &(0x7f0000000040)=[0x7, 0x6, 0x1]}}, {0x52, 0x3, 0x80, {0x7, 0x1}, {0x3, 0x3}, @rumble={0x0, 0x3f}}}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0000000500000000000000000000000000000064e0dfe05df4f8ff4c3b4b158500"], 0x8) 19:27:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x5, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:49 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00', {0x1, 0x2, 0x1, 0x3}, 0x42, [0x55e8d14e, 0x2, 0x6, 0x2, 0x4, 0x800, 0x5, 0x7f, 0x1ff, 0x1f, 0x4, 0x4, 0xcd8, 0x4, 0x4, 0xd0, 0x4, 0x8, 0x7fffffff, 0x1, 0x2, 0x80000000, 0xfffffe35, 0x10001, 0x5, 0xfb, 0xfffffff7, 0xffffff88, 0x6, 0x0, 0x8, 0x8, 0x8, 0xffffff01, 0x5, 0x1ff, 0xfffffffa, 0x2, 0x5, 0x5, 0x5, 0x5, 0x1000, 0x0, 0x4, 0xffff, 0xffffe369, 0x1, 0x1, 0x3, 0x0, 0x6, 0x7ff, 0x0, 0xb174, 0x200000, 0x8001, 0xece4, 0x3ff, 0x0, 0xfffff6c1, 0xffffcb59, 0x80000000, 0x81], [0x71, 0x7fff, 0x506cf840, 0x81, 0x7, 0x3, 0x2, 0xfffffffd, 0x7, 0x3, 0x3, 0x9, 0x5c7b4d72, 0x1, 0x1, 0x4, 0x5, 0x9, 0x4, 0x7, 0x0, 0xff, 0x5, 0x58eb, 0x400, 0x0, 0x13dd, 0x60e0, 0x6, 0x7f, 0x3f, 0x4, 0x200, 0x0, 0x5, 0xf36, 0x7, 0x0, 0x4, 0x101, 0x6, 0x6, 0x47fff, 0xfffffffe, 0x5, 0x211e, 0x1ff, 0x6, 0x3, 0x100, 0x9, 0x7, 0x80000001, 0x9, 0x3, 0x101, 0x4, 0x9, 0x5, 0x0, 0x2, 0xfff, 0x100], [0x20, 0x9, 0x8, 0x9, 0x6, 0x5, 0x6, 0x9, 0x1, 0x8, 0x7, 0xb, 0x81, 0x3, 0x6, 0xffff, 0x1c000000, 0x3, 0x8001, 0x1f, 0x80000000, 0x4, 0x5, 0x80000000, 0x10001, 0x100, 0x2, 0x2, 0x8001, 0x0, 0x101, 0x4b3, 0x7fff, 0x8000, 0x20, 0x7, 0x1eb0000, 0x0, 0x1, 0x81, 0x9, 0x8, 0x7ff, 0x100, 0x3bf0, 0x8000, 0x79, 0x6, 0x7, 0x2149, 0x1f, 0x10000, 0x8, 0x9, 0x4, 0x3, 0x4, 0xffff, 0x8, 0x6, 0x3, 0xff, 0x3, 0x4], [0x1, 0x9, 0x8, 0x6, 0x2, 0x1000, 0x2, 0x6, 0x7, 0x1000, 0xfff, 0x80000000, 0x9a9, 0x8001, 0x3, 0x4, 0x9, 0x2, 0x0, 0x1, 0x9, 0x8000, 0x4, 0x7, 0x1f, 0x53, 0x800, 0x1f, 0x6, 0xfffffffa, 0x800, 0xffffffff, 0x9, 0x9, 0x4, 0x3, 0x9, 0x3, 0x100, 0x9, 0x43e7, 0xfffffff8, 0x9, 0x8001, 0x1, 0x8, 0x0, 0x45, 0x1, 0x0, 0x1, 0x1, 0x10001, 0x200, 0x7, 0xffffffff, 0x5, 0x7ee4, 0x401, 0x7fff, 0xfffffffa, 0x200, 0x8, 0x101]}, 0x45c) ioctl$UI_END_FF_UPLOAD(r0, 0x406055c9, &(0x7f0000000500)={0x6, 0x6, {0x54, 0x3ff, 0x6, {0x0, 0x6}, {0x9, 0x2}, @period={0x1, 0x7, 0x200, 0x1, 0x0, {0x1, 0x1000, 0x7fff, 0x1}, 0x3, &(0x7f0000000040)=[0x7, 0x6, 0x1]}}, {0x52, 0x3, 0x80, {0x7, 0x1}, {0x3, 0x3}, @rumble={0x0, 0x3f}}}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0000000500000000000000000000000000000064e0dfe05df4f8ff4c3b4b158500"], 0x8) creat(&(0x7f0000000380)='./bus\x00', 0x0) (async) ftruncate(r0, 0x208200) (async) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00', {0x1, 0x2, 0x1, 0x3}, 0x42, [0x55e8d14e, 0x2, 0x6, 0x2, 0x4, 0x800, 0x5, 0x7f, 0x1ff, 0x1f, 0x4, 0x4, 0xcd8, 0x4, 0x4, 0xd0, 0x4, 0x8, 0x7fffffff, 0x1, 0x2, 0x80000000, 0xfffffe35, 0x10001, 0x5, 0xfb, 0xfffffff7, 0xffffff88, 0x6, 0x0, 0x8, 0x8, 0x8, 0xffffff01, 0x5, 0x1ff, 0xfffffffa, 0x2, 0x5, 0x5, 0x5, 0x5, 0x1000, 0x0, 0x4, 0xffff, 0xffffe369, 0x1, 0x1, 0x3, 0x0, 0x6, 0x7ff, 0x0, 0xb174, 0x200000, 0x8001, 0xece4, 0x3ff, 0x0, 0xfffff6c1, 0xffffcb59, 0x80000000, 0x81], [0x71, 0x7fff, 0x506cf840, 0x81, 0x7, 0x3, 0x2, 0xfffffffd, 0x7, 0x3, 0x3, 0x9, 0x5c7b4d72, 0x1, 0x1, 0x4, 0x5, 0x9, 0x4, 0x7, 0x0, 0xff, 0x5, 0x58eb, 0x400, 0x0, 0x13dd, 0x60e0, 0x6, 0x7f, 0x3f, 0x4, 0x200, 0x0, 0x5, 0xf36, 0x7, 0x0, 0x4, 0x101, 0x6, 0x6, 0x47fff, 0xfffffffe, 0x5, 0x211e, 0x1ff, 0x6, 0x3, 0x100, 0x9, 0x7, 0x80000001, 0x9, 0x3, 0x101, 0x4, 0x9, 0x5, 0x0, 0x2, 0xfff, 0x100], [0x20, 0x9, 0x8, 0x9, 0x6, 0x5, 0x6, 0x9, 0x1, 0x8, 0x7, 0xb, 0x81, 0x3, 0x6, 0xffff, 0x1c000000, 0x3, 0x8001, 0x1f, 0x80000000, 0x4, 0x5, 0x80000000, 0x10001, 0x100, 0x2, 0x2, 0x8001, 0x0, 0x101, 0x4b3, 0x7fff, 0x8000, 0x20, 0x7, 0x1eb0000, 0x0, 0x1, 0x81, 0x9, 0x8, 0x7ff, 0x100, 0x3bf0, 0x8000, 0x79, 0x6, 0x7, 0x2149, 0x1f, 0x10000, 0x8, 0x9, 0x4, 0x3, 0x4, 0xffff, 0x8, 0x6, 0x3, 0xff, 0x3, 0x4], [0x1, 0x9, 0x8, 0x6, 0x2, 0x1000, 0x2, 0x6, 0x7, 0x1000, 0xfff, 0x80000000, 0x9a9, 0x8001, 0x3, 0x4, 0x9, 0x2, 0x0, 0x1, 0x9, 0x8000, 0x4, 0x7, 0x1f, 0x53, 0x800, 0x1f, 0x6, 0xfffffffa, 0x800, 0xffffffff, 0x9, 0x9, 0x4, 0x3, 0x9, 0x3, 0x100, 0x9, 0x43e7, 0xfffffff8, 0x9, 0x8001, 0x1, 0x8, 0x0, 0x45, 0x1, 0x0, 0x1, 0x1, 0x10001, 0x200, 0x7, 0xffffffff, 0x5, 0x7ee4, 0x401, 0x7fff, 0xfffffffa, 0x200, 0x8, 0x101]}, 0x45c) (async) ioctl$UI_END_FF_UPLOAD(r0, 0x406055c9, &(0x7f0000000500)={0x6, 0x6, {0x54, 0x3ff, 0x6, {0x0, 0x6}, {0x9, 0x2}, @period={0x1, 0x7, 0x200, 0x1, 0x0, {0x1, 0x1000, 0x7fff, 0x1}, 0x3, &(0x7f0000000040)=[0x7, 0x6, 0x1]}}, {0x52, 0x3, 0x80, {0x7, 0x1}, {0x3, 0x3}, @rumble={0x0, 0x3f}}}) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0000000500000000000000000000000000000064e0dfe05df4f8ff4c3b4b158500"], 0x8) (async) 19:27:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x6, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:49 executing program 5: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) mlockall(0x2) r2 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) (async) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00', {0x1, 0x2, 0x1, 0x3}, 0x42, [0x55e8d14e, 0x2, 0x6, 0x2, 0x4, 0x800, 0x5, 0x7f, 0x1ff, 0x1f, 0x4, 0x4, 0xcd8, 0x4, 0x4, 0xd0, 0x4, 0x8, 0x7fffffff, 0x1, 0x2, 0x80000000, 0xfffffe35, 0x10001, 0x5, 0xfb, 0xfffffff7, 0xffffff88, 0x6, 0x0, 0x8, 0x8, 0x8, 0xffffff01, 0x5, 0x1ff, 0xfffffffa, 0x2, 0x5, 0x5, 0x5, 0x5, 0x1000, 0x0, 0x4, 0xffff, 0xffffe369, 0x1, 0x1, 0x3, 0x0, 0x6, 0x7ff, 0x0, 0xb174, 0x200000, 0x8001, 0xece4, 0x3ff, 0x0, 0xfffff6c1, 0xffffcb59, 0x80000000, 0x81], [0x71, 0x7fff, 0x506cf840, 0x81, 0x7, 0x3, 0x2, 0xfffffffd, 0x7, 0x3, 0x3, 0x9, 0x5c7b4d72, 0x1, 0x1, 0x4, 0x5, 0x9, 0x4, 0x7, 0x0, 0xff, 0x5, 0x58eb, 0x400, 0x0, 0x13dd, 0x60e0, 0x6, 0x7f, 0x3f, 0x4, 0x200, 0x0, 0x5, 0xf36, 0x7, 0x0, 0x4, 0x101, 0x6, 0x6, 0x47fff, 0xfffffffe, 0x5, 0x211e, 0x1ff, 0x6, 0x3, 0x100, 0x9, 0x7, 0x80000001, 0x9, 0x3, 0x101, 0x4, 0x9, 0x5, 0x0, 0x2, 0xfff, 0x100], [0x20, 0x9, 0x8, 0x9, 0x6, 0x5, 0x6, 0x9, 0x1, 0x8, 0x7, 0xb, 0x81, 0x3, 0x6, 0xffff, 0x1c000000, 0x3, 0x8001, 0x1f, 0x80000000, 0x4, 0x5, 0x80000000, 0x10001, 0x100, 0x2, 0x2, 0x8001, 0x0, 0x101, 0x4b3, 0x7fff, 0x8000, 0x20, 0x7, 0x1eb0000, 0x0, 0x1, 0x81, 0x9, 0x8, 0x7ff, 0x100, 0x3bf0, 0x8000, 0x79, 0x6, 0x7, 0x2149, 0x1f, 0x10000, 0x8, 0x9, 0x4, 0x3, 0x4, 0xffff, 0x8, 0x6, 0x3, 0xff, 0x3, 0x4], [0x1, 0x9, 0x8, 0x6, 0x2, 0x1000, 0x2, 0x6, 0x7, 0x1000, 0xfff, 0x80000000, 0x9a9, 0x8001, 0x3, 0x4, 0x9, 0x2, 0x0, 0x1, 0x9, 0x8000, 0x4, 0x7, 0x1f, 0x53, 0x800, 0x1f, 0x6, 0xfffffffa, 0x800, 0xffffffff, 0x9, 0x9, 0x4, 0x3, 0x9, 0x3, 0x100, 0x9, 0x43e7, 0xfffffff8, 0x9, 0x8001, 0x1, 0x8, 0x0, 0x45, 0x1, 0x0, 0x1, 0x1, 0x10001, 0x200, 0x7, 0xffffffff, 0x5, 0x7ee4, 0x401, 0x7fff, 0xfffffffa, 0x200, 0x8, 0x101]}, 0x45c) ioctl$UI_END_FF_UPLOAD(r0, 0x406055c9, &(0x7f0000000500)={0x6, 0x6, {0x54, 0x3ff, 0x6, {0x0, 0x6}, {0x9, 0x2}, @period={0x1, 0x7, 0x200, 0x1, 0x0, {0x1, 0x1000, 0x7fff, 0x1}, 0x3, &(0x7f0000000040)=[0x7, 0x6, 0x1]}}, {0x52, 0x3, 0x80, {0x7, 0x1}, {0x3, 0x3}, @rumble={0x0, 0x3f}}}) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0000000500000000000000000000000000000064e0dfe05df4f8ff4c3b4b158500"], 0x8) 19:27:49 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x7, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:49 executing program 5: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:49 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x23}, @l2cap_cid_signaling={{0x1f}, [@l2cap_conf_rsp={{0x5, 0x1, 0x1b}, {0x1ff, 0x296, 0x101, [@l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_efs={0x6, 0x10, {0x0, 0x1, 0x0, 0x9, 0x9, 0x3}}]}}]}}, 0x28) 19:27:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x8, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:49 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x23}, @l2cap_cid_signaling={{0x1f}, [@l2cap_conf_rsp={{0x5, 0x1, 0x1b}, {0x1ff, 0x296, 0x101, [@l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_efs={0x6, 0x10, {0x0, 0x1, 0x0, 0x9, 0x9, 0x3}}]}}]}}, 0x28) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x23}, @l2cap_cid_signaling={{0x1f}, [@l2cap_conf_rsp={{0x5, 0x1, 0x1b}, {0x1ff, 0x296, 0x101, [@l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_efs={0x6, 0x10, {0x0, 0x1, 0x0, 0x9, 0x9, 0x3}}]}}]}}, 0x28) (async) 19:27:50 executing program 5: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x9, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:50 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x23}, @l2cap_cid_signaling={{0x1f}, [@l2cap_conf_rsp={{0x5, 0x1, 0x1b}, {0x1ff, 0x296, 0x101, [@l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_efs={0x6, 0x10, {0x0, 0x1, 0x0, 0x9, 0x9, 0x3}}]}}]}}, 0x28) 19:27:50 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) mlockall(0x2) r2 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 3: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e02005af33fbb"], 0x8) 19:27:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xa, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:50 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e02005af33fbb"], 0x8) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e02005af33fbb"], 0x8) (async) 19:27:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xb, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:50 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e02005af33fbb"], 0x8) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e02005af33fbb"], 0x8) (async) 19:27:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xe, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:50 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_si_device={{0x1, 0x4}, {0x6, 0x1}}}, 0x7) 19:27:50 executing program 2: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xf, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:50 executing program 5: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_si_device={{0x1, 0x4}, {0x6, 0x1}}}, 0x7) 19:27:50 executing program 2: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 5: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x10, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:51 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) fanotify_init(0x4, 0x1000) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_si_device={{0x1, 0x4}, {0x6, 0x1}}}, 0x7) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_si_device={{0x1, 0x4}, {0x6, 0x1}}}, 0x7) (async) 19:27:51 executing program 2: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 5: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x11, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:51 executing program 4: r0 = syz_io_uring_complete(0x0) write$capi20(r0, &(0x7f0000000000)={0x10, 0x7, 0x84, 0x83, 0x200}, 0x10) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:27:51 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) 19:27:51 executing program 3: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x13, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:51 executing program 4: r0 = syz_io_uring_complete(0x0) write$capi20(r0, &(0x7f0000000000)={0x10, 0x7, 0x84, 0x83, 0x200}, 0x10) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_io_uring_complete(0x0) (async) write$capi20(r0, &(0x7f0000000000)={0x10, 0x7, 0x84, 0x83, 0x200}, 0x10) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) 19:27:51 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) 19:27:51 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) 19:27:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x60, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:51 executing program 4: syz_io_uring_complete(0x0) (async) r0 = syz_io_uring_complete(0x0) write$capi20(r0, &(0x7f0000000000)={0x10, 0x7, 0x84, 0x83, 0x200}, 0x10) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:27:51 executing program 3: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="03c9002829ba919ae729d7ffff683ce6715227fe1fe94f4059068079860189a6caf19368a419f99c13b2ce52cc5350abda443a7a58326f471ccfa5ae621974103650f5382f16a6a659e35175b3f4569942d007fd5d8501e0d9dab26802022c408d5e0cecc2b849d95a571bd741c9f539170219b2c034283cb237bef07b206d129275d2d396d7dd6f23009885f1986c90312cd82809aa54687a41ee5ff7852b3bf284a639d8710efea1ab0a81a47acd9a14ce86a557c841f514a70a16c312f2597ff7b54d455f4142265983bb347515886cac15ca70186bf4b0aacf9cc7aca6f2c4d4e978979a98d41796c73a281b40e7dbfaee62677d1ef68dbfdfb312887f88951a3534e0b20cd181e66d5023d7de5168b3fb240253515c344cbf7a2da0a6cd00ecffd5ca3532fc0f6cb8e4"], 0xfffffffffffffd72) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi_and_pscan_mode={{0x22, 0x3d}, {0x4, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x8, 0x0, 0xff, "eb088f", 0x0, 0x4}, {@none, 0x20, 0x5, 0x2, "b331ee", 0x6, 0x40}, {@any, 0x4, 0x4, 0x8, "e866e2", 0x1f, 0x3f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf8, 0x18, 0x0, "54b798", 0x7fff, 0x3}]}}}, 0x40) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 19:27:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xf0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:51 executing program 3: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="03c9002829ba919ae729d7ffff683ce6715227fe1fe94f4059068079860189a6caf19368a419f99c13b2ce52cc5350abda443a7a58326f471ccfa5ae621974103650f5382f16a6a659e35175b3f4569942d007fd5d8501e0d9dab26802022c408d5e0cecc2b849d95a571bd741c9f539170219b2c034283cb237bef07b206d129275d2d396d7dd6f23009885f1986c90312cd82809aa54687a41ee5ff7852b3bf284a639d8710efea1ab0a81a47acd9a14ce86a557c841f514a70a16c312f2597ff7b54d455f4142265983bb347515886cac15ca70186bf4b0aacf9cc7aca6f2c4d4e978979a98d41796c73a281b40e7dbfaee62677d1ef68dbfdfb312887f88951a3534e0b20cd181e66d5023d7de5168b3fb240253515c344cbf7a2da0a6cd00ecffd5ca3532fc0f6cb8e4"], 0xfffffffffffffd72) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi_and_pscan_mode={{0x22, 0x3d}, {0x4, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x8, 0x0, 0xff, "eb088f", 0x0, 0x4}, {@none, 0x20, 0x5, 0x2, "b331ee", 0x6, 0x40}, {@any, 0x4, 0x4, 0x8, "e866e2", 0x1f, 0x3f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf8, 0x18, 0x0, "54b798", 0x7fff, 0x3}]}}}, 0x40) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="03c9002829ba919ae729d7ffff683ce6715227fe1fe94f4059068079860189a6caf19368a419f99c13b2ce52cc5350abda443a7a58326f471ccfa5ae621974103650f5382f16a6a659e35175b3f4569942d007fd5d8501e0d9dab26802022c408d5e0cecc2b849d95a571bd741c9f539170219b2c034283cb237bef07b206d129275d2d396d7dd6f23009885f1986c90312cd82809aa54687a41ee5ff7852b3bf284a639d8710efea1ab0a81a47acd9a14ce86a557c841f514a70a16c312f2597ff7b54d455f4142265983bb347515886cac15ca70186bf4b0aacf9cc7aca6f2c4d4e978979a98d41796c73a281b40e7dbfaee62677d1ef68dbfdfb312887f88951a3534e0b20cd181e66d5023d7de5168b3fb240253515c344cbf7a2da0a6cd00ecffd5ca3532fc0f6cb8e4"], 0xfffffffffffffd72) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi_and_pscan_mode={{0x22, 0x3d}, {0x4, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x8, 0x0, 0xff, "eb088f", 0x0, 0x4}, {@none, 0x20, 0x5, 0x2, "b331ee", 0x6, 0x40}, {@any, 0x4, 0x4, 0x8, "e866e2", 0x1f, 0x3f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf8, 0x18, 0x0, "54b798", 0x7fff, 0x3}]}}}, 0x40) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) (async) 19:27:51 executing program 2: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x300, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:51 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 2: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:51 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="03c9002829ba919ae729d7ffff683ce6715227fe1fe94f4059068079860189a6caf19368a419f99c13b2ce52cc5350abda443a7a58326f471ccfa5ae621974103650f5382f16a6a659e35175b3f4569942d007fd5d8501e0d9dab26802022c408d5e0cecc2b849d95a571bd741c9f539170219b2c034283cb237bef07b206d129275d2d396d7dd6f23009885f1986c90312cd82809aa54687a41ee5ff7852b3bf284a639d8710efea1ab0a81a47acd9a14ce86a557c841f514a70a16c312f2597ff7b54d455f4142265983bb347515886cac15ca70186bf4b0aacf9cc7aca6f2c4d4e978979a98d41796c73a281b40e7dbfaee62677d1ef68dbfdfb312887f88951a3534e0b20cd181e66d5023d7de5168b3fb240253515c344cbf7a2da0a6cd00ecffd5ca3532fc0f6cb8e4"], 0xfffffffffffffd72) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi_and_pscan_mode={{0x22, 0x3d}, {0x4, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x8, 0x0, 0xff, "eb088f", 0x0, 0x4}, {@none, 0x20, 0x5, 0x2, "b331ee", 0x6, 0x40}, {@any, 0x4, 0x4, 0x8, "e866e2", 0x1f, 0x3f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf8, 0x18, 0x0, "54b798", 0x7fff, 0x3}]}}}, 0x40) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) (async) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 19:27:52 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x44d, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:52 executing program 2: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:52 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x54}, "91546ebbe763319917dad58f93c7cbdea95da8a23b9107307ba7f9cad1fca3292fbc843fdf42bc6f876eab1aada9ed2aee604ced62f3a53d8f8e7aaea9c179656e247ae8081019c0b71669b5a544e18d4a34b1a2"}, 0x58) 19:27:52 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x500, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:52 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) 19:27:52 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x54}, "91546ebbe763319917dad58f93c7cbdea95da8a23b9107307ba7f9cad1fca3292fbc843fdf42bc6f876eab1aada9ed2aee604ced62f3a53d8f8e7aaea9c179656e247ae8081019c0b71669b5a544e18d4a34b1a2"}, 0x58) 19:27:52 executing program 5: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:52 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) 19:27:52 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x600, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:52 executing program 3: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:52 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x54}, "91546ebbe763319917dad58f93c7cbdea95da8a23b9107307ba7f9cad1fca3292fbc843fdf42bc6f876eab1aada9ed2aee604ced62f3a53d8f8e7aaea9c179656e247ae8081019c0b71669b5a544e18d4a34b1a2"}, 0x58) 19:27:52 executing program 1: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:52 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES64, @ANYRESDEC, @ANYRES64], 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x0, 0x4}, {0x2, 0x7}}}}, 0x11) 19:27:52 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x700, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:52 executing program 3: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:52 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) 19:27:52 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES64, @ANYRESDEC, @ANYRES64], 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x0, 0x4}, {0x2, 0x7}}}}, 0x11) 19:27:52 executing program 3: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:52 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x900, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:52 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES64, @ANYRESDEC, @ANYRES64], 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x0, 0x4}, {0x2, 0x7}}}}, 0x11) 19:27:52 executing program 2: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:52 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) 19:27:52 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:52 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:52 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xa00, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:52 executing program 2: write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x19, 0x1, {0x10ec, {0x4}, 0x81, 0x0, 0xee00, 0x4, 0x0, 0x6, 0x100b0, 0x0, 0xfffffffd, 0xe1d, 0x0, 0x4e00, 0x100000001, 0x7ff, 0x8000000000000000, 0x0, 0x0, 0x2}}, 0xa0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x18, 0x1, @thr={&(0x7f0000000600)="33e5b5e71e5f92a14678548759b030f1b7e3516d20a9c263e43b0ed45f66e121b9aff83914823f262a532040ad72a1abe4f1b0bde5d28bd2a13919e6c51cf82fb5bb06ef41f1b7cde47eaf1839699a07bcfc4571f57584a1558aba7121f76d742f9961af64f49c89b353f3f93e36f6b179648934fefeb6fc0c4a403cba687ab875ac65b28a34bb550161963af77d4d4b8c4bb1c26340ec03b386", &(0x7f0000000580)="7989e5c70281486ab7155173c3363622533726765801d2ebb9a5664477bc0f8807e889838aa57bca009b3e2ff6d9975835ce6a22a49c650f88105386eeb0d141c9ec29e4f396fa33237a4a637c1ccc8a7bc7bd1386a9bc7b80d56b2df6278890c2c2e367bd553237f7bb1812eabbcf5df50e32b9d7d0"}}, &(0x7f0000000180)=0x0) timer_settime(r0, 0x1, &(0x7f00000002c0)={{0x0, 0x3938700}}, &(0x7f0000000400)) r1 = fanotify_init(0x4, 0x1000) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_mark(r1, 0x105, 0x40000008, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) mlockall(0x2) r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./bus\x00', 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil) shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62) shmat(r3, &(0x7f00000aa000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(0x0, 0xc) shmctl$SHM_LOCK(r3, 0xb) shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000)=""/15) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, &(0x7f00000003c0)) 19:27:52 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r1, r0, 0x0, 0x800100020013) mkdirat$cgroup(r0, &(0x7f0000000000)='syz0\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x1, 0x2e}, @l2cap_cid_signaling={{0x2a}, [@l2cap_conn_rsp={{0x3, 0x1, 0x8}, {0x3, 0x20, 0x6, 0x100}}, @l2cap_conf_req={{0x4, 0x6, 0x1a}, {0x9, 0xfffa, [@l2cap_conf_efs={0x6, 0x10, {0x40, 0x2, 0x6, 0x671, 0x200, 0x1}}, @l2cap_conf_flushto={0x2, 0x2, 0x4}]}}]}}, 0x33) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x0, 0xdb}, "79a91527cb5dc7b1542050b1c5507828ad7fc32ddf477686a9a7fa6d2e1e6fa57cf7af053dab21f4993419a99b386f1804ea01f016f9ed1b89f2e2cd7827af34ccac3c9f9e174444cd7c19dd45cf9befbefdaf84773cd7fb4240ec99eb7cacafec48da8c2dac80e7ea4f0d8e15f8a8e1131d80cde2b9399027fce300c3b0eccaafa505d17db553e9f7a2e141a4c2e7bfd6b56ddf49dc7fd056134d0c46db8108a776bd6224d74d0351a3b5de58d7d78eaacb9cdbb953aad11d7f06133917dfe249147af23232171842e4a1e96109c7e0129bc926cd9875e7c14381"}, 0xdf) 19:27:53 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) 19:27:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xb00, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:53 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) 19:27:53 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r1, r0, 0x0, 0x800100020013) mkdirat$cgroup(r0, &(0x7f0000000000)='syz0\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x1, 0x2e}, @l2cap_cid_signaling={{0x2a}, [@l2cap_conn_rsp={{0x3, 0x1, 0x8}, {0x3, 0x20, 0x6, 0x100}}, @l2cap_conf_req={{0x4, 0x6, 0x1a}, {0x9, 0xfffa, [@l2cap_conf_efs={0x6, 0x10, {0x40, 0x2, 0x6, 0x671, 0x200, 0x1}}, @l2cap_conf_flushto={0x2, 0x2, 0x4}]}}]}}, 0x33) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x0, 0xdb}, "79a91527cb5dc7b1542050b1c5507828ad7fc32ddf477686a9a7fa6d2e1e6fa57cf7af053dab21f4993419a99b386f1804ea01f016f9ed1b89f2e2cd7827af34ccac3c9f9e174444cd7c19dd45cf9befbefdaf84773cd7fb4240ec99eb7cacafec48da8c2dac80e7ea4f0d8e15f8a8e1131d80cde2b9399027fce300c3b0eccaafa505d17db553e9f7a2e141a4c2e7bfd6b56ddf49dc7fd056134d0c46db8108a776bd6224d74d0351a3b5de58d7d78eaacb9cdbb953aad11d7f06133917dfe249147af23232171842e4a1e96109c7e0129bc926cd9875e7c14381"}, 0xdf) open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) (async) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async) sendfile(r1, r0, 0x0, 0x800100020013) (async) mkdirat$cgroup(r0, &(0x7f0000000000)='syz0\x00', 0x1ff) (async) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x1, 0x2e}, @l2cap_cid_signaling={{0x2a}, [@l2cap_conn_rsp={{0x3, 0x1, 0x8}, {0x3, 0x20, 0x6, 0x100}}, @l2cap_conf_req={{0x4, 0x6, 0x1a}, {0x9, 0xfffa, [@l2cap_conf_efs={0x6, 0x10, {0x40, 0x2, 0x6, 0x671, 0x200, 0x1}}, @l2cap_conf_flushto={0x2, 0x2, 0x4}]}}]}}, 0x33) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x0, 0xdb}, "79a91527cb5dc7b1542050b1c5507828ad7fc32ddf477686a9a7fa6d2e1e6fa57cf7af053dab21f4993419a99b386f1804ea01f016f9ed1b89f2e2cd7827af34ccac3c9f9e174444cd7c19dd45cf9befbefdaf84773cd7fb4240ec99eb7cacafec48da8c2dac80e7ea4f0d8e15f8a8e1131d80cde2b9399027fce300c3b0eccaafa505d17db553e9f7a2e141a4c2e7bfd6b56ddf49dc7fd056134d0c46db8108a776bd6224d74d0351a3b5de58d7d78eaacb9cdbb953aad11d7f06133917dfe249147af23232171842e4a1e96109c7e0129bc926cd9875e7c14381"}, 0xdf) (async) 19:27:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xe00, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:53 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async) sendfile(r1, r0, 0x0, 0x800100020013) mkdirat$cgroup(r0, &(0x7f0000000000)='syz0\x00', 0x1ff) (async) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x1, 0x2e}, @l2cap_cid_signaling={{0x2a}, [@l2cap_conn_rsp={{0x3, 0x1, 0x8}, {0x3, 0x20, 0x6, 0x100}}, @l2cap_conf_req={{0x4, 0x6, 0x1a}, {0x9, 0xfffa, [@l2cap_conf_efs={0x6, 0x10, {0x40, 0x2, 0x6, 0x671, 0x200, 0x1}}, @l2cap_conf_flushto={0x2, 0x2, 0x4}]}}]}}, 0x33) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x0, 0xdb}, "79a91527cb5dc7b1542050b1c5507828ad7fc32ddf477686a9a7fa6d2e1e6fa57cf7af053dab21f4993419a99b386f1804ea01f016f9ed1b89f2e2cd7827af34ccac3c9f9e174444cd7c19dd45cf9befbefdaf84773cd7fb4240ec99eb7cacafec48da8c2dac80e7ea4f0d8e15f8a8e1131d80cde2b9399027fce300c3b0eccaafa505d17db553e9f7a2e141a4c2e7bfd6b56ddf49dc7fd056134d0c46db8108a776bd6224d74d0351a3b5de58d7d78eaacb9cdbb953aad11d7f06133917dfe249147af23232171842e4a1e96109c7e0129bc926cd9875e7c14381"}, 0xdf) 19:27:53 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 1) [ 489.836399][T13244] FAULT_INJECTION: forcing a failure. [ 489.836399][T13244] name failslab, interval 1, probability 0, space 0, times 0 [ 489.864229][T13244] CPU: 1 PID: 13244 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 489.874753][T13244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 489.884863][T13244] Call Trace: [ 489.888176][T13244] [ 489.891143][T13244] dump_stack_lvl+0x136/0x150 [ 489.895886][T13244] should_fail_ex+0x4a3/0x5b0 [ 489.900667][T13244] should_failslab+0x9/0x20 [ 489.905244][T13244] __kmem_cache_alloc_node+0x5b/0x320 [ 489.910697][T13244] ? do_shmat+0x55c/0x1180 [ 489.915323][T13244] kmalloc_trace+0x26/0xe0 [ 489.919824][T13244] do_shmat+0x55c/0x1180 [ 489.924140][T13244] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 489.930037][T13244] __ia32_compat_sys_shmat+0xd2/0x160 [ 489.935519][T13244] ? __ia32_sys_shmat+0x160/0x160 [ 489.940615][T13244] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 489.947263][T13244] ? lockdep_hardirqs_on+0x7d/0x100 [ 489.952513][T13244] __do_fast_syscall_32+0x65/0xf0 [ 489.957588][T13244] do_fast_syscall_32+0x33/0x70 [ 489.962467][T13244] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 489.968846][T13244] RIP: 0023:0xf7fa8579 [ 489.973031][T13244] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 489.992862][T13244] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 490.001316][T13244] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00000000202f4000 [ 490.009334][T13244] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 490.017352][T13244] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 490.025382][T13244] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 490.033377][T13244] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 490.041475][T13244] 19:27:53 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 1) 19:27:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xf00, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:53 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x2, 0x18}, @l2cap_cid_le_signaling={{0x14}, @l2cap_ecred_reconf_req={{0x19, 0x3f, 0x10}, {0x8, 0x7, [0x5, 0x2, 0x2, 0x3, 0x6, 0x1]}}}}, 0x1d) syz_emit_vhci(&(0x7f00000000c0)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xc2}, "6b0fe1f972b657f520670a0652baa3fb2c75591bcfa04294fac77946c75bab3567cd0e34a9c286820edf1e18f2d1dc472d5847600965b863923965f92bdfa470837ea6a4fc7b8342ee0ab3750a6e4e7a627f73c2dcde211c1f9a5f2736c84d2e131cf85b81275e551b48f5d382d0c67c2f0fc21fb8c55efabaac0dacd9c18d8429a890187798c643bbec8d8369b2ec03cf97e56276aba94232986aa942c97e89786ea980a4652cb0719c09a9948e4b078076d8e7838ed7993622ede0cbac32da5158"}, 0xc6) [ 490.174814][T13255] FAULT_INJECTION: forcing a failure. [ 490.174814][T13255] name failslab, interval 1, probability 0, space 0, times 0 [ 490.203944][T13255] CPU: 1 PID: 13255 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 490.214472][T13255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 490.224611][T13255] Call Trace: [ 490.227933][T13255] [ 490.230913][T13255] dump_stack_lvl+0x136/0x150 [ 490.235670][T13255] should_fail_ex+0x4a3/0x5b0 [ 490.240424][T13255] should_failslab+0x9/0x20 [ 490.245002][T13255] __kmem_cache_alloc_node+0x5b/0x320 [ 490.250468][T13255] ? do_shmat+0x55c/0x1180 [ 490.254965][T13255] kmalloc_trace+0x26/0xe0 [ 490.259450][T13255] do_shmat+0x55c/0x1180 [ 490.263789][T13255] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 490.269679][T13255] __ia32_compat_sys_shmat+0xd2/0x160 [ 490.275116][T13255] ? __ia32_sys_shmat+0x160/0x160 [ 490.280210][T13255] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 490.286900][T13255] ? lockdep_hardirqs_on+0x7d/0x100 [ 490.292184][T13255] __do_fast_syscall_32+0x65/0xf0 [ 490.297241][T13255] do_fast_syscall_32+0x33/0x70 [ 490.302126][T13255] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 490.308598][T13255] RIP: 0023:0xf7f1c579 [ 490.312706][T13255] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 490.332360][T13255] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 490.340895][T13255] RAX: ffffffffffffffda RBX: 000000000000003b RCX: 00000000202f4000 [ 490.348895][T13255] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 490.356987][T13255] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 490.365674][T13255] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 19:27:53 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 1) 19:27:53 executing program 1: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:53 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x2, 0x18}, @l2cap_cid_le_signaling={{0x14}, @l2cap_ecred_reconf_req={{0x19, 0x3f, 0x10}, {0x8, 0x7, [0x5, 0x2, 0x2, 0x3, 0x6, 0x1]}}}}, 0x1d) syz_emit_vhci(&(0x7f00000000c0)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xc2}, "6b0fe1f972b657f520670a0652baa3fb2c75591bcfa04294fac77946c75bab3567cd0e34a9c286820edf1e18f2d1dc472d5847600965b863923965f92bdfa470837ea6a4fc7b8342ee0ab3750a6e4e7a627f73c2dcde211c1f9a5f2736c84d2e131cf85b81275e551b48f5d382d0c67c2f0fc21fb8c55efabaac0dacd9c18d8429a890187798c643bbec8d8369b2ec03cf97e56276aba94232986aa942c97e89786ea980a4652cb0719c09a9948e4b078076d8e7838ed7993622ede0cbac32da5158"}, 0xc6) 19:27:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x1100, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:53 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 2) [ 490.373656][T13255] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 490.381662][T13255] 19:27:54 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 2) 19:27:54 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x2, 0x18}, @l2cap_cid_le_signaling={{0x14}, @l2cap_ecred_reconf_req={{0x19, 0x3f, 0x10}, {0x8, 0x7, [0x5, 0x2, 0x2, 0x3, 0x6, 0x1]}}}}, 0x1d) syz_emit_vhci(&(0x7f00000000c0)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xc2}, "6b0fe1f972b657f520670a0652baa3fb2c75591bcfa04294fac77946c75bab3567cd0e34a9c286820edf1e18f2d1dc472d5847600965b863923965f92bdfa470837ea6a4fc7b8342ee0ab3750a6e4e7a627f73c2dcde211c1f9a5f2736c84d2e131cf85b81275e551b48f5d382d0c67c2f0fc21fb8c55efabaac0dacd9c18d8429a890187798c643bbec8d8369b2ec03cf97e56276aba94232986aa942c97e89786ea980a4652cb0719c09a9948e4b078076d8e7838ed7993622ede0cbac32da5158"}, 0xc6) (async) syz_emit_vhci(&(0x7f00000000c0)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xc2}, "6b0fe1f972b657f520670a0652baa3fb2c75591bcfa04294fac77946c75bab3567cd0e34a9c286820edf1e18f2d1dc472d5847600965b863923965f92bdfa470837ea6a4fc7b8342ee0ab3750a6e4e7a627f73c2dcde211c1f9a5f2736c84d2e131cf85b81275e551b48f5d382d0c67c2f0fc21fb8c55efabaac0dacd9c18d8429a890187798c643bbec8d8369b2ec03cf97e56276aba94232986aa942c97e89786ea980a4652cb0719c09a9948e4b078076d8e7838ed7993622ede0cbac32da5158"}, 0xc6) 19:27:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x1300, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:54 executing program 1: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 490.432423][T13264] FAULT_INJECTION: forcing a failure. [ 490.432423][T13264] name failslab, interval 1, probability 0, space 0, times 0 [ 490.468798][T13264] CPU: 1 PID: 13264 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 490.479312][T13264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 490.489417][T13264] Call Trace: [ 490.492746][T13264] [ 490.495714][T13264] dump_stack_lvl+0x136/0x150 [ 490.500456][T13264] should_fail_ex+0x4a3/0x5b0 [ 490.505190][T13264] should_failslab+0x9/0x20 [ 490.509730][T13264] kmem_cache_alloc+0x63/0x3b0 [ 490.514547][T13264] __alloc_file+0x21/0x270 [ 490.519001][T13264] alloc_empty_file+0x71/0x190 [ 490.523797][T13264] alloc_file+0x5e/0x800 [ 490.528079][T13264] alloc_file_clone+0x26/0xc0 [ 490.532788][T13264] do_shmat+0x5d7/0x1180 [ 490.537076][T13264] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 490.542924][T13264] __ia32_compat_sys_shmat+0xd2/0x160 [ 490.548337][T13264] ? __ia32_sys_shmat+0x160/0x160 [ 490.553400][T13264] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 490.560033][T13264] ? lockdep_hardirqs_on+0x7d/0x100 [ 490.565281][T13264] __do_fast_syscall_32+0x65/0xf0 [ 490.570348][T13264] do_fast_syscall_32+0x33/0x70 [ 490.575226][T13264] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 490.581607][T13264] RIP: 0023:0xf7fa8579 [ 490.585698][T13264] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 490.605336][T13264] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 490.613778][T13264] RAX: ffffffffffffffda RBX: 0000000000000041 RCX: 00000000202f4000 [ 490.621772][T13264] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 490.629763][T13264] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 490.637769][T13264] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 490.645761][T13264] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 490.653772][T13264] [ 490.673649][T13266] FAULT_INJECTION: forcing a failure. [ 490.673649][T13266] name failslab, interval 1, probability 0, space 0, times 0 [ 490.691120][T13266] CPU: 0 PID: 13266 Comm: syz-executor.2 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 490.701649][T13266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 490.711761][T13266] Call Trace: [ 490.715085][T13266] [ 490.718068][T13266] dump_stack_lvl+0x136/0x150 [ 490.722812][T13266] should_fail_ex+0x4a3/0x5b0 [ 490.727571][T13266] should_failslab+0x9/0x20 [ 490.728979][T13272] FAULT_INJECTION: forcing a failure. [ 490.728979][T13272] name failslab, interval 1, probability 0, space 0, times 0 [ 490.732116][T13266] __kmem_cache_alloc_node+0x5b/0x320 [ 490.732172][T13266] ? do_shmat+0x55c/0x1180 [ 490.755070][T13266] kmalloc_trace+0x26/0xe0 [ 490.759733][T13266] do_shmat+0x55c/0x1180 [ 490.764057][T13266] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 490.769945][T13266] __ia32_compat_sys_shmat+0xd2/0x160 [ 490.775406][T13266] ? __ia32_sys_shmat+0x160/0x160 [ 490.780504][T13266] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 490.787175][T13266] ? lockdep_hardirqs_on+0x7d/0x100 [ 490.792451][T13266] __do_fast_syscall_32+0x65/0xf0 [ 490.797530][T13266] do_fast_syscall_32+0x33/0x70 [ 490.802510][T13266] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 490.808914][T13266] RIP: 0023:0xf7f64579 [ 490.813033][T13266] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 490.832691][T13266] RSP: 002b:00000000f7f5f5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 490.841174][T13266] RAX: ffffffffffffffda RBX: 0000000000000026 RCX: 00000000202f4000 [ 490.849197][T13266] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 490.857209][T13266] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 490.865231][T13266] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 19:27:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04f9910400db0c00", @ANYRES64=r5, @ANYRESHEX, @ANYRES16=r1], 0x8) [ 490.873257][T13266] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 490.881295][T13266] [ 490.884339][T13272] CPU: 1 PID: 13272 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 490.894822][T13272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 490.904936][T13272] Call Trace: [ 490.908280][T13272] [ 490.911253][T13272] dump_stack_lvl+0x136/0x150 [ 490.915998][T13272] should_fail_ex+0x4a3/0x5b0 [ 490.920745][T13272] should_failslab+0x9/0x20 [ 490.925299][T13272] kmem_cache_alloc+0x63/0x3b0 [ 490.930120][T13272] __alloc_file+0x21/0x270 [ 490.934593][T13272] alloc_empty_file+0x71/0x190 [ 490.939395][T13272] alloc_file+0x5e/0x800 [ 490.943673][T13272] alloc_file_clone+0x26/0xc0 [ 490.948395][T13272] do_shmat+0x5d7/0x1180 [ 490.952675][T13272] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 490.958526][T13272] __ia32_compat_sys_shmat+0xd2/0x160 [ 490.963935][T13272] ? __ia32_sys_shmat+0x160/0x160 [ 490.969023][T13272] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 490.975649][T13272] ? lockdep_hardirqs_on+0x7d/0x100 [ 490.980885][T13272] __do_fast_syscall_32+0x65/0xf0 [ 490.985944][T13272] do_fast_syscall_32+0x33/0x70 [ 490.990817][T13272] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 490.997191][T13272] RIP: 0023:0xf7f1c579 [ 491.001282][T13272] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 491.020915][T13272] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 491.029364][T13272] RAX: ffffffffffffffda RBX: 000000000000003c RCX: 00000000202f4000 [ 491.037361][T13272] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 491.045360][T13272] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 491.053364][T13272] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 491.061382][T13272] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 491.069407][T13272] 19:27:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x3f00, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:54 executing program 1: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:54 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 2) 19:27:54 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 3) 19:27:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 64) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 32) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04f9910400db0c00", @ANYRES64=r5, @ANYRESHEX, @ANYRES16=r1], 0x8) 19:27:54 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 3) [ 491.233759][T13283] FAULT_INJECTION: forcing a failure. [ 491.233759][T13283] name failslab, interval 1, probability 0, space 0, times 0 19:27:54 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x4d04, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 491.282194][T13292] FAULT_INJECTION: forcing a failure. [ 491.282194][T13292] name failslab, interval 1, probability 0, space 0, times 0 [ 491.302252][T13283] CPU: 0 PID: 13283 Comm: syz-executor.2 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 491.312762][T13283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 491.322865][T13283] Call Trace: [ 491.326185][T13283] [ 491.329157][T13283] dump_stack_lvl+0x136/0x150 [ 491.333903][T13283] should_fail_ex+0x4a3/0x5b0 [ 491.338648][T13283] should_failslab+0x9/0x20 [ 491.343217][T13283] kmem_cache_alloc+0x63/0x3b0 [ 491.348073][T13283] __alloc_file+0x21/0x270 [ 491.352561][T13283] alloc_empty_file+0x71/0x190 [ 491.357399][T13283] alloc_file+0x5e/0x800 [ 491.361716][T13283] alloc_file_clone+0x26/0xc0 [ 491.366467][T13283] do_shmat+0x5d7/0x1180 [ 491.370790][T13283] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 491.376687][T13283] __ia32_compat_sys_shmat+0xd2/0x160 [ 491.382147][T13283] ? __ia32_sys_shmat+0x160/0x160 [ 491.387249][T13283] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 491.393926][T13283] ? lockdep_hardirqs_on+0x7d/0x100 [ 491.399198][T13283] __do_fast_syscall_32+0x65/0xf0 [ 491.404282][T13283] do_fast_syscall_32+0x33/0x70 [ 491.409299][T13283] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 491.415721][T13283] RIP: 0023:0xf7f64579 19:27:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04f9910400db0c00", @ANYRES64=r5, @ANYRESHEX, @ANYRES16=r1], 0x8) 19:27:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x6000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 491.419838][T13283] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 491.439516][T13283] RSP: 002b:00000000f7f5f5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 491.448029][T13283] RAX: ffffffffffffffda RBX: 0000000000000027 RCX: 00000000202f4000 [ 491.456057][T13283] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 491.464070][T13283] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 491.472088][T13283] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 19:27:55 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xf000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 491.480150][T13283] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 491.488196][T13283] 19:27:55 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_io_capa_reply={{}, {@any, 0x2, 0x6, 0x2}}}, 0xfffffffffffffd96) 19:27:55 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_io_capa_reply={{}, {@any, 0x2, 0x6, 0x2}}}, 0xfffffffffffffd96) [ 491.549762][T13292] CPU: 0 PID: 13292 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 491.560268][T13292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 491.570383][T13292] Call Trace: [ 491.573701][T13292] [ 491.576675][T13292] dump_stack_lvl+0x136/0x150 [ 491.581423][T13292] should_fail_ex+0x4a3/0x5b0 [ 491.586181][T13292] should_failslab+0x9/0x20 [ 491.590755][T13292] kmem_cache_alloc+0x63/0x3b0 [ 491.595600][T13292] security_file_alloc+0x38/0x170 [ 491.600692][T13292] __alloc_file+0xd9/0x270 [ 491.605181][T13292] alloc_empty_file+0x71/0x190 [ 491.609998][T13292] alloc_file+0x5e/0x800 [ 491.614333][T13292] alloc_file_clone+0x26/0xc0 [ 491.619045][T13292] do_shmat+0x5d7/0x1180 [ 491.623331][T13292] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 491.629171][T13292] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 491.635122][T13292] __ia32_compat_sys_shmat+0xd2/0x160 [ 491.640534][T13292] ? __ia32_sys_shmat+0x160/0x160 [ 491.645611][T13292] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 491.652270][T13292] ? lockdep_hardirqs_on+0x7d/0x100 [ 491.657514][T13292] __do_fast_syscall_32+0x65/0xf0 [ 491.662573][T13292] do_fast_syscall_32+0x33/0x70 [ 491.667453][T13292] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 491.673829][T13292] RIP: 0023:0xf7f1c579 [ 491.677919][T13292] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 491.697554][T13292] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 491.706015][T13292] RAX: ffffffffffffffda RBX: 000000000000003d RCX: 00000000202f4000 [ 491.714020][T13292] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 491.722015][T13292] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 491.730010][T13292] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 491.738010][T13292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 491.746018][T13292] 19:27:55 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x30000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 491.787207][T13306] FAULT_INJECTION: forcing a failure. [ 491.787207][T13306] name failslab, interval 1, probability 0, space 0, times 0 [ 491.802026][T13306] CPU: 1 PID: 13306 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 491.812524][T13306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 491.822628][T13306] Call Trace: [ 491.825986][T13306] [ 491.828974][T13306] dump_stack_lvl+0x136/0x150 [ 491.833736][T13306] should_fail_ex+0x4a3/0x5b0 [ 491.838505][T13306] should_failslab+0x9/0x20 [ 491.843086][T13306] kmem_cache_alloc+0x63/0x3b0 [ 491.847945][T13306] security_file_alloc+0x38/0x170 [ 491.853047][T13306] __alloc_file+0xd9/0x270 [ 491.857540][T13306] alloc_empty_file+0x71/0x190 [ 491.862380][T13306] alloc_file+0x5e/0x800 [ 491.866699][T13306] alloc_file_clone+0x26/0xc0 [ 491.871448][T13306] do_shmat+0x5d7/0x1180 [ 491.875802][T13306] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 491.881702][T13306] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 491.887948][T13306] ? lockdep_hardirqs_on+0x7d/0x100 [ 491.893233][T13306] __ia32_compat_sys_shmat+0xd2/0x160 [ 491.898689][T13306] ? __ia32_sys_shmat+0x160/0x160 [ 491.903792][T13306] ? syscall_enter_from_user_mode_prepare+0x1f/0x80 [ 491.910492][T13306] __do_fast_syscall_32+0x65/0xf0 [ 491.915589][T13306] do_fast_syscall_32+0x33/0x70 [ 491.920507][T13306] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 491.926926][T13306] RIP: 0023:0xf7fa8579 [ 491.931042][T13306] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 491.950714][T13306] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 491.959219][T13306] RAX: ffffffffffffffda RBX: 0000000000000042 RCX: 00000000202f4000 [ 491.967268][T13306] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 491.975288][T13306] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 491.983289][T13306] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 491.991286][T13306] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 491.999299][T13306] 19:27:55 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 3) 19:27:55 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 4) 19:27:55 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_io_capa_reply={{}, {@any, 0x2, 0x6, 0x2}}}, 0xfffffffffffffd96) 19:27:55 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 4) 19:27:55 executing program 1: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:55 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x34000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:55 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x8c}, "83cf36e7b0dfb729dce2eb1e953bed0fcfbdb1d1f469b3aebb2b71dd0b3e80989adb488dd7005033203556209a94eca52da276ecf226c12676ca12e29cc866b560e28cb581f3895f04448458a794879b2c98bcce1de0efba62c2f9c731a0da88e31181519a42909fa4c9a4a83debbd80c3f0d380d593e92bca380499d6db95c8fe2fae2015864eacca42eae3"}, 0x90) 19:27:55 executing program 1: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 492.136005][T13320] FAULT_INJECTION: forcing a failure. [ 492.136005][T13320] name failslab, interval 1, probability 0, space 0, times 0 [ 492.187846][T13324] FAULT_INJECTION: forcing a failure. [ 492.187846][T13324] name failslab, interval 1, probability 0, space 0, times 0 [ 492.211983][T13320] CPU: 0 PID: 13320 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 492.222490][T13320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 492.232598][T13320] Call Trace: [ 492.235928][T13320] [ 492.238900][T13320] dump_stack_lvl+0x136/0x150 [ 492.243646][T13320] should_fail_ex+0x4a3/0x5b0 [ 492.248412][T13320] should_failslab+0x9/0x20 [ 492.252988][T13320] kmem_cache_alloc+0x63/0x3b0 [ 492.257845][T13320] vm_area_dup+0x21/0x1f0 [ 492.262241][T13320] __split_vma+0x199/0x810 [ 492.266813][T13320] ? expand_stack+0x20/0x20 [ 492.271404][T13320] ? print_usage_bug.part.0+0x660/0x660 [ 492.277033][T13320] ? mt_validate_nulls+0xf6/0xcb0 [ 492.282181][T13320] ? find_held_lock+0x2d/0x110 19:27:55 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x400300, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:55 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x8c}, "83cf36e7b0dfb729dce2eb1e953bed0fcfbdb1d1f469b3aebb2b71dd0b3e80989adb488dd7005033203556209a94eca52da276ecf226c12676ca12e29cc866b560e28cb581f3895f04448458a794879b2c98bcce1de0efba62c2f9c731a0da88e31181519a42909fa4c9a4a83debbd80c3f0d380d593e92bca380499d6db95c8fe2fae2015864eacca42eae3"}, 0x90) [ 492.287057][T13320] do_vmi_align_munmap+0x22a/0xf60 [ 492.292275][T13320] ? __split_vma+0x810/0x810 [ 492.296966][T13320] ? mtree_range_walk+0x640/0x950 [ 492.302099][T13320] ? mas_walk+0x4cd/0x6e0 [ 492.306528][T13320] do_vmi_munmap+0x26e/0x2c0 [ 492.311215][T13320] mmap_region+0x1ee/0x2690 [ 492.315804][T13320] ? mas_find+0x85/0x200 [ 492.320131][T13320] ? validate_mm+0x1d4/0x290 [ 492.324820][T13320] ? do_munmap+0xf0/0xf0 [ 492.329166][T13320] ? security_mmap_addr+0x77/0xa0 [ 492.334246][T13320] ? get_unmapped_area+0x1e8/0x3c0 [ 492.339433][T13320] do_mmap+0x831/0xf60 [ 492.343569][T13320] do_shmat+0xeaf/0x1180 [ 492.347876][T13320] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 492.353744][T13320] __ia32_compat_sys_shmat+0xd2/0x160 [ 492.359178][T13320] ? __ia32_sys_shmat+0x160/0x160 [ 492.364271][T13320] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 492.366351][T13327] FAULT_INJECTION: forcing a failure. [ 492.366351][T13327] name failslab, interval 1, probability 0, space 0, times 0 [ 492.370910][T13320] ? lockdep_hardirqs_on+0x7d/0x100 [ 492.389003][T13320] __do_fast_syscall_32+0x65/0xf0 [ 492.394079][T13320] do_fast_syscall_32+0x33/0x70 [ 492.398974][T13320] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 492.405366][T13320] RIP: 0023:0xf7f1c579 [ 492.409481][T13320] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 492.429135][T13320] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 492.437618][T13320] RAX: ffffffffffffffda RBX: 000000000000003e RCX: 00000000202f4000 [ 492.445717][T13320] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 492.453735][T13320] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 492.461745][T13320] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 492.469767][T13320] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 492.477791][T13320] [ 492.493308][T13327] CPU: 1 PID: 13327 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 492.503808][T13327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 492.513940][T13327] Call Trace: [ 492.517271][T13327] [ 492.520272][T13327] dump_stack_lvl+0x136/0x150 [ 492.525002][T13327] should_fail_ex+0x4a3/0x5b0 [ 492.529742][T13327] should_failslab+0x9/0x20 [ 492.534318][T13327] kmem_cache_alloc+0x63/0x3b0 [ 492.539160][T13327] vm_area_dup+0x21/0x1f0 [ 492.543545][T13327] __split_vma+0x199/0x810 [ 492.548020][T13327] ? expand_stack+0x20/0x20 [ 492.552578][T13327] ? print_usage_bug.part.0+0x660/0x660 [ 492.558167][T13327] ? mt_validate_nulls+0xf6/0xcb0 [ 492.563252][T13327] ? find_held_lock+0x2d/0x110 [ 492.568088][T13327] do_vmi_align_munmap+0x22a/0xf60 [ 492.573280][T13327] ? __split_vma+0x810/0x810 [ 492.577942][T13327] ? mtree_range_walk+0x640/0x950 [ 492.583050][T13327] ? mas_walk+0x4cd/0x6e0 [ 492.587449][T13327] do_vmi_munmap+0x26e/0x2c0 [ 492.592199][T13327] mmap_region+0x1ee/0x2690 [ 492.596773][T13327] ? mas_find+0x85/0x200 [ 492.601080][T13327] ? validate_mm+0x1d4/0x290 [ 492.605727][T13327] ? do_munmap+0xf0/0xf0 [ 492.610028][T13327] ? security_mmap_addr+0x77/0xa0 [ 492.615100][T13327] ? get_unmapped_area+0x1e8/0x3c0 [ 492.620296][T13327] do_mmap+0x831/0xf60 [ 492.624436][T13327] do_shmat+0xeaf/0x1180 [ 492.628741][T13327] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 492.634611][T13327] __ia32_compat_sys_shmat+0xd2/0x160 [ 492.640047][T13327] ? __ia32_sys_shmat+0x160/0x160 [ 492.645125][T13327] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 492.651777][T13327] ? lockdep_hardirqs_on+0x7d/0x100 [ 492.657030][T13327] __do_fast_syscall_32+0x65/0xf0 [ 492.662100][T13327] do_fast_syscall_32+0x33/0x70 [ 492.667003][T13327] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 492.673408][T13327] RIP: 0023:0xf7fa8579 [ 492.677545][T13327] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 492.697209][T13327] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 492.705673][T13327] RAX: ffffffffffffffda RBX: 0000000000000043 RCX: 00000000202f4000 [ 492.713715][T13327] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 492.721736][T13327] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 492.729749][T13327] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 19:27:56 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x8c}, "83cf36e7b0dfb729dce2eb1e953bed0fcfbdb1d1f469b3aebb2b71dd0b3e80989adb488dd7005033203556209a94eca52da276ecf226c12676ca12e29cc866b560e28cb581f3895f04448458a794879b2c98bcce1de0efba62c2f9c731a0da88e31181519a42909fa4c9a4a83debbd80c3f0d380d593e92bca380499d6db95c8fe2fae2015864eacca42eae3"}, 0x90) 19:27:56 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xf0ffff, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 492.737776][T13327] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 492.745813][T13327] [ 492.748864][T13324] CPU: 0 PID: 13324 Comm: syz-executor.2 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 492.759342][T13324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 492.769460][T13324] Call Trace: [ 492.772781][T13324] [ 492.775758][T13324] dump_stack_lvl+0x136/0x150 [ 492.780507][T13324] should_fail_ex+0x4a3/0x5b0 [ 492.785260][T13324] should_failslab+0x9/0x20 [ 492.789828][T13324] kmem_cache_alloc+0x63/0x3b0 [ 492.794679][T13324] security_file_alloc+0x38/0x170 [ 492.799773][T13324] __alloc_file+0xd9/0x270 [ 492.804260][T13324] alloc_empty_file+0x71/0x190 [ 492.809092][T13324] alloc_file+0x5e/0x800 [ 492.813415][T13324] alloc_file_clone+0x26/0xc0 [ 492.818161][T13324] do_shmat+0x5d7/0x1180 [ 492.822474][T13324] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 492.828370][T13324] __ia32_compat_sys_shmat+0xd2/0x160 [ 492.833817][T13324] ? __ia32_sys_shmat+0x160/0x160 [ 492.838911][T13324] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 492.845579][T13324] ? lockdep_hardirqs_on+0x7d/0x100 [ 492.850941][T13324] __do_fast_syscall_32+0x65/0xf0 [ 492.856046][T13324] do_fast_syscall_32+0x33/0x70 [ 492.860971][T13324] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 492.867491][T13324] RIP: 0023:0xf7f64579 [ 492.871622][T13324] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 492.891293][T13324] RSP: 002b:00000000f7f5f5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 492.899743][T13324] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 00000000202f4000 [ 492.907739][T13324] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 492.915734][T13324] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 492.924093][T13324] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 492.932090][T13324] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 492.940126][T13324] 19:27:56 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 4) 19:27:56 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 5) 19:27:56 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 5) 19:27:56 executing program 1: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:56 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040f04f602000000"], 0x8) 19:27:56 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x1000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 493.033721][T13346] FAULT_INJECTION: forcing a failure. [ 493.033721][T13346] name failslab, interval 1, probability 0, space 0, times 0 [ 493.051361][T13347] FAULT_INJECTION: forcing a failure. [ 493.051361][T13347] name failslab, interval 1, probability 0, space 0, times 0 19:27:56 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) [ 493.116066][T13347] CPU: 0 PID: 13347 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 493.126582][T13347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 493.136706][T13347] Call Trace: [ 493.140025][T13347] [ 493.143003][T13347] dump_stack_lvl+0x136/0x150 [ 493.147837][T13347] should_fail_ex+0x4a3/0x5b0 [ 493.152608][T13347] should_failslab+0x9/0x20 [ 493.157188][T13347] kmem_cache_alloc+0x63/0x3b0 19:27:56 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040f04f602000000"], 0x8) [ 493.162048][T13347] mas_alloc_nodes+0x402/0x8a0 [ 493.166991][T13347] mas_preallocate+0x1bb/0x360 [ 493.171827][T13347] __split_vma+0x1b7/0x810 [ 493.176343][T13347] ? expand_stack+0x20/0x20 [ 493.180930][T13347] ? print_usage_bug.part.0+0x660/0x660 [ 493.186546][T13347] ? mt_validate_nulls+0xf6/0xcb0 [ 493.191668][T13347] ? find_held_lock+0x2d/0x110 [ 493.196539][T13347] do_vmi_align_munmap+0x22a/0xf60 [ 493.201812][T13347] ? __split_vma+0x810/0x810 [ 493.206493][T13347] ? mtree_range_walk+0x640/0x950 [ 493.211616][T13347] ? mas_walk+0x4cd/0x6e0 [ 493.216040][T13347] do_vmi_munmap+0x26e/0x2c0 [ 493.220728][T13347] mmap_region+0x1ee/0x2690 [ 493.225310][T13347] ? mas_find+0x85/0x200 [ 493.229710][T13347] ? validate_mm+0x1d4/0x290 [ 493.234375][T13347] ? do_munmap+0xf0/0xf0 [ 493.238685][T13347] ? security_mmap_addr+0x77/0xa0 [ 493.243779][T13347] ? get_unmapped_area+0x1e8/0x3c0 [ 493.248967][T13347] do_mmap+0x831/0xf60 [ 493.253106][T13347] do_shmat+0xeaf/0x1180 [ 493.257436][T13347] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 493.263287][T13347] __ia32_compat_sys_shmat+0xd2/0x160 [ 493.268696][T13347] ? __ia32_sys_shmat+0x160/0x160 [ 493.273756][T13347] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 493.280390][T13347] ? lockdep_hardirqs_on+0x7d/0x100 [ 493.285630][T13347] __do_fast_syscall_32+0x65/0xf0 [ 493.290693][T13347] do_fast_syscall_32+0x33/0x70 [ 493.295574][T13347] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 493.301950][T13347] RIP: 0023:0xf7fa8579 [ 493.306040][T13347] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 493.325687][T13347] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 493.334133][T13347] RAX: ffffffffffffffda RBX: 0000000000000044 RCX: 00000000202f4000 [ 493.342125][T13347] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 493.350117][T13347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 493.358111][T13347] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 19:27:56 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x2000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 493.366129][T13347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 493.374173][T13347] [ 493.387690][T13346] CPU: 0 PID: 13346 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 493.398202][T13346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 493.408318][T13346] Call Trace: [ 493.411638][T13346] [ 493.414614][T13346] dump_stack_lvl+0x136/0x150 [ 493.419368][T13346] should_fail_ex+0x4a3/0x5b0 [ 493.424191][T13346] should_failslab+0x9/0x20 [ 493.428764][T13346] kmem_cache_alloc+0x63/0x3b0 [ 493.433622][T13346] mas_alloc_nodes+0x402/0x8a0 [ 493.438481][T13346] mas_preallocate+0x1bb/0x360 [ 493.443319][T13346] __split_vma+0x1b7/0x810 [ 493.447820][T13346] ? expand_stack+0x20/0x20 [ 493.452399][T13346] ? print_usage_bug.part.0+0x660/0x660 [ 493.458019][T13346] ? mt_validate_nulls+0xf6/0xcb0 [ 493.463144][T13346] ? find_held_lock+0x2d/0x110 [ 493.468019][T13346] do_vmi_align_munmap+0x22a/0xf60 [ 493.473228][T13346] ? __split_vma+0x810/0x810 [ 493.477919][T13346] ? mtree_range_walk+0x640/0x950 [ 493.483140][T13346] ? mas_walk+0x4cd/0x6e0 [ 493.487570][T13346] do_vmi_munmap+0x26e/0x2c0 [ 493.492246][T13346] mmap_region+0x1ee/0x2690 [ 493.496823][T13346] ? mas_find+0x85/0x200 [ 493.501232][T13346] ? validate_mm+0x1d4/0x290 [ 493.505880][T13346] ? do_munmap+0xf0/0xf0 [ 493.510178][T13346] ? security_mmap_addr+0x77/0xa0 [ 493.515239][T13346] ? get_unmapped_area+0x1e8/0x3c0 [ 493.520489][T13346] do_mmap+0x831/0xf60 [ 493.524719][T13346] do_shmat+0xeaf/0x1180 [ 493.529002][T13346] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 493.534851][T13346] __ia32_compat_sys_shmat+0xd2/0x160 [ 493.540259][T13346] ? __ia32_sys_shmat+0x160/0x160 [ 493.545319][T13346] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 493.551946][T13346] ? lockdep_hardirqs_on+0x7d/0x100 [ 493.557187][T13346] __do_fast_syscall_32+0x65/0xf0 [ 493.562240][T13346] do_fast_syscall_32+0x33/0x70 [ 493.567205][T13346] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 493.573585][T13346] RIP: 0023:0xf7f1c579 [ 493.577677][T13346] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 493.597320][T13346] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 493.605796][T13346] RAX: ffffffffffffffda RBX: 000000000000003f RCX: 00000000202f4000 19:27:57 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x3000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 493.613790][T13346] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 493.622304][T13346] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 493.630307][T13346] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 493.638392][T13346] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 493.646423][T13346] 19:27:57 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040f04f602000000"], 0x8) 19:27:57 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) [ 493.672035][T13355] FAULT_INJECTION: forcing a failure. [ 493.672035][T13355] name failslab, interval 1, probability 0, space 0, times 0 [ 493.728527][T13355] CPU: 0 PID: 13355 Comm: syz-executor.2 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 493.739301][T13355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 493.749413][T13355] Call Trace: [ 493.752736][T13355] [ 493.755718][T13355] dump_stack_lvl+0x136/0x150 [ 493.760467][T13355] should_fail_ex+0x4a3/0x5b0 [ 493.765233][T13355] should_failslab+0x9/0x20 [ 493.769814][T13355] kmem_cache_alloc+0x63/0x3b0 [ 493.774661][T13355] vm_area_dup+0x21/0x1f0 [ 493.779061][T13355] __split_vma+0x199/0x810 [ 493.783561][T13355] ? expand_stack+0x20/0x20 [ 493.788133][T13355] ? print_usage_bug.part.0+0x660/0x660 [ 493.793757][T13355] ? mt_validate_nulls+0xf6/0xcb0 [ 493.798947][T13355] ? find_held_lock+0x2d/0x110 [ 493.803812][T13355] do_vmi_align_munmap+0x22a/0xf60 [ 493.809027][T13355] ? __split_vma+0x810/0x810 [ 493.813720][T13355] ? mtree_range_walk+0x640/0x950 [ 493.818853][T13355] ? mas_walk+0x4cd/0x6e0 [ 493.823265][T13355] do_vmi_munmap+0x26e/0x2c0 [ 493.827940][T13355] mmap_region+0x1ee/0x2690 [ 493.832528][T13355] ? mas_find+0x85/0x200 [ 493.836856][T13355] ? validate_mm+0x1d4/0x290 [ 493.841521][T13355] ? do_munmap+0xf0/0xf0 [ 493.845862][T13355] ? security_mmap_addr+0x77/0xa0 [ 493.850953][T13355] ? get_unmapped_area+0x1e8/0x3c0 [ 493.856237][T13355] do_mmap+0x831/0xf60 [ 493.860370][T13355] do_shmat+0xeaf/0x1180 [ 493.864657][T13355] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 493.870525][T13355] __ia32_compat_sys_shmat+0xd2/0x160 [ 493.876029][T13355] ? __ia32_sys_shmat+0x160/0x160 [ 493.881091][T13355] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 493.887724][T13355] ? lockdep_hardirqs_on+0x7d/0x100 [ 493.892961][T13355] __do_fast_syscall_32+0x65/0xf0 [ 493.898027][T13355] do_fast_syscall_32+0x33/0x70 [ 493.902910][T13355] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 493.909286][T13355] RIP: 0023:0xf7f64579 [ 493.913374][T13355] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 493.933358][T13355] RSP: 002b:00000000f7f5f5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 493.941804][T13355] RAX: ffffffffffffffda RBX: 0000000000000029 RCX: 00000000202f4000 [ 493.949802][T13355] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 493.957811][T13355] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 493.965816][T13355] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 493.973807][T13355] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 493.981820][T13355] 19:27:57 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 5) 19:27:57 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x4000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:57 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 6) 19:27:57 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 6) 19:27:57 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x0) 19:27:57 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a379a00"], 0x8) 19:27:57 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x5000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:57 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:57 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a379a00"], 0x8) [ 494.079622][T13373] FAULT_INJECTION: forcing a failure. [ 494.079622][T13373] name failslab, interval 1, probability 0, space 0, times 0 [ 494.142316][T13373] CPU: 0 PID: 13373 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 494.152945][T13373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 494.163063][T13373] Call Trace: [ 494.166391][T13373] [ 494.169374][T13373] dump_stack_lvl+0x136/0x150 [ 494.171156][T13379] FAULT_INJECTION: forcing a failure. [ 494.171156][T13379] name failslab, interval 1, probability 0, space 0, times 0 [ 494.174095][T13373] should_fail_ex+0x4a3/0x5b0 [ 494.174150][T13373] should_failslab+0x9/0x20 [ 494.196024][T13373] kmem_cache_alloc_bulk+0x68/0x860 [ 494.201314][T13373] ? kmem_cache_alloc+0x337/0x3b0 [ 494.206425][T13373] mas_alloc_nodes+0x276/0x8a0 [ 494.211304][T13373] mas_preallocate+0x1bb/0x360 [ 494.216119][T13373] __split_vma+0x1b7/0x810 [ 494.220605][T13373] ? expand_stack+0x20/0x20 [ 494.225170][T13373] ? print_usage_bug.part.0+0x660/0x660 [ 494.230762][T13373] ? mt_validate_nulls+0xf6/0xcb0 [ 494.235844][T13373] ? find_held_lock+0x2d/0x110 [ 494.240759][T13373] do_vmi_align_munmap+0x22a/0xf60 [ 494.245931][T13373] ? __split_vma+0x810/0x810 [ 494.250601][T13373] ? mtree_range_walk+0x640/0x950 [ 494.255709][T13373] ? mas_walk+0x4cd/0x6e0 [ 494.260117][T13373] do_vmi_munmap+0x26e/0x2c0 [ 494.264773][T13373] mmap_region+0x1ee/0x2690 [ 494.269329][T13373] ? mas_find+0x85/0x200 [ 494.273626][T13373] ? validate_mm+0x1d4/0x290 [ 494.278262][T13373] ? do_munmap+0xf0/0xf0 [ 494.282551][T13373] ? security_mmap_addr+0x77/0xa0 [ 494.287610][T13373] ? get_unmapped_area+0x1e8/0x3c0 [ 494.292769][T13373] do_mmap+0x831/0xf60 [ 494.296888][T13373] do_shmat+0xeaf/0x1180 [ 494.301173][T13373] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 494.307030][T13373] __ia32_compat_sys_shmat+0xd2/0x160 [ 494.312447][T13373] ? __ia32_sys_shmat+0x160/0x160 [ 494.317504][T13373] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 494.324138][T13373] ? lockdep_hardirqs_on+0x7d/0x100 [ 494.329373][T13373] __do_fast_syscall_32+0x65/0xf0 [ 494.334426][T13373] do_fast_syscall_32+0x33/0x70 [ 494.339478][T13373] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 494.345942][T13373] RIP: 0023:0xf7fa8579 [ 494.350056][T13373] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 494.369698][T13373] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 494.378142][T13373] RAX: ffffffffffffffda RBX: 0000000000000045 RCX: 00000000202f4000 [ 494.386167][T13373] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 494.394159][T13373] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 494.402150][T13373] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 494.410146][T13373] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 494.418177][T13373] [ 494.434148][T13379] CPU: 0 PID: 13379 Comm: syz-executor.2 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 494.443629][T13380] FAULT_INJECTION: forcing a failure. [ 494.443629][T13380] name failslab, interval 1, probability 0, space 0, times 0 [ 494.444620][T13379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 494.444641][T13379] Call Trace: [ 494.444650][T13379] [ 494.444663][T13379] dump_stack_lvl+0x136/0x150 [ 494.444707][T13379] should_fail_ex+0x4a3/0x5b0 [ 494.483016][T13379] should_failslab+0x9/0x20 [ 494.487592][T13379] kmem_cache_alloc+0x63/0x3b0 [ 494.492417][T13379] mas_alloc_nodes+0x402/0x8a0 [ 494.497256][T13379] mas_preallocate+0x1bb/0x360 [ 494.502090][T13379] __split_vma+0x1b7/0x810 [ 494.506594][T13379] ? expand_stack+0x20/0x20 [ 494.511436][T13379] ? print_usage_bug.part.0+0x660/0x660 [ 494.517137][T13379] ? mt_validate_nulls+0xf6/0xcb0 [ 494.522245][T13379] ? find_held_lock+0x2d/0x110 [ 494.527110][T13379] do_vmi_align_munmap+0x22a/0xf60 [ 494.532315][T13379] ? __split_vma+0x810/0x810 [ 494.536998][T13379] ? mtree_range_walk+0x640/0x950 19:27:58 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 7) [ 494.542193][T13379] ? mas_walk+0x4cd/0x6e0 [ 494.546596][T13379] do_vmi_munmap+0x26e/0x2c0 [ 494.551357][T13379] mmap_region+0x1ee/0x2690 [ 494.555937][T13379] ? mas_find+0x85/0x200 [ 494.560267][T13379] ? validate_mm+0x1d4/0x290 [ 494.564938][T13379] ? do_munmap+0xf0/0xf0 [ 494.569261][T13379] ? security_mmap_addr+0x77/0xa0 [ 494.574353][T13379] ? get_unmapped_area+0x1e8/0x3c0 [ 494.579634][T13379] do_mmap+0x831/0xf60 [ 494.583791][T13379] do_shmat+0xeaf/0x1180 [ 494.588110][T13379] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 494.594001][T13379] __ia32_compat_sys_shmat+0xd2/0x160 [ 494.599451][T13379] ? __ia32_sys_shmat+0x160/0x160 [ 494.604550][T13379] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 494.611219][T13379] ? lockdep_hardirqs_on+0x7d/0x100 [ 494.616482][T13379] __do_fast_syscall_32+0x65/0xf0 [ 494.621571][T13379] do_fast_syscall_32+0x33/0x70 [ 494.626485][T13379] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 494.632895][T13379] RIP: 0023:0xf7f64579 19:27:58 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x6000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 494.637001][T13379] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 494.656663][T13379] RSP: 002b:00000000f7f5f5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 494.665138][T13379] RAX: ffffffffffffffda RBX: 000000000000002a RCX: 00000000202f4000 [ 494.673167][T13379] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 494.681192][T13379] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 494.689217][T13379] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 494.697245][T13379] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 494.705289][T13379] [ 494.714938][T13386] FAULT_INJECTION: forcing a failure. [ 494.714938][T13386] name failslab, interval 1, probability 0, space 0, times 0 [ 494.730200][T13380] CPU: 0 PID: 13380 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 19:27:58 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a379a00"], 0x8) [ 494.740693][T13380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 494.750803][T13380] Call Trace: [ 494.754127][T13380] [ 494.757106][T13380] dump_stack_lvl+0x136/0x150 [ 494.761850][T13380] should_fail_ex+0x4a3/0x5b0 [ 494.766612][T13380] should_failslab+0x9/0x20 [ 494.771181][T13380] kmem_cache_alloc_bulk+0x68/0x860 [ 494.776458][T13380] ? kmem_cache_alloc+0x337/0x3b0 [ 494.781565][T13380] mas_alloc_nodes+0x276/0x8a0 [ 494.786414][T13380] mas_preallocate+0x1bb/0x360 [ 494.791244][T13380] __split_vma+0x1b7/0x810 [ 494.795745][T13380] ? expand_stack+0x20/0x20 [ 494.800326][T13380] ? print_usage_bug.part.0+0x660/0x660 [ 494.805940][T13380] ? mt_validate_nulls+0xf6/0xcb0 [ 494.811053][T13380] ? find_held_lock+0x2d/0x110 [ 494.815912][T13380] do_vmi_align_munmap+0x22a/0xf60 [ 494.821110][T13380] ? __split_vma+0x810/0x810 [ 494.825793][T13380] ? mtree_range_walk+0x640/0x950 [ 494.830917][T13380] ? mas_walk+0x4cd/0x6e0 [ 494.835369][T13380] do_vmi_munmap+0x26e/0x2c0 [ 494.840128][T13380] mmap_region+0x1ee/0x2690 [ 494.844720][T13380] ? mas_find+0x85/0x200 [ 494.849050][T13380] ? validate_mm+0x1d4/0x290 [ 494.853721][T13380] ? do_munmap+0xf0/0xf0 [ 494.858057][T13380] ? security_mmap_addr+0x77/0xa0 [ 494.863143][T13380] ? get_unmapped_area+0x1e8/0x3c0 [ 494.868373][T13380] do_mmap+0x831/0xf60 [ 494.872520][T13380] do_shmat+0xeaf/0x1180 [ 494.876827][T13380] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 494.882714][T13380] __ia32_compat_sys_shmat+0xd2/0x160 [ 494.888152][T13380] ? __ia32_sys_shmat+0x160/0x160 [ 494.893230][T13380] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 494.899885][T13380] ? lockdep_hardirqs_on+0x7d/0x100 [ 494.905143][T13380] __do_fast_syscall_32+0x65/0xf0 [ 494.910235][T13380] do_fast_syscall_32+0x33/0x70 [ 494.915140][T13380] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 494.921540][T13380] RIP: 0023:0xf7f1c579 [ 494.925696][T13380] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 494.945380][T13380] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 494.953856][T13380] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00000000202f4000 [ 494.961871][T13380] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 494.969915][T13380] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 494.977951][T13380] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 494.985967][T13380] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 494.994003][T13380] [ 494.997074][T13386] CPU: 1 PID: 13386 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 495.007550][T13386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 495.017664][T13386] Call Trace: [ 495.020963][T13386] [ 495.024007][T13386] dump_stack_lvl+0x136/0x150 [ 495.028727][T13386] should_fail_ex+0x4a3/0x5b0 [ 495.033463][T13386] should_failslab+0x9/0x20 [ 495.038008][T13386] kmem_cache_alloc+0x63/0x3b0 [ 495.042818][T13386] vm_area_dup+0x21/0x1f0 [ 495.047184][T13386] __split_vma+0x199/0x810 [ 495.051650][T13386] ? expand_stack+0x20/0x20 [ 495.056212][T13386] do_vmi_align_munmap+0x34a/0xf60 [ 495.061648][T13386] ? __split_vma+0x810/0x810 [ 495.066295][T13386] ? mtree_range_walk+0x640/0x950 [ 495.071383][T13386] ? mas_walk+0x4cd/0x6e0 [ 495.075764][T13386] do_vmi_munmap+0x26e/0x2c0 [ 495.080425][T13386] mmap_region+0x1ee/0x2690 [ 495.084985][T13386] ? mas_find+0x85/0x200 [ 495.089293][T13386] ? validate_mm+0x1d4/0x290 [ 495.093947][T13386] ? do_munmap+0xf0/0xf0 [ 495.098248][T13386] ? security_mmap_addr+0x77/0xa0 [ 495.103325][T13386] ? get_unmapped_area+0x1e8/0x3c0 [ 495.108494][T13386] do_mmap+0x831/0xf60 [ 495.112618][T13386] do_shmat+0xeaf/0x1180 [ 495.116912][T13386] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 495.122763][T13386] __ia32_compat_sys_shmat+0xd2/0x160 [ 495.128171][T13386] ? __ia32_sys_shmat+0x160/0x160 [ 495.133336][T13386] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 495.139964][T13386] ? lockdep_hardirqs_on+0x7d/0x100 [ 495.145209][T13386] __do_fast_syscall_32+0x65/0xf0 [ 495.150264][T13386] do_fast_syscall_32+0x33/0x70 [ 495.155230][T13386] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 495.161694][T13386] RIP: 0023:0xf7fa8579 [ 495.165791][T13386] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 495.185429][T13386] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 495.193867][T13386] RAX: ffffffffffffffda RBX: 0000000000000046 RCX: 00000000202f4000 [ 495.201864][T13386] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 495.209879][T13386] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 495.217879][T13386] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 495.225878][T13386] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 495.233901][T13386] 19:27:58 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:27:58 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x7000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:58 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 1) 19:27:58 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 19:27:58 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 7) 19:27:58 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 8) 19:27:58 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x8000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 495.334466][T13398] FAULT_INJECTION: forcing a failure. [ 495.334466][T13398] name failslab, interval 1, probability 0, space 0, times 0 [ 495.339831][T13397] FAULT_INJECTION: forcing a failure. [ 495.339831][T13397] name failslab, interval 1, probability 0, space 0, times 0 [ 495.363835][T13398] CPU: 0 PID: 13398 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 495.374340][T13398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 495.384552][T13398] Call Trace: [ 495.387868][T13398] [ 495.390840][T13398] dump_stack_lvl+0x136/0x150 [ 495.395583][T13398] should_fail_ex+0x4a3/0x5b0 [ 495.400339][T13398] should_failslab+0x9/0x20 [ 495.404916][T13398] __kmem_cache_alloc_node+0x5b/0x320 [ 495.410372][T13398] ? do_shmat+0x55c/0x1180 [ 495.414868][T13398] kmalloc_trace+0x26/0xe0 [ 495.419335][T13398] do_shmat+0x55c/0x1180 [ 495.423642][T13398] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 495.429525][T13398] __ia32_compat_sys_shmat+0xd2/0x160 [ 495.434960][T13398] ? __ia32_sys_shmat+0x160/0x160 [ 495.440042][T13398] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 495.440709][T13403] FAULT_INJECTION: forcing a failure. [ 495.440709][T13403] name failslab, interval 1, probability 0, space 0, times 0 [ 495.446685][T13398] ? lockdep_hardirqs_on+0x7d/0x100 [ 495.446734][T13398] __do_fast_syscall_32+0x65/0xf0 [ 495.446771][T13398] do_fast_syscall_32+0x33/0x70 [ 495.474530][T13398] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 495.480935][T13398] RIP: 0023:0xf7f30579 [ 495.485053][T13398] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 495.504715][T13398] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 495.513181][T13398] RAX: ffffffffffffffda RBX: 0000000000000033 RCX: 00000000202f4000 [ 495.521198][T13398] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 495.529199][T13398] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 495.537206][T13398] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 495.545208][T13398] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 495.553224][T13398] [ 495.559708][T13403] CPU: 1 PID: 13403 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 495.570221][T13403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 495.580368][T13403] Call Trace: [ 495.583693][T13403] [ 495.586681][T13403] dump_stack_lvl+0x136/0x150 [ 495.591459][T13403] should_fail_ex+0x4a3/0x5b0 [ 495.596219][T13403] should_failslab+0x9/0x20 [ 495.600777][T13403] kmem_cache_alloc+0x63/0x3b0 [ 495.605657][T13403] mas_alloc_nodes+0x402/0x8a0 [ 495.610510][T13403] mas_preallocate+0x1bb/0x360 [ 495.615343][T13403] __split_vma+0x1b7/0x810 [ 495.619844][T13403] ? expand_stack+0x20/0x20 [ 495.624442][T13403] do_vmi_align_munmap+0x34a/0xf60 [ 495.629654][T13403] ? __split_vma+0x810/0x810 19:27:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x9000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 495.634344][T13403] ? mtree_range_walk+0x640/0x950 [ 495.639468][T13403] ? mas_walk+0x4cd/0x6e0 [ 495.643893][T13403] do_vmi_munmap+0x26e/0x2c0 [ 495.648570][T13403] mmap_region+0x1ee/0x2690 [ 495.653157][T13403] ? mas_find+0x85/0x200 [ 495.657519][T13403] ? validate_mm+0x1d4/0x290 [ 495.662184][T13403] ? do_munmap+0xf0/0xf0 [ 495.666611][T13403] ? security_mmap_addr+0x77/0xa0 [ 495.671706][T13403] ? get_unmapped_area+0x1e8/0x3c0 [ 495.676909][T13403] do_mmap+0x831/0xf60 [ 495.681070][T13403] do_shmat+0xeaf/0x1180 19:27:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xa000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 495.685388][T13403] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 495.691260][T13403] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 495.697238][T13403] __ia32_compat_sys_shmat+0xd2/0x160 [ 495.702693][T13403] ? __ia32_sys_shmat+0x160/0x160 [ 495.707804][T13403] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 495.714651][T13403] ? lockdep_hardirqs_on+0x7d/0x100 [ 495.720016][T13403] __do_fast_syscall_32+0x65/0xf0 [ 495.725100][T13403] do_fast_syscall_32+0x33/0x70 [ 495.729993][T13403] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 495.736475][T13403] RIP: 0023:0xf7fa8579 [ 495.740674][T13403] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 495.760612][T13403] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 495.769092][T13403] RAX: ffffffffffffffda RBX: 0000000000000047 RCX: 00000000202f4000 [ 495.777119][T13403] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 19:27:59 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 2) 19:27:59 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) [ 495.785238][T13403] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 495.793273][T13403] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 495.801562][T13403] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 495.809637][T13403] 19:27:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xb000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 495.851407][T13397] CPU: 1 PID: 13397 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 495.861913][T13397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 495.872112][T13397] Call Trace: [ 495.875434][T13397] [ 495.878409][T13397] dump_stack_lvl+0x136/0x150 [ 495.883157][T13397] should_fail_ex+0x4a3/0x5b0 [ 495.887909][T13397] should_failslab+0x9/0x20 [ 495.892472][T13397] kmem_cache_alloc+0x63/0x3b0 [ 495.897407][T13397] vm_area_dup+0x21/0x1f0 [ 495.901894][T13397] __split_vma+0x199/0x810 [ 495.906389][T13397] ? expand_stack+0x20/0x20 [ 495.910989][T13397] do_vmi_align_munmap+0x34a/0xf60 [ 495.916199][T13397] ? __split_vma+0x810/0x810 [ 495.920890][T13397] ? mtree_range_walk+0x640/0x950 [ 495.926005][T13397] ? mas_walk+0x4cd/0x6e0 [ 495.930406][T13397] do_vmi_munmap+0x26e/0x2c0 [ 495.935097][T13397] mmap_region+0x1ee/0x2690 [ 495.939682][T13397] ? mas_find+0x85/0x200 [ 495.944002][T13397] ? validate_mm+0x1d4/0x290 [ 495.948748][T13397] ? do_munmap+0xf0/0xf0 [ 495.953100][T13397] ? security_mmap_addr+0x77/0xa0 [ 495.958190][T13397] ? get_unmapped_area+0x1e8/0x3c0 [ 495.963382][T13397] do_mmap+0x831/0xf60 [ 495.967536][T13397] do_shmat+0xeaf/0x1180 [ 495.971861][T13397] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 495.977748][T13397] __ia32_compat_sys_shmat+0xd2/0x160 [ 495.983195][T13397] ? __ia32_sys_shmat+0x160/0x160 [ 495.988291][T13397] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 495.994962][T13397] ? lockdep_hardirqs_on+0x7d/0x100 [ 496.000348][T13397] __do_fast_syscall_32+0x65/0xf0 [ 496.005435][T13397] do_fast_syscall_32+0x33/0x70 [ 496.010336][T13397] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 496.016748][T13397] RIP: 0023:0xf7f1c579 [ 496.020871][T13397] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 496.022212][T13414] FAULT_INJECTION: forcing a failure. [ 496.022212][T13414] name failslab, interval 1, probability 0, space 0, times 0 [ 496.040602][T13397] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 496.040642][T13397] RAX: ffffffffffffffda RBX: 0000000000000041 RCX: 00000000202f4000 [ 496.040664][T13397] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 496.040685][T13397] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 496.040705][T13397] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 496.040724][T13397] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 496.040765][T13397] [ 496.125514][T13414] CPU: 1 PID: 13414 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 496.136107][T13414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 496.146216][T13414] Call Trace: [ 496.149535][T13414] [ 496.152514][T13414] dump_stack_lvl+0x136/0x150 [ 496.157267][T13414] should_fail_ex+0x4a3/0x5b0 [ 496.162022][T13414] should_failslab+0x9/0x20 [ 496.166601][T13414] kmem_cache_alloc+0x63/0x3b0 [ 496.171439][T13414] __alloc_file+0x21/0x270 [ 496.175919][T13414] alloc_empty_file+0x71/0x190 [ 496.180754][T13414] alloc_file+0x5e/0x800 [ 496.185088][T13414] alloc_file_clone+0x26/0xc0 [ 496.189837][T13414] do_shmat+0x5d7/0x1180 [ 496.194151][T13414] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 496.200032][T13414] __ia32_compat_sys_shmat+0xd2/0x160 [ 496.205477][T13414] ? __ia32_sys_shmat+0x160/0x160 [ 496.210579][T13414] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 496.217245][T13414] ? lockdep_hardirqs_on+0x7d/0x100 [ 496.222517][T13414] __do_fast_syscall_32+0x65/0xf0 [ 496.227607][T13414] do_fast_syscall_32+0x33/0x70 [ 496.232528][T13414] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 496.238952][T13414] RIP: 0023:0xf7f30579 [ 496.243262][T13414] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 496.262940][T13414] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d 19:27:59 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5002) 19:27:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xe000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:27:59 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 9) 19:27:59 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 19:27:59 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 8) [ 496.271415][T13414] RAX: ffffffffffffffda RBX: 0000000000000034 RCX: 00000000202f4000 [ 496.279429][T13414] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 496.287502][T13414] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 496.295528][T13414] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 496.303641][T13414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 496.311696][T13414] 19:27:59 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a0cde89"], 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x30}, "b12e0da1e52da40bd7025254f9b9933013b18c2ad24792194a68d44bd8c2967a24f2ab7487f8a55f8711116edd765a5b"}, 0x34) [ 496.398898][T13424] FAULT_INJECTION: forcing a failure. [ 496.398898][T13424] name failslab, interval 1, probability 0, space 0, times 0 [ 496.422397][T13425] FAULT_INJECTION: forcing a failure. [ 496.422397][T13425] name failslab, interval 1, probability 0, space 0, times 0 [ 496.439897][T13424] CPU: 1 PID: 13424 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 496.450414][T13424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 496.460514][T13424] Call Trace: [ 496.463819][T13424] [ 496.466771][T13424] dump_stack_lvl+0x136/0x150 [ 496.471512][T13424] should_fail_ex+0x4a3/0x5b0 [ 496.476244][T13424] should_failslab+0x9/0x20 [ 496.480777][T13424] kmem_cache_alloc+0x63/0x3b0 [ 496.485591][T13424] mas_alloc_nodes+0x402/0x8a0 [ 496.490498][T13424] mas_preallocate+0x1bb/0x360 [ 496.495299][T13424] __split_vma+0x1b7/0x810 [ 496.499766][T13424] ? expand_stack+0x20/0x20 [ 496.504336][T13424] do_vmi_align_munmap+0x34a/0xf60 [ 496.509513][T13424] ? __split_vma+0x810/0x810 [ 496.514163][T13424] ? mtree_range_walk+0x640/0x950 [ 496.519249][T13424] ? mas_walk+0x4cd/0x6e0 [ 496.523629][T13424] do_vmi_munmap+0x26e/0x2c0 [ 496.528274][T13424] mmap_region+0x1ee/0x2690 [ 496.532824][T13424] ? mas_find+0x85/0x200 [ 496.537122][T13424] ? validate_mm+0x1d4/0x290 [ 496.541927][T13424] ? do_munmap+0xf0/0xf0 [ 496.546219][T13424] ? security_mmap_addr+0x77/0xa0 [ 496.551275][T13424] ? get_unmapped_area+0x1e8/0x3c0 [ 496.556444][T13424] do_mmap+0x831/0xf60 [ 496.560569][T13424] do_shmat+0xeaf/0x1180 [ 496.564857][T13424] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 496.570709][T13424] __ia32_compat_sys_shmat+0xd2/0x160 [ 496.576118][T13424] ? __ia32_sys_shmat+0x160/0x160 [ 496.581182][T13424] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 496.587816][T13424] ? lockdep_hardirqs_on+0x7d/0x100 [ 496.593054][T13424] __do_fast_syscall_32+0x65/0xf0 [ 496.598112][T13424] do_fast_syscall_32+0x33/0x70 [ 496.602999][T13424] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 496.609379][T13424] RIP: 0023:0xf7f1c579 [ 496.613470][T13424] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 496.633106][T13424] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 496.641552][T13424] RAX: ffffffffffffffda RBX: 0000000000000042 RCX: 00000000202f4000 [ 496.649571][T13424] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 496.657570][T13424] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 496.665563][T13424] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 496.673566][T13424] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 496.681595][T13424] [ 496.694516][T13425] CPU: 1 PID: 13425 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 496.705028][T13425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 496.715140][T13425] Call Trace: [ 496.718464][T13425] [ 496.721441][T13425] dump_stack_lvl+0x136/0x150 [ 496.726201][T13425] should_fail_ex+0x4a3/0x5b0 [ 496.730966][T13425] should_failslab+0x9/0x20 [ 496.735542][T13425] kmem_cache_alloc_bulk+0x68/0x860 [ 496.740834][T13425] ? kmem_cache_alloc+0x337/0x3b0 [ 496.745951][T13425] mas_alloc_nodes+0x276/0x8a0 [ 496.750814][T13425] mas_preallocate+0x1bb/0x360 [ 496.755653][T13425] __split_vma+0x1b7/0x810 [ 496.760159][T13425] ? expand_stack+0x20/0x20 [ 496.764755][T13425] do_vmi_align_munmap+0x34a/0xf60 [ 496.769932][T13425] ? __split_vma+0x810/0x810 [ 496.774584][T13425] ? mtree_range_walk+0x640/0x950 [ 496.779673][T13425] ? mas_walk+0x4cd/0x6e0 [ 496.784058][T13425] do_vmi_munmap+0x26e/0x2c0 [ 496.788710][T13425] mmap_region+0x1ee/0x2690 [ 496.793265][T13425] ? mas_find+0x85/0x200 [ 496.797620][T13425] ? validate_mm+0x1d4/0x290 [ 496.802254][T13425] ? do_munmap+0xf0/0xf0 [ 496.806547][T13425] ? security_mmap_addr+0x77/0xa0 [ 496.811628][T13425] ? get_unmapped_area+0x1e8/0x3c0 [ 496.816794][T13425] do_mmap+0x831/0xf60 [ 496.820920][T13425] do_shmat+0xeaf/0x1180 [ 496.825212][T13425] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 496.831066][T13425] __ia32_compat_sys_shmat+0xd2/0x160 [ 496.836482][T13425] ? __ia32_sys_shmat+0x160/0x160 [ 496.841549][T13425] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 496.848182][T13425] ? lockdep_hardirqs_on+0x7d/0x100 [ 496.853440][T13425] __do_fast_syscall_32+0x65/0xf0 [ 496.858500][T13425] do_fast_syscall_32+0x33/0x70 [ 496.863385][T13425] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 496.869777][T13425] RIP: 0023:0xf7fa8579 [ 496.873872][T13425] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 19:28:00 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xf000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 496.893531][T13425] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 496.901972][T13425] RAX: ffffffffffffffda RBX: 0000000000000048 RCX: 00000000202f4000 [ 496.910057][T13425] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 496.918070][T13425] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 496.926075][T13425] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 496.934071][T13425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 496.942092][T13425] 19:28:00 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5003) 19:28:00 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 3) 19:28:00 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a0cde89"], 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x30}, "b12e0da1e52da40bd7025254f9b9933013b18c2ad24792194a68d44bd8c2967a24f2ab7487f8a55f8711116edd765a5b"}, 0x34) 19:28:00 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 9) 19:28:00 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x10000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:00 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a0cde89"], 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x30}, "b12e0da1e52da40bd7025254f9b9933013b18c2ad24792194a68d44bd8c2967a24f2ab7487f8a55f8711116edd765a5b"}, 0x34) [ 497.129543][T13438] FAULT_INJECTION: forcing a failure. [ 497.129543][T13438] name failslab, interval 1, probability 0, space 0, times 0 19:28:00 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x11000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 497.180562][T13441] FAULT_INJECTION: forcing a failure. [ 497.180562][T13441] name failslab, interval 1, probability 0, space 0, times 0 [ 497.211218][T13438] CPU: 0 PID: 13438 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 497.221729][T13438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 497.231844][T13438] Call Trace: [ 497.235182][T13438] [ 497.238164][T13438] dump_stack_lvl+0x136/0x150 [ 497.242913][T13438] should_fail_ex+0x4a3/0x5b0 [ 497.247680][T13438] should_failslab+0x9/0x20 [ 497.252251][T13438] kmem_cache_alloc+0x63/0x3b0 [ 497.257123][T13438] security_file_alloc+0x38/0x170 [ 497.262230][T13438] __alloc_file+0xd9/0x270 [ 497.266725][T13438] alloc_empty_file+0x71/0x190 [ 497.271565][T13438] alloc_file+0x5e/0x800 [ 497.276053][T13438] alloc_file_clone+0x26/0xc0 [ 497.280808][T13438] do_shmat+0x5d7/0x1180 [ 497.285131][T13438] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 497.291018][T13438] __ia32_compat_sys_shmat+0xd2/0x160 [ 497.296463][T13438] ? __ia32_sys_shmat+0x160/0x160 [ 497.301559][T13438] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 497.308225][T13438] ? lockdep_hardirqs_on+0x7d/0x100 [ 497.313499][T13438] __do_fast_syscall_32+0x65/0xf0 [ 497.318588][T13438] do_fast_syscall_32+0x33/0x70 [ 497.323527][T13438] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 497.329920][T13438] RIP: 0023:0xf7f30579 [ 497.334043][T13438] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 497.353719][T13438] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 497.362202][T13438] RAX: ffffffffffffffda RBX: 0000000000000035 RCX: 00000000202f4000 [ 497.370227][T13438] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 497.378336][T13438] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 497.386557][T13438] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 497.394558][T13438] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 497.402574][T13438] [ 497.405614][T13441] CPU: 1 PID: 13441 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 497.416092][T13441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 497.426280][T13441] Call Trace: [ 497.429576][T13441] [ 497.432526][T13441] dump_stack_lvl+0x136/0x150 [ 497.437274][T13441] should_fail_ex+0x4a3/0x5b0 [ 497.441993][T13441] should_failslab+0x9/0x20 [ 497.446530][T13441] kmem_cache_alloc_bulk+0x68/0x860 [ 497.451777][T13441] ? kmem_cache_alloc+0x337/0x3b0 [ 497.456851][T13441] mas_alloc_nodes+0x276/0x8a0 [ 497.461673][T13441] mas_preallocate+0x1bb/0x360 [ 497.466482][T13441] __split_vma+0x1b7/0x810 [ 497.471033][T13441] ? expand_stack+0x20/0x20 [ 497.475619][T13441] do_vmi_align_munmap+0x34a/0xf60 [ 497.480873][T13441] ? __split_vma+0x810/0x810 [ 497.485527][T13441] ? mtree_range_walk+0x640/0x950 [ 497.490614][T13441] ? mas_walk+0x4cd/0x6e0 [ 497.495010][T13441] do_vmi_munmap+0x26e/0x2c0 [ 497.499653][T13441] mmap_region+0x1ee/0x2690 [ 497.504203][T13441] ? mas_find+0x85/0x200 [ 497.508499][T13441] ? validate_mm+0x1d4/0x290 [ 497.513129][T13441] ? do_munmap+0xf0/0xf0 [ 497.517421][T13441] ? security_mmap_addr+0x77/0xa0 [ 497.522478][T13441] ? get_unmapped_area+0x1e8/0x3c0 [ 497.527639][T13441] do_mmap+0x831/0xf60 [ 497.531758][T13441] do_shmat+0xeaf/0x1180 [ 497.536041][T13441] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 497.541890][T13441] __ia32_compat_sys_shmat+0xd2/0x160 [ 497.547300][T13441] ? __ia32_sys_shmat+0x160/0x160 [ 497.552355][T13441] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 497.558989][T13441] ? lockdep_hardirqs_on+0x7d/0x100 [ 497.564247][T13441] __do_fast_syscall_32+0x65/0xf0 [ 497.569304][T13441] do_fast_syscall_32+0x33/0x70 [ 497.574202][T13441] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 497.580585][T13441] RIP: 0023:0xf7f1c579 [ 497.584678][T13441] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 497.604404][T13441] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 497.612851][T13441] RAX: ffffffffffffffda RBX: 0000000000000043 RCX: 00000000202f4000 [ 497.620845][T13441] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 497.628842][T13441] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 497.636833][T13441] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 497.644829][T13441] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 497.652843][T13441] 19:28:01 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 10) 19:28:01 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x13000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:01 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r1, r0, 0x0, 0x800100020013) getsockname$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000140)=0x1c) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x10}}}]}, 0x48}}, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000000), 0x20000000, &(0x7f0000000080)) 19:28:01 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5004) 19:28:01 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 4) 19:28:01 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 10) 19:28:01 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) (async) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async) sendfile(r1, r0, 0x0, 0x800100020013) (async) getsockname$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000140)=0x1c) r2 = socket(0x10, 0x3, 0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x10}}}]}, 0x48}}, 0x0) (async) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000000), 0x20000000, &(0x7f0000000080)) 19:28:01 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x3f000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 497.790509][T13454] FAULT_INJECTION: forcing a failure. [ 497.790509][T13454] name failslab, interval 1, probability 0, space 0, times 0 [ 497.836070][T13454] CPU: 1 PID: 13454 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 497.846590][T13454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 497.856702][T13454] Call Trace: [ 497.860030][T13454] [ 497.863013][T13454] dump_stack_lvl+0x136/0x150 [ 497.867761][T13454] should_fail_ex+0x4a3/0x5b0 [ 497.872525][T13454] should_failslab+0x9/0x20 [ 497.877091][T13454] kmem_cache_alloc+0x63/0x3b0 [ 497.881941][T13454] vm_area_dup+0x21/0x1f0 [ 497.886335][T13454] __split_vma+0x199/0x810 [ 497.890836][T13454] ? expand_stack+0x20/0x20 [ 497.895419][T13454] ? print_usage_bug.part.0+0x660/0x660 [ 497.901040][T13454] ? mt_validate_nulls+0xf6/0xcb0 [ 497.906163][T13454] ? find_held_lock+0x2d/0x110 [ 497.911044][T13454] do_vmi_align_munmap+0x22a/0xf60 [ 497.916260][T13454] ? __split_vma+0x810/0x810 [ 497.920939][T13454] ? mtree_range_walk+0x640/0x950 [ 497.926039][T13454] ? mas_walk+0x4cd/0x6e0 [ 497.930427][T13454] do_vmi_munmap+0x26e/0x2c0 [ 497.935074][T13454] mmap_region+0x1ee/0x2690 [ 497.939629][T13454] ? mas_find+0x85/0x200 [ 497.943919][T13454] ? validate_mm+0x1d4/0x290 [ 497.948556][T13454] ? do_munmap+0xf0/0xf0 [ 497.952848][T13454] ? security_mmap_addr+0x77/0xa0 [ 497.957911][T13454] ? get_unmapped_area+0x1e8/0x3c0 [ 497.963075][T13454] do_mmap+0x831/0xf60 [ 497.967206][T13454] do_shmat+0xeaf/0x1180 [ 497.971580][T13454] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 497.977433][T13454] __ia32_compat_sys_shmat+0xd2/0x160 [ 497.982850][T13454] ? __ia32_sys_shmat+0x160/0x160 [ 497.987913][T13454] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 497.994644][T13454] ? lockdep_hardirqs_on+0x7d/0x100 [ 497.999893][T13454] __do_fast_syscall_32+0x65/0xf0 [ 498.004956][T13454] do_fast_syscall_32+0x33/0x70 [ 498.009838][T13454] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 498.016304][T13454] RIP: 0023:0xf7f30579 [ 498.020502][T13454] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 498.040147][T13454] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 498.048600][T13454] RAX: ffffffffffffffda RBX: 0000000000000036 RCX: 00000000202f4000 [ 498.056595][T13454] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 498.064588][T13454] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 498.072582][T13454] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 19:28:01 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) (async) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async) sendfile(r1, r0, 0x0, 0x800100020013) getsockname$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000140)=0x1c) (async) r2 = socket(0x10, 0x3, 0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x10}}}]}, 0x48}}, 0x0) (async) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000000), 0x20000000, &(0x7f0000000080)) [ 498.080572][T13454] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 498.088582][T13454] 19:28:01 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x4d040000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:01 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, "540307e9f198fe318eb0f86a8b66efe2", 0x1}}}, 0x1a) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xed}, "e5bead19f8a23cc581756faf28a11cd951c4b0432dff214d54c4318e1970f0ff0ef981d097e474a97e8318ea4ef83507d3fc4fbbbdec1ebc35ef22647160de1caf3725d821ecb342a74084640af4210f73e0669aeb791d4c5ebc2d0f85ee823b83f3864b5274e582177f6a7b994d27138c3dae1167be1917b36529e1385fccff5cc6478880b14cc8bf54f8aa7e170997671128d672e951f6c6afc0c2ebc782c96e0f44eb4231d4b391b9238e3352ef4e35ea697474033071d2da3d0d744683a4b5dc15de2d448216eedd189acc522693fe8cf78e70b49734f9ddd22306d13263678b3abb5bf439a2a987a8bad2"}, 0xf1) 19:28:01 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x60000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:01 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 11) 19:28:01 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, "540307e9f198fe318eb0f86a8b66efe2", 0x1}}}, 0x1a) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xed}, "e5bead19f8a23cc581756faf28a11cd951c4b0432dff214d54c4318e1970f0ff0ef981d097e474a97e8318ea4ef83507d3fc4fbbbdec1ebc35ef22647160de1caf3725d821ecb342a74084640af4210f73e0669aeb791d4c5ebc2d0f85ee823b83f3864b5274e582177f6a7b994d27138c3dae1167be1917b36529e1385fccff5cc6478880b14cc8bf54f8aa7e170997671128d672e951f6c6afc0c2ebc782c96e0f44eb4231d4b391b9238e3352ef4e35ea697474033071d2da3d0d744683a4b5dc15de2d448216eedd189acc522693fe8cf78e70b49734f9ddd22306d13263678b3abb5bf439a2a987a8bad2"}, 0xf1) 19:28:01 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x9effffff, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:01 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5005) 19:28:02 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 5) [ 498.530439][T13483] FAULT_INJECTION: forcing a failure. [ 498.530439][T13483] name failslab, interval 1, probability 0, space 0, times 0 [ 498.588957][T13487] FAULT_INJECTION: forcing a failure. [ 498.588957][T13487] name failslab, interval 1, probability 0, space 0, times 0 [ 498.602173][T13483] CPU: 0 PID: 13483 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 498.612661][T13483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 498.622770][T13483] Call Trace: [ 498.626089][T13483] [ 498.629105][T13483] dump_stack_lvl+0x136/0x150 [ 498.633856][T13483] should_fail_ex+0x4a3/0x5b0 [ 498.638695][T13483] should_failslab+0x9/0x20 [ 498.643245][T13483] kmem_cache_alloc+0x63/0x3b0 [ 498.648087][T13483] vm_area_alloc+0x20/0x100 [ 498.652628][T13483] mmap_region+0x403/0x2690 [ 498.657286][T13483] ? validate_mm+0x1d4/0x290 [ 498.661925][T13483] ? do_munmap+0xf0/0xf0 [ 498.666323][T13483] ? security_mmap_addr+0x77/0xa0 [ 498.671654][T13483] ? get_unmapped_area+0x1e8/0x3c0 [ 498.676814][T13483] do_mmap+0x831/0xf60 [ 498.681023][T13483] do_shmat+0xeaf/0x1180 [ 498.685322][T13483] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 498.691194][T13483] __ia32_compat_sys_shmat+0xd2/0x160 [ 498.696617][T13483] ? __ia32_sys_shmat+0x160/0x160 [ 498.701673][T13483] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 498.708310][T13483] ? lockdep_hardirqs_on+0x7d/0x100 [ 498.713549][T13483] __do_fast_syscall_32+0x65/0xf0 [ 498.718608][T13483] do_fast_syscall_32+0x33/0x70 [ 498.723495][T13483] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 498.729876][T13483] RIP: 0023:0xf7fa8579 [ 498.733970][T13483] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 498.753629][T13483] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 498.762071][T13483] RAX: ffffffffffffffda RBX: 000000000000004a RCX: 00000000202f4000 [ 498.770068][T13483] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 498.778063][T13483] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 19:28:02 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 11) 19:28:02 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, "540307e9f198fe318eb0f86a8b66efe2", 0x1}}}, 0x1a) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xed}, "e5bead19f8a23cc581756faf28a11cd951c4b0432dff214d54c4318e1970f0ff0ef981d097e474a97e8318ea4ef83507d3fc4fbbbdec1ebc35ef22647160de1caf3725d821ecb342a74084640af4210f73e0669aeb791d4c5ebc2d0f85ee823b83f3864b5274e582177f6a7b994d27138c3dae1167be1917b36529e1385fccff5cc6478880b14cc8bf54f8aa7e170997671128d672e951f6c6afc0c2ebc782c96e0f44eb4231d4b391b9238e3352ef4e35ea697474033071d2da3d0d744683a4b5dc15de2d448216eedd189acc522693fe8cf78e70b49734f9ddd22306d13263678b3abb5bf439a2a987a8bad2"}, 0xf1) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xed}, "e5bead19f8a23cc581756faf28a11cd951c4b0432dff214d54c4318e1970f0ff0ef981d097e474a97e8318ea4ef83507d3fc4fbbbdec1ebc35ef22647160de1caf3725d821ecb342a74084640af4210f73e0669aeb791d4c5ebc2d0f85ee823b83f3864b5274e582177f6a7b994d27138c3dae1167be1917b36529e1385fccff5cc6478880b14cc8bf54f8aa7e170997671128d672e951f6c6afc0c2ebc782c96e0f44eb4231d4b391b9238e3352ef4e35ea697474033071d2da3d0d744683a4b5dc15de2d448216eedd189acc522693fe8cf78e70b49734f9ddd22306d13263678b3abb5bf439a2a987a8bad2"}, 0xf1) 19:28:02 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xf0ffffff, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 498.786057][T13483] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 498.794047][T13483] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 498.802061][T13483] 19:28:02 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xfffff000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:02 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e243c570cff35cc6c44961ba12617beefe098e6ee3248447717ea91ae4a09f34738091c44a76eb3f96e0b7ce50dd62f08087156b27a8bf9bed60384fc2ddcceec8bb50fe77108017f5578307e2e7629cecb5cc3bfe173905f82eab00d7c6c4ccf6400a7050000008026f43b1e2e736600"/129], 0x27) [ 498.933939][T13487] CPU: 0 PID: 13487 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 498.944533][T13487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 498.954643][T13487] Call Trace: [ 498.957975][T13487] [ 498.960954][T13487] dump_stack_lvl+0x136/0x150 [ 498.965705][T13487] should_fail_ex+0x4a3/0x5b0 [ 498.970467][T13487] should_failslab+0x9/0x20 [ 498.975047][T13487] kmem_cache_alloc+0x63/0x3b0 19:28:02 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 12) [ 498.979895][T13487] mas_alloc_nodes+0x402/0x8a0 [ 498.984756][T13487] mas_preallocate+0x1bb/0x360 [ 498.989582][T13487] __split_vma+0x1b7/0x810 [ 498.994077][T13487] ? expand_stack+0x20/0x20 [ 498.998657][T13487] ? print_usage_bug.part.0+0x660/0x660 [ 499.004280][T13487] ? mt_validate_nulls+0xf6/0xcb0 [ 499.009392][T13487] ? find_held_lock+0x2d/0x110 [ 499.014256][T13487] do_vmi_align_munmap+0x22a/0xf60 [ 499.019470][T13487] ? __split_vma+0x810/0x810 [ 499.024250][T13487] ? mtree_range_walk+0x640/0x950 [ 499.029383][T13487] ? mas_walk+0x4cd/0x6e0 [ 499.033896][T13487] do_vmi_munmap+0x26e/0x2c0 [ 499.038571][T13487] mmap_region+0x1ee/0x2690 [ 499.043128][T13487] ? mas_find+0x85/0x200 [ 499.047440][T13487] ? validate_mm+0x1d4/0x290 [ 499.052163][T13487] ? do_munmap+0xf0/0xf0 [ 499.056485][T13487] ? security_mmap_addr+0x77/0xa0 [ 499.061575][T13487] ? get_unmapped_area+0x1e8/0x3c0 [ 499.066752][T13487] do_mmap+0x831/0xf60 [ 499.071015][T13487] do_shmat+0xeaf/0x1180 [ 499.075309][T13487] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 499.081254][T13487] __ia32_compat_sys_shmat+0xd2/0x160 [ 499.086669][T13487] ? __ia32_sys_shmat+0x160/0x160 [ 499.091729][T13487] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 499.098372][T13487] ? lockdep_hardirqs_on+0x7d/0x100 [ 499.103725][T13487] __do_fast_syscall_32+0x65/0xf0 [ 499.108796][T13487] do_fast_syscall_32+0x33/0x70 [ 499.113672][T13487] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 499.120080][T13487] RIP: 0023:0xf7f30579 [ 499.124193][T13487] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 499.143846][T13487] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 499.152336][T13487] RAX: ffffffffffffffda RBX: 0000000000000037 RCX: 00000000202f4000 [ 499.160330][T13487] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 499.168353][T13487] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 499.176347][T13487] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 19:28:02 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 12) [ 499.184338][T13487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 499.192348][T13487] 19:28:02 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e243c570cff35cc6c44961ba12617beefe098e6ee3248447717ea91ae4a09f34738091c44a76eb3f96e0b7ce50dd62f08087156b27a8bf9bed60384fc2ddcceec8bb50fe77108017f5578307e2e7629cecb5cc3bfe173905f82eab00d7c6c4ccf6400a7050000008026f43b1e2e736600"/129], 0x27) 19:28:02 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xffffff7f, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:02 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 6) [ 499.299529][T13502] FAULT_INJECTION: forcing a failure. [ 499.299529][T13502] name failslab, interval 1, probability 0, space 0, times 0 [ 499.346142][T13503] FAULT_INJECTION: forcing a failure. [ 499.346142][T13503] name failslab, interval 1, probability 0, space 0, times 0 [ 499.365155][T13502] CPU: 0 PID: 13502 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 499.375679][T13502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 499.385802][T13502] Call Trace: [ 499.389157][T13502] [ 499.390320][T13506] FAULT_INJECTION: forcing a failure. [ 499.390320][T13506] name failslab, interval 1, probability 0, space 0, times 0 [ 499.392104][T13502] dump_stack_lvl+0x136/0x150 [ 499.392150][T13502] should_fail_ex+0x4a3/0x5b0 [ 499.414432][T13502] should_failslab+0x9/0x20 [ 499.419077][T13502] kmem_cache_alloc+0x63/0x3b0 [ 499.423912][T13502] mas_alloc_nodes+0x402/0x8a0 [ 499.428751][T13502] ? shmem_mmap+0x208/0x550 [ 499.433397][T13502] mas_preallocate+0x1bb/0x360 [ 499.438225][T13502] mmap_region+0x85c/0x2690 [ 499.442821][T13502] ? do_munmap+0xf0/0xf0 [ 499.447135][T13502] ? security_mmap_addr+0x77/0xa0 [ 499.452216][T13502] ? get_unmapped_area+0x1e8/0x3c0 [ 499.457424][T13502] do_mmap+0x831/0xf60 [ 499.461575][T13502] do_shmat+0xeaf/0x1180 [ 499.465888][T13502] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 499.471769][T13502] __ia32_compat_sys_shmat+0xd2/0x160 [ 499.477205][T13502] ? __ia32_sys_shmat+0x160/0x160 [ 499.482382][T13502] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 499.489028][T13502] ? lockdep_hardirqs_on+0x7d/0x100 [ 499.494289][T13502] __do_fast_syscall_32+0x65/0xf0 [ 499.499353][T13502] do_fast_syscall_32+0x33/0x70 [ 499.504238][T13502] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 499.510625][T13502] RIP: 0023:0xf7f1c579 [ 499.514725][T13502] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 499.534380][T13502] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 499.542930][T13502] RAX: ffffffffffffffda RBX: 0000000000000046 RCX: 00000000202f4000 [ 499.550944][T13502] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 499.558954][T13502] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 499.566966][T13502] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 499.574984][T13502] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 499.583031][T13502] [ 499.586086][T13506] CPU: 1 PID: 13506 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 499.596575][T13506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 499.606680][T13506] Call Trace: [ 499.610008][T13506] [ 499.612984][T13506] dump_stack_lvl+0x136/0x150 [ 499.617727][T13506] should_fail_ex+0x4a3/0x5b0 [ 499.622482][T13506] should_failslab+0x9/0x20 [ 499.627058][T13506] kmem_cache_alloc_bulk+0x68/0x860 [ 499.632344][T13506] ? kmem_cache_alloc+0x337/0x3b0 [ 499.637474][T13506] mas_alloc_nodes+0x276/0x8a0 [ 499.642347][T13506] mas_preallocate+0x1bb/0x360 [ 499.647178][T13506] __split_vma+0x1b7/0x810 [ 499.651679][T13506] ? expand_stack+0x20/0x20 [ 499.656796][T13506] ? print_usage_bug.part.0+0x660/0x660 [ 499.662384][T13506] ? mt_validate_nulls+0xf6/0xcb0 [ 499.667463][T13506] ? find_held_lock+0x2d/0x110 [ 499.672292][T13506] do_vmi_align_munmap+0x22a/0xf60 [ 499.677461][T13506] ? __split_vma+0x810/0x810 [ 499.682112][T13506] ? mtree_range_walk+0x640/0x950 [ 499.687200][T13506] ? mas_walk+0x4cd/0x6e0 [ 499.691668][T13506] do_vmi_munmap+0x26e/0x2c0 [ 499.696316][T13506] mmap_region+0x1ee/0x2690 [ 499.700889][T13506] ? mas_find+0x85/0x200 [ 499.705266][T13506] ? validate_mm+0x1d4/0x290 [ 499.709900][T13506] ? do_munmap+0xf0/0xf0 [ 499.714201][T13506] ? security_mmap_addr+0x77/0xa0 [ 499.719256][T13506] ? get_unmapped_area+0x1e8/0x3c0 [ 499.724414][T13506] do_mmap+0x831/0xf60 [ 499.728538][T13506] do_shmat+0xeaf/0x1180 [ 499.732910][T13506] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 499.738851][T13506] __ia32_compat_sys_shmat+0xd2/0x160 [ 499.744259][T13506] ? __ia32_sys_shmat+0x160/0x160 [ 499.749338][T13506] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 499.755970][T13506] ? lockdep_hardirqs_on+0x7d/0x100 [ 499.761214][T13506] __do_fast_syscall_32+0x65/0xf0 [ 499.766271][T13506] do_fast_syscall_32+0x33/0x70 [ 499.771154][T13506] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 499.777533][T13506] RIP: 0023:0xf7f30579 [ 499.781629][T13506] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 499.801265][T13506] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 499.809706][T13506] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00000000202f4000 [ 499.817702][T13506] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 499.825694][T13506] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 499.833689][T13506] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 499.841696][T13506] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 499.849708][T13506] [ 499.862850][T13503] CPU: 0 PID: 13503 Comm: syz-executor.3 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 499.873346][T13503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 499.883454][T13503] Call Trace: [ 499.886777][T13503] [ 499.889755][T13503] dump_stack_lvl+0x136/0x150 [ 499.894492][T13503] should_fail_ex+0x4a3/0x5b0 [ 499.899244][T13503] should_failslab+0x9/0x20 [ 499.903815][T13503] kmem_cache_alloc+0x63/0x3b0 [ 499.908665][T13503] mas_alloc_nodes+0x402/0x8a0 [ 499.913511][T13503] ? shmem_mmap+0x208/0x550 [ 499.918106][T13503] mas_preallocate+0x1bb/0x360 [ 499.922935][T13503] mmap_region+0x85c/0x2690 [ 499.927555][T13503] ? do_munmap+0xf0/0xf0 [ 499.931882][T13503] ? security_mmap_addr+0x77/0xa0 [ 499.936972][T13503] ? get_unmapped_area+0x1e8/0x3c0 [ 499.942176][T13503] do_mmap+0x831/0xf60 [ 499.946339][T13503] do_shmat+0xeaf/0x1180 [ 499.950658][T13503] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 499.956550][T13503] __ia32_compat_sys_shmat+0xd2/0x160 [ 499.962017][T13503] ? __ia32_sys_shmat+0x160/0x160 [ 499.967113][T13503] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 499.973790][T13503] ? lockdep_hardirqs_on+0x7d/0x100 [ 499.979067][T13503] __do_fast_syscall_32+0x65/0xf0 [ 499.984160][T13503] do_fast_syscall_32+0x33/0x70 [ 499.989083][T13503] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 499.995499][T13503] RIP: 0023:0xf7fa8579 [ 499.999639][T13503] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 500.008295][T13512] FAULT_INJECTION: forcing a failure. [ 500.008295][T13512] name failslab, interval 1, probability 0, space 0, times 0 [ 500.019284][T13503] RSP: 002b:00000000f7fa35cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 500.019323][T13503] RAX: ffffffffffffffda RBX: 000000000000004b RCX: 00000000202f4000 19:28:03 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5006) 19:28:03 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 13) 19:28:03 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xffffff9e, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:03 executing program 4: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e243c570cff35cc6c44961ba12617beefe098e6ee3248447717ea91ae4a09f34738091c44a76eb3f96e0b7ce50dd62f08087156b27a8bf9bed60384fc2ddcceec8bb50fe77108017f5578307e2e7629cecb5cc3bfe173905f82eab00d7c6c4ccf6400a7050000008026f43b1e2e736600"/129], 0x27) 19:28:03 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 7) 19:28:03 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xfffffff0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:03 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) [ 500.019346][T13503] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 500.019366][T13503] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 500.019386][T13503] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 500.019406][T13503] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 500.019448][T13503] [ 500.035512][T13515] FAULT_INJECTION: forcing a failure. [ 500.035512][T13515] name failslab, interval 1, probability 0, space 0, times 0 [ 500.135567][T13515] CPU: 0 PID: 13515 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 500.146082][T13515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 500.156197][T13515] Call Trace: [ 500.159524][T13515] [ 500.162499][T13515] dump_stack_lvl+0x136/0x150 [ 500.167254][T13515] should_fail_ex+0x4a3/0x5b0 [ 500.172022][T13515] should_failslab+0x9/0x20 [ 500.177812][T13515] kmem_cache_alloc+0x63/0x3b0 [ 500.182652][T13515] vm_area_dup+0x21/0x1f0 [ 500.187051][T13515] __split_vma+0x199/0x810 [ 500.191538][T13515] ? expand_stack+0x20/0x20 [ 500.196131][T13515] do_vmi_align_munmap+0x34a/0xf60 [ 500.201422][T13515] ? __split_vma+0x810/0x810 [ 500.206093][T13515] ? mtree_range_walk+0x640/0x950 [ 500.211192][T13515] ? mas_walk+0x4cd/0x6e0 [ 500.215604][T13515] do_vmi_munmap+0x26e/0x2c0 [ 500.220271][T13515] mmap_region+0x1ee/0x2690 [ 500.224853][T13515] ? mas_find+0x85/0x200 [ 500.229173][T13515] ? validate_mm+0x1d4/0x290 [ 500.233854][T13515] ? do_munmap+0xf0/0xf0 [ 500.238171][T13515] ? security_mmap_addr+0x77/0xa0 [ 500.243242][T13515] ? get_unmapped_area+0x1e8/0x3c0 [ 500.248423][T13515] do_mmap+0x831/0xf60 [ 500.252568][T13515] do_shmat+0xeaf/0x1180 [ 500.256873][T13515] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 500.262756][T13515] __ia32_compat_sys_shmat+0xd2/0x160 [ 500.268199][T13515] ? __ia32_sys_shmat+0x160/0x160 [ 500.273413][T13515] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 500.280080][T13515] ? lockdep_hardirqs_on+0x7d/0x100 [ 500.285385][T13515] __do_fast_syscall_32+0x65/0xf0 [ 500.290477][T13515] do_fast_syscall_32+0x33/0x70 [ 500.295384][T13515] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 500.301800][T13515] RIP: 0023:0xf7f30579 [ 500.305932][T13515] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 500.325589][T13515] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 500.334060][T13515] RAX: ffffffffffffffda RBX: 0000000000000039 RCX: 00000000202f4000 [ 500.342262][T13515] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 500.350292][T13515] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 500.358320][T13515] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 500.366346][T13515] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 500.374387][T13515] [ 500.377437][T13512] CPU: 1 PID: 13512 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 500.387924][T13512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 500.398030][T13512] Call Trace: [ 500.401354][T13512] [ 500.404326][T13512] dump_stack_lvl+0x136/0x150 [ 500.409062][T13512] should_fail_ex+0x4a3/0x5b0 [ 500.413803][T13512] should_failslab+0x9/0x20 [ 500.418342][T13512] kmem_cache_alloc_bulk+0x68/0x860 [ 500.423587][T13512] ? kmem_cache_alloc+0x337/0x3b0 [ 500.428659][T13512] mas_alloc_nodes+0x276/0x8a0 [ 500.433479][T13512] mas_preallocate+0x1bb/0x360 [ 500.438282][T13512] mmap_region+0x85c/0x2690 [ 500.442839][T13512] ? do_munmap+0xf0/0xf0 [ 500.447138][T13512] ? security_mmap_addr+0x77/0xa0 [ 500.452204][T13512] ? get_unmapped_area+0x1e8/0x3c0 [ 500.457365][T13512] do_mmap+0x831/0xf60 [ 500.461517][T13512] do_shmat+0xeaf/0x1180 [ 500.465809][T13512] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 500.471661][T13512] __ia32_compat_sys_shmat+0xd2/0x160 [ 500.477073][T13512] ? __ia32_sys_shmat+0x160/0x160 [ 500.482138][T13512] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 500.488776][T13512] ? lockdep_hardirqs_on+0x7d/0x100 [ 500.494016][T13512] __do_fast_syscall_32+0x65/0xf0 [ 500.499073][T13512] do_fast_syscall_32+0x33/0x70 [ 500.503950][T13512] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 500.510334][T13512] RIP: 0023:0xf7f1c579 [ 500.514426][T13512] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 500.534204][T13512] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 500.542647][T13512] RAX: ffffffffffffffda RBX: 0000000000000047 RCX: 00000000202f4000 [ 500.550641][T13512] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 500.558634][T13512] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 500.566630][T13512] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 500.574625][T13512] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 500.582636][T13512] 19:28:04 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:04 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) (async) 19:28:04 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5007) 19:28:04 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:04 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 8) 19:28:04 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) [ 500.722207][T13530] FAULT_INJECTION: forcing a failure. [ 500.722207][T13530] name failslab, interval 1, probability 0, space 0, times 0 [ 500.785242][T13530] CPU: 1 PID: 13530 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 500.795771][T13530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 500.805889][T13530] Call Trace: [ 500.809210][T13530] [ 500.812196][T13530] dump_stack_lvl+0x136/0x150 [ 500.817033][T13530] should_fail_ex+0x4a3/0x5b0 [ 500.821792][T13530] should_failslab+0x9/0x20 [ 500.826369][T13530] kmem_cache_alloc+0x63/0x3b0 [ 500.831224][T13530] mas_alloc_nodes+0x402/0x8a0 [ 500.836082][T13530] mas_preallocate+0x1bb/0x360 [ 500.840921][T13530] __split_vma+0x1b7/0x810 [ 500.845444][T13530] ? expand_stack+0x20/0x20 [ 500.850061][T13530] do_vmi_align_munmap+0x34a/0xf60 [ 500.855269][T13530] ? __split_vma+0x810/0x810 [ 500.859955][T13530] ? mtree_range_walk+0x640/0x950 [ 500.865080][T13530] ? mas_walk+0x4cd/0x6e0 [ 500.869510][T13530] do_vmi_munmap+0x26e/0x2c0 [ 500.874204][T13530] mmap_region+0x1ee/0x2690 [ 500.878787][T13530] ? mas_find+0x85/0x200 [ 500.883132][T13530] ? validate_mm+0x1d4/0x290 [ 500.887792][T13530] ? do_munmap+0xf0/0xf0 [ 500.892114][T13530] ? security_mmap_addr+0x77/0xa0 [ 500.897240][T13530] ? get_unmapped_area+0x1e8/0x3c0 [ 500.902435][T13530] do_mmap+0x831/0xf60 [ 500.906599][T13530] do_shmat+0xeaf/0x1180 [ 500.910916][T13530] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 500.916799][T13530] __ia32_compat_sys_shmat+0xd2/0x160 [ 500.922255][T13530] ? __ia32_sys_shmat+0x160/0x160 [ 500.927350][T13530] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 500.934017][T13530] ? lockdep_hardirqs_on+0x7d/0x100 [ 500.939290][T13530] __do_fast_syscall_32+0x65/0xf0 [ 500.944378][T13530] do_fast_syscall_32+0x33/0x70 [ 500.949283][T13530] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 500.955696][T13530] RIP: 0023:0xf7f30579 [ 500.959816][T13530] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 500.979497][T13530] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 500.988237][T13530] RAX: ffffffffffffffda RBX: 000000000000003a RCX: 00000000202f4000 [ 500.996272][T13530] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 501.004300][T13530] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 501.012332][T13530] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 501.020363][T13530] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 501.028417][T13530] 19:28:04 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:04 executing program 4: statfs(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=""/72) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x114}, @l2cap_cid_signaling={{0x110}, [@l2cap_cmd_rej_unk={{0x1, 0xff, 0x2}, {0xff3e}}, @l2cap_create_chan_rsp={{0xd, 0x5, 0x8}, {0xe691, 0x0, 0x6, 0x2}}, @l2cap_conf_req={{0x4, 0x4, 0x29}, {0x400, 0x4, [@l2cap_conf_mtu={0x1, 0x2, 0x9c00}, @l2cap_conf_efs={0x6, 0x10, {0x9, 0x0, 0x1, 0x1, 0x1, 0x1f}}, @l2cap_conf_flushto={0x2, 0x2, 0x2}, @l2cap_conf_fcs={0x5, 0x1, 0x1}, @l2cap_conf_flushto={0x2, 0x2, 0x8}, @l2cap_conf_mtu={0x1, 0x2, 0x7}]}}, @l2cap_info_rsp={{0xb, 0x7, 0xc4}, {0x2, 0x47, "b0cb9b92f599dc403d5403c00cb0aeea308f2b14c9302ca944fa1b08e6d5b52de2d28856c27513b27330436dfa1372ce8fa126f7113102881f607ba2e8324cb97582a95c7e59fd713389ad9463043e932e16294950b9a608f8daff433d3d9599b43b53033e38f09d89ad4c6b7d813a2f41ba05ef71b1ec15ec6bd0a08eec82d3383d5364db119b512efc6cfb61b081c021c4d46b0f8061e1ebfa24b72f1421cfb1d50325941bf2aa6e440260d1d7093937f1b9e93c5d9875cf0c23e5f6a3ff1a"}}, @l2cap_create_chan_req={{0xc, 0x6a, 0x5}, {0x1, 0x0, 0x8}}]}}, 0x119) 19:28:04 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5008) 19:28:04 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:04 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 9) 19:28:04 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5002) 19:28:04 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x2, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:04 executing program 4: statfs(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=""/72) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x114}, @l2cap_cid_signaling={{0x110}, [@l2cap_cmd_rej_unk={{0x1, 0xff, 0x2}, {0xff3e}}, @l2cap_create_chan_rsp={{0xd, 0x5, 0x8}, {0xe691, 0x0, 0x6, 0x2}}, @l2cap_conf_req={{0x4, 0x4, 0x29}, {0x400, 0x4, [@l2cap_conf_mtu={0x1, 0x2, 0x9c00}, @l2cap_conf_efs={0x6, 0x10, {0x9, 0x0, 0x1, 0x1, 0x1, 0x1f}}, @l2cap_conf_flushto={0x2, 0x2, 0x2}, @l2cap_conf_fcs={0x5, 0x1, 0x1}, @l2cap_conf_flushto={0x2, 0x2, 0x8}, @l2cap_conf_mtu={0x1, 0x2, 0x7}]}}, @l2cap_info_rsp={{0xb, 0x7, 0xc4}, {0x2, 0x47, "b0cb9b92f599dc403d5403c00cb0aeea308f2b14c9302ca944fa1b08e6d5b52de2d28856c27513b27330436dfa1372ce8fa126f7113102881f607ba2e8324cb97582a95c7e59fd713389ad9463043e932e16294950b9a608f8daff433d3d9599b43b53033e38f09d89ad4c6b7d813a2f41ba05ef71b1ec15ec6bd0a08eec82d3383d5364db119b512efc6cfb61b081c021c4d46b0f8061e1ebfa24b72f1421cfb1d50325941bf2aa6e440260d1d7093937f1b9e93c5d9875cf0c23e5f6a3ff1a"}}, @l2cap_create_chan_req={{0xc, 0x6a, 0x5}, {0x1, 0x0, 0x8}}]}}, 0x119) [ 501.189665][T13544] FAULT_INJECTION: forcing a failure. [ 501.189665][T13544] name failslab, interval 1, probability 0, space 0, times 0 [ 501.263481][T13544] CPU: 0 PID: 13544 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 501.273997][T13544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 501.284200][T13544] Call Trace: [ 501.287535][T13544] [ 501.290529][T13544] dump_stack_lvl+0x136/0x150 [ 501.295280][T13544] should_fail_ex+0x4a3/0x5b0 [ 501.300045][T13544] should_failslab+0x9/0x20 [ 501.304618][T13544] kmem_cache_alloc_bulk+0x68/0x860 19:28:04 executing program 4: statfs(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=""/72) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x114}, @l2cap_cid_signaling={{0x110}, [@l2cap_cmd_rej_unk={{0x1, 0xff, 0x2}, {0xff3e}}, @l2cap_create_chan_rsp={{0xd, 0x5, 0x8}, {0xe691, 0x0, 0x6, 0x2}}, @l2cap_conf_req={{0x4, 0x4, 0x29}, {0x400, 0x4, [@l2cap_conf_mtu={0x1, 0x2, 0x9c00}, @l2cap_conf_efs={0x6, 0x10, {0x9, 0x0, 0x1, 0x1, 0x1, 0x1f}}, @l2cap_conf_flushto={0x2, 0x2, 0x2}, @l2cap_conf_fcs={0x5, 0x1, 0x1}, @l2cap_conf_flushto={0x2, 0x2, 0x8}, @l2cap_conf_mtu={0x1, 0x2, 0x7}]}}, @l2cap_info_rsp={{0xb, 0x7, 0xc4}, {0x2, 0x47, "b0cb9b92f599dc403d5403c00cb0aeea308f2b14c9302ca944fa1b08e6d5b52de2d28856c27513b27330436dfa1372ce8fa126f7113102881f607ba2e8324cb97582a95c7e59fd713389ad9463043e932e16294950b9a608f8daff433d3d9599b43b53033e38f09d89ad4c6b7d813a2f41ba05ef71b1ec15ec6bd0a08eec82d3383d5364db119b512efc6cfb61b081c021c4d46b0f8061e1ebfa24b72f1421cfb1d50325941bf2aa6e440260d1d7093937f1b9e93c5d9875cf0c23e5f6a3ff1a"}}, @l2cap_create_chan_req={{0xc, 0x6a, 0x5}, {0x1, 0x0, 0x8}}]}}, 0x119) [ 501.309909][T13544] ? kmem_cache_alloc+0x337/0x3b0 [ 501.315032][T13544] mas_alloc_nodes+0x276/0x8a0 [ 501.319894][T13544] mas_preallocate+0x1bb/0x360 [ 501.324737][T13544] __split_vma+0x1b7/0x810 [ 501.329252][T13544] ? expand_stack+0x20/0x20 [ 501.333861][T13544] do_vmi_align_munmap+0x34a/0xf60 [ 501.339083][T13544] ? __split_vma+0x810/0x810 [ 501.343780][T13544] ? mtree_range_walk+0x640/0x950 [ 501.348919][T13544] ? mas_walk+0x4cd/0x6e0 [ 501.353342][T13544] do_vmi_munmap+0x26e/0x2c0 [ 501.358023][T13544] mmap_region+0x1ee/0x2690 [ 501.362627][T13544] ? mas_find+0x85/0x200 [ 501.366962][T13544] ? validate_mm+0x1d4/0x290 [ 501.371643][T13544] ? do_munmap+0xf0/0xf0 [ 501.375981][T13544] ? security_mmap_addr+0x77/0xa0 [ 501.381082][T13544] ? get_unmapped_area+0x1e8/0x3c0 [ 501.386291][T13544] do_mmap+0x831/0xf60 [ 501.390458][T13544] do_shmat+0xeaf/0x1180 [ 501.394780][T13544] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 501.400671][T13544] __ia32_compat_sys_shmat+0xd2/0x160 [ 501.406134][T13544] ? __ia32_sys_shmat+0x160/0x160 19:28:05 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x9}, {0x2, [{0xc8, 0x5}, {0xc9, 0x9a7b}]}}}, 0xc) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_stack_internal={{0xfd, 0x8c}, {0xfffa, "7685bf594888d0c5aa1b55bf8c8824f964e007448d7f76fde82f5f390d9c20d9318ac28b70968bf5b17c55b0f4bfcaa01878692eb48db7b572d7a00535a51e8bc430c3715a829b0dc58b98f9002412efb927422a43a751bcda36f3b02c1c2bc39cb561b2242ca39ac55e507f50b568f6c8eeeb6cfcf3af19fe6a29703372048fb9f3513f23b0942d932e"}}}, 0x8f) write$6lowpan_enable(0xffffffffffffffff, &(0x7f00000001c0)='1', 0x1) [ 501.411263][T13544] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 501.418200][T13544] ? lockdep_hardirqs_on+0x7d/0x100 [ 501.423469][T13544] __do_fast_syscall_32+0x65/0xf0 [ 501.428558][T13544] do_fast_syscall_32+0x33/0x70 [ 501.434790][T13544] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 501.441210][T13544] RIP: 0023:0xf7f30579 19:28:05 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5009) [ 501.445354][T13544] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 501.465119][T13544] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 501.473601][T13544] RAX: ffffffffffffffda RBX: 000000000000003b RCX: 00000000202f4000 [ 501.481634][T13544] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 501.489662][T13544] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 501.497689][T13544] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 501.505716][T13544] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 19:28:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x3, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 501.513765][T13544] 19:28:05 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5002) 19:28:05 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x9}, {0x2, [{0xc8, 0x5}, {0xc9, 0x9a7b}]}}}, 0xc) (async, rerun: 32) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_stack_internal={{0xfd, 0x8c}, {0xfffa, "7685bf594888d0c5aa1b55bf8c8824f964e007448d7f76fde82f5f390d9c20d9318ac28b70968bf5b17c55b0f4bfcaa01878692eb48db7b572d7a00535a51e8bc430c3715a829b0dc58b98f9002412efb927422a43a751bcda36f3b02c1c2bc39cb561b2242ca39ac55e507f50b568f6c8eeeb6cfcf3af19fe6a29703372048fb9f3513f23b0942d932e"}}}, 0x8f) (rerun: 32) write$6lowpan_enable(0xffffffffffffffff, &(0x7f00000001c0)='1', 0x1) 19:28:05 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5003) 19:28:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x4, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:05 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 10) 19:28:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x5, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 501.766901][T13572] FAULT_INJECTION: forcing a failure. [ 501.766901][T13572] name failslab, interval 1, probability 0, space 0, times 0 [ 501.843179][T13572] CPU: 0 PID: 13572 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 501.853787][T13572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 501.863904][T13572] Call Trace: [ 501.867227][T13572] [ 501.870202][T13572] dump_stack_lvl+0x136/0x150 [ 501.874952][T13572] should_fail_ex+0x4a3/0x5b0 [ 501.879716][T13572] should_failslab+0x9/0x20 [ 501.884287][T13572] kmem_cache_alloc_bulk+0x68/0x860 19:28:05 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x9}, {0x2, [{0xc8, 0x5}, {0xc9, 0x9a7b}]}}}, 0xc) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x9}, {0x2, [{0xc8, 0x5}, {0xc9, 0x9a7b}]}}}, 0xc) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_stack_internal={{0xfd, 0x8c}, {0xfffa, "7685bf594888d0c5aa1b55bf8c8824f964e007448d7f76fde82f5f390d9c20d9318ac28b70968bf5b17c55b0f4bfcaa01878692eb48db7b572d7a00535a51e8bc430c3715a829b0dc58b98f9002412efb927422a43a751bcda36f3b02c1c2bc39cb561b2242ca39ac55e507f50b568f6c8eeeb6cfcf3af19fe6a29703372048fb9f3513f23b0942d932e"}}}, 0x8f) write$6lowpan_enable(0xffffffffffffffff, &(0x7f00000001c0)='1', 0x1) [ 501.889565][T13572] ? kmem_cache_alloc+0x337/0x3b0 [ 501.894690][T13572] mas_alloc_nodes+0x276/0x8a0 [ 501.899573][T13572] mas_preallocate+0x1bb/0x360 [ 501.904406][T13572] __split_vma+0x1b7/0x810 [ 501.908901][T13572] ? expand_stack+0x20/0x20 [ 501.913621][T13572] do_vmi_align_munmap+0x34a/0xf60 [ 501.918835][T13572] ? __split_vma+0x810/0x810 [ 501.923527][T13572] ? mtree_range_walk+0x640/0x950 [ 501.928657][T13572] ? mas_walk+0x4cd/0x6e0 [ 501.933083][T13572] do_vmi_munmap+0x26e/0x2c0 [ 501.937770][T13572] mmap_region+0x1ee/0x2690 19:28:05 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500a) [ 501.942364][T13572] ? mas_find+0x85/0x200 [ 501.946691][T13572] ? validate_mm+0x1d4/0x290 [ 501.951364][T13572] ? do_munmap+0xf0/0xf0 [ 501.955696][T13572] ? security_mmap_addr+0x77/0xa0 [ 501.960793][T13572] ? get_unmapped_area+0x1e8/0x3c0 [ 501.965999][T13572] do_mmap+0x831/0xf60 [ 501.970163][T13572] do_shmat+0xeaf/0x1180 [ 501.974487][T13572] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 501.980385][T13572] __ia32_compat_sys_shmat+0xd2/0x160 [ 501.985830][T13572] ? __ia32_sys_shmat+0x160/0x160 [ 501.990929][T13572] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 501.997607][T13572] ? lockdep_hardirqs_on+0x7d/0x100 [ 502.002888][T13572] __do_fast_syscall_32+0x65/0xf0 [ 502.008000][T13572] do_fast_syscall_32+0x33/0x70 [ 502.012918][T13572] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 502.019338][T13572] RIP: 0023:0xf7f30579 [ 502.023456][T13572] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 19:28:05 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5004) 19:28:05 executing program 4: r0 = openat$null(0xffffff9c, &(0x7f0000000000), 0x101800, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_POLL(r0, &(0x7f0000002080)={0x18, 0x0, r1, {0x3}}, 0x18) r4 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r4, 0x208200) write$FUSE_INIT(r4, &(0x7f00000061c0)={0x50, 0xfffffffffffffff5, r1, {0x7, 0x26, 0xffffffff, 0x2800006, 0x429, 0x800, 0x8, 0x7fff}}, 0x50) read$FUSE(r0, &(0x7f00000020c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000084c0)=0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000008700)={0x0, 0x0, 0x0}, &(0x7f0000008740)=0xc) r9 = getuid() setreuid(0x0, r9) statx(r4, &(0x7f00000089c0)='./bus\x00', 0x2000, 0x40, &(0x7f0000008a00)={0x0, 0x0, 0x0, 0x0, 0x0}) r11 = getgid() r12 = getuid() setreuid(0x0, r12) syz_fuse_handle_req(r4, &(0x7f0000006340)="a4e9cd048bd88bd426e71e7bb00453f459ed8a88f7ca62f46acef5a30d6f025575fd9141f1ea15ec06125a034b8b50f193a3a99cfedb7e5d45aa7fc99d40c485c0b3ce7e8a9827c063265409777cf05fa0829cd63273cbf10eaecdefd7dd71474d76ade690ef8d42bcc7b7085e7deeba5b0d7ab0b3bc5af9d472d2ebc072d5bebb1e3f411bba821d11757b313936906788dd65a7abcb6474df9d30830ad6b47a993092fb1399e9128263ffb6b87637047f4a7ef9dde0a7a9743efcbc3c9317933bb5212434e6479fca1fa8a9357198b9bc3e7cc473eb7b546e529ff2b4a19c24e26d5f1d678da2a5fafc83e75f6c439191f303eb0951d6d902abbf9a89385a429db8443b31a2fbe050d763027536ddee14bdf3ed939455bfac3784a41c1fe805b5ad24f2ce660e1473096ab2b7e695cacd6d876b608e0669bbb885e9f38219e25a6e5ca11fe2644ea8fab539fd3cf2f89dd0e30e128b763b9f438a1ad3258834004e9d0119e6b29e23f15ffcb431d38a8d12a1e9a4bc0b461031d0611cfdd208be8725a4a3c45e9039e0c196b370795d5f24db6dd8475f2d5c045eeff6977d78ede4d9f38c562133aea5b4b4774078032743b3d443af785e997d03b855369ff21a37c99f82d1bc9d081d1a48afaaa007aa77b49a7a92eea3a66f7d803f87a1c27b320aa9049485a0497082295095d3678dd98bb99d9d4cc203df7629eb220592b3901a79d6a19ef617c1c19ce769f24739b313acd0494e741bd6b714fd8c4f3bb8d4210d762ed4bfdaadaa74ecdf491d2275a2c8ef62b736ffa189894111a303288b387de4fbc28be77405a6e0c539fa0cd0083dc80c7664dfd8a99ef63a3197e26bd46ee69d5f9c23bdbe3b1f2619e2218ad695cb7cda1d6d18946c6bb68649871e5492d4baa812586b351ced6cef66ac672423802222a43ab8aa5fd777f639102da266050007c253b10dd66ce6f61dfb89bb0b6657482fe27b958c92e887c679d42944c4d1f235265185623643f0fb0095e87c5cdccb910fdb08daba84695b25eab8cf54fcb0ff1922a1b7b6cfee299fe1dab6756808643d7af48dff040f6d9820d49e5286b0cf2602952e9f232785dc3189f7597e4b1235147dfd30fefc2efd5bd8489218e91894c47fed8695450c7a349895f9f18242117a9f5e1588042c8b819309559108b1338388e9f685a334f72b7641cfbad4c436a60e8fdf3a07d7b2500b39dfc4edc63b42db1ed4d3294555d65867033c5c0cd3a761da5b072ccf8f467da5fbda904d26d7cb4c53008054b60f8ab421da2364cade54299f064e49d408094305e471ca9ef0f2a89bca6f940af43bb4f17b3ba605decbe0fbf41af66b988bd4f118f56b20417749bd667214d91bbdcd00cf170367f7b2a260084caf82253a8b40ba6d0471d172bc4b34e2c87f00589116b3290d037811984e3448db0e78d4660c969cb609f22e6bce780736b04cf4184ecbe44a4c2abbeb653e1541bda5d10cc9161b5430505d2ca7d005a7a5b1f552db80bb8f881144be742757c13e84de9d297e92ccb394a3eff3e9f09205173a31a7a2540b90a9ac740cfc1856c411a44de36db1ec85f843f6f8d182418ac6fddb832d39089cf357d8aa230fe11976e3ce95d7fc37b97d1c4ebaa4254e45310f6c07b2108feeb0610d5ef604a8e0ee8d6eb0e3650ad8cf8534eed9005b19dc45d1507c4950a3478ee8e3cc6152ffde62225251185f64c319ea0715d63c81422e5751cb356283b5aee3ff44affa332eae9188a9e2706e9d139f0e4f6ff917a648baae625fa8bc1c304a33416df3f521675e911e767cbe114e7d7f44514365c9843bbe54c67e319f7ec054553f810ad990b9e940000b9bd28cf12f563916d6a5222de995a72a30392b18b1102b2b915e81494e8b80d5b22ac8fb8e6350f7a2183a540631e3d046a722a2f3035788b2dab68db758727a0e26d84b983381f5884e09fecb2e80e60003f573f5f500809c630e8ff36c46cdcd1ce0dd6df0308916b20cdcc0181a0db158dc32d6bfd1b1d0d93b64fe0f644312779a5893012afbd456305c2984a89cb1e75f646ff6b0b2ac241625953d4285927e6563bc0c12b7285846665faf5dec06c69e74f233e46683fee72931e2195c3a4e0101e37f99660abee2cf6bac0dac4ec2c6b2a55d98430120e94d9f1f2dfd98aec4cc14a3d678e731d658dacdc57b5b89f249729a3bbddcf19e7553b3bfe6c0a9e83c27c76a199cc8a79189004468024d74ecfa7c05bc3b113162e8569a19fba3f5764c94d9ab2ceaf098fd7898844dc4c2162fd63f5f70777f47eba2e7edc37513f01bfb3907d5a7f204599ca2bea5c9123d8aae753f9b5a5ad314e682b1365d2f9d44fb9ca63292b5e910affccfde11da5404c5b16e0ef54f355b53e5cea25548d01cc752d7c80b0ae307531bf5edbeeca654ab58ef0c79a314cada712e94f4de5835f2383b78a9009953ce46df78ea561087cced2c2e0b27db3e5be7166a2314581918822a97926befdc4271080d9b5c5ff8e7277955982c92b3d1b6e67cd3f6b58ca5b9b22046f23ac9e96fd0442697a89976f5d6564a5428a9f22c293f7574f95f49d7bcff0a48f0418916439b6e8ce781d6c29e474a592f3a6b70b20515ec833c69751d6383cbdfc547fe56362ced29b8ba87cecd934881b773f457959b42415b801aa529f4b23d9bb121198c423667465a7c44e16561dc455aa73d9131bb4194c4c44ce4bd884368bc10b3eb6175e1ae70262e05b4dc04759184aef9a70d68b755bc5487494a56663e232b76c4f73cd3735004b27e99c13b79ce2a1bc50a85d9d6a1e13e15776e424bc172318a68d34d3672d59f8739f405999b13fb58c7c401b75504de3ae8e8f45868986f4656eb17ebc95303d3f76afe40858480a8f3ef6123e2fbd086f556175b6d68cedb3766ab3d5865d6366c87770c6e024faa8a54b4ab2d1e2e9cb0b3d807de33efddea672d43af5abae7347ad25ae651929d7070671a3ccc5c291ac5db4818bf74cbc891e1d4ad763e4dd16bfef2449605fbf801cd8e326f00a3ec224e7cef50e187e5b4db963ef696c76a06f15b98e1c3747f5d2fb173190c88f7eadc89c2a98a051eb6be9a80ff5d1520719a02d50c56e0d8c175871b5218f54cd97c0e15d272bcbe3c3ff6b42ccb069035f84e2be6a089b412370d7b25aca583f25edd3873f42d0394334f153c3c98e88c55c5fdf8cf6127adcfe9dca56755714aa301687a25d6adcb89b32563f92e6f443bd9260bedb81672b269c2915e0db6febd1a3573436d4e489aba12ef74739ac0318889025cac346d58e378d00fd6cfbf56beebe7eca5ba1120a2d75b295578ef0ebf1e48570336047fb06e47ec26d610bc4463f4edeefc68588f94926489bbcd96922e94926b8054369a87cdbd30879b546dc389bd9da39177c36488ba54cc95147ba52ec5558144feb2533d01deb7ab90079f344f505c0033f14fba6366b832564d3cc8bf76885b1f33b7e38329f4e5b898590c38430a907bfd56e8e66076034d7165ab6eb5fe19bd599cdd217e442ce71967b728d7f1fb6db4515c8b0e81c84c061bc9a5af6f9758f89bf9fac4dc51496678e85a4542d61df517e1594359e6db28af6221333e65204507adad4384d5825e049ccfe5f5e9e6026e7510f8cff2788b4451384ef2281e3b9c5005ece2dd0bf2faba8cc58081a3cbb8185848cbd559f1d2e740b36abbc876a6b695123d6c4777578e8eadee4def4903711be390d55142c9e39ce1dd5e8b3b8a641859dfd32904fbfd70cad22c928e005d042ab8ffa7c36f123347f2573ca4e193256b08a49df3ae940cafbdaf88ad0d0d2535598a06765932d1c0c0c31b70bdace47e2b947a6e0cb19387086a30cdaaf6305494f2d8fd2f5f073144d81fae6d568cd282c57f3cc246335369daaffb5032a58b8435887ffa2b2ca73420ace0cd5ee582f85d520fb0a5cfc4662e31d9f7f80e1a3577531e72cec93207b75d39482fd6a61dd6f5f0fa221edf6f7e5cd572d3b43d797d23ae45a52684f82df662271b1a93ea2ecfb1fe397f3ce325773378d8e9ed7938a209ebca1bb4724f6a8071206dc9926fd6c16cf8bded7ff36eeedaa0e5045778456e824546a520a0b7b2db627fd1e24def87b50c50ea2978189e2affd8b219105bb20757a9a4372b100b5f0f34d3e90ebd93aa5cb8ee5813f914000be99d5a1663bb3b059842b43d5ff6f5f933fb4615ce696b4620ce281952b0032235a04cc227a9039e1c14dc3e04b79a6826b8efe8609b87edfdaac3bc9b843627ab58689640256b879cb598688d033951115c36143d28b34a7b88a86812fc9b31c49eb44faa8ed76f1c581f8562e9bc7b210300ee10ad2bab12d4c383b5b4222e8f4daa6a485b9c68d71df92dd7f8b29351f86a60968b666d7d187f65e148beb2299b5b3734eb7ba3e8efd43b1d122c729dc63fc29e1bf245105e8a90458261ca63c7b06d9886248d2bfc539f39769b87e46adad9d74a0b512b3b8e07a32627eb5a4ec45bd834d9ee5b421347b4b5ef2fecbb8f2502566d941d2a26dbf6c923b758ffa842008f7bea1022a92189a0ca951e260aa28dbb4acab28690a386636810ddc4d09757974c0727fe2cb454dd141b7c147375c722a67369ef416fcd04149f93dfb797acd0aeba35ef0100617d175c93b3fd0589efba77375a6421159a105e876ae63c8b965a840a3c4cc4d8d0a880b0ef322fbeb73f6bf724c24f530cdfedcfb5f6d8ec400d32dd57ace331220bae0111132aa70aa1cfbc41f7a928272a571ed52df3df91b69215b1382b46afa6a43522f9ae46e4904a684e1d0615150a3b8dd33e93e111eabb781816e8c98db13871809da55e93a9436d9a7baf74ab494fc55de7fe881cf031d623688569ca42417e457c940dd76d582a3e688a7a2d8dd91d66f3322fee2189488f7a905b67e99081eb6f7f046c8739d88f15180f6441b09a759f4f1010019070d327485662c6e7e2c011c01f0da49df2507745527fddecce9524cf28ce7a5018a11a517a2d1449727ced742a562c66a88e03fb14618900f9edca60c1c5f452b9eb97c4180b94445acd7fb5a5f6dc7b5233559f74dbf2dd20fcb25ad8c1565c80d463c606ee7506a5bf9e5674732e0adca0134867684ab6076aa8544f13913e8454a984ac62793cb455ea6b1b92db321bbd194b28e1e06a42e971a33c1d54aca287d47fefd1902c3e8dc14e400cbcfc903b9ccb9cecbc41861bebe500fafc806067c752a8273f9b4830be7e8aee8a6d4955894acd277d6cddda7cb17f887b5648ff79869ca79f2b9f5c28914e213332e7d31fbf13bd324c573159070528fab2362c2e4f8faaeb251a754f779a1c622cccffdaca6e7d4d2036a61beaf5f8fbffdf05972cfa41afcaa75ebb27269662977a3e7c111b9de56d491bbfed04a5413c8952af8c9cdff7a727038f581b0b90a7d8498f1e27801b71092a64d74cf2fe037a7fe7aa7d88f76ef19471797c7e35bf4bc14331cb1b8d08e55d564a26232e63fadea074c67ec4dd6a04703243098ac998e876bf1fbdc100a69b9275017517e66e6881f21bd061905a74182f5a7c884bd164d6288ccfbf60e23465ae8e4d3e9a533c1ecdeda79abe539a4593efa2cab8c25710f07ad37f5e7176239d0f41819f1f8281cff973cbb28ed688c3950fd2e3a565058e9ca7e22cfeddef09a338ddac4afebce94dc4f6a3cdf5d7b79aae6c684db1dca3fad9fab1830174d7938a4d385035844394b1bfcc66b23a28c16250263d48901259881acc309b91ea15481fab27f5cfd879042e6658b89ac35a8bde1acb9e6bbff0dd8f921dc753a0681c9c007bff91e580ed68fd321aeb83e5f18ff053f1c53a295a75c50416649a47f7cf4d606613bd5ee065ff85d3d181a15389d6f2fddab4d64f7fbecb346531f8385b44b530ad8ecab3021bcd2650386bdef06a19c408f6cd0dad828d0ccff1f1b0d80820342bdd1602d66520808bda21bc581b3a67858636385ea228fbee94a681e14e0d6cdcbc53f40f33b45be13e30eb739d5c38cda9b1dade0d9c0079c5e1eabc746b7ae5f5602cd421b9bf2c301660356de8e6c959d50a067cbeb9dbd7b2962fcccf150484cb3a7443e1417ffec61df8978ed980526b121d9ca6e264b9b03db99825b7ce2db9f9b3ba29582cdf0c497a077f46b4e296ab518697b1c0a0ec543e1446faeefa6adc03a9076c3eedbcca4969ff55ca0063ce0e9ea44e04e07ce0f06ff6eb1ec07bd9241c23c03d8a30aa8f4a8cdd772e5b434dae1b44c1d526e2901229a28a7694cef7a6c25b8c813d89e0348e444fd50ee6250b4632fe9d2a6ae16aea016e857ec57c9f17ff854c70267024ca6366f7f9a30abcc377cbb2fd4f2052f9dadc4b04fa16c8a7982e329e314a7a37832cfc7914f5b5cf46d0e3b347d1e106de2ae979136b3882b530d4416a368ed941a271c4208db6561f6eba7e55fa88a906b4b70170c85917044dcb7a7d4ff224e0067f574a99e6b904df8f3f48bd171a10a97ac537c4ab722fa6fac983215ffe2a466ad49c26b1981962d017e9f5c4063c3002a78c4f1f7b6f695a4e58bd8bc5239ee9d4648e86ab7b44d2780a03999f84995eb1229a7451de76c643cc072eb787fd774996a555b7b5ab53d35056b63f5bb6f03389aaa567b5081b6105fd5cb194617a542360146d15fbf49eda8a5c341f29d0c376e3572531b6e38eba5b355caf3b98dff38a81b57b99cd433f74d18ade21c4d85ea38f8f94f86c058626124fd48fb29a84b9e1fd0cca266bf97600aae512f7af7c30c2dc1f7e3cc1a4b2eba60ed4f8f62796f84451a621851a7256c3051fb8739a86ae36e1f98f77d67034ef2f8deaef5f13f0540698f44c5bcc5c5e019c5973667e4d419a420f7ab2e61a4fe8b95b54a44561acecf487e486f88cd9e31fa797a8bde071c44979304d56ddabcf95050cad090ed957461cf17e258ca0caa7692348a86fc72b7a0bf071a291731fd60471cfbe4157b5982704fc652ce586b4b771fc51cfaee494b79c4d58d5fdf43e4c9c840f42572756f5709f1a44569f8fcb5757cd6780ab03b8bfe7448ab1fe208c9ed11587a52a1232c47e2a51217a70b6710410ae41f306ca78d28900ae010c7c08250cbed4506a1f4f95994fb5d94b2380922a7b3c898e07af4c2d0444faba20ddd58776f5dbbda9a6a30e9cec149353bd73c6adf8ca9d1648f63e3dba29fd185c7e5649250293f6df98286a0fcb7a92e50628ba888339362597d504e08afd166e681c4d93127ef6574c94edf87ad1336ec0dcc716dcc136f11a14d2cd7b55e4c8255e14ffdf7fc7ce2ad500e460879675d40620122622c1994070496ca649ffb4bc2f6174a6bab954ad88bda11c999c3b367a3170fdaf62ab255b64572cf0895397aeeae810b4aca192125e112df6e5d9eba48bb1c082a54e2d2be067f5886330e5dd79e3c47e7cc2c381e30e4a5dd2af394666661cf155ffcbade2d91ff2b94d175ac863ed46d91ace89c85c65f23f06b2cb7474dd6bcc244df14be416549f47e0a69890387e2ce239a861246eca7d97c02caca8abbe4b6402d86b4c27ad734748f47b289198e155bcc7c91bdbedd576000ee6de1d6e997d06aa783e9e7e15169ee725c752a9a5309c9780e9f281ad929e2bf96c124f3f9a09383afbcd73c85b04b92119bcfd47506470d7d7ed34c97f4ed395f6f96ff79e3e5ec530714a77f688c55b27ab1a6e1d659dce4b0900bc66320a71fcb6b6356c3ac7d8a55b77ee408097261e658494e8a3b1354877d38831117820af328ae4f9f86fbe2ea7320292e2fa7de2f8dc732373bacbaa0e5facacd855a5a45dd06eed6555f403e54fcea16e7a9d1cfe44f55265f892688dd663b69fe608acf8a4e32673a386bd9ab18ec415f4229bcbd2db6b3e9148eb73e2acf61548264494f13e1426c35a5f45fb694fad48d2d7badd83ca8e54f9e5bcde1f7857f7366f2e5b10b4dfbd76ca2858f6fb83bfe236493dbe2f17565f5289c1ffa7401a24af555a59f15ea0dc7aa3135e821a1420d42abcf6e2a9a6244f8f21303b21b1b1ecb7d3453d8fa12a01d4069147d698f99889f04f8fc6a86e91aa03307d1e434ede60e14006f36a7e5948206e25827f9e837aac0d820027c053778fe6af1d48ad03df9b76aefd757fb19d5c9cad902578002ff9580fcff8541eb53da8d799030ca304b976b393bd2772f30d1369db3ac94b5f16241b7622f7119d818a041c9feb9bcb61f01baec950bf59162afa6489cf1961a4467539d1b5b3b37f8b7a68a1a6e31d702009961ef83e74d71392d48e2bebc210b401950ad2a5bd17aaa29513aeefc910dd4f77702d18d7752c36d21f5b23b50876de3da819dbbc685ea8c6f734bfa215610b20633a76a62809df4ed9aa5d2e823d939ac0c54a4521ab1fafc7bdcb937520f8bb14f24cfd026879309dda43849928020458bd06eeaa7d9155bc761706236d553a3fe70c10c019cf64440aa1880512dc9d735370dbf5b30c507cecb1d3ba4717ba3b238ec640eaeb683e626a0027ecda1fd54d6ce666dbea81261b716f2698966e9429c5682c33319cf52bb8be73d6dc5162083073af7345734c36800194835ee34fc852898bc20b9c43be5020604a93cce411c892e1483c73853801a3469d3ee5f7005ce6b6126e74e5839ebf919393c362c8079d2183ece8793389bb30fe19568a0eb7f48bb8181c332fad34bf6342470ad9baef3a2ccb1ddacc53c8992ee982c365b48d4b2c739de993ff917e80a09c694fae59531f1e28741d3f4e6c966457f5200a46ae705868829e77a91640af4cb5faae2a1c7abf71660c099e944d07bf7a23e55ee4a5005138f3bf54c55285ab9a9170ce0f685ae989f460fbe1f7707d7aeef7843a78cd217050166dca9df0bdde8bb2aff77c0c9d1a2a1a3d46647b7c4ad6227277adb2837abea561bfb65f3fdc26d3c999a95274ead48b9afe79c946cfbc5051e1d5f6c412d0b12c0f168386a3a23fe26f3adf5449469dec960e47094b95af252f8fd962eb8567fbfb556c373a15b59a8f8eac718189885736452750ead5bc15b08a5f26b1c5929fe04b753b4d9cab397f90d5b808cffb0f24da120b98c932d019359155ecf32df80e0f68bb3777193418c5951443ccb16fb28817bf95a7c3856ce5f3ad5460df50026e2c6e299add21f050066c177168888665b72079cdd22457524cdecc89c21114728ab0d856e04dbc8d6cf885f796d5b6d173e8e6113799d7efb63394e622e23975923042c43318305a2895de3ce48c8ec25805af2b88b51770aca9775daeb3664869d43950c5ccf009036ffa91c5c8cf14f19e26e83694e3680e967f8c5c90acda173d9a40984605ee2573b0c3a36b7426d0bfaa31697fcc5ba31db7b446c5d8702e1d57b87b15011a11ff7e5cf58e9392c30160007ee2cec02ba29c3947fb2e12968a581b486c89f5feac5d31c727233f2ec404a02536fb8a2c187658ef5b59b7a7f61d615c141955a9168ded9673954df45fbb945dcf4686397b98e18c4202454b7a889d44e50959cd6ce0dd1c104e1cc5b77ce18e68da096d3a9bc5a527ebc9adc2f934bd0d51226f26ab20525b40fef54e158ce32b7a302a558c84891555566edc37946a8bb8f6172b51d3348f799dcc87504c0ae18988c2aa3456e6facc3d0f0d005e55a42fd7e212b680fb43006e07e4f71eafaa71f15a3b62b9e58b1b54c08b2f96b746fc3e52978ae0873e881c58912c91c5d2bed20f96c4c7306d0964e4af4a5ce160fbd9f8bd48d1f18d2a54ec78f3792bf3c3b39d8cbe23beb445f2d19f2734c9188b2035167628d34575f7586646a96c2a4180b9107c0f5ed63ea7c5d26743829571dadf765e1444856aa0c1f38ccc868ba4f2b7949cf5e991c802842e75712eed5ef3f8bb042039c2872a96364f44b2f46f68807f31737dfc5cc4571353281a0df8afc2750997d4c902fed4468b2b04d743e2775c19d818606aa8b92cc62ec0fbf00f456e223df33c9d6d160384fb1ad770aba46b8b312437fea60cf5212d6dfb3290f4d91b9cde6d60845d89dbd283adf77cb6ae9c789110b68b1ee03ad86c6b37dde9df33f98e9c5c8e3da69c67308f35b372e67eadc3c1b31a4d9a5660aaf52ce667edd3a853be30626a94dad211f9d1a8826f1bf68458d5932826c9b9451bfdc722971d84ec8ec93690f7885ec8ad809ab7b5a2d3b97f208c35f2a6deef711867f36ad3207bd3fd0f666f04d0c34ff015f7962aa5da1df698be18ac07e287a5b5f236f192847c238c03e52ef353fcad899695f44b1b67d51eb4ef5198b13bea6e14ddb1f89ba03b8b885bb4795e159824c739cef9f22d81a9f4f2a7e83f1d2cecf9054ab04caeae5f0875c123fe07812a8add4fae80f681e8e79fa1c9e023303e188548a8417253c35e89d7b09647059fca909fc1c4ca360d4656bd99dfd5cf66a361cfefd4d20fabda336d1d03e69c62337664bc0ee4f3ca6b743a07f2e8854cdec3bab33c3d5e7fa19ee66141347def919b43baa31ffc40706af2307641d0b3bb39f0173a85c6dd7820457863b70c57028551030f07e389c1c08e3fa4c5ebd33142952912419c781e61846bb1ae4427fdb731048e8438e1bfb0cce531bf28e8d33f671c320471e311b191d7fba63b4341b059b046c96ff52b2b19f80bdf1de39f0cbdc891905f2e84fb98bdc3f2bca37f91ed10cfd947015df09f360ed0ef779b264d127f5dce429d80be2d74e310e48095fb334115b0328e7de6ef105dfb7ae58ffd88710820181e37e453be508cb0bd4af8c5a49d37abd7b1b1f1be8ef7c715d427738ac6c80b53d282c27022b747c3bd39e7503f7ac9d8a0622e19f4f6e1d055b357f9ab5209cef07054de63942ab86af4deea3ae36a75c3cb535d74c472c9ac38222803a459c94b3d76dd6dbd866258b18227f011e4bdb3f8b1e49a95f637357fe09f6b96202f5e27bfced9785db9b0ef58eac65bea1275c12e60de95ac15d16085c3bfe6a2759983dede0268ab58ee36ec7408989a09da6ad7f3f86d5eda5f35463e10ff00edb389e2a58c79d59841e07648b11d94212bda882fdb59af0e53b168e3cce9ad7062c06386ffe6e70ec5cb283075f68c5b4988a1b51999021a71277fb065a1b318bd713aecbee6910fdada19f04626d4076fd0958fa8bea18e6e439466e028bf078b2b100757b3be00e3cd1aa10c70bdfdfbbac2e09d0fb04d0d6d8695fe9e823e99c461369b1e81be1f04344d7b943aa86fb950780fa1adaf011235513dfe41f44c73629b62148f02686efced5f11eab086e51c4badd460e831478654379bec182bd1fc9880fdc86c9bf28dc5923601956a651aa75426572174632c954946fc88f8d60362decd2648598c03a5bfff560d68cafa1fafb623e4490571723be510ba4e53ce8e005070e42c62444e2299c0c07cf22ea7915fab182d6bf3b8e42a3bf6a5968b3774035767405740ec1baea85e3d47f123afe8b92775e2fe2ca159073eed218447f15ddab374226e49205bccdf31b57d190aa1859ecda26caa4f74abcfa02d93874b4c3d327b7f12", 0x2000, &(0x7f0000008d80)={&(0x7f0000008340)={0x50, 0x0, 0xffff, {0x7, 0x26, 0x7, 0x22000, 0xfff7, 0x8001, 0x1ff, 0xdc}}, &(0x7f00000083c0)={0x18, 0x0, 0x9, {0x7f}}, &(0x7f0000008400)={0x18, 0x0, 0x979, {0x6}}, &(0x7f0000008440)={0x18, 0xfffffffffffffffe, 0x6, {0x6}}, &(0x7f0000008480)={0x18, 0x0, 0x5, {0x1}}, &(0x7f0000008500)={0x28, 0xfffffffffffffffe, 0x3, {{0x3, 0x9, 0x2, r7}}}, &(0x7f0000008540)={0x60, 0x0, 0x5, {{0x5, 0x6, 0x80000001, 0x9, 0x1d, 0xffffffee, 0x6, 0x100}}}, &(0x7f00000085c0)={0x18, 0x0, 0x7, {0xee}}, &(0x7f0000008600)={0x11, 0xfffffffffffffffe, 0x20000000, {'\x00'}}, &(0x7f0000008640)={0x20, 0x0, 0x3f138412, {0x0, 0x23}}, &(0x7f0000008680)={0x78, 0x0, 0x8000, {0x3, 0x45, 0x0, {0x4, 0x3b59, 0x8, 0x4, 0x6, 0x8, 0x5, 0x4, 0xfffffffa, 0x1000, 0x38, r2, r3, 0x7f, 0xf4}}}, &(0x7f0000008780)={0x90, 0x0, 0xdfd, {0x0, 0x2, 0xfffffffffffffc01, 0x0, 0x8000, 0x7, {0x4, 0x5, 0x2655, 0xe01, 0x5051, 0xa0, 0x7ff, 0x1, 0x9, 0x4000, 0x3f, r6, r8, 0x5, 0x9}}}, &(0x7f0000008840)=ANY=[@ANYBLOB="480100000000000004000000000000000300000000000000000000000000000001000000ff0300002f000000000000000400000000000000000800000000000000000000ff000000040000000000050000000080ffffffff08000000a2c3226a6e6c38303231310006000000000000000600f82738657c23a2830000090000002d3a2a3d282e00000300000000000000ffffff7f000000000300000001040000214040000000000004000000000000000400000000000000020000001f00000026660000000000000300000000000000000001000000000008000000010000000200000000000000350200000000000002000000ed0700007b2f000000000000040000000000000082820000000000000600000000000000776c616e3000000001000000000000000500000000000000010000000100"/320], &(0x7f0000008e00)=ANY=[@ANYBLOB="48010000daffffff000000000000000004000000000000000200000000000000050000000000000004000000000000000500000003000000010000000000000005000000000000000010000000000000010000000000000066ffffffffffffff000000000000000000000000ff070000536d000000a0000020000000", @ANYRES32=r9, @ANYRES32=r3, @ANYBLOB="020000000000000000000000040000000000000051010000000000000000000001000000030000000000000002000000000000006200000000000000c0010000000000000900000003000000000000000000000006000000000000000300000000000000ff010000000000000003000000000000010000000000000002000000e91400001f000000807fe5003f000000f8a1134a8593fe454dd508618efdf0f9b4896818b1cf166bacf184e49e41a4c3facea4060a327218381d0dd38b381a25b699212775aa003498000e4135e0095d786ad2522718d8e620c65eb2cf0e502a033a7bc7cb1e3a711f689394a750743efb1dda105732026bf48367291f31766d1d86494dcb912693f1df8b4b3bba2c37d3d4f9886cc1bdd4b06540bfa83d25019a58bfbe0e74f29b3e54b92d73ebb3c8dc228cecf9967a7d02627f861f2a6b8e2b02d6ecde6c8113e2653e43839dbeb4981b52c772f93d67f0a3fdbf86c4e84d20287c4aa31cfc0995356c0ea5fe9630cb496df5c441a5", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="010000000500000000000000010000000000000001000000000000000600000081000000776c616e30000000"], &(0x7f0000008c80)={0xa0, 0x0, 0x3e1, {{0x5, 0x0, 0x800, 0x5063, 0xfff, 0x0, {0x1, 0x8, 0x8001, 0x37e, 0x3, 0x401, 0xd8, 0x5, 0x9a6d, 0x1000, 0x8000, r12, r3, 0xfff, 0x9}}, {0x0, 0x6}}}, &(0x7f0000008d40)={0x20, 0x0, 0x5, {0x3, 0x4, 0x0, 0x400}}}) write$FUSE_INIT(r0, &(0x7f0000004100)={0x50, 0x0, r5, {0x7, 0x26, 0x1f, 0x1004040, 0x7, 0x0, 0xd6, 0x6}}, 0x50) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r15 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r15, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) connect$tipc(r0, &(0x7f0000008dc0)=@name={0x1e, 0x2, 0x0, {{0x41, 0x3}, 0x1}}, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000006300)=ANY=[@ANYBLOB="935127eb2d20000000ac595e", @ANYRES16=r14, @ANYBLOB="c32200000000000000008900000008000300", @ANYRES32=r16, @ANYBLOB="04001d80"], 0x20}}, 0x0) getsockopt$bt_hci(r13, 0x0, 0x1, &(0x7f0000006240)=""/72, &(0x7f00000062c0)=0x48) read$FUSE(r4, &(0x7f0000004180)={0x2020}, 0x2020) [ 502.043135][T13572] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 502.051622][T13572] RAX: ffffffffffffffda RBX: 000000000000003c RCX: 00000000202f4000 [ 502.059658][T13572] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 502.067685][T13572] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 502.075719][T13572] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 502.083757][T13572] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 502.091804][T13572] 19:28:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x6, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:05 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 11) [ 502.280815][T13590] FAULT_INJECTION: forcing a failure. [ 502.280815][T13590] name failslab, interval 1, probability 0, space 0, times 0 [ 502.323502][T13590] CPU: 1 PID: 13590 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 502.334033][T13590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 502.344131][T13590] Call Trace: [ 502.347439][T13590] [ 502.350400][T13590] dump_stack_lvl+0x136/0x150 [ 502.355122][T13590] should_fail_ex+0x4a3/0x5b0 [ 502.359844][T13590] should_failslab+0x9/0x20 [ 502.364407][T13590] kmem_cache_alloc+0x63/0x3b0 [ 502.369227][T13590] vm_area_alloc+0x20/0x100 [ 502.373780][T13590] mmap_region+0x403/0x2690 [ 502.378339][T13590] ? validate_mm+0x1d4/0x290 [ 502.383084][T13590] ? do_munmap+0xf0/0xf0 [ 502.387514][T13590] ? security_mmap_addr+0x77/0xa0 [ 502.392639][T13590] ? get_unmapped_area+0x1e8/0x3c0 [ 502.397998][T13590] do_mmap+0x831/0xf60 [ 502.402140][T13590] do_shmat+0xeaf/0x1180 [ 502.406540][T13590] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 502.412402][T13590] __ia32_compat_sys_shmat+0xd2/0x160 [ 502.417996][T13590] ? __ia32_sys_shmat+0x160/0x160 [ 502.423063][T13590] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 502.429715][T13590] ? lockdep_hardirqs_on+0x7d/0x100 [ 502.434975][T13590] __do_fast_syscall_32+0x65/0xf0 [ 502.440037][T13590] do_fast_syscall_32+0x33/0x70 [ 502.444950][T13590] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 502.451345][T13590] RIP: 0023:0xf7f30579 [ 502.455446][T13590] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 502.475088][T13590] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 502.483538][T13590] RAX: ffffffffffffffda RBX: 000000000000003d RCX: 00000000202f4000 [ 502.491556][T13590] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 502.499572][T13590] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 502.507605][T13590] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 502.515623][T13590] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 19:28:06 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5003) 19:28:06 executing program 4: r0 = openat$null(0xffffff9c, &(0x7f0000000000), 0x101800, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_POLL(r0, &(0x7f0000002080)={0x18, 0x0, r1, {0x3}}, 0x18) r4 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r4, 0x208200) (async) write$FUSE_INIT(r4, &(0x7f00000061c0)={0x50, 0xfffffffffffffff5, r1, {0x7, 0x26, 0xffffffff, 0x2800006, 0x429, 0x800, 0x8, 0x7fff}}, 0x50) (async) read$FUSE(r0, &(0x7f00000020c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) (async) ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000084c0)=0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000008700)={0x0, 0x0, 0x0}, &(0x7f0000008740)=0xc) (async) r9 = getuid() setreuid(0x0, r9) statx(r4, &(0x7f00000089c0)='./bus\x00', 0x2000, 0x40, &(0x7f0000008a00)={0x0, 0x0, 0x0, 0x0, 0x0}) (async) r11 = getgid() (async) r12 = getuid() setreuid(0x0, r12) (async, rerun: 32) syz_fuse_handle_req(r4, &(0x7f0000006340)="a4e9cd048bd88bd426e71e7bb00453f459ed8a88f7ca62f46acef5a30d6f025575fd9141f1ea15ec06125a034b8b50f193a3a99cfedb7e5d45aa7fc99d40c485c0b3ce7e8a9827c063265409777cf05fa0829cd63273cbf10eaecdefd7dd71474d76ade690ef8d42bcc7b7085e7deeba5b0d7ab0b3bc5af9d472d2ebc072d5bebb1e3f411bba821d11757b313936906788dd65a7abcb6474df9d30830ad6b47a993092fb1399e9128263ffb6b87637047f4a7ef9dde0a7a9743efcbc3c9317933bb5212434e6479fca1fa8a9357198b9bc3e7cc473eb7b546e529ff2b4a19c24e26d5f1d678da2a5fafc83e75f6c439191f303eb0951d6d902abbf9a89385a429db8443b31a2fbe050d763027536ddee14bdf3ed939455bfac3784a41c1fe805b5ad24f2ce660e1473096ab2b7e695cacd6d876b608e0669bbb885e9f38219e25a6e5ca11fe2644ea8fab539fd3cf2f89dd0e30e128b763b9f438a1ad3258834004e9d0119e6b29e23f15ffcb431d38a8d12a1e9a4bc0b461031d0611cfdd208be8725a4a3c45e9039e0c196b370795d5f24db6dd8475f2d5c045eeff6977d78ede4d9f38c562133aea5b4b4774078032743b3d443af785e997d03b855369ff21a37c99f82d1bc9d081d1a48afaaa007aa77b49a7a92eea3a66f7d803f87a1c27b320aa9049485a0497082295095d3678dd98bb99d9d4cc203df7629eb220592b3901a79d6a19ef617c1c19ce769f24739b313acd0494e741bd6b714fd8c4f3bb8d4210d762ed4bfdaadaa74ecdf491d2275a2c8ef62b736ffa189894111a303288b387de4fbc28be77405a6e0c539fa0cd0083dc80c7664dfd8a99ef63a3197e26bd46ee69d5f9c23bdbe3b1f2619e2218ad695cb7cda1d6d18946c6bb68649871e5492d4baa812586b351ced6cef66ac672423802222a43ab8aa5fd777f639102da266050007c253b10dd66ce6f61dfb89bb0b6657482fe27b958c92e887c679d42944c4d1f235265185623643f0fb0095e87c5cdccb910fdb08daba84695b25eab8cf54fcb0ff1922a1b7b6cfee299fe1dab6756808643d7af48dff040f6d9820d49e5286b0cf2602952e9f232785dc3189f7597e4b1235147dfd30fefc2efd5bd8489218e91894c47fed8695450c7a349895f9f18242117a9f5e1588042c8b819309559108b1338388e9f685a334f72b7641cfbad4c436a60e8fdf3a07d7b2500b39dfc4edc63b42db1ed4d3294555d65867033c5c0cd3a761da5b072ccf8f467da5fbda904d26d7cb4c53008054b60f8ab421da2364cade54299f064e49d408094305e471ca9ef0f2a89bca6f940af43bb4f17b3ba605decbe0fbf41af66b988bd4f118f56b20417749bd667214d91bbdcd00cf170367f7b2a260084caf82253a8b40ba6d0471d172bc4b34e2c87f00589116b3290d037811984e3448db0e78d4660c969cb609f22e6bce780736b04cf4184ecbe44a4c2abbeb653e1541bda5d10cc9161b5430505d2ca7d005a7a5b1f552db80bb8f881144be742757c13e84de9d297e92ccb394a3eff3e9f09205173a31a7a2540b90a9ac740cfc1856c411a44de36db1ec85f843f6f8d182418ac6fddb832d39089cf357d8aa230fe11976e3ce95d7fc37b97d1c4ebaa4254e45310f6c07b2108feeb0610d5ef604a8e0ee8d6eb0e3650ad8cf8534eed9005b19dc45d1507c4950a3478ee8e3cc6152ffde62225251185f64c319ea0715d63c81422e5751cb356283b5aee3ff44affa332eae9188a9e2706e9d139f0e4f6ff917a648baae625fa8bc1c304a33416df3f521675e911e767cbe114e7d7f44514365c9843bbe54c67e319f7ec054553f810ad990b9e940000b9bd28cf12f563916d6a5222de995a72a30392b18b1102b2b915e81494e8b80d5b22ac8fb8e6350f7a2183a540631e3d046a722a2f3035788b2dab68db758727a0e26d84b983381f5884e09fecb2e80e60003f573f5f500809c630e8ff36c46cdcd1ce0dd6df0308916b20cdcc0181a0db158dc32d6bfd1b1d0d93b64fe0f644312779a5893012afbd456305c2984a89cb1e75f646ff6b0b2ac241625953d4285927e6563bc0c12b7285846665faf5dec06c69e74f233e46683fee72931e2195c3a4e0101e37f99660abee2cf6bac0dac4ec2c6b2a55d98430120e94d9f1f2dfd98aec4cc14a3d678e731d658dacdc57b5b89f249729a3bbddcf19e7553b3bfe6c0a9e83c27c76a199cc8a79189004468024d74ecfa7c05bc3b113162e8569a19fba3f5764c94d9ab2ceaf098fd7898844dc4c2162fd63f5f70777f47eba2e7edc37513f01bfb3907d5a7f204599ca2bea5c9123d8aae753f9b5a5ad314e682b1365d2f9d44fb9ca63292b5e910affccfde11da5404c5b16e0ef54f355b53e5cea25548d01cc752d7c80b0ae307531bf5edbeeca654ab58ef0c79a314cada712e94f4de5835f2383b78a9009953ce46df78ea561087cced2c2e0b27db3e5be7166a2314581918822a97926befdc4271080d9b5c5ff8e7277955982c92b3d1b6e67cd3f6b58ca5b9b22046f23ac9e96fd0442697a89976f5d6564a5428a9f22c293f7574f95f49d7bcff0a48f0418916439b6e8ce781d6c29e474a592f3a6b70b20515ec833c69751d6383cbdfc547fe56362ced29b8ba87cecd934881b773f457959b42415b801aa529f4b23d9bb121198c423667465a7c44e16561dc455aa73d9131bb4194c4c44ce4bd884368bc10b3eb6175e1ae70262e05b4dc04759184aef9a70d68b755bc5487494a56663e232b76c4f73cd3735004b27e99c13b79ce2a1bc50a85d9d6a1e13e15776e424bc172318a68d34d3672d59f8739f405999b13fb58c7c401b75504de3ae8e8f45868986f4656eb17ebc95303d3f76afe40858480a8f3ef6123e2fbd086f556175b6d68cedb3766ab3d5865d6366c87770c6e024faa8a54b4ab2d1e2e9cb0b3d807de33efddea672d43af5abae7347ad25ae651929d7070671a3ccc5c291ac5db4818bf74cbc891e1d4ad763e4dd16bfef2449605fbf801cd8e326f00a3ec224e7cef50e187e5b4db963ef696c76a06f15b98e1c3747f5d2fb173190c88f7eadc89c2a98a051eb6be9a80ff5d1520719a02d50c56e0d8c175871b5218f54cd97c0e15d272bcbe3c3ff6b42ccb069035f84e2be6a089b412370d7b25aca583f25edd3873f42d0394334f153c3c98e88c55c5fdf8cf6127adcfe9dca56755714aa301687a25d6adcb89b32563f92e6f443bd9260bedb81672b269c2915e0db6febd1a3573436d4e489aba12ef74739ac0318889025cac346d58e378d00fd6cfbf56beebe7eca5ba1120a2d75b295578ef0ebf1e48570336047fb06e47ec26d610bc4463f4edeefc68588f94926489bbcd96922e94926b8054369a87cdbd30879b546dc389bd9da39177c36488ba54cc95147ba52ec5558144feb2533d01deb7ab90079f344f505c0033f14fba6366b832564d3cc8bf76885b1f33b7e38329f4e5b898590c38430a907bfd56e8e66076034d7165ab6eb5fe19bd599cdd217e442ce71967b728d7f1fb6db4515c8b0e81c84c061bc9a5af6f9758f89bf9fac4dc51496678e85a4542d61df517e1594359e6db28af6221333e65204507adad4384d5825e049ccfe5f5e9e6026e7510f8cff2788b4451384ef2281e3b9c5005ece2dd0bf2faba8cc58081a3cbb8185848cbd559f1d2e740b36abbc876a6b695123d6c4777578e8eadee4def4903711be390d55142c9e39ce1dd5e8b3b8a641859dfd32904fbfd70cad22c928e005d042ab8ffa7c36f123347f2573ca4e193256b08a49df3ae940cafbdaf88ad0d0d2535598a06765932d1c0c0c31b70bdace47e2b947a6e0cb19387086a30cdaaf6305494f2d8fd2f5f073144d81fae6d568cd282c57f3cc246335369daaffb5032a58b8435887ffa2b2ca73420ace0cd5ee582f85d520fb0a5cfc4662e31d9f7f80e1a3577531e72cec93207b75d39482fd6a61dd6f5f0fa221edf6f7e5cd572d3b43d797d23ae45a52684f82df662271b1a93ea2ecfb1fe397f3ce325773378d8e9ed7938a209ebca1bb4724f6a8071206dc9926fd6c16cf8bded7ff36eeedaa0e5045778456e824546a520a0b7b2db627fd1e24def87b50c50ea2978189e2affd8b219105bb20757a9a4372b100b5f0f34d3e90ebd93aa5cb8ee5813f914000be99d5a1663bb3b059842b43d5ff6f5f933fb4615ce696b4620ce281952b0032235a04cc227a9039e1c14dc3e04b79a6826b8efe8609b87edfdaac3bc9b843627ab58689640256b879cb598688d033951115c36143d28b34a7b88a86812fc9b31c49eb44faa8ed76f1c581f8562e9bc7b210300ee10ad2bab12d4c383b5b4222e8f4daa6a485b9c68d71df92dd7f8b29351f86a60968b666d7d187f65e148beb2299b5b3734eb7ba3e8efd43b1d122c729dc63fc29e1bf245105e8a90458261ca63c7b06d9886248d2bfc539f39769b87e46adad9d74a0b512b3b8e07a32627eb5a4ec45bd834d9ee5b421347b4b5ef2fecbb8f2502566d941d2a26dbf6c923b758ffa842008f7bea1022a92189a0ca951e260aa28dbb4acab28690a386636810ddc4d09757974c0727fe2cb454dd141b7c147375c722a67369ef416fcd04149f93dfb797acd0aeba35ef0100617d175c93b3fd0589efba77375a6421159a105e876ae63c8b965a840a3c4cc4d8d0a880b0ef322fbeb73f6bf724c24f530cdfedcfb5f6d8ec400d32dd57ace331220bae0111132aa70aa1cfbc41f7a928272a571ed52df3df91b69215b1382b46afa6a43522f9ae46e4904a684e1d0615150a3b8dd33e93e111eabb781816e8c98db13871809da55e93a9436d9a7baf74ab494fc55de7fe881cf031d623688569ca42417e457c940dd76d582a3e688a7a2d8dd91d66f3322fee2189488f7a905b67e99081eb6f7f046c8739d88f15180f6441b09a759f4f1010019070d327485662c6e7e2c011c01f0da49df2507745527fddecce9524cf28ce7a5018a11a517a2d1449727ced742a562c66a88e03fb14618900f9edca60c1c5f452b9eb97c4180b94445acd7fb5a5f6dc7b5233559f74dbf2dd20fcb25ad8c1565c80d463c606ee7506a5bf9e5674732e0adca0134867684ab6076aa8544f13913e8454a984ac62793cb455ea6b1b92db321bbd194b28e1e06a42e971a33c1d54aca287d47fefd1902c3e8dc14e400cbcfc903b9ccb9cecbc41861bebe500fafc806067c752a8273f9b4830be7e8aee8a6d4955894acd277d6cddda7cb17f887b5648ff79869ca79f2b9f5c28914e213332e7d31fbf13bd324c573159070528fab2362c2e4f8faaeb251a754f779a1c622cccffdaca6e7d4d2036a61beaf5f8fbffdf05972cfa41afcaa75ebb27269662977a3e7c111b9de56d491bbfed04a5413c8952af8c9cdff7a727038f581b0b90a7d8498f1e27801b71092a64d74cf2fe037a7fe7aa7d88f76ef19471797c7e35bf4bc14331cb1b8d08e55d564a26232e63fadea074c67ec4dd6a04703243098ac998e876bf1fbdc100a69b9275017517e66e6881f21bd061905a74182f5a7c884bd164d6288ccfbf60e23465ae8e4d3e9a533c1ecdeda79abe539a4593efa2cab8c25710f07ad37f5e7176239d0f41819f1f8281cff973cbb28ed688c3950fd2e3a565058e9ca7e22cfeddef09a338ddac4afebce94dc4f6a3cdf5d7b79aae6c684db1dca3fad9fab1830174d7938a4d385035844394b1bfcc66b23a28c16250263d48901259881acc309b91ea15481fab27f5cfd879042e6658b89ac35a8bde1acb9e6bbff0dd8f921dc753a0681c9c007bff91e580ed68fd321aeb83e5f18ff053f1c53a295a75c50416649a47f7cf4d606613bd5ee065ff85d3d181a15389d6f2fddab4d64f7fbecb346531f8385b44b530ad8ecab3021bcd2650386bdef06a19c408f6cd0dad828d0ccff1f1b0d80820342bdd1602d66520808bda21bc581b3a67858636385ea228fbee94a681e14e0d6cdcbc53f40f33b45be13e30eb739d5c38cda9b1dade0d9c0079c5e1eabc746b7ae5f5602cd421b9bf2c301660356de8e6c959d50a067cbeb9dbd7b2962fcccf150484cb3a7443e1417ffec61df8978ed980526b121d9ca6e264b9b03db99825b7ce2db9f9b3ba29582cdf0c497a077f46b4e296ab518697b1c0a0ec543e1446faeefa6adc03a9076c3eedbcca4969ff55ca0063ce0e9ea44e04e07ce0f06ff6eb1ec07bd9241c23c03d8a30aa8f4a8cdd772e5b434dae1b44c1d526e2901229a28a7694cef7a6c25b8c813d89e0348e444fd50ee6250b4632fe9d2a6ae16aea016e857ec57c9f17ff854c70267024ca6366f7f9a30abcc377cbb2fd4f2052f9dadc4b04fa16c8a7982e329e314a7a37832cfc7914f5b5cf46d0e3b347d1e106de2ae979136b3882b530d4416a368ed941a271c4208db6561f6eba7e55fa88a906b4b70170c85917044dcb7a7d4ff224e0067f574a99e6b904df8f3f48bd171a10a97ac537c4ab722fa6fac983215ffe2a466ad49c26b1981962d017e9f5c4063c3002a78c4f1f7b6f695a4e58bd8bc5239ee9d4648e86ab7b44d2780a03999f84995eb1229a7451de76c643cc072eb787fd774996a555b7b5ab53d35056b63f5bb6f03389aaa567b5081b6105fd5cb194617a542360146d15fbf49eda8a5c341f29d0c376e3572531b6e38eba5b355caf3b98dff38a81b57b99cd433f74d18ade21c4d85ea38f8f94f86c058626124fd48fb29a84b9e1fd0cca266bf97600aae512f7af7c30c2dc1f7e3cc1a4b2eba60ed4f8f62796f84451a621851a7256c3051fb8739a86ae36e1f98f77d67034ef2f8deaef5f13f0540698f44c5bcc5c5e019c5973667e4d419a420f7ab2e61a4fe8b95b54a44561acecf487e486f88cd9e31fa797a8bde071c44979304d56ddabcf95050cad090ed957461cf17e258ca0caa7692348a86fc72b7a0bf071a291731fd60471cfbe4157b5982704fc652ce586b4b771fc51cfaee494b79c4d58d5fdf43e4c9c840f42572756f5709f1a44569f8fcb5757cd6780ab03b8bfe7448ab1fe208c9ed11587a52a1232c47e2a51217a70b6710410ae41f306ca78d28900ae010c7c08250cbed4506a1f4f95994fb5d94b2380922a7b3c898e07af4c2d0444faba20ddd58776f5dbbda9a6a30e9cec149353bd73c6adf8ca9d1648f63e3dba29fd185c7e5649250293f6df98286a0fcb7a92e50628ba888339362597d504e08afd166e681c4d93127ef6574c94edf87ad1336ec0dcc716dcc136f11a14d2cd7b55e4c8255e14ffdf7fc7ce2ad500e460879675d40620122622c1994070496ca649ffb4bc2f6174a6bab954ad88bda11c999c3b367a3170fdaf62ab255b64572cf0895397aeeae810b4aca192125e112df6e5d9eba48bb1c082a54e2d2be067f5886330e5dd79e3c47e7cc2c381e30e4a5dd2af394666661cf155ffcbade2d91ff2b94d175ac863ed46d91ace89c85c65f23f06b2cb7474dd6bcc244df14be416549f47e0a69890387e2ce239a861246eca7d97c02caca8abbe4b6402d86b4c27ad734748f47b289198e155bcc7c91bdbedd576000ee6de1d6e997d06aa783e9e7e15169ee725c752a9a5309c9780e9f281ad929e2bf96c124f3f9a09383afbcd73c85b04b92119bcfd47506470d7d7ed34c97f4ed395f6f96ff79e3e5ec530714a77f688c55b27ab1a6e1d659dce4b0900bc66320a71fcb6b6356c3ac7d8a55b77ee408097261e658494e8a3b1354877d38831117820af328ae4f9f86fbe2ea7320292e2fa7de2f8dc732373bacbaa0e5facacd855a5a45dd06eed6555f403e54fcea16e7a9d1cfe44f55265f892688dd663b69fe608acf8a4e32673a386bd9ab18ec415f4229bcbd2db6b3e9148eb73e2acf61548264494f13e1426c35a5f45fb694fad48d2d7badd83ca8e54f9e5bcde1f7857f7366f2e5b10b4dfbd76ca2858f6fb83bfe236493dbe2f17565f5289c1ffa7401a24af555a59f15ea0dc7aa3135e821a1420d42abcf6e2a9a6244f8f21303b21b1b1ecb7d3453d8fa12a01d4069147d698f99889f04f8fc6a86e91aa03307d1e434ede60e14006f36a7e5948206e25827f9e837aac0d820027c053778fe6af1d48ad03df9b76aefd757fb19d5c9cad902578002ff9580fcff8541eb53da8d799030ca304b976b393bd2772f30d1369db3ac94b5f16241b7622f7119d818a041c9feb9bcb61f01baec950bf59162afa6489cf1961a4467539d1b5b3b37f8b7a68a1a6e31d702009961ef83e74d71392d48e2bebc210b401950ad2a5bd17aaa29513aeefc910dd4f77702d18d7752c36d21f5b23b50876de3da819dbbc685ea8c6f734bfa215610b20633a76a62809df4ed9aa5d2e823d939ac0c54a4521ab1fafc7bdcb937520f8bb14f24cfd026879309dda43849928020458bd06eeaa7d9155bc761706236d553a3fe70c10c019cf64440aa1880512dc9d735370dbf5b30c507cecb1d3ba4717ba3b238ec640eaeb683e626a0027ecda1fd54d6ce666dbea81261b716f2698966e9429c5682c33319cf52bb8be73d6dc5162083073af7345734c36800194835ee34fc852898bc20b9c43be5020604a93cce411c892e1483c73853801a3469d3ee5f7005ce6b6126e74e5839ebf919393c362c8079d2183ece8793389bb30fe19568a0eb7f48bb8181c332fad34bf6342470ad9baef3a2ccb1ddacc53c8992ee982c365b48d4b2c739de993ff917e80a09c694fae59531f1e28741d3f4e6c966457f5200a46ae705868829e77a91640af4cb5faae2a1c7abf71660c099e944d07bf7a23e55ee4a5005138f3bf54c55285ab9a9170ce0f685ae989f460fbe1f7707d7aeef7843a78cd217050166dca9df0bdde8bb2aff77c0c9d1a2a1a3d46647b7c4ad6227277adb2837abea561bfb65f3fdc26d3c999a95274ead48b9afe79c946cfbc5051e1d5f6c412d0b12c0f168386a3a23fe26f3adf5449469dec960e47094b95af252f8fd962eb8567fbfb556c373a15b59a8f8eac718189885736452750ead5bc15b08a5f26b1c5929fe04b753b4d9cab397f90d5b808cffb0f24da120b98c932d019359155ecf32df80e0f68bb3777193418c5951443ccb16fb28817bf95a7c3856ce5f3ad5460df50026e2c6e299add21f050066c177168888665b72079cdd22457524cdecc89c21114728ab0d856e04dbc8d6cf885f796d5b6d173e8e6113799d7efb63394e622e23975923042c43318305a2895de3ce48c8ec25805af2b88b51770aca9775daeb3664869d43950c5ccf009036ffa91c5c8cf14f19e26e83694e3680e967f8c5c90acda173d9a40984605ee2573b0c3a36b7426d0bfaa31697fcc5ba31db7b446c5d8702e1d57b87b15011a11ff7e5cf58e9392c30160007ee2cec02ba29c3947fb2e12968a581b486c89f5feac5d31c727233f2ec404a02536fb8a2c187658ef5b59b7a7f61d615c141955a9168ded9673954df45fbb945dcf4686397b98e18c4202454b7a889d44e50959cd6ce0dd1c104e1cc5b77ce18e68da096d3a9bc5a527ebc9adc2f934bd0d51226f26ab20525b40fef54e158ce32b7a302a558c84891555566edc37946a8bb8f6172b51d3348f799dcc87504c0ae18988c2aa3456e6facc3d0f0d005e55a42fd7e212b680fb43006e07e4f71eafaa71f15a3b62b9e58b1b54c08b2f96b746fc3e52978ae0873e881c58912c91c5d2bed20f96c4c7306d0964e4af4a5ce160fbd9f8bd48d1f18d2a54ec78f3792bf3c3b39d8cbe23beb445f2d19f2734c9188b2035167628d34575f7586646a96c2a4180b9107c0f5ed63ea7c5d26743829571dadf765e1444856aa0c1f38ccc868ba4f2b7949cf5e991c802842e75712eed5ef3f8bb042039c2872a96364f44b2f46f68807f31737dfc5cc4571353281a0df8afc2750997d4c902fed4468b2b04d743e2775c19d818606aa8b92cc62ec0fbf00f456e223df33c9d6d160384fb1ad770aba46b8b312437fea60cf5212d6dfb3290f4d91b9cde6d60845d89dbd283adf77cb6ae9c789110b68b1ee03ad86c6b37dde9df33f98e9c5c8e3da69c67308f35b372e67eadc3c1b31a4d9a5660aaf52ce667edd3a853be30626a94dad211f9d1a8826f1bf68458d5932826c9b9451bfdc722971d84ec8ec93690f7885ec8ad809ab7b5a2d3b97f208c35f2a6deef711867f36ad3207bd3fd0f666f04d0c34ff015f7962aa5da1df698be18ac07e287a5b5f236f192847c238c03e52ef353fcad899695f44b1b67d51eb4ef5198b13bea6e14ddb1f89ba03b8b885bb4795e159824c739cef9f22d81a9f4f2a7e83f1d2cecf9054ab04caeae5f0875c123fe07812a8add4fae80f681e8e79fa1c9e023303e188548a8417253c35e89d7b09647059fca909fc1c4ca360d4656bd99dfd5cf66a361cfefd4d20fabda336d1d03e69c62337664bc0ee4f3ca6b743a07f2e8854cdec3bab33c3d5e7fa19ee66141347def919b43baa31ffc40706af2307641d0b3bb39f0173a85c6dd7820457863b70c57028551030f07e389c1c08e3fa4c5ebd33142952912419c781e61846bb1ae4427fdb731048e8438e1bfb0cce531bf28e8d33f671c320471e311b191d7fba63b4341b059b046c96ff52b2b19f80bdf1de39f0cbdc891905f2e84fb98bdc3f2bca37f91ed10cfd947015df09f360ed0ef779b264d127f5dce429d80be2d74e310e48095fb334115b0328e7de6ef105dfb7ae58ffd88710820181e37e453be508cb0bd4af8c5a49d37abd7b1b1f1be8ef7c715d427738ac6c80b53d282c27022b747c3bd39e7503f7ac9d8a0622e19f4f6e1d055b357f9ab5209cef07054de63942ab86af4deea3ae36a75c3cb535d74c472c9ac38222803a459c94b3d76dd6dbd866258b18227f011e4bdb3f8b1e49a95f637357fe09f6b96202f5e27bfced9785db9b0ef58eac65bea1275c12e60de95ac15d16085c3bfe6a2759983dede0268ab58ee36ec7408989a09da6ad7f3f86d5eda5f35463e10ff00edb389e2a58c79d59841e07648b11d94212bda882fdb59af0e53b168e3cce9ad7062c06386ffe6e70ec5cb283075f68c5b4988a1b51999021a71277fb065a1b318bd713aecbee6910fdada19f04626d4076fd0958fa8bea18e6e439466e028bf078b2b100757b3be00e3cd1aa10c70bdfdfbbac2e09d0fb04d0d6d8695fe9e823e99c461369b1e81be1f04344d7b943aa86fb950780fa1adaf011235513dfe41f44c73629b62148f02686efced5f11eab086e51c4badd460e831478654379bec182bd1fc9880fdc86c9bf28dc5923601956a651aa75426572174632c954946fc88f8d60362decd2648598c03a5bfff560d68cafa1fafb623e4490571723be510ba4e53ce8e005070e42c62444e2299c0c07cf22ea7915fab182d6bf3b8e42a3bf6a5968b3774035767405740ec1baea85e3d47f123afe8b92775e2fe2ca159073eed218447f15ddab374226e49205bccdf31b57d190aa1859ecda26caa4f74abcfa02d93874b4c3d327b7f12", 0x2000, &(0x7f0000008d80)={&(0x7f0000008340)={0x50, 0x0, 0xffff, {0x7, 0x26, 0x7, 0x22000, 0xfff7, 0x8001, 0x1ff, 0xdc}}, &(0x7f00000083c0)={0x18, 0x0, 0x9, {0x7f}}, &(0x7f0000008400)={0x18, 0x0, 0x979, {0x6}}, &(0x7f0000008440)={0x18, 0xfffffffffffffffe, 0x6, {0x6}}, &(0x7f0000008480)={0x18, 0x0, 0x5, {0x1}}, &(0x7f0000008500)={0x28, 0xfffffffffffffffe, 0x3, {{0x3, 0x9, 0x2, r7}}}, &(0x7f0000008540)={0x60, 0x0, 0x5, {{0x5, 0x6, 0x80000001, 0x9, 0x1d, 0xffffffee, 0x6, 0x100}}}, &(0x7f00000085c0)={0x18, 0x0, 0x7, {0xee}}, &(0x7f0000008600)={0x11, 0xfffffffffffffffe, 0x20000000, {'\x00'}}, &(0x7f0000008640)={0x20, 0x0, 0x3f138412, {0x0, 0x23}}, &(0x7f0000008680)={0x78, 0x0, 0x8000, {0x3, 0x45, 0x0, {0x4, 0x3b59, 0x8, 0x4, 0x6, 0x8, 0x5, 0x4, 0xfffffffa, 0x1000, 0x38, r2, r3, 0x7f, 0xf4}}}, &(0x7f0000008780)={0x90, 0x0, 0xdfd, {0x0, 0x2, 0xfffffffffffffc01, 0x0, 0x8000, 0x7, {0x4, 0x5, 0x2655, 0xe01, 0x5051, 0xa0, 0x7ff, 0x1, 0x9, 0x4000, 0x3f, r6, r8, 0x5, 0x9}}}, &(0x7f0000008840)=ANY=[@ANYBLOB="480100000000000004000000000000000300000000000000000000000000000001000000ff0300002f000000000000000400000000000000000800000000000000000000ff000000040000000000050000000080ffffffff08000000a2c3226a6e6c38303231310006000000000000000600f82738657c23a2830000090000002d3a2a3d282e00000300000000000000ffffff7f000000000300000001040000214040000000000004000000000000000400000000000000020000001f00000026660000000000000300000000000000000001000000000008000000010000000200000000000000350200000000000002000000ed0700007b2f000000000000040000000000000082820000000000000600000000000000776c616e3000000001000000000000000500000000000000010000000100"/320], &(0x7f0000008e00)=ANY=[@ANYBLOB="48010000daffffff000000000000000004000000000000000200000000000000050000000000000004000000000000000500000003000000010000000000000005000000000000000010000000000000010000000000000066ffffffffffffff000000000000000000000000ff070000536d000000a0000020000000", @ANYRES32=r9, @ANYRES32=r3, @ANYBLOB="020000000000000000000000040000000000000051010000000000000000000001000000030000000000000002000000000000006200000000000000c0010000000000000900000003000000000000000000000006000000000000000300000000000000ff010000000000000003000000000000010000000000000002000000e91400001f000000807fe5003f000000f8a1134a8593fe454dd508618efdf0f9b4896818b1cf166bacf184e49e41a4c3facea4060a327218381d0dd38b381a25b699212775aa003498000e4135e0095d786ad2522718d8e620c65eb2cf0e502a033a7bc7cb1e3a711f689394a750743efb1dda105732026bf48367291f31766d1d86494dcb912693f1df8b4b3bba2c37d3d4f9886cc1bdd4b06540bfa83d25019a58bfbe0e74f29b3e54b92d73ebb3c8dc228cecf9967a7d02627f861f2a6b8e2b02d6ecde6c8113e2653e43839dbeb4981b52c772f93d67f0a3fdbf86c4e84d20287c4aa31cfc0995356c0ea5fe9630cb496df5c441a5", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="010000000500000000000000010000000000000001000000000000000600000081000000776c616e30000000"], &(0x7f0000008c80)={0xa0, 0x0, 0x3e1, {{0x5, 0x0, 0x800, 0x5063, 0xfff, 0x0, {0x1, 0x8, 0x8001, 0x37e, 0x3, 0x401, 0xd8, 0x5, 0x9a6d, 0x1000, 0x8000, r12, r3, 0xfff, 0x9}}, {0x0, 0x6}}}, &(0x7f0000008d40)={0x20, 0x0, 0x5, {0x3, 0x4, 0x0, 0x400}}}) (async, rerun: 32) write$FUSE_INIT(r0, &(0x7f0000004100)={0x50, 0x0, r5, {0x7, 0x26, 0x1f, 0x1004040, 0x7, 0x0, 0xd6, 0x6}}, 0x50) (async) r13 = socket$nl_generic(0x10, 0x3, 0x10) (async) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r15 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r15, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) connect$tipc(r0, &(0x7f0000008dc0)=@name={0x1e, 0x2, 0x0, {{0x41, 0x3}, 0x1}}, 0x10) (async) sendmsg$NL80211_CMD_SET_TID_CONFIG(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000006300)=ANY=[@ANYBLOB="935127eb2d20000000ac595e", @ANYRES16=r14, @ANYBLOB="c32200000000000000008900000008000300", @ANYRES32=r16, @ANYBLOB="04001d80"], 0x20}}, 0x0) (async) getsockopt$bt_hci(r13, 0x0, 0x1, &(0x7f0000006240)=""/72, &(0x7f00000062c0)=0x48) (async) read$FUSE(r4, &(0x7f0000004180)={0x2020}, 0x2020) 19:28:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x7, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 502.523643][T13590] 19:28:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x8, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:06 executing program 4: openat$null(0xffffff9c, &(0x7f0000000000), 0x101800, 0x0) (async) r0 = openat$null(0xffffff9c, &(0x7f0000000000), 0x101800, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_POLL(r0, &(0x7f0000002080)={0x18, 0x0, r1, {0x3}}, 0x18) creat(&(0x7f0000000380)='./bus\x00', 0x0) (async) r4 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r4, 0x208200) write$FUSE_INIT(r4, &(0x7f00000061c0)={0x50, 0xfffffffffffffff5, r1, {0x7, 0x26, 0xffffffff, 0x2800006, 0x429, 0x800, 0x8, 0x7fff}}, 0x50) (async) write$FUSE_INIT(r4, &(0x7f00000061c0)={0x50, 0xfffffffffffffff5, r1, {0x7, 0x26, 0xffffffff, 0x2800006, 0x429, 0x800, 0x8, 0x7fff}}, 0x50) read$FUSE(r0, &(0x7f00000020c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000084c0)) (async) ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000084c0)=0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000008700)={0x0, 0x0, 0x0}, &(0x7f0000008740)=0xc) r9 = getuid() setreuid(0x0, r9) (async) setreuid(0x0, r9) statx(r4, &(0x7f00000089c0)='./bus\x00', 0x2000, 0x40, &(0x7f0000008a00)={0x0, 0x0, 0x0, 0x0, 0x0}) r11 = getgid() r12 = getuid() setreuid(0x0, r12) syz_fuse_handle_req(r4, &(0x7f0000006340)="a4e9cd048bd88bd426e71e7bb00453f459ed8a88f7ca62f46acef5a30d6f025575fd9141f1ea15ec06125a034b8b50f193a3a99cfedb7e5d45aa7fc99d40c485c0b3ce7e8a9827c063265409777cf05fa0829cd63273cbf10eaecdefd7dd71474d76ade690ef8d42bcc7b7085e7deeba5b0d7ab0b3bc5af9d472d2ebc072d5bebb1e3f411bba821d11757b313936906788dd65a7abcb6474df9d30830ad6b47a993092fb1399e9128263ffb6b87637047f4a7ef9dde0a7a9743efcbc3c9317933bb5212434e6479fca1fa8a9357198b9bc3e7cc473eb7b546e529ff2b4a19c24e26d5f1d678da2a5fafc83e75f6c439191f303eb0951d6d902abbf9a89385a429db8443b31a2fbe050d763027536ddee14bdf3ed939455bfac3784a41c1fe805b5ad24f2ce660e1473096ab2b7e695cacd6d876b608e0669bbb885e9f38219e25a6e5ca11fe2644ea8fab539fd3cf2f89dd0e30e128b763b9f438a1ad3258834004e9d0119e6b29e23f15ffcb431d38a8d12a1e9a4bc0b461031d0611cfdd208be8725a4a3c45e9039e0c196b370795d5f24db6dd8475f2d5c045eeff6977d78ede4d9f38c562133aea5b4b4774078032743b3d443af785e997d03b855369ff21a37c99f82d1bc9d081d1a48afaaa007aa77b49a7a92eea3a66f7d803f87a1c27b320aa9049485a0497082295095d3678dd98bb99d9d4cc203df7629eb220592b3901a79d6a19ef617c1c19ce769f24739b313acd0494e741bd6b714fd8c4f3bb8d4210d762ed4bfdaadaa74ecdf491d2275a2c8ef62b736ffa189894111a303288b387de4fbc28be77405a6e0c539fa0cd0083dc80c7664dfd8a99ef63a3197e26bd46ee69d5f9c23bdbe3b1f2619e2218ad695cb7cda1d6d18946c6bb68649871e5492d4baa812586b351ced6cef66ac672423802222a43ab8aa5fd777f639102da266050007c253b10dd66ce6f61dfb89bb0b6657482fe27b958c92e887c679d42944c4d1f235265185623643f0fb0095e87c5cdccb910fdb08daba84695b25eab8cf54fcb0ff1922a1b7b6cfee299fe1dab6756808643d7af48dff040f6d9820d49e5286b0cf2602952e9f232785dc3189f7597e4b1235147dfd30fefc2efd5bd8489218e91894c47fed8695450c7a349895f9f18242117a9f5e1588042c8b819309559108b1338388e9f685a334f72b7641cfbad4c436a60e8fdf3a07d7b2500b39dfc4edc63b42db1ed4d3294555d65867033c5c0cd3a761da5b072ccf8f467da5fbda904d26d7cb4c53008054b60f8ab421da2364cade54299f064e49d408094305e471ca9ef0f2a89bca6f940af43bb4f17b3ba605decbe0fbf41af66b988bd4f118f56b20417749bd667214d91bbdcd00cf170367f7b2a260084caf82253a8b40ba6d0471d172bc4b34e2c87f00589116b3290d037811984e3448db0e78d4660c969cb609f22e6bce780736b04cf4184ecbe44a4c2abbeb653e1541bda5d10cc9161b5430505d2ca7d005a7a5b1f552db80bb8f881144be742757c13e84de9d297e92ccb394a3eff3e9f09205173a31a7a2540b90a9ac740cfc1856c411a44de36db1ec85f843f6f8d182418ac6fddb832d39089cf357d8aa230fe11976e3ce95d7fc37b97d1c4ebaa4254e45310f6c07b2108feeb0610d5ef604a8e0ee8d6eb0e3650ad8cf8534eed9005b19dc45d1507c4950a3478ee8e3cc6152ffde62225251185f64c319ea0715d63c81422e5751cb356283b5aee3ff44affa332eae9188a9e2706e9d139f0e4f6ff917a648baae625fa8bc1c304a33416df3f521675e911e767cbe114e7d7f44514365c9843bbe54c67e319f7ec054553f810ad990b9e940000b9bd28cf12f563916d6a5222de995a72a30392b18b1102b2b915e81494e8b80d5b22ac8fb8e6350f7a2183a540631e3d046a722a2f3035788b2dab68db758727a0e26d84b983381f5884e09fecb2e80e60003f573f5f500809c630e8ff36c46cdcd1ce0dd6df0308916b20cdcc0181a0db158dc32d6bfd1b1d0d93b64fe0f644312779a5893012afbd456305c2984a89cb1e75f646ff6b0b2ac241625953d4285927e6563bc0c12b7285846665faf5dec06c69e74f233e46683fee72931e2195c3a4e0101e37f99660abee2cf6bac0dac4ec2c6b2a55d98430120e94d9f1f2dfd98aec4cc14a3d678e731d658dacdc57b5b89f249729a3bbddcf19e7553b3bfe6c0a9e83c27c76a199cc8a79189004468024d74ecfa7c05bc3b113162e8569a19fba3f5764c94d9ab2ceaf098fd7898844dc4c2162fd63f5f70777f47eba2e7edc37513f01bfb3907d5a7f204599ca2bea5c9123d8aae753f9b5a5ad314e682b1365d2f9d44fb9ca63292b5e910affccfde11da5404c5b16e0ef54f355b53e5cea25548d01cc752d7c80b0ae307531bf5edbeeca654ab58ef0c79a314cada712e94f4de5835f2383b78a9009953ce46df78ea561087cced2c2e0b27db3e5be7166a2314581918822a97926befdc4271080d9b5c5ff8e7277955982c92b3d1b6e67cd3f6b58ca5b9b22046f23ac9e96fd0442697a89976f5d6564a5428a9f22c293f7574f95f49d7bcff0a48f0418916439b6e8ce781d6c29e474a592f3a6b70b20515ec833c69751d6383cbdfc547fe56362ced29b8ba87cecd934881b773f457959b42415b801aa529f4b23d9bb121198c423667465a7c44e16561dc455aa73d9131bb4194c4c44ce4bd884368bc10b3eb6175e1ae70262e05b4dc04759184aef9a70d68b755bc5487494a56663e232b76c4f73cd3735004b27e99c13b79ce2a1bc50a85d9d6a1e13e15776e424bc172318a68d34d3672d59f8739f405999b13fb58c7c401b75504de3ae8e8f45868986f4656eb17ebc95303d3f76afe40858480a8f3ef6123e2fbd086f556175b6d68cedb3766ab3d5865d6366c87770c6e024faa8a54b4ab2d1e2e9cb0b3d807de33efddea672d43af5abae7347ad25ae651929d7070671a3ccc5c291ac5db4818bf74cbc891e1d4ad763e4dd16bfef2449605fbf801cd8e326f00a3ec224e7cef50e187e5b4db963ef696c76a06f15b98e1c3747f5d2fb173190c88f7eadc89c2a98a051eb6be9a80ff5d1520719a02d50c56e0d8c175871b5218f54cd97c0e15d272bcbe3c3ff6b42ccb069035f84e2be6a089b412370d7b25aca583f25edd3873f42d0394334f153c3c98e88c55c5fdf8cf6127adcfe9dca56755714aa301687a25d6adcb89b32563f92e6f443bd9260bedb81672b269c2915e0db6febd1a3573436d4e489aba12ef74739ac0318889025cac346d58e378d00fd6cfbf56beebe7eca5ba1120a2d75b295578ef0ebf1e48570336047fb06e47ec26d610bc4463f4edeefc68588f94926489bbcd96922e94926b8054369a87cdbd30879b546dc389bd9da39177c36488ba54cc95147ba52ec5558144feb2533d01deb7ab90079f344f505c0033f14fba6366b832564d3cc8bf76885b1f33b7e38329f4e5b898590c38430a907bfd56e8e66076034d7165ab6eb5fe19bd599cdd217e442ce71967b728d7f1fb6db4515c8b0e81c84c061bc9a5af6f9758f89bf9fac4dc51496678e85a4542d61df517e1594359e6db28af6221333e65204507adad4384d5825e049ccfe5f5e9e6026e7510f8cff2788b4451384ef2281e3b9c5005ece2dd0bf2faba8cc58081a3cbb8185848cbd559f1d2e740b36abbc876a6b695123d6c4777578e8eadee4def4903711be390d55142c9e39ce1dd5e8b3b8a641859dfd32904fbfd70cad22c928e005d042ab8ffa7c36f123347f2573ca4e193256b08a49df3ae940cafbdaf88ad0d0d2535598a06765932d1c0c0c31b70bdace47e2b947a6e0cb19387086a30cdaaf6305494f2d8fd2f5f073144d81fae6d568cd282c57f3cc246335369daaffb5032a58b8435887ffa2b2ca73420ace0cd5ee582f85d520fb0a5cfc4662e31d9f7f80e1a3577531e72cec93207b75d39482fd6a61dd6f5f0fa221edf6f7e5cd572d3b43d797d23ae45a52684f82df662271b1a93ea2ecfb1fe397f3ce325773378d8e9ed7938a209ebca1bb4724f6a8071206dc9926fd6c16cf8bded7ff36eeedaa0e5045778456e824546a520a0b7b2db627fd1e24def87b50c50ea2978189e2affd8b219105bb20757a9a4372b100b5f0f34d3e90ebd93aa5cb8ee5813f914000be99d5a1663bb3b059842b43d5ff6f5f933fb4615ce696b4620ce281952b0032235a04cc227a9039e1c14dc3e04b79a6826b8efe8609b87edfdaac3bc9b843627ab58689640256b879cb598688d033951115c36143d28b34a7b88a86812fc9b31c49eb44faa8ed76f1c581f8562e9bc7b210300ee10ad2bab12d4c383b5b4222e8f4daa6a485b9c68d71df92dd7f8b29351f86a60968b666d7d187f65e148beb2299b5b3734eb7ba3e8efd43b1d122c729dc63fc29e1bf245105e8a90458261ca63c7b06d9886248d2bfc539f39769b87e46adad9d74a0b512b3b8e07a32627eb5a4ec45bd834d9ee5b421347b4b5ef2fecbb8f2502566d941d2a26dbf6c923b758ffa842008f7bea1022a92189a0ca951e260aa28dbb4acab28690a386636810ddc4d09757974c0727fe2cb454dd141b7c147375c722a67369ef416fcd04149f93dfb797acd0aeba35ef0100617d175c93b3fd0589efba77375a6421159a105e876ae63c8b965a840a3c4cc4d8d0a880b0ef322fbeb73f6bf724c24f530cdfedcfb5f6d8ec400d32dd57ace331220bae0111132aa70aa1cfbc41f7a928272a571ed52df3df91b69215b1382b46afa6a43522f9ae46e4904a684e1d0615150a3b8dd33e93e111eabb781816e8c98db13871809da55e93a9436d9a7baf74ab494fc55de7fe881cf031d623688569ca42417e457c940dd76d582a3e688a7a2d8dd91d66f3322fee2189488f7a905b67e99081eb6f7f046c8739d88f15180f6441b09a759f4f1010019070d327485662c6e7e2c011c01f0da49df2507745527fddecce9524cf28ce7a5018a11a517a2d1449727ced742a562c66a88e03fb14618900f9edca60c1c5f452b9eb97c4180b94445acd7fb5a5f6dc7b5233559f74dbf2dd20fcb25ad8c1565c80d463c606ee7506a5bf9e5674732e0adca0134867684ab6076aa8544f13913e8454a984ac62793cb455ea6b1b92db321bbd194b28e1e06a42e971a33c1d54aca287d47fefd1902c3e8dc14e400cbcfc903b9ccb9cecbc41861bebe500fafc806067c752a8273f9b4830be7e8aee8a6d4955894acd277d6cddda7cb17f887b5648ff79869ca79f2b9f5c28914e213332e7d31fbf13bd324c573159070528fab2362c2e4f8faaeb251a754f779a1c622cccffdaca6e7d4d2036a61beaf5f8fbffdf05972cfa41afcaa75ebb27269662977a3e7c111b9de56d491bbfed04a5413c8952af8c9cdff7a727038f581b0b90a7d8498f1e27801b71092a64d74cf2fe037a7fe7aa7d88f76ef19471797c7e35bf4bc14331cb1b8d08e55d564a26232e63fadea074c67ec4dd6a04703243098ac998e876bf1fbdc100a69b9275017517e66e6881f21bd061905a74182f5a7c884bd164d6288ccfbf60e23465ae8e4d3e9a533c1ecdeda79abe539a4593efa2cab8c25710f07ad37f5e7176239d0f41819f1f8281cff973cbb28ed688c3950fd2e3a565058e9ca7e22cfeddef09a338ddac4afebce94dc4f6a3cdf5d7b79aae6c684db1dca3fad9fab1830174d7938a4d385035844394b1bfcc66b23a28c16250263d48901259881acc309b91ea15481fab27f5cfd879042e6658b89ac35a8bde1acb9e6bbff0dd8f921dc753a0681c9c007bff91e580ed68fd321aeb83e5f18ff053f1c53a295a75c50416649a47f7cf4d606613bd5ee065ff85d3d181a15389d6f2fddab4d64f7fbecb346531f8385b44b530ad8ecab3021bcd2650386bdef06a19c408f6cd0dad828d0ccff1f1b0d80820342bdd1602d66520808bda21bc581b3a67858636385ea228fbee94a681e14e0d6cdcbc53f40f33b45be13e30eb739d5c38cda9b1dade0d9c0079c5e1eabc746b7ae5f5602cd421b9bf2c301660356de8e6c959d50a067cbeb9dbd7b2962fcccf150484cb3a7443e1417ffec61df8978ed980526b121d9ca6e264b9b03db99825b7ce2db9f9b3ba29582cdf0c497a077f46b4e296ab518697b1c0a0ec543e1446faeefa6adc03a9076c3eedbcca4969ff55ca0063ce0e9ea44e04e07ce0f06ff6eb1ec07bd9241c23c03d8a30aa8f4a8cdd772e5b434dae1b44c1d526e2901229a28a7694cef7a6c25b8c813d89e0348e444fd50ee6250b4632fe9d2a6ae16aea016e857ec57c9f17ff854c70267024ca6366f7f9a30abcc377cbb2fd4f2052f9dadc4b04fa16c8a7982e329e314a7a37832cfc7914f5b5cf46d0e3b347d1e106de2ae979136b3882b530d4416a368ed941a271c4208db6561f6eba7e55fa88a906b4b70170c85917044dcb7a7d4ff224e0067f574a99e6b904df8f3f48bd171a10a97ac537c4ab722fa6fac983215ffe2a466ad49c26b1981962d017e9f5c4063c3002a78c4f1f7b6f695a4e58bd8bc5239ee9d4648e86ab7b44d2780a03999f84995eb1229a7451de76c643cc072eb787fd774996a555b7b5ab53d35056b63f5bb6f03389aaa567b5081b6105fd5cb194617a542360146d15fbf49eda8a5c341f29d0c376e3572531b6e38eba5b355caf3b98dff38a81b57b99cd433f74d18ade21c4d85ea38f8f94f86c058626124fd48fb29a84b9e1fd0cca266bf97600aae512f7af7c30c2dc1f7e3cc1a4b2eba60ed4f8f62796f84451a621851a7256c3051fb8739a86ae36e1f98f77d67034ef2f8deaef5f13f0540698f44c5bcc5c5e019c5973667e4d419a420f7ab2e61a4fe8b95b54a44561acecf487e486f88cd9e31fa797a8bde071c44979304d56ddabcf95050cad090ed957461cf17e258ca0caa7692348a86fc72b7a0bf071a291731fd60471cfbe4157b5982704fc652ce586b4b771fc51cfaee494b79c4d58d5fdf43e4c9c840f42572756f5709f1a44569f8fcb5757cd6780ab03b8bfe7448ab1fe208c9ed11587a52a1232c47e2a51217a70b6710410ae41f306ca78d28900ae010c7c08250cbed4506a1f4f95994fb5d94b2380922a7b3c898e07af4c2d0444faba20ddd58776f5dbbda9a6a30e9cec149353bd73c6adf8ca9d1648f63e3dba29fd185c7e5649250293f6df98286a0fcb7a92e50628ba888339362597d504e08afd166e681c4d93127ef6574c94edf87ad1336ec0dcc716dcc136f11a14d2cd7b55e4c8255e14ffdf7fc7ce2ad500e460879675d40620122622c1994070496ca649ffb4bc2f6174a6bab954ad88bda11c999c3b367a3170fdaf62ab255b64572cf0895397aeeae810b4aca192125e112df6e5d9eba48bb1c082a54e2d2be067f5886330e5dd79e3c47e7cc2c381e30e4a5dd2af394666661cf155ffcbade2d91ff2b94d175ac863ed46d91ace89c85c65f23f06b2cb7474dd6bcc244df14be416549f47e0a69890387e2ce239a861246eca7d97c02caca8abbe4b6402d86b4c27ad734748f47b289198e155bcc7c91bdbedd576000ee6de1d6e997d06aa783e9e7e15169ee725c752a9a5309c9780e9f281ad929e2bf96c124f3f9a09383afbcd73c85b04b92119bcfd47506470d7d7ed34c97f4ed395f6f96ff79e3e5ec530714a77f688c55b27ab1a6e1d659dce4b0900bc66320a71fcb6b6356c3ac7d8a55b77ee408097261e658494e8a3b1354877d38831117820af328ae4f9f86fbe2ea7320292e2fa7de2f8dc732373bacbaa0e5facacd855a5a45dd06eed6555f403e54fcea16e7a9d1cfe44f55265f892688dd663b69fe608acf8a4e32673a386bd9ab18ec415f4229bcbd2db6b3e9148eb73e2acf61548264494f13e1426c35a5f45fb694fad48d2d7badd83ca8e54f9e5bcde1f7857f7366f2e5b10b4dfbd76ca2858f6fb83bfe236493dbe2f17565f5289c1ffa7401a24af555a59f15ea0dc7aa3135e821a1420d42abcf6e2a9a6244f8f21303b21b1b1ecb7d3453d8fa12a01d4069147d698f99889f04f8fc6a86e91aa03307d1e434ede60e14006f36a7e5948206e25827f9e837aac0d820027c053778fe6af1d48ad03df9b76aefd757fb19d5c9cad902578002ff9580fcff8541eb53da8d799030ca304b976b393bd2772f30d1369db3ac94b5f16241b7622f7119d818a041c9feb9bcb61f01baec950bf59162afa6489cf1961a4467539d1b5b3b37f8b7a68a1a6e31d702009961ef83e74d71392d48e2bebc210b401950ad2a5bd17aaa29513aeefc910dd4f77702d18d7752c36d21f5b23b50876de3da819dbbc685ea8c6f734bfa215610b20633a76a62809df4ed9aa5d2e823d939ac0c54a4521ab1fafc7bdcb937520f8bb14f24cfd026879309dda43849928020458bd06eeaa7d9155bc761706236d553a3fe70c10c019cf64440aa1880512dc9d735370dbf5b30c507cecb1d3ba4717ba3b238ec640eaeb683e626a0027ecda1fd54d6ce666dbea81261b716f2698966e9429c5682c33319cf52bb8be73d6dc5162083073af7345734c36800194835ee34fc852898bc20b9c43be5020604a93cce411c892e1483c73853801a3469d3ee5f7005ce6b6126e74e5839ebf919393c362c8079d2183ece8793389bb30fe19568a0eb7f48bb8181c332fad34bf6342470ad9baef3a2ccb1ddacc53c8992ee982c365b48d4b2c739de993ff917e80a09c694fae59531f1e28741d3f4e6c966457f5200a46ae705868829e77a91640af4cb5faae2a1c7abf71660c099e944d07bf7a23e55ee4a5005138f3bf54c55285ab9a9170ce0f685ae989f460fbe1f7707d7aeef7843a78cd217050166dca9df0bdde8bb2aff77c0c9d1a2a1a3d46647b7c4ad6227277adb2837abea561bfb65f3fdc26d3c999a95274ead48b9afe79c946cfbc5051e1d5f6c412d0b12c0f168386a3a23fe26f3adf5449469dec960e47094b95af252f8fd962eb8567fbfb556c373a15b59a8f8eac718189885736452750ead5bc15b08a5f26b1c5929fe04b753b4d9cab397f90d5b808cffb0f24da120b98c932d019359155ecf32df80e0f68bb3777193418c5951443ccb16fb28817bf95a7c3856ce5f3ad5460df50026e2c6e299add21f050066c177168888665b72079cdd22457524cdecc89c21114728ab0d856e04dbc8d6cf885f796d5b6d173e8e6113799d7efb63394e622e23975923042c43318305a2895de3ce48c8ec25805af2b88b51770aca9775daeb3664869d43950c5ccf009036ffa91c5c8cf14f19e26e83694e3680e967f8c5c90acda173d9a40984605ee2573b0c3a36b7426d0bfaa31697fcc5ba31db7b446c5d8702e1d57b87b15011a11ff7e5cf58e9392c30160007ee2cec02ba29c3947fb2e12968a581b486c89f5feac5d31c727233f2ec404a02536fb8a2c187658ef5b59b7a7f61d615c141955a9168ded9673954df45fbb945dcf4686397b98e18c4202454b7a889d44e50959cd6ce0dd1c104e1cc5b77ce18e68da096d3a9bc5a527ebc9adc2f934bd0d51226f26ab20525b40fef54e158ce32b7a302a558c84891555566edc37946a8bb8f6172b51d3348f799dcc87504c0ae18988c2aa3456e6facc3d0f0d005e55a42fd7e212b680fb43006e07e4f71eafaa71f15a3b62b9e58b1b54c08b2f96b746fc3e52978ae0873e881c58912c91c5d2bed20f96c4c7306d0964e4af4a5ce160fbd9f8bd48d1f18d2a54ec78f3792bf3c3b39d8cbe23beb445f2d19f2734c9188b2035167628d34575f7586646a96c2a4180b9107c0f5ed63ea7c5d26743829571dadf765e1444856aa0c1f38ccc868ba4f2b7949cf5e991c802842e75712eed5ef3f8bb042039c2872a96364f44b2f46f68807f31737dfc5cc4571353281a0df8afc2750997d4c902fed4468b2b04d743e2775c19d818606aa8b92cc62ec0fbf00f456e223df33c9d6d160384fb1ad770aba46b8b312437fea60cf5212d6dfb3290f4d91b9cde6d60845d89dbd283adf77cb6ae9c789110b68b1ee03ad86c6b37dde9df33f98e9c5c8e3da69c67308f35b372e67eadc3c1b31a4d9a5660aaf52ce667edd3a853be30626a94dad211f9d1a8826f1bf68458d5932826c9b9451bfdc722971d84ec8ec93690f7885ec8ad809ab7b5a2d3b97f208c35f2a6deef711867f36ad3207bd3fd0f666f04d0c34ff015f7962aa5da1df698be18ac07e287a5b5f236f192847c238c03e52ef353fcad899695f44b1b67d51eb4ef5198b13bea6e14ddb1f89ba03b8b885bb4795e159824c739cef9f22d81a9f4f2a7e83f1d2cecf9054ab04caeae5f0875c123fe07812a8add4fae80f681e8e79fa1c9e023303e188548a8417253c35e89d7b09647059fca909fc1c4ca360d4656bd99dfd5cf66a361cfefd4d20fabda336d1d03e69c62337664bc0ee4f3ca6b743a07f2e8854cdec3bab33c3d5e7fa19ee66141347def919b43baa31ffc40706af2307641d0b3bb39f0173a85c6dd7820457863b70c57028551030f07e389c1c08e3fa4c5ebd33142952912419c781e61846bb1ae4427fdb731048e8438e1bfb0cce531bf28e8d33f671c320471e311b191d7fba63b4341b059b046c96ff52b2b19f80bdf1de39f0cbdc891905f2e84fb98bdc3f2bca37f91ed10cfd947015df09f360ed0ef779b264d127f5dce429d80be2d74e310e48095fb334115b0328e7de6ef105dfb7ae58ffd88710820181e37e453be508cb0bd4af8c5a49d37abd7b1b1f1be8ef7c715d427738ac6c80b53d282c27022b747c3bd39e7503f7ac9d8a0622e19f4f6e1d055b357f9ab5209cef07054de63942ab86af4deea3ae36a75c3cb535d74c472c9ac38222803a459c94b3d76dd6dbd866258b18227f011e4bdb3f8b1e49a95f637357fe09f6b96202f5e27bfced9785db9b0ef58eac65bea1275c12e60de95ac15d16085c3bfe6a2759983dede0268ab58ee36ec7408989a09da6ad7f3f86d5eda5f35463e10ff00edb389e2a58c79d59841e07648b11d94212bda882fdb59af0e53b168e3cce9ad7062c06386ffe6e70ec5cb283075f68c5b4988a1b51999021a71277fb065a1b318bd713aecbee6910fdada19f04626d4076fd0958fa8bea18e6e439466e028bf078b2b100757b3be00e3cd1aa10c70bdfdfbbac2e09d0fb04d0d6d8695fe9e823e99c461369b1e81be1f04344d7b943aa86fb950780fa1adaf011235513dfe41f44c73629b62148f02686efced5f11eab086e51c4badd460e831478654379bec182bd1fc9880fdc86c9bf28dc5923601956a651aa75426572174632c954946fc88f8d60362decd2648598c03a5bfff560d68cafa1fafb623e4490571723be510ba4e53ce8e005070e42c62444e2299c0c07cf22ea7915fab182d6bf3b8e42a3bf6a5968b3774035767405740ec1baea85e3d47f123afe8b92775e2fe2ca159073eed218447f15ddab374226e49205bccdf31b57d190aa1859ecda26caa4f74abcfa02d93874b4c3d327b7f12", 0x2000, &(0x7f0000008d80)={&(0x7f0000008340)={0x50, 0x0, 0xffff, {0x7, 0x26, 0x7, 0x22000, 0xfff7, 0x8001, 0x1ff, 0xdc}}, &(0x7f00000083c0)={0x18, 0x0, 0x9, {0x7f}}, &(0x7f0000008400)={0x18, 0x0, 0x979, {0x6}}, &(0x7f0000008440)={0x18, 0xfffffffffffffffe, 0x6, {0x6}}, &(0x7f0000008480)={0x18, 0x0, 0x5, {0x1}}, &(0x7f0000008500)={0x28, 0xfffffffffffffffe, 0x3, {{0x3, 0x9, 0x2, r7}}}, &(0x7f0000008540)={0x60, 0x0, 0x5, {{0x5, 0x6, 0x80000001, 0x9, 0x1d, 0xffffffee, 0x6, 0x100}}}, &(0x7f00000085c0)={0x18, 0x0, 0x7, {0xee}}, &(0x7f0000008600)={0x11, 0xfffffffffffffffe, 0x20000000, {'\x00'}}, &(0x7f0000008640)={0x20, 0x0, 0x3f138412, {0x0, 0x23}}, &(0x7f0000008680)={0x78, 0x0, 0x8000, {0x3, 0x45, 0x0, {0x4, 0x3b59, 0x8, 0x4, 0x6, 0x8, 0x5, 0x4, 0xfffffffa, 0x1000, 0x38, r2, r3, 0x7f, 0xf4}}}, &(0x7f0000008780)={0x90, 0x0, 0xdfd, {0x0, 0x2, 0xfffffffffffffc01, 0x0, 0x8000, 0x7, {0x4, 0x5, 0x2655, 0xe01, 0x5051, 0xa0, 0x7ff, 0x1, 0x9, 0x4000, 0x3f, r6, r8, 0x5, 0x9}}}, &(0x7f0000008840)=ANY=[@ANYBLOB="480100000000000004000000000000000300000000000000000000000000000001000000ff0300002f000000000000000400000000000000000800000000000000000000ff000000040000000000050000000080ffffffff08000000a2c3226a6e6c38303231310006000000000000000600f82738657c23a2830000090000002d3a2a3d282e00000300000000000000ffffff7f000000000300000001040000214040000000000004000000000000000400000000000000020000001f00000026660000000000000300000000000000000001000000000008000000010000000200000000000000350200000000000002000000ed0700007b2f000000000000040000000000000082820000000000000600000000000000776c616e3000000001000000000000000500000000000000010000000100"/320], &(0x7f0000008e00)=ANY=[@ANYBLOB="48010000daffffff000000000000000004000000000000000200000000000000050000000000000004000000000000000500000003000000010000000000000005000000000000000010000000000000010000000000000066ffffffffffffff000000000000000000000000ff070000536d000000a0000020000000", @ANYRES32=r9, @ANYRES32=r3, @ANYBLOB="020000000000000000000000040000000000000051010000000000000000000001000000030000000000000002000000000000006200000000000000c0010000000000000900000003000000000000000000000006000000000000000300000000000000ff010000000000000003000000000000010000000000000002000000e91400001f000000807fe5003f000000f8a1134a8593fe454dd508618efdf0f9b4896818b1cf166bacf184e49e41a4c3facea4060a327218381d0dd38b381a25b699212775aa003498000e4135e0095d786ad2522718d8e620c65eb2cf0e502a033a7bc7cb1e3a711f689394a750743efb1dda105732026bf48367291f31766d1d86494dcb912693f1df8b4b3bba2c37d3d4f9886cc1bdd4b06540bfa83d25019a58bfbe0e74f29b3e54b92d73ebb3c8dc228cecf9967a7d02627f861f2a6b8e2b02d6ecde6c8113e2653e43839dbeb4981b52c772f93d67f0a3fdbf86c4e84d20287c4aa31cfc0995356c0ea5fe9630cb496df5c441a5", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="010000000500000000000000010000000000000001000000000000000600000081000000776c616e30000000"], &(0x7f0000008c80)={0xa0, 0x0, 0x3e1, {{0x5, 0x0, 0x800, 0x5063, 0xfff, 0x0, {0x1, 0x8, 0x8001, 0x37e, 0x3, 0x401, 0xd8, 0x5, 0x9a6d, 0x1000, 0x8000, r12, r3, 0xfff, 0x9}}, {0x0, 0x6}}}, &(0x7f0000008d40)={0x20, 0x0, 0x5, {0x3, 0x4, 0x0, 0x400}}}) write$FUSE_INIT(r0, &(0x7f0000004100)={0x50, 0x0, r5, {0x7, 0x26, 0x1f, 0x1004040, 0x7, 0x0, 0xd6, 0x6}}, 0x50) (async) write$FUSE_INIT(r0, &(0x7f0000004100)={0x50, 0x0, r5, {0x7, 0x26, 0x1f, 0x1004040, 0x7, 0x0, 0xd6, 0x6}}, 0x50) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r15 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r15, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) connect$tipc(r0, &(0x7f0000008dc0)=@name={0x1e, 0x2, 0x0, {{0x41, 0x3}, 0x1}}, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000006300)=ANY=[@ANYBLOB="935127eb2d20000000ac595e", @ANYRES16=r14, @ANYBLOB="c32200000000000000008900000008000300", @ANYRES32=r16, @ANYBLOB="04001d80"], 0x20}}, 0x0) (async) sendmsg$NL80211_CMD_SET_TID_CONFIG(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000006300)=ANY=[@ANYBLOB="935127eb2d20000000ac595e", @ANYRES16=r14, @ANYBLOB="c32200000000000000008900000008000300", @ANYRES32=r16, @ANYBLOB="04001d80"], 0x20}}, 0x0) getsockopt$bt_hci(r13, 0x0, 0x1, &(0x7f0000006240)=""/72, &(0x7f00000062c0)=0x48) (async) getsockopt$bt_hci(r13, 0x0, 0x1, &(0x7f0000006240)=""/72, &(0x7f00000062c0)=0x48) read$FUSE(r4, &(0x7f0000004180)={0x2020}, 0x2020) 19:28:06 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500b) 19:28:06 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 12) 19:28:06 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5005) 19:28:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x9, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:06 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="010400000000000014c34436b34ff294fe61949076f52d0a177b79b896eb403f5d312e017146380f8c85c3e3d24c0b3df86329b811a6405454ba9fde7a3e45f16e9fba96d675eeb29c344da6769a226cd989dbbe99f226ea5cde2218e3cdb478be8d879339b9e56c6bf55a6d4ebf2876080cc36ee2e39cd7e34b03759e443256c1e03e614788079e955cd763f9d2b35ccf284ba383a57a0222574a3051aca3ba97c940e71d0f02"], 0xffffffffffffff20) 19:28:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xa, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 502.842791][T13611] FAULT_INJECTION: forcing a failure. [ 502.842791][T13611] name failslab, interval 1, probability 0, space 0, times 0 [ 502.912417][T13611] CPU: 0 PID: 13611 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 502.922931][T13611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 502.933072][T13611] Call Trace: [ 502.936393][T13611] [ 502.939400][T13611] dump_stack_lvl+0x136/0x150 [ 502.944147][T13611] should_fail_ex+0x4a3/0x5b0 [ 502.948908][T13611] should_failslab+0x9/0x20 [ 502.953477][T13611] kmem_cache_alloc+0x63/0x3b0 [ 502.958338][T13611] mas_alloc_nodes+0x402/0x8a0 [ 502.964138][T13611] ? shmem_mmap+0x208/0x550 [ 502.968723][T13611] mas_preallocate+0x1bb/0x360 [ 502.973555][T13611] mmap_region+0x85c/0x2690 [ 502.978240][T13611] ? do_munmap+0xf0/0xf0 [ 502.982578][T13611] ? security_mmap_addr+0x77/0xa0 [ 502.987669][T13611] ? get_unmapped_area+0x1e8/0x3c0 [ 502.992870][T13611] do_mmap+0x831/0xf60 [ 502.997117][T13611] do_shmat+0xeaf/0x1180 [ 503.001435][T13611] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 503.007334][T13611] __ia32_compat_sys_shmat+0xd2/0x160 [ 503.012786][T13611] ? __ia32_sys_shmat+0x160/0x160 [ 503.017913][T13611] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 503.024584][T13611] ? lockdep_hardirqs_on+0x7d/0x100 [ 503.029825][T13611] __do_fast_syscall_32+0x65/0xf0 [ 503.034884][T13611] do_fast_syscall_32+0x33/0x70 [ 503.039779][T13611] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 503.046168][T13611] RIP: 0023:0xf7f30579 [ 503.050260][T13611] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 503.069903][T13611] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 503.078344][T13611] RAX: ffffffffffffffda RBX: 000000000000003e RCX: 00000000202f4000 [ 503.086345][T13611] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 503.094444][T13611] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 503.102462][T13611] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 19:28:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 503.110461][T13611] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 503.118482][T13611] 19:28:06 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5004) 19:28:06 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="010400000000000014c34436b34ff294fe61949076f52d0a177b79b896eb403f5d312e017146380f8c85c3e3d24c0b3df86329b811a6405454ba9fde7a3e45f16e9fba96d675eeb29c344da6769a226cd989dbbe99f226ea5cde2218e3cdb478be8d879339b9e56c6bf55a6d4ebf2876080cc36ee2e39cd7e34b03759e443256c1e03e614788079e955cd763f9d2b35ccf284ba383a57a0222574a3051aca3ba97c940e71d0f02"], 0xffffffffffffff20) 19:28:06 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500c) 19:28:06 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5006) 19:28:06 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 13) 19:28:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:06 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="010400000000000014c34436b34ff294fe61949076f52d0a177b79b896eb403f5d312e017146380f8c85c3e3d24c0b3df86329b811a6405454ba9fde7a3e45f16e9fba96d675eeb29c344da6769a226cd989dbbe99f226ea5cde2218e3cdb478be8d879339b9e56c6bf55a6d4ebf2876080cc36ee2e39cd7e34b03759e443256c1e03e614788079e955cd763f9d2b35ccf284ba383a57a0222574a3051aca3ba97c940e71d0f02"], 0xffffffffffffff20) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="010400000000000014c34436b34ff294fe61949076f52d0a177b79b896eb403f5d312e017146380f8c85c3e3d24c0b3df86329b811a6405454ba9fde7a3e45f16e9fba96d675eeb29c344da6769a226cd989dbbe99f226ea5cde2218e3cdb478be8d879339b9e56c6bf55a6d4ebf2876080cc36ee2e39cd7e34b03759e443256c1e03e614788079e955cd763f9d2b35ccf284ba383a57a0222574a3051aca3ba97c940e71d0f02"], 0xffffffffffffff20) (async) [ 503.409041][T13630] FAULT_INJECTION: forcing a failure. [ 503.409041][T13630] name failslab, interval 1, probability 0, space 0, times 0 19:28:07 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x67}, "992f5c8f86d8f66a085ccb43ecd8c100ea7ef297607a7b74dbd693b9d408bfab8527864bce04d6823d478026b46f45c7f3ee63550c129cd2005a3bccb4157dec63c673a6900e723b41d748253b81b5e8e31056d477fe9956437c0025fbf68c5e848a2a7e9622c8"}, 0x6b) [ 503.451095][T13630] CPU: 0 PID: 13630 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 503.461603][T13630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 503.471885][T13630] Call Trace: [ 503.475218][T13630] [ 503.478206][T13630] dump_stack_lvl+0x136/0x150 [ 503.482958][T13630] should_fail_ex+0x4a3/0x5b0 [ 503.487717][T13630] should_failslab+0x9/0x20 [ 503.492297][T13630] kmem_cache_alloc_bulk+0x68/0x860 [ 503.498180][T13630] ? kmem_cache_alloc+0x337/0x3b0 [ 503.503293][T13630] mas_alloc_nodes+0x276/0x8a0 [ 503.508142][T13630] mas_preallocate+0x1bb/0x360 [ 503.512979][T13630] mmap_region+0x85c/0x2690 [ 503.517577][T13630] ? do_munmap+0xf0/0xf0 [ 503.521903][T13630] ? security_mmap_addr+0x77/0xa0 [ 503.526994][T13630] ? get_unmapped_area+0x1e8/0x3c0 [ 503.532191][T13630] do_mmap+0x831/0xf60 [ 503.536357][T13630] do_shmat+0xeaf/0x1180 [ 503.540681][T13630] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 503.546567][T13630] __ia32_compat_sys_shmat+0xd2/0x160 [ 503.552002][T13630] ? __ia32_sys_shmat+0x160/0x160 [ 503.557096][T13630] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 503.563765][T13630] ? lockdep_hardirqs_on+0x7d/0x100 [ 503.569130][T13630] __do_fast_syscall_32+0x65/0xf0 [ 503.574225][T13630] do_fast_syscall_32+0x33/0x70 [ 503.579144][T13630] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 503.585562][T13630] RIP: 0023:0xf7f30579 19:28:07 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500d) [ 503.589682][T13630] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 503.609350][T13630] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 503.617832][T13630] RAX: ffffffffffffffda RBX: 000000000000003f RCX: 00000000202f4000 [ 503.625877][T13630] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 503.633894][T13630] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 503.641916][T13630] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 19:28:07 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xf, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:07 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x67}, "992f5c8f86d8f66a085ccb43ecd8c100ea7ef297607a7b74dbd693b9d408bfab8527864bce04d6823d478026b46f45c7f3ee63550c129cd2005a3bccb4157dec63c673a6900e723b41d748253b81b5e8e31056d477fe9956437c0025fbf68c5e848a2a7e9622c8"}, 0x6b) [ 503.649940][T13630] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 503.657979][T13630] 19:28:07 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5007) 19:28:07 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5005) 19:28:07 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 14) 19:28:07 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x67}, "992f5c8f86d8f66a085ccb43ecd8c100ea7ef297607a7b74dbd693b9d408bfab8527864bce04d6823d478026b46f45c7f3ee63550c129cd2005a3bccb4157dec63c673a6900e723b41d748253b81b5e8e31056d477fe9956437c0025fbf68c5e848a2a7e9622c8"}, 0x6b) 19:28:07 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x10, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:07 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x11, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:07 executing program 4: r0 = openat$cachefiles(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x1404, 0x100, 0x70bd25, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x400c4}, 0x1) [ 503.976107][T13654] FAULT_INJECTION: forcing a failure. [ 503.976107][T13654] name failslab, interval 1, probability 0, space 0, times 0 [ 504.038956][T13654] CPU: 0 PID: 13654 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 504.049476][T13654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 504.059588][T13654] Call Trace: [ 504.062927][T13654] [ 504.065908][T13654] dump_stack_lvl+0x136/0x150 [ 504.070685][T13654] should_fail_ex+0x4a3/0x5b0 [ 504.075479][T13654] should_failslab+0x9/0x20 [ 504.080073][T13654] kmem_cache_alloc_bulk+0x68/0x860 19:28:07 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5008) [ 504.085361][T13654] ? kmem_cache_alloc+0x337/0x3b0 [ 504.090468][T13654] mas_alloc_nodes+0x276/0x8a0 [ 504.095498][T13654] mas_preallocate+0x1bb/0x360 [ 504.100340][T13654] mmap_region+0x85c/0x2690 [ 504.104942][T13654] ? do_munmap+0xf0/0xf0 [ 504.109274][T13654] ? security_mmap_addr+0x77/0xa0 [ 504.114370][T13654] ? get_unmapped_area+0x1e8/0x3c0 [ 504.119570][T13654] do_mmap+0x831/0xf60 [ 504.123831][T13654] do_shmat+0xeaf/0x1180 [ 504.128152][T13654] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 504.134057][T13654] __ia32_compat_sys_shmat+0xd2/0x160 [ 504.139509][T13654] ? __ia32_sys_shmat+0x160/0x160 [ 504.144609][T13654] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 504.151281][T13654] ? lockdep_hardirqs_on+0x7d/0x100 [ 504.156556][T13654] __do_fast_syscall_32+0x65/0xf0 [ 504.161648][T13654] do_fast_syscall_32+0x33/0x70 [ 504.166577][T13654] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 504.172994][T13654] RIP: 0023:0xf7f30579 19:28:07 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5006) [ 504.177126][T13654] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 504.196802][T13654] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 504.205280][T13654] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00000000202f4000 [ 504.213317][T13654] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 504.221342][T13654] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 504.229375][T13654] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 504.237401][T13654] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 504.245454][T13654] 19:28:07 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500e) 19:28:07 executing program 4: r0 = openat$cachefiles(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x1404, 0x100, 0x70bd25, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x400c4}, 0x1) 19:28:07 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x13, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:07 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 15) 19:28:08 executing program 4: r0 = openat$cachefiles(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x1404, 0x100, 0x70bd25, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x400c4}, 0x1) 19:28:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x60, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 504.443702][T13669] FAULT_INJECTION: forcing a failure. [ 504.443702][T13669] name failslab, interval 1, probability 0, space 0, times 0 [ 504.514273][T13669] CPU: 0 PID: 13669 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 504.524781][T13669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 504.534894][T13669] Call Trace: [ 504.538215][T13669] [ 504.541194][T13669] dump_stack_lvl+0x136/0x150 [ 504.545944][T13669] should_fail_ex+0x4a3/0x5b0 [ 504.550716][T13669] should_failslab+0x9/0x20 [ 504.555294][T13669] kmem_cache_alloc+0x63/0x3b0 [ 504.560141][T13669] ptlock_alloc+0x21/0x70 [ 504.564538][T13669] pte_alloc_one+0x6c/0x230 [ 504.569113][T13669] __do_fault+0x433/0x600 [ 504.573514][T13669] __handle_mm_fault+0x24f3/0x3e60 [ 504.578707][T13669] ? vm_iomap_memory+0x190/0x190 [ 504.583763][T13669] handle_mm_fault+0x2ba/0x9c0 [ 504.588608][T13669] __get_user_pages+0x4da/0xf30 [ 504.593563][T13669] ? follow_page_mask+0x10a0/0x10a0 [ 504.598848][T13669] ? mas_find+0x200/0x200 [ 504.603273][T13669] ? __down_read_common+0x884/0xf30 [ 504.608565][T13669] populate_vma_page_range+0x2df/0x420 19:28:08 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x9ed798bef4c2bd79}, 0x2) 19:28:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xf0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 504.614117][T13669] ? follow_page+0x140/0x140 [ 504.618784][T13669] ? find_vma+0x1b0/0x1b0 [ 504.623203][T13669] __mm_populate+0x105/0x3b0 [ 504.627884][T13669] ? faultin_vma_page_range+0x300/0x300 [ 504.633517][T13669] ? up_write+0x1b4/0x520 [ 504.637931][T13669] do_shmat+0xcd4/0x1180 [ 504.642248][T13669] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 504.648136][T13669] __ia32_compat_sys_shmat+0xd2/0x160 [ 504.653577][T13669] ? __ia32_sys_shmat+0x160/0x160 19:28:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x300, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 504.658670][T13669] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 504.665431][T13669] ? lockdep_hardirqs_on+0x7d/0x100 [ 504.670710][T13669] __do_fast_syscall_32+0x65/0xf0 [ 504.675808][T13669] do_fast_syscall_32+0x33/0x70 [ 504.680728][T13669] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 504.687140][T13669] RIP: 0023:0xf7f30579 [ 504.691258][T13669] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 504.710930][T13669] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 504.719408][T13669] RAX: ffffffffffffffda RBX: 0000000000000041 RCX: 00000000202f4000 [ 504.727438][T13669] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 504.735466][T13669] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 504.743493][T13669] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 504.751527][T13669] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 504.759600][T13669] 19:28:08 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5007) 19:28:08 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5009) 19:28:08 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x9ed798bef4c2bd79}, 0x2) 19:28:08 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500f) 19:28:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x44d, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:08 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 16) 19:28:08 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x9ed798bef4c2bd79}, 0x2) (rerun: 64) 19:28:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x500, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 505.038705][T13693] FAULT_INJECTION: forcing a failure. [ 505.038705][T13693] name failslab, interval 1, probability 0, space 0, times 0 19:28:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x600, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 505.099656][T13693] CPU: 0 PID: 13693 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 505.110177][T13693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 505.120288][T13693] Call Trace: [ 505.123641][T13693] [ 505.126627][T13693] dump_stack_lvl+0x136/0x150 [ 505.131381][T13693] should_fail_ex+0x4a3/0x5b0 [ 505.136320][T13693] should_failslab+0x9/0x20 [ 505.140889][T13693] kmem_cache_alloc+0x63/0x3b0 [ 505.145736][T13693] ptlock_alloc+0x21/0x70 [ 505.150138][T13693] pte_alloc_one+0x6c/0x230 [ 505.154728][T13693] __do_fault+0x433/0x600 [ 505.159133][T13693] __handle_mm_fault+0x24f3/0x3e60 [ 505.164336][T13693] ? vm_iomap_memory+0x190/0x190 [ 505.169365][T13693] handle_mm_fault+0x2ba/0x9c0 [ 505.174207][T13693] __get_user_pages+0x4da/0xf30 [ 505.179151][T13693] ? follow_page_mask+0x10a0/0x10a0 [ 505.184431][T13693] ? mas_find+0x200/0x200 [ 505.188842][T13693] ? __down_read_common+0x884/0xf30 [ 505.194140][T13693] populate_vma_page_range+0x2df/0x420 [ 505.199755][T13693] ? follow_page+0x140/0x140 [ 505.204454][T13693] ? find_vma+0x1b0/0x1b0 [ 505.208874][T13693] __mm_populate+0x105/0x3b0 [ 505.213549][T13693] ? faultin_vma_page_range+0x300/0x300 [ 505.219186][T13693] ? up_write+0x1b4/0x520 [ 505.223607][T13693] do_shmat+0xcd4/0x1180 [ 505.227926][T13693] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 505.233830][T13693] __ia32_compat_sys_shmat+0xd2/0x160 [ 505.239287][T13693] ? __ia32_sys_shmat+0x160/0x160 19:28:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x700, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:08 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5008) [ 505.244379][T13693] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 505.251130][T13693] ? lockdep_hardirqs_on+0x7d/0x100 [ 505.256401][T13693] __do_fast_syscall_32+0x65/0xf0 [ 505.261485][T13693] do_fast_syscall_32+0x33/0x70 [ 505.266399][T13693] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 505.272811][T13693] RIP: 0023:0xf7f30579 [ 505.276934][T13693] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 19:28:08 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500a) 19:28:08 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x16c) read$snapshot(r0, &(0x7f0000000080)=""/238, 0xee) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) [ 505.296902][T13693] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 505.305477][T13693] RAX: ffffffffffffffda RBX: 0000000000000042 RCX: 00000000202f4000 [ 505.313537][T13693] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 505.321568][T13693] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 505.329608][T13693] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 505.337633][T13693] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 505.345708][T13693] 19:28:08 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x16c) read$snapshot(r0, &(0x7f0000000080)=""/238, 0xee) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x16c) (async) read$snapshot(r0, &(0x7f0000000080)=""/238, 0xee) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) 19:28:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x900, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:09 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x400000) 19:28:09 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x16c) read$snapshot(r0, &(0x7f0000000080)=""/238, 0xee) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:28:09 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 17) 19:28:09 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xa00, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:09 executing program 4: setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x2158, 0x0, 0x800, 0x754, 0xfffffffb}, 0x14) r0 = fsmount(0xffffffffffffffff, 0x1, 0x70) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{}]}) ioctl$KVM_DIRTY_TLB(r0, 0x400caeaa, &(0x7f0000000000)={0x9, 0x80000001}) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_class_of_dev={{0xc5}, {0x5, "87cdf9"}}}}, 0xa) 19:28:09 executing program 2: mlockall(0x2) mlockall(0x1) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x1) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(r0, 0xb) 19:28:09 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5009) 19:28:09 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xb00, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:09 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500b) 19:28:09 executing program 4: setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x2158, 0x0, 0x800, 0x754, 0xfffffffb}, 0x14) r0 = fsmount(0xffffffffffffffff, 0x1, 0x70) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{}]}) (async) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{}]}) ioctl$KVM_DIRTY_TLB(r0, 0x400caeaa, &(0x7f0000000000)={0x9, 0x80000001}) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_class_of_dev={{0xc5}, {0x5, "87cdf9"}}}}, 0xa) [ 505.809271][T13726] FAULT_INJECTION: forcing a failure. [ 505.809271][T13726] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 505.885653][T13726] CPU: 1 PID: 13726 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 505.896167][T13726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 505.906366][T13726] Call Trace: [ 505.909720][T13726] [ 505.912705][T13726] dump_stack_lvl+0x136/0x150 [ 505.917454][T13726] should_fail_ex+0x4a3/0x5b0 [ 505.922312][T13726] prepare_alloc_pages+0x178/0x570 [ 505.927552][T13726] ? print_usage_bug.part.0+0x660/0x660 [ 505.933177][T13726] __alloc_pages+0x149/0x4a0 [ 505.937841][T13726] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 505.944692][T13726] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 505.950752][T13726] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 505.956818][T13726] __folio_alloc+0x16/0x40 [ 505.961303][T13726] vma_alloc_folio+0x155/0x880 [ 505.966310][T13726] ? policy_nodemask+0x1c0/0x1c0 [ 505.971331][T13726] ? find_held_lock+0x2d/0x110 [ 505.976186][T13726] shmem_alloc_folio+0xff/0x1c0 [ 505.981124][T13726] ? shmem_link+0x370/0x370 [ 505.985735][T13726] ? filemap_add_folio+0x1e0/0x1e0 [ 505.990957][T13726] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 505.996955][T13726] shmem_get_folio_gfp+0xacd/0x1950 [ 506.002256][T13726] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 506.008253][T13726] shmem_fault+0x1cc/0x8b0 [ 506.012757][T13726] ? shmem_get_folio_gfp+0x1950/0x1950 [ 506.018338][T13726] ? mark_lock.part.0+0xee/0x1970 [ 506.023435][T13726] __do_fault+0x107/0x600 [ 506.027869][T13726] __handle_mm_fault+0x24f3/0x3e60 [ 506.033067][T13726] ? vm_iomap_memory+0x190/0x190 [ 506.038101][T13726] handle_mm_fault+0x2ba/0x9c0 [ 506.042944][T13726] __get_user_pages+0x4da/0xf30 [ 506.047896][T13726] ? follow_page_mask+0x10a0/0x10a0 [ 506.053192][T13726] ? mas_find+0x200/0x200 [ 506.057596][T13726] ? __down_read_common+0x884/0xf30 [ 506.062899][T13726] populate_vma_page_range+0x2df/0x420 [ 506.068452][T13726] ? follow_page+0x140/0x140 [ 506.073144][T13726] ? find_vma+0x1b0/0x1b0 [ 506.077594][T13726] __mm_populate+0x105/0x3b0 [ 506.082278][T13726] ? faultin_vma_page_range+0x300/0x300 [ 506.087913][T13726] ? up_write+0x1b4/0x520 [ 506.092331][T13726] do_shmat+0xcd4/0x1180 [ 506.096674][T13726] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 506.102574][T13726] __ia32_compat_sys_shmat+0xd2/0x160 [ 506.108035][T13726] ? __ia32_sys_shmat+0x160/0x160 [ 506.113129][T13726] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 506.119804][T13726] ? lockdep_hardirqs_on+0x7d/0x100 [ 506.125091][T13726] __do_fast_syscall_32+0x65/0xf0 [ 506.130191][T13726] do_fast_syscall_32+0x33/0x70 19:28:09 executing program 4: setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x2158, 0x0, 0x800, 0x754, 0xfffffffb}, 0x14) r0 = fsmount(0xffffffffffffffff, 0x1, 0x70) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{}]}) ioctl$KVM_DIRTY_TLB(r0, 0x400caeaa, &(0x7f0000000000)={0x9, 0x80000001}) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_class_of_dev={{0xc5}, {0x5, "87cdf9"}}}}, 0xa) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x2158, 0x0, 0x800, 0x754, 0xfffffffb}, 0x14) (async) fsmount(0xffffffffffffffff, 0x1, 0x70) (async) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{}]}) (async) ioctl$KVM_DIRTY_TLB(r0, 0x400caeaa, &(0x7f0000000000)={0x9, 0x80000001}) (async) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_class_of_dev={{0xc5}, {0x5, "87cdf9"}}}}, 0xa) (async) 19:28:09 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 19:28:09 executing program 2: mlockall(0x2) mlockall(0x1) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x1) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(r0, 0xb) mlockall(0x2) (async) mlockall(0x1) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) mlockall(0x1) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmctl$SHM_LOCK(r0, 0xb) (async) [ 506.135138][T13726] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 506.141547][T13726] RIP: 0023:0xf7f30579 [ 506.145695][T13726] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 506.165387][T13726] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 506.173874][T13726] RAX: ffffffffffffffda RBX: 0000000000000043 RCX: 00000000202f4000 19:28:09 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) [ 506.181908][T13726] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 506.189933][T13726] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 506.197960][T13726] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 506.205985][T13726] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 506.214033][T13726] [ 506.346394][ T1215] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.352834][ T1215] ieee802154 phy1 wpan1: encryption failed: -22 19:28:10 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 18) 19:28:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xe00, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:10 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500a) 19:28:10 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 19:28:10 executing program 2: mlockall(0x2) (async) mlockall(0x1) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x1) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmctl$SHM_LOCK(r0, 0xb) 19:28:10 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500c) 19:28:10 executing program 4: ioctl$sock_bt_cmtp_CMTPCONNADD(0xffffffffffffffff, 0x400443c8, &(0x7f0000000000)={0xffffffffffffffff, 0xecd}) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:28:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xf00, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 506.615144][T13766] FAULT_INJECTION: forcing a failure. [ 506.615144][T13766] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 506.675866][T13766] CPU: 0 PID: 13766 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 506.686379][T13766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 506.696489][T13766] Call Trace: [ 506.699813][T13766] [ 506.702784][T13766] dump_stack_lvl+0x136/0x150 [ 506.707533][T13766] should_fail_ex+0x4a3/0x5b0 [ 506.712286][T13766] prepare_alloc_pages+0x178/0x570 [ 506.717467][T13766] ? print_usage_bug.part.0+0x660/0x660 19:28:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x1100, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 506.723092][T13766] __alloc_pages+0x149/0x4a0 [ 506.727760][T13766] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 506.734616][T13766] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 506.740847][T13766] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 506.746901][T13766] __folio_alloc+0x16/0x40 [ 506.751384][T13766] vma_alloc_folio+0x155/0x880 [ 506.756227][T13766] ? policy_nodemask+0x1c0/0x1c0 [ 506.761254][T13766] ? find_held_lock+0x2d/0x110 [ 506.766119][T13766] shmem_alloc_folio+0xff/0x1c0 [ 506.771059][T13766] ? shmem_link+0x370/0x370 [ 506.775668][T13766] ? filemap_add_folio+0x1e0/0x1e0 [ 506.781005][T13766] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 506.786840][T13766] shmem_get_folio_gfp+0xacd/0x1950 [ 506.792111][T13766] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 506.798068][T13766] shmem_fault+0x1cc/0x8b0 [ 506.802552][T13766] ? shmem_get_folio_gfp+0x1950/0x1950 [ 506.808079][T13766] ? mark_lock.part.0+0xee/0x1970 [ 506.813140][T13766] __do_fault+0x107/0x600 [ 506.817513][T13766] __handle_mm_fault+0x24f3/0x3e60 [ 506.822667][T13766] ? vm_iomap_memory+0x190/0x190 [ 506.827660][T13766] handle_mm_fault+0x2ba/0x9c0 [ 506.832464][T13766] __get_user_pages+0x4da/0xf30 [ 506.837377][T13766] ? follow_page_mask+0x10a0/0x10a0 [ 506.842639][T13766] ? mas_find+0x200/0x200 [ 506.847011][T13766] ? __down_read_common+0x884/0xf30 [ 506.852263][T13766] populate_vma_page_range+0x2df/0x420 [ 506.857783][T13766] ? follow_page+0x140/0x140 [ 506.862415][T13766] ? find_vma+0x1b0/0x1b0 [ 506.866793][T13766] __mm_populate+0x105/0x3b0 [ 506.871451][T13766] ? faultin_vma_page_range+0x300/0x300 [ 506.877048][T13766] ? up_write+0x1b4/0x520 [ 506.881421][T13766] do_shmat+0xcd4/0x1180 [ 506.885702][T13766] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 506.891566][T13766] __ia32_compat_sys_shmat+0xd2/0x160 [ 506.896992][T13766] ? __ia32_sys_shmat+0x160/0x160 [ 506.902157][T13766] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 506.908790][T13766] ? lockdep_hardirqs_on+0x7d/0x100 [ 506.914028][T13766] __do_fast_syscall_32+0x65/0xf0 [ 506.919081][T13766] do_fast_syscall_32+0x33/0x70 [ 506.923977][T13766] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 506.930352][T13766] RIP: 0023:0xf7f30579 [ 506.934440][T13766] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 506.954081][T13766] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 506.962524][T13766] RAX: ffffffffffffffda RBX: 0000000000000044 RCX: 00000000202f4000 19:28:10 executing program 4: ioctl$sock_bt_cmtp_CMTPCONNADD(0xffffffffffffffff, 0x400443c8, &(0x7f0000000000)={0xffffffffffffffff, 0xecd}) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) [ 506.970517][T13766] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 506.978512][T13766] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 506.986503][T13766] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 506.994587][T13766] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 507.002606][T13766] 19:28:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x1300, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x3f00, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:10 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 19) 19:28:10 executing program 4: ioctl$sock_bt_cmtp_CMTPCONNADD(0xffffffffffffffff, 0x400443c8, &(0x7f0000000000)={0xffffffffffffffff, 0xecd}) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:28:10 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500b) 19:28:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x4d04, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:10 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500d) 19:28:10 executing program 2: mlockall(0x3) mlockall(0x5) r0 = shmget$private(0x0, 0x2000, 0x8, &(0x7f0000219000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x4000) 19:28:10 executing program 4: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x5}, &(0x7f0000000080)=0x8) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:28:11 executing program 4: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x5}, &(0x7f0000000080)=0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:28:11 executing program 2: mlockall(0x3) mlockall(0x5) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000219000/0x2000)=nil) (async) r0 = shmget$private(0x0, 0x2000, 0x8, &(0x7f0000219000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x4000) 19:28:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x6000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:11 executing program 4: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x5}, &(0x7f0000000080)=0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) [ 507.542505][T13795] FAULT_INJECTION: forcing a failure. [ 507.542505][T13795] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 507.602940][T13795] CPU: 1 PID: 13795 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 507.613456][T13795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 507.623572][T13795] Call Trace: [ 507.626901][T13795] [ 507.629873][T13795] dump_stack_lvl+0x136/0x150 [ 507.634618][T13795] should_fail_ex+0x4a3/0x5b0 [ 507.639376][T13795] prepare_alloc_pages+0x178/0x570 [ 507.644549][T13795] ? print_usage_bug.part.0+0x660/0x660 [ 507.650165][T13795] __alloc_pages+0x149/0x4a0 [ 507.654911][T13795] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 507.661760][T13795] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 507.667925][T13795] __folio_alloc+0x16/0x40 [ 507.672409][T13795] vma_alloc_folio+0x155/0x880 [ 507.677281][T13795] ? policy_nodemask+0x1c0/0x1c0 [ 507.682300][T13795] ? find_held_lock+0x2d/0x110 [ 507.687157][T13795] shmem_alloc_folio+0xff/0x1c0 [ 507.692092][T13795] ? shmem_link+0x370/0x370 [ 507.696698][T13795] ? filemap_add_folio+0x1e0/0x1e0 [ 507.701902][T13795] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 507.707719][T13795] shmem_get_folio_gfp+0xacd/0x1950 [ 507.713034][T13795] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 507.719036][T13795] shmem_fault+0x1cc/0x8b0 [ 507.723549][T13795] ? shmem_get_folio_gfp+0x1950/0x1950 [ 507.729112][T13795] ? mark_lock.part.0+0xee/0x1970 [ 507.734212][T13795] __do_fault+0x107/0x600 [ 507.738617][T13795] __handle_mm_fault+0x24f3/0x3e60 [ 507.743810][T13795] ? vm_iomap_memory+0x190/0x190 [ 507.748843][T13795] handle_mm_fault+0x2ba/0x9c0 19:28:11 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x159, 0x4e}, "1ea668d7fc1adf6986339ba8fe33e9c1edd51a6463fb84a1ff776d63b488b06f1ec6d4586418a8b94295238c27f0b919fc7d678e49c16029e222e103f04f50e9747a3b0535cbce008ddb8c77009a"}, 0x52) [ 507.753683][T13795] __get_user_pages+0x4da/0xf30 [ 507.758624][T13795] ? follow_page_mask+0x10a0/0x10a0 [ 507.763898][T13795] ? mas_find+0x200/0x200 [ 507.768309][T13795] ? __down_read_common+0x884/0xf30 [ 507.773601][T13795] populate_vma_page_range+0x2df/0x420 [ 507.779148][T13795] ? follow_page+0x140/0x140 [ 507.783814][T13795] ? find_vma+0x1b0/0x1b0 [ 507.788230][T13795] __mm_populate+0x105/0x3b0 [ 507.792937][T13795] ? faultin_vma_page_range+0x300/0x300 [ 507.798587][T13795] ? up_write+0x1b4/0x520 [ 507.803001][T13795] do_shmat+0xcd4/0x1180 [ 507.807328][T13795] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 507.813216][T13795] __ia32_compat_sys_shmat+0xd2/0x160 [ 507.818658][T13795] ? __ia32_sys_shmat+0x160/0x160 [ 507.823748][T13795] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 507.830416][T13795] ? lockdep_hardirqs_on+0x7d/0x100 [ 507.835682][T13795] __do_fast_syscall_32+0x65/0xf0 [ 507.840757][T13795] do_fast_syscall_32+0x33/0x70 [ 507.845643][T13795] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 507.852026][T13795] RIP: 0023:0xf7f30579 [ 507.856120][T13795] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 507.877320][T13795] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 507.885768][T13795] RAX: ffffffffffffffda RBX: 0000000000000045 RCX: 00000000202f4000 [ 507.893760][T13795] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 507.901759][T13795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 507.909763][T13795] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 507.917760][T13795] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 507.925773][T13795] 19:28:11 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 20) 19:28:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xf000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:11 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500c) 19:28:11 executing program 2: mlockall(0x3) (async) mlockall(0x5) (async) r0 = shmget$private(0x0, 0x2000, 0x8, &(0x7f0000219000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x4000) 19:28:11 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x159, 0x4e}, "1ea668d7fc1adf6986339ba8fe33e9c1edd51a6463fb84a1ff776d63b488b06f1ec6d4586418a8b94295238c27f0b919fc7d678e49c16029e222e103f04f50e9747a3b0535cbce008ddb8c77009a"}, 0x52) 19:28:11 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500e) 19:28:11 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x159, 0x4e}, "1ea668d7fc1adf6986339ba8fe33e9c1edd51a6463fb84a1ff776d63b488b06f1ec6d4586418a8b94295238c27f0b919fc7d678e49c16029e222e103f04f50e9747a3b0535cbce008ddb8c77009a"}, 0x52) 19:28:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x30000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:11 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f0000097000/0x2000)=nil, 0x3000) [ 508.149089][T13822] FAULT_INJECTION: forcing a failure. [ 508.149089][T13822] name fail_page_alloc, interval 1, probability 0, space 0, times 0 19:28:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x34000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:11 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_clone(0x1100, &(0x7f0000000080)="a06aa8a3b436dc2087bfbf48d2bc819a352b91db34b914231e9b906dbb821440d4b8e0453cc3aa7c51f2fe00f2f0e7a7c7356bb03b01a3a88c8fa9b1fb3ec4db353a49cefbe403c06af28f2491b3bf8c8eec3c22cd4f399ac35e6325052f0ea71c1009", 0x63, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="80538bf827fc377f44f7a136da46f1bcbc82d7d51a1bcd1d") syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x3f}}}, 0xa) [ 508.242925][T13822] CPU: 1 PID: 13822 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 508.253428][T13822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 508.263625][T13822] Call Trace: [ 508.266954][T13822] [ 508.269983][T13822] dump_stack_lvl+0x136/0x150 [ 508.274726][T13822] should_fail_ex+0x4a3/0x5b0 [ 508.279490][T13822] prepare_alloc_pages+0x178/0x570 [ 508.284677][T13822] ? print_usage_bug.part.0+0x660/0x660 19:28:11 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f0000097000/0x2000)=nil, 0x3000) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmat(r0, &(0x7f0000097000/0x2000)=nil, 0x3000) (async) [ 508.290468][T13822] __alloc_pages+0x149/0x4a0 [ 508.295146][T13822] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 508.302080][T13822] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 508.308166][T13822] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 508.314227][T13822] __folio_alloc+0x16/0x40 [ 508.318806][T13822] vma_alloc_folio+0x155/0x880 [ 508.323654][T13822] ? policy_nodemask+0x1c0/0x1c0 [ 508.328672][T13822] ? find_held_lock+0x2d/0x110 [ 508.333693][T13822] shmem_alloc_folio+0xff/0x1c0 [ 508.338762][T13822] ? shmem_link+0x370/0x370 [ 508.343376][T13822] ? filemap_add_folio+0x1e0/0x1e0 [ 508.348585][T13822] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 508.354397][T13822] shmem_get_folio_gfp+0xacd/0x1950 [ 508.359694][T13822] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 508.365809][T13822] shmem_fault+0x1cc/0x8b0 [ 508.370324][T13822] ? shmem_get_folio_gfp+0x1950/0x1950 [ 508.375916][T13822] ? mark_lock.part.0+0xee/0x1970 [ 508.381009][T13822] __do_fault+0x107/0x600 [ 508.385408][T13822] __handle_mm_fault+0x24f3/0x3e60 19:28:11 executing program 2: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f0000097000/0x2000)=nil, 0x3000) [ 508.390683][T13822] ? vm_iomap_memory+0x190/0x190 [ 508.395732][T13822] handle_mm_fault+0x2ba/0x9c0 [ 508.400678][T13822] __get_user_pages+0x4da/0xf30 [ 508.405618][T13822] ? follow_page_mask+0x10a0/0x10a0 [ 508.410902][T13822] ? mas_find+0x200/0x200 [ 508.415315][T13822] ? __down_read_common+0x884/0xf30 [ 508.420617][T13822] populate_vma_page_range+0x2df/0x420 [ 508.426172][T13822] ? follow_page+0x140/0x140 [ 508.430847][T13822] ? find_vma+0x1b0/0x1b0 [ 508.435263][T13822] __mm_populate+0x105/0x3b0 [ 508.439976][T13822] ? faultin_vma_page_range+0x300/0x300 [ 508.445613][T13822] ? up_write+0x1b4/0x520 [ 508.450019][T13822] do_shmat+0xcd4/0x1180 [ 508.454312][T13822] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 508.460168][T13822] __ia32_compat_sys_shmat+0xd2/0x160 [ 508.465585][T13822] ? __ia32_sys_shmat+0x160/0x160 [ 508.470654][T13822] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 508.477805][T13822] ? lockdep_hardirqs_on+0x7d/0x100 [ 508.483055][T13822] __do_fast_syscall_32+0x65/0xf0 [ 508.488112][T13822] do_fast_syscall_32+0x33/0x70 [ 508.492996][T13822] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 508.499371][T13822] RIP: 0023:0xf7f30579 [ 508.503486][T13822] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 508.523135][T13822] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 508.531577][T13822] RAX: ffffffffffffffda RBX: 0000000000000046 RCX: 00000000202f4000 [ 508.539585][T13822] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 508.547582][T13822] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 508.555589][T13822] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 508.563604][T13822] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 508.571612][T13822] 19:28:12 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 21) 19:28:12 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_clone(0x1100, &(0x7f0000000080)="a06aa8a3b436dc2087bfbf48d2bc819a352b91db34b914231e9b906dbb821440d4b8e0453cc3aa7c51f2fe00f2f0e7a7c7356bb03b01a3a88c8fa9b1fb3ec4db353a49cefbe403c06af28f2491b3bf8c8eec3c22cd4f399ac35e6325052f0ea71c1009", 0x63, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="80538bf827fc377f44f7a136da46f1bcbc82d7d51a1bcd1d") (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x3f}}}, 0xa) 19:28:12 executing program 2: mlockall(0x2) mlockall(0x1) mlockall(0x1) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0xe) 19:28:12 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x400300, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:12 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500d) 19:28:12 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500f) 19:28:12 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xf0ffff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 508.991385][T13852] FAULT_INJECTION: forcing a failure. [ 508.991385][T13852] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 509.032185][T13852] CPU: 0 PID: 13852 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 509.042720][T13852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 509.052859][T13852] Call Trace: [ 509.056202][T13852] [ 509.059180][T13852] dump_stack_lvl+0x136/0x150 [ 509.063929][T13852] should_fail_ex+0x4a3/0x5b0 [ 509.068715][T13852] prepare_alloc_pages+0x178/0x570 [ 509.073896][T13852] ? print_usage_bug.part.0+0x660/0x660 [ 509.079516][T13852] __alloc_pages+0x149/0x4a0 [ 509.084169][T13852] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 509.091013][T13852] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 509.097056][T13852] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 509.103107][T13852] __folio_alloc+0x16/0x40 [ 509.107590][T13852] vma_alloc_folio+0x155/0x880 [ 509.112437][T13852] ? policy_nodemask+0x1c0/0x1c0 [ 509.117455][T13852] ? find_held_lock+0x2d/0x110 [ 509.122310][T13852] shmem_alloc_folio+0xff/0x1c0 [ 509.127277][T13852] ? shmem_link+0x370/0x370 [ 509.131889][T13852] ? filemap_add_folio+0x1e0/0x1e0 [ 509.137172][T13852] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 509.142956][T13852] shmem_get_folio_gfp+0xacd/0x1950 [ 509.148220][T13852] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 509.154376][T13852] shmem_fault+0x1cc/0x8b0 [ 509.158861][T13852] ? shmem_get_folio_gfp+0x1950/0x1950 [ 509.164381][T13852] ? mark_lock.part.0+0xee/0x1970 [ 509.169624][T13852] __do_fault+0x107/0x600 [ 509.173990][T13852] __handle_mm_fault+0x24f3/0x3e60 [ 509.179146][T13852] ? vm_iomap_memory+0x190/0x190 [ 509.184145][T13852] handle_mm_fault+0x2ba/0x9c0 [ 509.188965][T13852] __get_user_pages+0x4da/0xf30 [ 509.193867][T13852] ? follow_page_mask+0x10a0/0x10a0 [ 509.199115][T13852] ? mas_find+0x200/0x200 [ 509.203490][T13852] ? __down_read_common+0x884/0xf30 [ 509.208744][T13852] populate_vma_page_range+0x2df/0x420 [ 509.214265][T13852] ? follow_page+0x140/0x140 [ 509.218991][T13852] ? find_vma+0x1b0/0x1b0 [ 509.223371][T13852] __mm_populate+0x105/0x3b0 [ 509.228010][T13852] ? faultin_vma_page_range+0x300/0x300 [ 509.233718][T13852] ? up_write+0x1b4/0x520 [ 509.238125][T13852] do_shmat+0xcd4/0x1180 [ 509.242442][T13852] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 509.248295][T13852] __ia32_compat_sys_shmat+0xd2/0x160 [ 509.253708][T13852] ? __ia32_sys_shmat+0x160/0x160 [ 509.258768][T13852] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 509.265414][T13852] ? lockdep_hardirqs_on+0x7d/0x100 [ 509.270663][T13852] __do_fast_syscall_32+0x65/0xf0 [ 509.275720][T13852] do_fast_syscall_32+0x33/0x70 [ 509.280601][T13852] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 509.287146][T13852] RIP: 0023:0xf7f30579 [ 509.291241][T13852] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 509.311144][T13852] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 509.319623][T13852] RAX: ffffffffffffffda RBX: 0000000000000047 RCX: 00000000202f4000 19:28:12 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_clone(0x1100, &(0x7f0000000080)="a06aa8a3b436dc2087bfbf48d2bc819a352b91db34b914231e9b906dbb821440d4b8e0453cc3aa7c51f2fe00f2f0e7a7c7356bb03b01a3a88c8fa9b1fb3ec4db353a49cefbe403c06af28f2491b3bf8c8eec3c22cd4f399ac35e6325052f0ea71c1009", 0x63, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="80538bf827fc377f44f7a136da46f1bcbc82d7d51a1bcd1d") syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x3f}}}, 0xa) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x3f}}}, 0xa) [ 509.327634][T13852] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 509.335728][T13852] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 509.343732][T13852] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 509.351753][T13852] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 509.359769][T13852] 19:28:12 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x1000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:12 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500e) 19:28:13 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x400000) 19:28:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x2000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:13 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f00000a6000/0x3000)=nil) mlockall(0x4) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x3000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:13 executing program 2: mlockall(0x2) mlockall(0x1) mlockall(0x1) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0xe) (async) mlockall(0xe) 19:28:13 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 22) 19:28:13 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)={0x20, r1, 0xc3150e240b6f1917, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x4}]}]}, 0x20}}, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000080)={0x204, r1, 0x100, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}]}, @TIPC_NLA_MEDIA={0x7c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6da5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc1ab}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK={0x78, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3b47a7ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x948}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}]}, @TIPC_NLA_NODE={0x4}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8000000000000000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x163}]}, @TIPC_NLA_SOCK={0x48, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x91a}]}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x1}, 0x400c000) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:28:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x4000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:13 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500f) 19:28:13 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f00000a6000/0x3000)=nil) mlockall(0x4) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) (async) shmget$private(0x0, 0x3000, 0x400, &(0x7f00000a6000/0x3000)=nil) (async) mlockall(0x4) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) [ 509.911874][T13879] FAULT_INJECTION: forcing a failure. [ 509.911874][T13879] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 509.971282][T13879] CPU: 1 PID: 13879 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 509.981813][T13879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 509.991928][T13879] Call Trace: [ 509.995248][T13879] [ 509.998235][T13879] dump_stack_lvl+0x136/0x150 [ 510.003023][T13879] should_fail_ex+0x4a3/0x5b0 [ 510.009029][T13879] prepare_alloc_pages+0x178/0x570 [ 510.014214][T13879] ? print_usage_bug.part.0+0x660/0x660 [ 510.019841][T13879] __alloc_pages+0x149/0x4a0 [ 510.024498][T13879] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 510.031375][T13879] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 510.037428][T13879] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 510.043491][T13879] __folio_alloc+0x16/0x40 [ 510.047980][T13879] vma_alloc_folio+0x155/0x880 [ 510.052858][T13879] ? policy_nodemask+0x1c0/0x1c0 [ 510.057881][T13879] ? find_held_lock+0x2d/0x110 [ 510.062776][T13879] shmem_alloc_folio+0xff/0x1c0 19:28:13 executing program 3: mlockall(0x2) (async, rerun: 32) r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f00000a6000/0x3000)=nil) (rerun: 32) mlockall(0x4) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 510.067724][T13879] ? shmem_link+0x370/0x370 [ 510.072337][T13879] ? filemap_add_folio+0x1e0/0x1e0 [ 510.077633][T13879] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 510.083465][T13879] shmem_get_folio_gfp+0xacd/0x1950 [ 510.088775][T13879] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 510.094780][T13879] shmem_fault+0x1cc/0x8b0 [ 510.099296][T13879] ? shmem_get_folio_gfp+0x1950/0x1950 [ 510.104881][T13879] ? mark_lock.part.0+0xee/0x1970 [ 510.109987][T13879] __do_fault+0x107/0x600 [ 510.114387][T13879] __handle_mm_fault+0x24f3/0x3e60 [ 510.119579][T13879] ? vm_iomap_memory+0x190/0x190 [ 510.124618][T13879] handle_mm_fault+0x2ba/0x9c0 [ 510.129462][T13879] __get_user_pages+0x4da/0xf30 [ 510.134411][T13879] ? follow_page_mask+0x10a0/0x10a0 [ 510.139983][T13879] ? mas_find+0x200/0x200 [ 510.144396][T13879] ? __down_read_common+0x884/0xf30 [ 510.149777][T13879] populate_vma_page_range+0x2df/0x420 [ 510.155331][T13879] ? follow_page+0x140/0x140 [ 510.160091][T13879] ? find_vma+0x1b0/0x1b0 [ 510.164515][T13879] __mm_populate+0x105/0x3b0 [ 510.169197][T13879] ? faultin_vma_page_range+0x300/0x300 [ 510.174835][T13879] ? up_write+0x1b4/0x520 [ 510.179261][T13879] do_shmat+0xcd4/0x1180 [ 510.183584][T13879] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 510.189565][T13879] __ia32_compat_sys_shmat+0xd2/0x160 [ 510.195018][T13879] ? __ia32_sys_shmat+0x160/0x160 [ 510.200114][T13879] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 510.206781][T13879] ? lockdep_hardirqs_on+0x7d/0x100 [ 510.212054][T13879] __do_fast_syscall_32+0x65/0xf0 [ 510.217149][T13879] do_fast_syscall_32+0x33/0x70 [ 510.222067][T13879] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 510.228480][T13879] RIP: 0023:0xf7f30579 [ 510.232608][T13879] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 510.235749][T13880] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 510.252254][T13879] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d 19:28:13 executing program 3: mlockall(0x6) mlockall(0xb) mlockall(0x1) mlockall(0x5) r0 = shmget$private(0x0, 0x400000, 0x1000, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f0000320000/0x1000)=nil, 0x4000) mlockall(0x4) [ 510.252379][T13879] RAX: ffffffffffffffda RBX: 0000000000000048 RCX: 00000000202f4000 [ 510.252401][T13879] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 510.252421][T13879] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 510.252442][T13879] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 510.252464][T13879] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 510.252508][T13879] 19:28:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x5000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:13 executing program 2: mlockall(0x2) (async) mlockall(0x1) mlockall(0x1) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0xe) 19:28:14 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)={0x20, r1, 0xc3150e240b6f1917, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x4}]}]}, 0x20}}, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000080)={0x204, r1, 0x100, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}]}, @TIPC_NLA_MEDIA={0x7c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6da5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc1ab}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK={0x78, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3b47a7ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x948}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}]}, @TIPC_NLA_NODE={0x4}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8000000000000000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x163}]}, @TIPC_NLA_SOCK={0x48, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x91a}]}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x1}, 0x400c000) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) [ 510.662232][T13902] netlink: 'syz-executor.4': attribute type 1 has an invalid length. 19:28:14 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 23) 19:28:14 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x6000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:14 executing program 3: mlockall(0x6) mlockall(0xb) (async) mlockall(0x1) (async) mlockall(0x5) r0 = shmget$private(0x0, 0x400000, 0x1000, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f0000320000/0x1000)=nil, 0x4000) (async) mlockall(0x4) 19:28:14 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x400000) 19:28:14 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)={0x20, r1, 0xc3150e240b6f1917, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x4}]}]}, 0x20}}, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000080)={0x204, r1, 0x100, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}]}, @TIPC_NLA_MEDIA={0x7c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6da5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc1ab}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK={0x78, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3b47a7ec}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x948}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}]}, @TIPC_NLA_NODE={0x4}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8000000000000000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x163}]}, @TIPC_NLA_SOCK={0x48, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x91a}]}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x1}, 0x400c000) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:28:14 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r1 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x6) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3e8, 0x94, 0x354, 0x0, 0x1bc, 0x94, 0x354, 0x354, 0x354, 0x354, 0x354, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x94}, @ECN={0x24}}, {{@uncond, 0x0, 0x70, 0x94}, @common=@unspec=@CONNSECMARK={0x24, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@ip={@remote, @multicast1, 0x0, 0x0, 'vlan1\x00', 'tunl0\x00'}, 0x0, 0x70, 0x94}, @TTL={0x24, 'TTL\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0xb0, 0xe0, 0x0, {}, [@common=@set={{0x40}}]}, @TPROXY={0x30}}, {{@uncond, 0x0, 0x94, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @ECN={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x444) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:14 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x7000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:14 executing program 5: mlockall(0x3) r0 = shmget$private(0x0, 0x2000, 0x78000000, &(0x7f00002f1000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:14 executing program 3: mlockall(0x6) mlockall(0xb) mlockall(0x1) mlockall(0x5) shmget$private(0x0, 0x400000, 0x1000, &(0x7f000000e000/0x400000)=nil) (async) r0 = shmget$private(0x0, 0x400000, 0x1000, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f0000320000/0x1000)=nil, 0x4000) (async) shmat(r0, &(0x7f0000320000/0x1000)=nil, 0x4000) mlockall(0x4) 19:28:14 executing program 5: mlockall(0x3) (async) r0 = shmget$private(0x0, 0x2000, 0x78000000, &(0x7f00002f1000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:14 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x8000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:14 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r1 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x6) (async) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3e8, 0x94, 0x354, 0x0, 0x1bc, 0x94, 0x354, 0x354, 0x354, 0x354, 0x354, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x94}, @ECN={0x24}}, {{@uncond, 0x0, 0x70, 0x94}, @common=@unspec=@CONNSECMARK={0x24, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@ip={@remote, @multicast1, 0x0, 0x0, 'vlan1\x00', 'tunl0\x00'}, 0x0, 0x70, 0x94}, @TTL={0x24, 'TTL\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0xb0, 0xe0, 0x0, {}, [@common=@set={{0x40}}]}, @TPROXY={0x30}}, {{@uncond, 0x0, 0x94, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @ECN={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x444) (async, rerun: 32) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (rerun: 32) [ 510.987107][T13922] FAULT_INJECTION: forcing a failure. [ 510.987107][T13922] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 511.071339][T13929] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 511.086960][T13922] CPU: 1 PID: 13922 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 511.097472][T13922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 511.107706][T13922] Call Trace: [ 511.111038][T13922] [ 511.114105][T13922] dump_stack_lvl+0x136/0x150 [ 511.118851][T13922] should_fail_ex+0x4a3/0x5b0 [ 511.123581][T13922] prepare_alloc_pages+0x178/0x570 [ 511.128735][T13922] ? print_usage_bug.part.0+0x660/0x660 [ 511.134321][T13922] __alloc_pages+0x149/0x4a0 [ 511.138947][T13922] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 511.145760][T13922] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 511.151864][T13922] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 511.157885][T13922] __folio_alloc+0x16/0x40 [ 511.162359][T13922] vma_alloc_folio+0x155/0x880 [ 511.167182][T13922] ? policy_nodemask+0x1c0/0x1c0 [ 511.172171][T13922] ? find_held_lock+0x2d/0x110 [ 511.176997][T13922] shmem_alloc_folio+0xff/0x1c0 [ 511.181901][T13922] ? shmem_link+0x370/0x370 [ 511.186468][T13922] ? filemap_add_folio+0x1e0/0x1e0 [ 511.191644][T13922] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 511.197431][T13922] shmem_get_folio_gfp+0xacd/0x1950 [ 511.202700][T13922] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 511.208661][T13922] shmem_fault+0x1cc/0x8b0 [ 511.213149][T13922] ? shmem_get_folio_gfp+0x1950/0x1950 [ 511.218677][T13922] ? mark_lock.part.0+0xee/0x1970 [ 511.223743][T13922] __do_fault+0x107/0x600 [ 511.228110][T13922] __handle_mm_fault+0x24f3/0x3e60 [ 511.233284][T13922] ? vm_iomap_memory+0x190/0x190 [ 511.238301][T13922] handle_mm_fault+0x2ba/0x9c0 [ 511.243118][T13922] __get_user_pages+0x4da/0xf30 [ 511.248034][T13922] ? follow_page_mask+0x10a0/0x10a0 [ 511.253302][T13922] ? mas_find+0x200/0x200 [ 511.257676][T13922] ? __down_read_common+0x884/0xf30 [ 511.262932][T13922] populate_vma_page_range+0x2df/0x420 [ 511.268529][T13922] ? follow_page+0x140/0x140 [ 511.273169][T13922] ? find_vma+0x1b0/0x1b0 [ 511.277573][T13922] __mm_populate+0x105/0x3b0 [ 511.282250][T13922] ? faultin_vma_page_range+0x300/0x300 [ 511.287867][T13922] ? up_write+0x1b4/0x520 [ 511.292255][T13922] do_shmat+0xcd4/0x1180 [ 511.296548][T13922] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 511.302399][T13922] __ia32_compat_sys_shmat+0xd2/0x160 [ 511.307810][T13922] ? __ia32_sys_shmat+0x160/0x160 [ 511.312869][T13922] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 511.319508][T13922] ? lockdep_hardirqs_on+0x7d/0x100 [ 511.324746][T13922] __do_fast_syscall_32+0x65/0xf0 [ 511.329801][T13922] do_fast_syscall_32+0x33/0x70 [ 511.334680][T13922] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 511.341060][T13922] RIP: 0023:0xf7f30579 [ 511.345152][T13922] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 511.364806][T13922] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 511.373342][T13922] RAX: ffffffffffffffda RBX: 0000000000000049 RCX: 00000000202f4000 [ 511.381427][T13922] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 511.389424][T13922] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 511.397418][T13922] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 511.405415][T13922] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 511.413441][T13922] 19:28:15 executing program 5: mlockall(0x3) r0 = shmget$private(0x0, 0x2000, 0x78000000, &(0x7f00002f1000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:15 executing program 2: mlockall(0x2) (async, rerun: 32) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (rerun: 32) r1 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x6) (async) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3e8, 0x94, 0x354, 0x0, 0x1bc, 0x94, 0x354, 0x354, 0x354, 0x354, 0x354, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x94}, @ECN={0x24}}, {{@uncond, 0x0, 0x70, 0x94}, @common=@unspec=@CONNSECMARK={0x24, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@ip={@remote, @multicast1, 0x0, 0x0, 'vlan1\x00', 'tunl0\x00'}, 0x0, 0x70, 0x94}, @TTL={0x24, 'TTL\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0xb0, 0xe0, 0x0, {}, [@common=@set={{0x40}}]}, @TPROXY={0x30}}, {{@uncond, 0x0, 0x94, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @ECN={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x444) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:15 executing program 3: mlockall(0x2) shmat(0x0, &(0x7f00000d0000/0x4000)=nil, 0x5000) mlockall(0x4) 19:28:15 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 24) 19:28:15 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x9000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:15 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="03c900fa44d9275a64f2224917b7049382610edcb0938d8d75d532c5e87de57b37389a7daaf33a3e296957bdcbe72fe546a21581173c0fcca97837f2a1b8429160f3869cc8f9e39fea8e2e883f5b0f244603bb619784c5dee8d1b5e80a6b26100b2e2e75f79c373e33b5c2f74095d09fab9fb14f6d686fa8ace293f7b7e5170102020000df5dcbd191b9ecc7d398301135c64dc2bce0e09500010000000000004f59020e808e7271221f9ee42a55a8f4dcea6ddd81ac88bbba9a1837f034c9f86fcf72139b30d4cc22df32934bd2d5437e02ad00d770b25845f59356a392ca270630e5c26fcf44213692889f9f51ee9bfb7715805ddf816c183f5d290000"], 0xffffffe8) 19:28:15 executing program 5: r0 = socket$isdn_base(0x22, 0x3, 0x0) r1 = epoll_create(0x100) sendfile(r0, r1, &(0x7f0000000000)=0xec8, 0x3) mlockall(0x2) r2 = shmget$private(0x0, 0x4000, 0x4, &(0x7f0000ffb000/0x4000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x4) 19:28:15 executing program 3: mlockall(0x2) (async) shmat(0x0, &(0x7f00000d0000/0x4000)=nil, 0x5000) (async) mlockall(0x4) 19:28:15 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xa000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:15 executing program 2: mlockall(0x2) mlockall(0x1) shmget$private(0x0, 0x400000, 0x1, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000252000/0x4000)=nil, 0x0) [ 511.882049][T13947] FAULT_INJECTION: forcing a failure. [ 511.882049][T13947] name fail_page_alloc, interval 1, probability 0, space 0, times 0 19:28:15 executing program 3: mlockall(0x2) shmat(0x0, &(0x7f00000d0000/0x4000)=nil, 0x5000) (async) shmat(0x0, &(0x7f00000d0000/0x4000)=nil, 0x5000) mlockall(0x4) 19:28:15 executing program 2: mlockall(0x2) mlockall(0x1) shmget$private(0x0, 0x400000, 0x1, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000252000/0x4000)=nil, 0x0) mlockall(0x2) (async) mlockall(0x1) (async) shmget$private(0x0, 0x400000, 0x1, &(0x7f000000e000/0x400000)=nil) (async) shmat(0x0, &(0x7f0000252000/0x4000)=nil, 0x0) (async) 19:28:15 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xb000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 511.988804][T13947] CPU: 0 PID: 13947 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 511.999328][T13947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 512.009470][T13947] Call Trace: [ 512.012795][T13947] [ 512.015860][T13947] dump_stack_lvl+0x136/0x150 [ 512.020616][T13947] should_fail_ex+0x4a3/0x5b0 [ 512.025393][T13947] prepare_alloc_pages+0x178/0x570 [ 512.030576][T13947] ? print_usage_bug.part.0+0x660/0x660 [ 512.036200][T13947] __alloc_pages+0x149/0x4a0 [ 512.040875][T13947] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 512.047734][T13947] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 512.053802][T13947] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 512.059866][T13947] __folio_alloc+0x16/0x40 [ 512.064359][T13947] vma_alloc_folio+0x155/0x880 [ 512.069213][T13947] ? policy_nodemask+0x1c0/0x1c0 [ 512.074329][T13947] ? find_held_lock+0x2d/0x110 [ 512.079191][T13947] shmem_alloc_folio+0xff/0x1c0 [ 512.084127][T13947] ? shmem_link+0x370/0x370 [ 512.088736][T13947] ? filemap_add_folio+0x1e0/0x1e0 [ 512.093949][T13947] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 512.099786][T13947] shmem_get_folio_gfp+0xacd/0x1950 [ 512.105098][T13947] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 512.111108][T13947] shmem_fault+0x1cc/0x8b0 [ 512.115622][T13947] ? shmem_get_folio_gfp+0x1950/0x1950 [ 512.121183][T13947] ? mark_lock.part.0+0xee/0x1970 [ 512.126278][T13947] __do_fault+0x107/0x600 [ 512.130677][T13947] __handle_mm_fault+0x24f3/0x3e60 [ 512.135868][T13947] ? vm_iomap_memory+0x190/0x190 [ 512.140908][T13947] handle_mm_fault+0x2ba/0x9c0 [ 512.145757][T13947] __get_user_pages+0x4da/0xf30 [ 512.150702][T13947] ? follow_page_mask+0x10a0/0x10a0 [ 512.155982][T13947] ? mas_find+0x200/0x200 [ 512.160402][T13947] ? __down_read_common+0x884/0xf30 [ 512.165697][T13947] populate_vma_page_range+0x2df/0x420 [ 512.171256][T13947] ? follow_page+0x140/0x140 [ 512.175926][T13947] ? find_vma+0x1b0/0x1b0 [ 512.180349][T13947] __mm_populate+0x105/0x3b0 [ 512.185024][T13947] ? faultin_vma_page_range+0x300/0x300 [ 512.190649][T13947] ? up_write+0x1b4/0x520 [ 512.195060][T13947] do_shmat+0xcd4/0x1180 [ 512.199374][T13947] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 512.205256][T13947] __ia32_compat_sys_shmat+0xd2/0x160 [ 512.210727][T13947] ? __ia32_sys_shmat+0x160/0x160 [ 512.215816][T13947] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 512.222473][T13947] ? lockdep_hardirqs_on+0x7d/0x100 [ 512.227738][T13947] __do_fast_syscall_32+0x65/0xf0 [ 512.232822][T13947] do_fast_syscall_32+0x33/0x70 [ 512.237733][T13947] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 512.244846][T13947] RIP: 0023:0xf7f30579 [ 512.249046][T13947] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 512.268711][T13947] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 512.277186][T13947] RAX: ffffffffffffffda RBX: 000000000000004a RCX: 00000000202f4000 [ 512.285208][T13947] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 512.293226][T13947] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 512.301251][T13947] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 512.309282][T13947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 512.317322][T13947] 19:28:16 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 25) 19:28:16 executing program 3: mlockall(0x3) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x4) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xe000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:16 executing program 2: mlockall(0x2) mlockall(0x1) (async) mlockall(0x1) shmget$private(0x0, 0x400000, 0x1, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000252000/0x4000)=nil, 0x0) 19:28:16 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="03c900fa44d9275a64f2224917b7049382610edcb0938d8d75d532c5e87de57b37389a7daaf33a3e296957bdcbe72fe546a21581173c0fcca97837f2a1b8429160f3869cc8f9e39fea8e2e883f5b0f244603bb619784c5dee8d1b5e80a6b26100b2e2e75f79c373e33b5c2f74095d09fab9fb14f6d686fa8ace293f7b7e5170102020000df5dcbd191b9ecc7d398301135c64dc2bce0e09500010000000000004f59020e808e7271221f9ee42a55a8f4dcea6ddd81ac88bbba9a1837f034c9f86fcf72139b30d4cc22df32934bd2d5437e02ad00d770b25845f59356a392ca270630e5c26fcf44213692889f9f51ee9bfb7715805ddf816c183f5d290000"], 0xffffffe8) 19:28:16 executing program 5: r0 = socket$isdn_base(0x22, 0x3, 0x0) (async) r1 = epoll_create(0x100) sendfile(r0, r1, &(0x7f0000000000)=0xec8, 0x3) mlockall(0x2) r2 = shmget$private(0x0, 0x4000, 0x4, &(0x7f0000ffb000/0x4000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) mlockall(0x4) 19:28:16 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:16 executing program 5: r0 = socket$isdn_base(0x22, 0x3, 0x0) (async) r1 = epoll_create(0x100) sendfile(r0, r1, &(0x7f0000000000)=0xec8, 0x3) (async) mlockall(0x2) r2 = shmget$private(0x0, 0x4000, 0x4, &(0x7f0000ffb000/0x4000)=nil) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async, rerun: 32) mlockall(0x4) (rerun: 32) 19:28:16 executing program 3: mlockall(0x3) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) mlockall(0x4) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xf000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 512.585174][T13980] FAULT_INJECTION: forcing a failure. [ 512.585174][T13980] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 512.644852][T13980] CPU: 1 PID: 13980 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 512.655459][T13980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 512.665575][T13980] Call Trace: [ 512.668911][T13980] [ 512.671916][T13980] dump_stack_lvl+0x136/0x150 [ 512.676672][T13980] should_fail_ex+0x4a3/0x5b0 [ 512.681442][T13980] prepare_alloc_pages+0x178/0x570 [ 512.686625][T13980] ? print_usage_bug.part.0+0x660/0x660 [ 512.692253][T13980] __alloc_pages+0x149/0x4a0 [ 512.696912][T13980] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 512.703765][T13980] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 512.709820][T13980] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 512.715882][T13980] __folio_alloc+0x16/0x40 [ 512.720370][T13980] vma_alloc_folio+0x155/0x880 [ 512.725236][T13980] ? policy_nodemask+0x1c0/0x1c0 [ 512.730351][T13980] ? find_held_lock+0x2d/0x110 [ 512.735214][T13980] shmem_alloc_folio+0xff/0x1c0 [ 512.740150][T13980] ? shmem_link+0x370/0x370 19:28:16 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="03c900fa44d9275a64f2224917b7049382610edcb0938d8d75d532c5e87de57b37389a7daaf33a3e296957bdcbe72fe546a21581173c0fcca97837f2a1b8429160f3869cc8f9e39fea8e2e883f5b0f244603bb619784c5dee8d1b5e80a6b26100b2e2e75f79c373e33b5c2f74095d09fab9fb14f6d686fa8ace293f7b7e5170102020000df5dcbd191b9ecc7d398301135c64dc2bce0e09500010000000000004f59020e808e7271221f9ee42a55a8f4dcea6ddd81ac88bbba9a1837f034c9f86fcf72139b30d4cc22df32934bd2d5437e02ad00d770b25845f59356a392ca270630e5c26fcf44213692889f9f51ee9bfb7715805ddf816c183f5d290000"], 0xffffffe8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="03c900fa44d9275a64f2224917b7049382610edcb0938d8d75d532c5e87de57b37389a7daaf33a3e296957bdcbe72fe546a21581173c0fcca97837f2a1b8429160f3869cc8f9e39fea8e2e883f5b0f244603bb619784c5dee8d1b5e80a6b26100b2e2e75f79c373e33b5c2f74095d09fab9fb14f6d686fa8ace293f7b7e5170102020000df5dcbd191b9ecc7d398301135c64dc2bce0e09500010000000000004f59020e808e7271221f9ee42a55a8f4dcea6ddd81ac88bbba9a1837f034c9f86fcf72139b30d4cc22df32934bd2d5437e02ad00d770b25845f59356a392ca270630e5c26fcf44213692889f9f51ee9bfb7715805ddf816c183f5d290000"], 0xffffffe8) (async) [ 512.744757][T13980] ? filemap_add_folio+0x1e0/0x1e0 [ 512.749960][T13980] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 512.755810][T13980] shmem_get_folio_gfp+0xacd/0x1950 [ 512.761114][T13980] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 512.767112][T13980] shmem_fault+0x1cc/0x8b0 [ 512.771624][T13980] ? shmem_get_folio_gfp+0x1950/0x1950 [ 512.777195][T13980] ? mark_lock.part.0+0xee/0x1970 [ 512.782299][T13980] __do_fault+0x107/0x600 [ 512.786789][T13980] __handle_mm_fault+0x24f3/0x3e60 19:28:16 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mmap$snddsp_status(&(0x7f00001f1000/0x4000)=nil, 0x1000, 0x1000000, 0x13, 0xffffffffffffffff, 0x82000000) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 512.791985][T13980] ? vm_iomap_memory+0x190/0x190 [ 512.797015][T13980] handle_mm_fault+0x2ba/0x9c0 [ 512.801838][T13980] __get_user_pages+0x4da/0xf30 [ 512.806769][T13980] ? follow_page_mask+0x10a0/0x10a0 [ 512.812048][T13980] ? mas_find+0x200/0x200 [ 512.816624][T13980] ? __down_read_common+0x884/0xf30 [ 512.821952][T13980] populate_vma_page_range+0x2df/0x420 [ 512.827507][T13980] ? follow_page+0x140/0x140 [ 512.832182][T13980] ? find_vma+0x1b0/0x1b0 [ 512.836598][T13980] __mm_populate+0x105/0x3b0 [ 512.841273][T13980] ? faultin_vma_page_range+0x300/0x300 [ 512.846914][T13980] ? up_write+0x1b4/0x520 [ 512.851327][T13980] do_shmat+0xcd4/0x1180 [ 512.855652][T13980] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 512.861541][T13980] __ia32_compat_sys_shmat+0xd2/0x160 [ 512.866993][T13980] ? __ia32_sys_shmat+0x160/0x160 [ 512.872086][T13980] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 512.878744][T13980] ? lockdep_hardirqs_on+0x7d/0x100 [ 512.884009][T13980] __do_fast_syscall_32+0x65/0xf0 [ 512.889184][T13980] do_fast_syscall_32+0x33/0x70 [ 512.894115][T13980] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 512.900528][T13980] RIP: 0023:0xf7f30579 [ 512.904653][T13980] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 512.925540][T13980] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 512.934020][T13980] RAX: ffffffffffffffda RBX: 000000000000004b RCX: 00000000202f4000 [ 512.942153][T13980] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 512.950272][T13980] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 512.958301][T13980] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 512.966351][T13980] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 512.974420][T13980] 19:28:16 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 26) 19:28:16 executing program 3: mlockall(0x3) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x4) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x10000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:16 executing program 2: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:16 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x1, 0x75}, "5a234942bb120aefb93692ab4087c1c7dd2ddc8e51058d69a8169d6c12aeea6ebaa6610074dfa9b5f1767a251edfd6c99aa2df7bb4f8d815f0bb51f719e4dddd7d4d4f56cf2e7bb0fa0c34e417415058d2da59d34bb296fa193adcf6463a08e6473da4a4227975a051d6fbddd6ad1081978f532d4a"}, 0x79) 19:28:16 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mmap$snddsp_status(&(0x7f00001f1000/0x4000)=nil, 0x1000, 0x1000000, 0x13, 0xffffffffffffffff, 0x82000000) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) mmap$snddsp_status(&(0x7f00001f1000/0x4000)=nil, 0x1000, 0x1000000, 0x13, 0xffffffffffffffff, 0x82000000) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) 19:28:16 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x1, 0x75}, "5a234942bb120aefb93692ab4087c1c7dd2ddc8e51058d69a8169d6c12aeea6ebaa6610074dfa9b5f1767a251edfd6c99aa2df7bb4f8d815f0bb51f719e4dddd7d4d4f56cf2e7bb0fa0c34e417415058d2da59d34bb296fa193adcf6463a08e6473da4a4227975a051d6fbddd6ad1081978f532d4a"}, 0x79) (rerun: 64) 19:28:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x11000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:16 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f0000286000/0x11000)=nil, 0x6000) mlockall(0x5) mlockall(0x5) mlockall(0x0) shmctl$IPC_RMID(r0, 0x0) mlockall(0x3) mlockall(0x1) [ 513.325360][T14011] FAULT_INJECTION: forcing a failure. [ 513.325360][T14011] name fail_page_alloc, interval 1, probability 0, space 0, times 0 19:28:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x13000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 513.406744][T14011] CPU: 1 PID: 14011 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 513.417254][T14011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 513.427380][T14011] Call Trace: [ 513.430696][T14011] [ 513.433677][T14011] dump_stack_lvl+0x136/0x150 [ 513.438435][T14011] should_fail_ex+0x4a3/0x5b0 [ 513.443200][T14011] prepare_alloc_pages+0x178/0x570 [ 513.448384][T14011] ? print_usage_bug.part.0+0x660/0x660 [ 513.454015][T14011] __alloc_pages+0x149/0x4a0 [ 513.458713][T14011] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 513.465560][T14011] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 513.471628][T14011] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 513.477689][T14011] __folio_alloc+0x16/0x40 [ 513.482179][T14011] vma_alloc_folio+0x155/0x880 [ 513.487070][T14011] ? policy_nodemask+0x1c0/0x1c0 [ 513.492096][T14011] ? find_held_lock+0x2d/0x110 [ 513.496949][T14011] shmem_alloc_folio+0xff/0x1c0 [ 513.501887][T14011] ? shmem_link+0x370/0x370 [ 513.506613][T14011] ? filemap_add_folio+0x1e0/0x1e0 [ 513.511990][T14011] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 513.517859][T14011] shmem_get_folio_gfp+0xacd/0x1950 [ 513.523206][T14011] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 513.529300][T14011] shmem_fault+0x1cc/0x8b0 [ 513.533804][T14011] ? shmem_get_folio_gfp+0x1950/0x1950 [ 513.539358][T14011] ? mark_lock.part.0+0xee/0x1970 [ 513.544450][T14011] __do_fault+0x107/0x600 [ 513.548851][T14011] __handle_mm_fault+0x24f3/0x3e60 19:28:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x3f000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 513.554049][T14011] ? vm_iomap_memory+0x190/0x190 [ 513.559076][T14011] handle_mm_fault+0x2ba/0x9c0 [ 513.563915][T14011] __get_user_pages+0x4da/0xf30 [ 513.568856][T14011] ? follow_page_mask+0x10a0/0x10a0 [ 513.574133][T14011] ? mas_find+0x200/0x200 [ 513.578533][T14011] ? __down_read_common+0x884/0xf30 [ 513.583915][T14011] populate_vma_page_range+0x2df/0x420 [ 513.589464][T14011] ? follow_page+0x140/0x140 [ 513.594126][T14011] ? find_vma+0x1b0/0x1b0 [ 513.598540][T14011] __mm_populate+0x105/0x3b0 19:28:17 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmctl$SHM_UNLOCK(r0, 0xc) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) [ 513.603221][T14011] ? faultin_vma_page_range+0x300/0x300 [ 513.608859][T14011] ? up_write+0x1b4/0x520 [ 513.613269][T14011] do_shmat+0xcd4/0x1180 [ 513.617614][T14011] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 513.623501][T14011] __ia32_compat_sys_shmat+0xd2/0x160 [ 513.628945][T14011] ? __ia32_sys_shmat+0x160/0x160 [ 513.634045][T14011] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 513.640711][T14011] ? lockdep_hardirqs_on+0x7d/0x100 [ 513.646072][T14011] __do_fast_syscall_32+0x65/0xf0 [ 513.651169][T14011] do_fast_syscall_32+0x33/0x70 [ 513.656093][T14011] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 513.662497][T14011] RIP: 0023:0xf7f30579 [ 513.666617][T14011] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 513.686286][T14011] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 513.694775][T14011] RAX: ffffffffffffffda RBX: 000000000000004c RCX: 00000000202f4000 [ 513.702794][T14011] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 513.710817][T14011] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 513.718869][T14011] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 513.726894][T14011] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 513.734943][T14011] 19:28:17 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 27) 19:28:17 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mmap$snddsp_status(&(0x7f00001f1000/0x4000)=nil, 0x1000, 0x1000000, 0x13, 0xffffffffffffffff, 0x82000000) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:17 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x1, 0x75}, "5a234942bb120aefb93692ab4087c1c7dd2ddc8e51058d69a8169d6c12aeea6ebaa6610074dfa9b5f1767a251edfd6c99aa2df7bb4f8d815f0bb51f719e4dddd7d4d4f56cf2e7bb0fa0c34e417415058d2da59d34bb296fa193adcf6463a08e6473da4a4227975a051d6fbddd6ad1081978f532d4a"}, 0x79) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x1, 0x75}, "5a234942bb120aefb93692ab4087c1c7dd2ddc8e51058d69a8169d6c12aeea6ebaa6610074dfa9b5f1767a251edfd6c99aa2df7bb4f8d815f0bb51f719e4dddd7d4d4f56cf2e7bb0fa0c34e417415058d2da59d34bb296fa193adcf6463a08e6473da4a4227975a051d6fbddd6ad1081978f532d4a"}, 0x79) 19:28:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x4d040000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:17 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmget$private(0x0, 0x2000, 0x400, &(0x7f00001da000/0x2000)=nil) mlockall(0x0) mlockall(0x0) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) 19:28:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x60000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:17 executing program 3: mlockall(0x2) (async, rerun: 64) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (rerun: 64) shmat(r0, &(0x7f0000286000/0x11000)=nil, 0x6000) (async) mlockall(0x5) mlockall(0x5) (async) mlockall(0x0) shmctl$IPC_RMID(r0, 0x0) (async) mlockall(0x3) mlockall(0x1) [ 514.060917][T14042] FAULT_INJECTION: forcing a failure. [ 514.060917][T14042] name fail_page_alloc, interval 1, probability 0, space 0, times 0 19:28:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x9effffff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:17 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYRESOCT=r8, @ANYRES64=r9, @ANYRESHEX=r7, @ANYRES8, @ANYRESOCT=r0, @ANYBLOB="ba812d4dea8d1eaecdee4126c69c599299b72cfe009cec92b7c563172099ed92fdaad49537e56b7d54a0aebe29e720975258fd5f6d9ace8c1912505dc32efef3c8efef02aacb650ecfbcd9ae57c1de69edfdb36bfd94a1d5bae371a3a5fa43077af98442b9bc9e6198c16e639286ca13ab"], 0x8) [ 514.222023][T14042] CPU: 1 PID: 14042 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 514.232521][T14042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 514.242634][T14042] Call Trace: [ 514.245968][T14042] [ 514.248946][T14042] dump_stack_lvl+0x136/0x150 [ 514.253780][T14042] should_fail_ex+0x4a3/0x5b0 [ 514.258549][T14042] prepare_alloc_pages+0x178/0x570 [ 514.263723][T14042] ? print_usage_bug.part.0+0x660/0x660 19:28:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xf0ffffff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 514.269341][T14042] __alloc_pages+0x149/0x4a0 [ 514.273996][T14042] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 514.280844][T14042] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 514.286898][T14042] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 514.292951][T14042] __folio_alloc+0x16/0x40 [ 514.297432][T14042] vma_alloc_folio+0x155/0x880 [ 514.302284][T14042] ? policy_nodemask+0x1c0/0x1c0 [ 514.307309][T14042] ? find_held_lock+0x2d/0x110 [ 514.312168][T14042] shmem_alloc_folio+0xff/0x1c0 [ 514.317107][T14042] ? shmem_link+0x370/0x370 19:28:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xfffff000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 514.321713][T14042] ? filemap_add_folio+0x1e0/0x1e0 [ 514.326922][T14042] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 514.332738][T14042] shmem_get_folio_gfp+0xacd/0x1950 [ 514.338052][T14042] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 514.344050][T14042] shmem_fault+0x1cc/0x8b0 [ 514.348562][T14042] ? shmem_get_folio_gfp+0x1950/0x1950 [ 514.354151][T14042] ? mark_lock.part.0+0xee/0x1970 [ 514.359249][T14042] __do_fault+0x107/0x600 [ 514.363654][T14042] __handle_mm_fault+0x24f3/0x3e60 [ 514.368870][T14042] ? vm_iomap_memory+0x190/0x190 [ 514.373904][T14042] handle_mm_fault+0x2ba/0x9c0 [ 514.378767][T14042] __get_user_pages+0x4da/0xf30 [ 514.383737][T14042] ? follow_page_mask+0x10a0/0x10a0 [ 514.389036][T14042] ? mas_find+0x200/0x200 [ 514.393436][T14042] ? __down_read_common+0x884/0xf30 [ 514.398732][T14042] populate_vma_page_range+0x2df/0x420 [ 514.404284][T14042] ? follow_page+0x140/0x140 [ 514.408948][T14042] ? find_vma+0x1b0/0x1b0 [ 514.413356][T14042] __mm_populate+0x105/0x3b0 [ 514.418113][T14042] ? faultin_vma_page_range+0x300/0x300 [ 514.423747][T14042] ? up_write+0x1b4/0x520 [ 514.428169][T14042] do_shmat+0xcd4/0x1180 [ 514.432494][T14042] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 514.438468][T14042] __ia32_compat_sys_shmat+0xd2/0x160 [ 514.443923][T14042] ? __ia32_sys_shmat+0x160/0x160 [ 514.449016][T14042] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 514.455678][T14042] ? lockdep_hardirqs_on+0x7d/0x100 [ 514.460947][T14042] __do_fast_syscall_32+0x65/0xf0 [ 514.466123][T14042] do_fast_syscall_32+0x33/0x70 19:28:18 executing program 3: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f0000286000/0x11000)=nil, 0x6000) mlockall(0x5) mlockall(0x5) (async) mlockall(0x0) (async) shmctl$IPC_RMID(r0, 0x0) (async) mlockall(0x3) mlockall(0x1) [ 514.471040][T14042] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 514.477480][T14042] RIP: 0023:0xf7f30579 [ 514.481603][T14042] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 514.501361][T14042] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 514.509842][T14042] RAX: ffffffffffffffda RBX: 000000000000004d RCX: 00000000202f4000 [ 514.517869][T14042] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 514.525895][T14042] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 514.533916][T14042] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 514.541945][T14042] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 514.550024][T14042] 19:28:18 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 28) 19:28:18 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x2) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x6) 19:28:18 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYRESOCT=r8, @ANYRES64=r9, @ANYRESHEX=r7, @ANYRES8, @ANYRESOCT=r0, @ANYBLOB="ba812d4dea8d1eaecdee4126c69c599299b72cfe009cec92b7c563172099ed92fdaad49537e56b7d54a0aebe29e720975258fd5f6d9ace8c1912505dc32efef3c8efef02aacb650ecfbcd9ae57c1de69edfdb36bfd94a1d5bae371a3a5fa43077af98442b9bc9e6198c16e639286ca13ab"], 0x8) 19:28:18 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xffffff7f, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:18 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmget$private(0x0, 0x2000, 0x400, &(0x7f00001da000/0x2000)=nil) mlockall(0x0) (async) mlockall(0x0) mlockall(0x0) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) 19:28:18 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x1) shmat(r0, &(0x7f00002b6000/0x4000)=nil, 0x6000) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:18 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xffffff9e, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) (async) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) (async) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYRESOCT=r8, @ANYRES64=r9, @ANYRESHEX=r7, @ANYRES8, @ANYRESOCT=r0, @ANYBLOB="ba812d4dea8d1eaecdee4126c69c599299b72cfe009cec92b7c563172099ed92fdaad49537e56b7d54a0aebe29e720975258fd5f6d9ace8c1912505dc32efef3c8efef02aacb650ecfbcd9ae57c1de69edfdb36bfd94a1d5bae371a3a5fa43077af98442b9bc9e6198c16e639286ca13ab"], 0x8) [ 514.944170][T14075] FAULT_INJECTION: forcing a failure. [ 514.944170][T14075] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 515.002871][T14075] CPU: 0 PID: 14075 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 515.013384][T14075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 515.024288][T14075] Call Trace: [ 515.027615][T14075] [ 515.030609][T14075] dump_stack_lvl+0x136/0x150 [ 515.035363][T14075] should_fail_ex+0x4a3/0x5b0 [ 515.040212][T14075] prepare_alloc_pages+0x178/0x570 [ 515.045412][T14075] ? print_usage_bug.part.0+0x660/0x660 [ 515.051122][T14075] __alloc_pages+0x149/0x4a0 [ 515.055796][T14075] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 515.062665][T14075] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 515.068725][T14075] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 515.074787][T14075] __folio_alloc+0x16/0x40 [ 515.079279][T14075] vma_alloc_folio+0x155/0x880 [ 515.084133][T14075] ? policy_nodemask+0x1c0/0x1c0 [ 515.089153][T14075] ? find_held_lock+0x2d/0x110 [ 515.094008][T14075] shmem_alloc_folio+0xff/0x1c0 [ 515.098972][T14075] ? shmem_link+0x370/0x370 [ 515.103576][T14075] ? filemap_add_folio+0x1e0/0x1e0 [ 515.108802][T14075] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 515.114630][T14075] shmem_get_folio_gfp+0xacd/0x1950 [ 515.119935][T14075] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 515.125932][T14075] shmem_fault+0x1cc/0x8b0 [ 515.130444][T14075] ? shmem_get_folio_gfp+0x1950/0x1950 [ 515.136007][T14075] ? mark_lock.part.0+0xee/0x1970 [ 515.141112][T14075] __do_fault+0x107/0x600 [ 515.145523][T14075] __handle_mm_fault+0x24f3/0x3e60 19:28:18 executing program 4: syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x3c}, @l2cap_cid_signaling={{0x38}, [@l2cap_move_chan_cfm={{0x10, 0x5, 0x4}, {0x200, 0x12d}}, @l2cap_conf_req={{0x4, 0x4, 0x2c}, {0x9, 0x90e, [@l2cap_conf_efs={0x6, 0x10, {0x7, 0x0, 0x3, 0xf2, 0x0, 0x401}}, @l2cap_conf_flushto={0x2, 0x2, 0x562}, @l2cap_conf_fcs={0x5, 0x1, 0x1}, @l2cap_conf_flushto={0x2, 0x2, 0x800}, @l2cap_conf_mtu={0x1, 0x2, 0x6}, @l2cap_conf_flushto={0x2, 0x2, 0x5}, @l2cap_conf_fcs={0x5, 0x1, 0x1}]}}]}}, 0x41) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) socket(0xb, 0x80b8e9cf817407d1, 0x20) [ 515.150719][T14075] ? vm_iomap_memory+0x190/0x190 [ 515.155763][T14075] handle_mm_fault+0x2ba/0x9c0 [ 515.160694][T14075] __get_user_pages+0x4da/0xf30 [ 515.165641][T14075] ? follow_page_mask+0x10a0/0x10a0 [ 515.170920][T14075] ? mas_find+0x200/0x200 [ 515.175338][T14075] ? __down_read_common+0x884/0xf30 [ 515.180717][T14075] populate_vma_page_range+0x2df/0x420 [ 515.186276][T14075] ? follow_page+0x140/0x140 [ 515.190944][T14075] ? find_vma+0x1b0/0x1b0 [ 515.195363][T14075] __mm_populate+0x105/0x3b0 [ 515.200047][T14075] ? faultin_vma_page_range+0x300/0x300 [ 515.205685][T14075] ? up_write+0x1b4/0x520 [ 515.210100][T14075] do_shmat+0xcd4/0x1180 [ 515.214414][T14075] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 515.220392][T14075] __ia32_compat_sys_shmat+0xd2/0x160 [ 515.225831][T14075] ? __ia32_sys_shmat+0x160/0x160 [ 515.230924][T14075] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 515.237594][T14075] ? lockdep_hardirqs_on+0x7d/0x100 [ 515.242870][T14075] __do_fast_syscall_32+0x65/0xf0 [ 515.248100][T14075] do_fast_syscall_32+0x33/0x70 19:28:18 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xfffffff0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:18 executing program 4: syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x3c}, @l2cap_cid_signaling={{0x38}, [@l2cap_move_chan_cfm={{0x10, 0x5, 0x4}, {0x200, 0x12d}}, @l2cap_conf_req={{0x4, 0x4, 0x2c}, {0x9, 0x90e, [@l2cap_conf_efs={0x6, 0x10, {0x7, 0x0, 0x3, 0xf2, 0x0, 0x401}}, @l2cap_conf_flushto={0x2, 0x2, 0x562}, @l2cap_conf_fcs={0x5, 0x1, 0x1}, @l2cap_conf_flushto={0x2, 0x2, 0x800}, @l2cap_conf_mtu={0x1, 0x2, 0x6}, @l2cap_conf_flushto={0x2, 0x2, 0x5}, @l2cap_conf_fcs={0x5, 0x1, 0x1}]}}]}}, 0x41) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) socket(0xb, 0x80b8e9cf817407d1, 0x20) [ 515.253016][T14075] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 515.259428][T14075] RIP: 0023:0xf7f30579 [ 515.263551][T14075] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 515.283226][T14075] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 515.291717][T14075] RAX: ffffffffffffffda RBX: 000000000000004e RCX: 00000000202f4000 19:28:18 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmget$private(0x0, 0x2000, 0x400, &(0x7f00001da000/0x2000)=nil) mlockall(0x0) mlockall(0x0) (async) mlockall(0x0) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) (async) mlockall(0x2) [ 515.299753][T14075] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 515.307806][T14075] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 515.315848][T14075] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 515.323875][T14075] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 515.332007][T14075] 19:28:19 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 29) 19:28:19 executing program 3: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x1) (async) shmat(r0, &(0x7f00002b6000/0x4000)=nil, 0x6000) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:19 executing program 4: syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x3c}, @l2cap_cid_signaling={{0x38}, [@l2cap_move_chan_cfm={{0x10, 0x5, 0x4}, {0x200, 0x12d}}, @l2cap_conf_req={{0x4, 0x4, 0x2c}, {0x9, 0x90e, [@l2cap_conf_efs={0x6, 0x10, {0x7, 0x0, 0x3, 0xf2, 0x0, 0x401}}, @l2cap_conf_flushto={0x2, 0x2, 0x562}, @l2cap_conf_fcs={0x5, 0x1, 0x1}, @l2cap_conf_flushto={0x2, 0x2, 0x800}, @l2cap_conf_mtu={0x1, 0x2, 0x6}, @l2cap_conf_flushto={0x2, 0x2, 0x5}, @l2cap_conf_fcs={0x5, 0x1, 0x1}]}}]}}, 0x41) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) socket(0xb, 0x80b8e9cf817407d1, 0x20) 19:28:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0xffffffff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:19 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x2) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x6) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) mlockall(0x2) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) mlockall(0x6) (async) 19:28:19 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000000), &(0x7f0000000080)={0x0, 0xfb, 0xc4, 0x4, 0x9, "9456eb47438bab2a7c348774af77b066", "34c768299379b2a06b845f7c57298e9df31e0977c3dfa3ca1772d582757e03964ea6eac9d04295c9d20ab773f26f983ab45256f94fc9f94ba222547c57b3908494d58eb6d532a2539ece5429ffae731853a0247c2e49f6cc69682d153d7d2aea387c862b1e1b2f04e33b91b45bd923e793d853a4bf69d296e8fda203d7e501d610ddfaee790b68038d4d21073e7bff5b963d69c5348e1d425da185170f15b5ed48dab9a1b5694b40ff123043730fcf"}, 0xc4, 0x2) 19:28:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:19 executing program 2: mlockall(0x2) mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r1 = openat$damon_mk_contexts(0xffffff9c, &(0x7f0000000000), 0x20000, 0x80) r2 = open(&(0x7f0000000040)='./file0\x00', 0x10000, 0x48) write$damon_contexts(r2, &(0x7f0000000080)=[{' ', './file0'}, {' ', './file0'}], 0x2) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x4000010, r1, 0x44814000) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 515.708241][T14112] FAULT_INJECTION: forcing a failure. [ 515.708241][T14112] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 515.757447][T14112] CPU: 1 PID: 14112 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 515.767950][T14112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 515.778082][T14112] Call Trace: [ 515.781400][T14112] [ 515.784378][T14112] dump_stack_lvl+0x136/0x150 [ 515.789111][T14112] should_fail_ex+0x4a3/0x5b0 [ 515.793842][T14112] prepare_alloc_pages+0x178/0x570 [ 515.798992][T14112] ? print_usage_bug.part.0+0x660/0x660 [ 515.804580][T14112] __alloc_pages+0x149/0x4a0 [ 515.809204][T14112] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 515.816009][T14112] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 515.822028][T14112] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 515.828063][T14112] __folio_alloc+0x16/0x40 [ 515.832532][T14112] vma_alloc_folio+0x155/0x880 [ 515.837445][T14112] ? policy_nodemask+0x1c0/0x1c0 [ 515.842431][T14112] ? find_held_lock+0x2d/0x110 [ 515.847247][T14112] shmem_alloc_folio+0xff/0x1c0 [ 515.852147][T14112] ? shmem_link+0x370/0x370 [ 515.856720][T14112] ? filemap_add_folio+0x1e0/0x1e0 [ 515.861898][T14112] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 515.867676][T14112] shmem_get_folio_gfp+0xacd/0x1950 [ 515.872935][T14112] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 515.878888][T14112] shmem_fault+0x1cc/0x8b0 [ 515.883358][T14112] ? shmem_get_folio_gfp+0x1950/0x1950 [ 515.888877][T14112] ? mark_lock.part.0+0xee/0x1970 [ 515.893947][T14112] __do_fault+0x107/0x600 [ 515.898311][T14112] __handle_mm_fault+0x24f3/0x3e60 [ 515.903465][T14112] ? vm_iomap_memory+0x190/0x190 [ 515.908458][T14112] handle_mm_fault+0x2ba/0x9c0 [ 515.913261][T14112] __get_user_pages+0x4da/0xf30 [ 515.918266][T14112] ? follow_page_mask+0x10a0/0x10a0 [ 515.923519][T14112] ? mas_find+0x200/0x200 [ 515.927897][T14112] ? __down_read_common+0x884/0xf30 [ 515.933181][T14112] populate_vma_page_range+0x2df/0x420 [ 515.938703][T14112] ? follow_page+0x140/0x140 [ 515.943346][T14112] ? find_vma+0x1b0/0x1b0 [ 515.947725][T14112] __mm_populate+0x105/0x3b0 [ 515.952367][T14112] ? faultin_vma_page_range+0x300/0x300 [ 515.957964][T14112] ? up_write+0x1b4/0x520 [ 515.962345][T14112] do_shmat+0xcd4/0x1180 [ 515.966630][T14112] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 515.972478][T14112] __ia32_compat_sys_shmat+0xd2/0x160 [ 515.977887][T14112] ? __ia32_sys_shmat+0x160/0x160 [ 515.983035][T14112] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 515.989665][T14112] ? lockdep_hardirqs_on+0x7d/0x100 [ 515.994914][T14112] __do_fast_syscall_32+0x65/0xf0 [ 515.999969][T14112] do_fast_syscall_32+0x33/0x70 [ 516.004846][T14112] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 516.011224][T14112] RIP: 0023:0xf7f30579 [ 516.015408][T14112] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 516.035130][T14112] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 516.043592][T14112] RAX: ffffffffffffffda RBX: 000000000000004f RCX: 00000000202f4000 19:28:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:19 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000000), &(0x7f0000000080)={0x0, 0xfb, 0xc4, 0x4, 0x9, "9456eb47438bab2a7c348774af77b066", "34c768299379b2a06b845f7c57298e9df31e0977c3dfa3ca1772d582757e03964ea6eac9d04295c9d20ab773f26f983ab45256f94fc9f94ba222547c57b3908494d58eb6d532a2539ece5429ffae731853a0247c2e49f6cc69682d153d7d2aea387c862b1e1b2f04e33b91b45bd923e793d853a4bf69d296e8fda203d7e501d610ddfaee790b68038d4d21073e7bff5b963d69c5348e1d425da185170f15b5ed48dab9a1b5694b40ff123043730fcf"}, 0xc4, 0x2) [ 516.051587][T14112] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 516.059579][T14112] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 516.067928][T14112] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 516.075922][T14112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 516.083960][T14112] 19:28:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0x6}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:19 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000000), &(0x7f0000000080)={0x0, 0xfb, 0xc4, 0x4, 0x9, "9456eb47438bab2a7c348774af77b066", "34c768299379b2a06b845f7c57298e9df31e0977c3dfa3ca1772d582757e03964ea6eac9d04295c9d20ab773f26f983ab45256f94fc9f94ba222547c57b3908494d58eb6d532a2539ece5429ffae731853a0247c2e49f6cc69682d153d7d2aea387c862b1e1b2f04e33b91b45bd923e793d853a4bf69d296e8fda203d7e501d610ddfaee790b68038d4d21073e7bff5b963d69c5348e1d425da185170f15b5ed48dab9a1b5694b40ff123043730fcf"}, 0xc4, 0x2) 19:28:20 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 30) 19:28:20 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0x7}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:20 executing program 3: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x1) (async, rerun: 64) shmat(r0, &(0x7f00002b6000/0x4000)=nil, 0x6000) (async, rerun: 64) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:20 executing program 5: mlockall(0x2) (async, rerun: 32) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (rerun: 32) mlockall(0x2) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) mlockall(0x6) 19:28:20 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x3, 0x26}, @l2cap_cid_signaling={{0x22}, [@l2cap_disconn_req={{0x6, 0x7, 0x4}, {0x100, 0xfb}}, @l2cap_info_req={{0xa, 0x7a, 0x2}}, @l2cap_info_req={{0xa, 0xf7, 0x2}, {0x26c4}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x80, 0x2}, {0x385a}}, @l2cap_disconn_rsp={{0x7, 0x6, 0x4}, {0x100, 0x5}}]}}, 0x2b) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) 19:28:20 executing program 2: mlockall(0x2) mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r1 = openat$damon_mk_contexts(0xffffff9c, &(0x7f0000000000), 0x20000, 0x80) open(&(0x7f0000000040)='./file0\x00', 0x10000, 0x48) (async) r2 = open(&(0x7f0000000040)='./file0\x00', 0x10000, 0x48) write$damon_contexts(r2, &(0x7f0000000080)=[{' ', './file0'}, {' ', './file0'}], 0x2) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x4000010, r1, 0x44814000) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:20 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x3, 0x26}, @l2cap_cid_signaling={{0x22}, [@l2cap_disconn_req={{0x6, 0x7, 0x4}, {0x100, 0xfb}}, @l2cap_info_req={{0xa, 0x7a, 0x2}}, @l2cap_info_req={{0xa, 0xf7, 0x2}, {0x26c4}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x80, 0x2}, {0x385a}}, @l2cap_disconn_rsp={{0x7, 0x6, 0x4}, {0x100, 0x5}}]}}, 0x2b) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x3, 0x26}, @l2cap_cid_signaling={{0x22}, [@l2cap_disconn_req={{0x6, 0x7, 0x4}, {0x100, 0xfb}}, @l2cap_info_req={{0xa, 0x7a, 0x2}}, @l2cap_info_req={{0xa, 0xf7, 0x2}, {0x26c4}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x80, 0x2}, {0x385a}}, @l2cap_disconn_rsp={{0x7, 0x6, 0x4}, {0x100, 0x5}}]}}, 0x2b) (async) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) (async) 19:28:20 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 516.567745][T14149] FAULT_INJECTION: forcing a failure. [ 516.567745][T14149] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 516.620652][T14149] CPU: 1 PID: 14149 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 516.631177][T14149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 516.641302][T14149] Call Trace: [ 516.644743][T14149] [ 516.647739][T14149] dump_stack_lvl+0x136/0x150 [ 516.652494][T14149] should_fail_ex+0x4a3/0x5b0 [ 516.657242][T14149] prepare_alloc_pages+0x178/0x570 [ 516.662418][T14149] ? print_usage_bug.part.0+0x660/0x660 19:28:20 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x3, 0x26}, @l2cap_cid_signaling={{0x22}, [@l2cap_disconn_req={{0x6, 0x7, 0x4}, {0x100, 0xfb}}, @l2cap_info_req={{0xa, 0x7a, 0x2}}, @l2cap_info_req={{0xa, 0xf7, 0x2}, {0x26c4}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x80, 0x2}, {0x385a}}, @l2cap_disconn_rsp={{0x7, 0x6, 0x4}, {0x100, 0x5}}]}}, 0x2b) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) (async) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) [ 516.668033][T14149] __alloc_pages+0x149/0x4a0 [ 516.672694][T14149] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 516.679540][T14149] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 516.685589][T14149] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 516.691646][T14149] __folio_alloc+0x16/0x40 [ 516.696159][T14149] vma_alloc_folio+0x155/0x880 [ 516.701104][T14149] ? policy_nodemask+0x1c0/0x1c0 [ 516.706123][T14149] ? find_held_lock+0x2d/0x110 [ 516.710982][T14149] shmem_alloc_folio+0xff/0x1c0 [ 516.715915][T14149] ? shmem_link+0x370/0x370 [ 516.720524][T14149] ? filemap_add_folio+0x1e0/0x1e0 [ 516.725859][T14149] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 516.731677][T14149] shmem_get_folio_gfp+0xacd/0x1950 [ 516.736979][T14149] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 516.743008][T14149] shmem_fault+0x1cc/0x8b0 [ 516.747516][T14149] ? shmem_get_folio_gfp+0x1950/0x1950 [ 516.753079][T14149] ? mark_lock.part.0+0xee/0x1970 [ 516.758228][T14149] __do_fault+0x107/0x600 [ 516.762643][T14149] __handle_mm_fault+0x24f3/0x3e60 [ 516.767839][T14149] ? vm_iomap_memory+0x190/0x190 [ 516.772883][T14149] handle_mm_fault+0x2ba/0x9c0 [ 516.777726][T14149] __get_user_pages+0x4da/0xf30 [ 516.782672][T14149] ? follow_page_mask+0x10a0/0x10a0 [ 516.787957][T14149] ? mas_find+0x200/0x200 [ 516.792363][T14149] ? __down_read_common+0x884/0xf30 [ 516.797656][T14149] populate_vma_page_range+0x2df/0x420 [ 516.803217][T14149] ? follow_page+0x140/0x140 [ 516.807906][T14149] ? find_vma+0x1b0/0x1b0 [ 516.812325][T14149] __mm_populate+0x105/0x3b0 19:28:20 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) [ 516.817002][T14149] ? faultin_vma_page_range+0x300/0x300 [ 516.822644][T14149] ? up_write+0x1b4/0x520 [ 516.827060][T14149] do_shmat+0xcd4/0x1180 [ 516.831375][T14149] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 516.837274][T14149] __ia32_compat_sys_shmat+0xd2/0x160 [ 516.842722][T14149] ? __ia32_sys_shmat+0x160/0x160 [ 516.847822][T14149] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 516.855888][T14149] ? lockdep_hardirqs_on+0x7d/0x100 [ 516.861276][T14149] __do_fast_syscall_32+0x65/0xf0 [ 516.866372][T14149] do_fast_syscall_32+0x33/0x70 [ 516.871297][T14149] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 516.877801][T14149] RIP: 0023:0xf7f30579 [ 516.881928][T14149] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 516.901620][T14149] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 516.910114][T14149] RAX: ffffffffffffffda RBX: 0000000000000050 RCX: 00000000202f4000 19:28:20 executing program 2: mlockall(0x2) (async) mlockall(0x0) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) r1 = openat$damon_mk_contexts(0xffffff9c, &(0x7f0000000000), 0x20000, 0x80) (async) r2 = open(&(0x7f0000000040)='./file0\x00', 0x10000, 0x48) write$damon_contexts(r2, &(0x7f0000000080)=[{' ', './file0'}, {' ', './file0'}], 0x2) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x4000010, r1, 0x44814000) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:20 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) [ 516.918151][T14149] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 516.926186][T14149] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 516.934211][T14149] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 516.942240][T14149] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 516.950298][T14149] 19:28:20 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (fail_nth: 31) 19:28:20 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) r1 = shmget(0x2, 0x3000, 0x4, &(0x7f000027b000/0x3000)=nil) r2 = shmget(0x0, 0x3000, 0x80, &(0x7f0000ffd000/0x3000)=nil) shmat(r2, &(0x7f0000254000/0x2000)=nil, 0x6000) shmat(r1, &(0x7f0000111000/0x4000)=nil, 0x0) r3 = shmget$private(0x0, 0x4000, 0x800, &(0x7f00001ca000/0x4000)=nil) shmctl$SHM_UNLOCK(r3, 0xc) 19:28:20 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/97) mlockall(0x5) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:20 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:28:20 executing program 5: mlockall(0x2) mlockall(0x1) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:20 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_reconf_req={{0x19, 0xff, 0x8}, {0x4, 0x7ff, [0x2, 0xffff]}}}}, 0x15) 19:28:20 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0x9}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:20 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_reconf_req={{0x19, 0xff, 0x8}, {0x4, 0x7ff, [0x2, 0xffff]}}}}, 0x15) [ 517.389701][T14177] FAULT_INJECTION: forcing a failure. [ 517.389701][T14177] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 517.474370][T14177] CPU: 0 PID: 14177 Comm: syz-executor.1 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 517.484902][T14177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 517.495117][T14177] Call Trace: [ 517.498476][T14177] [ 517.501459][T14177] dump_stack_lvl+0x136/0x150 [ 517.506211][T14177] should_fail_ex+0x4a3/0x5b0 [ 517.510973][T14177] prepare_alloc_pages+0x178/0x570 [ 517.516161][T14177] ? print_usage_bug.part.0+0x660/0x660 [ 517.521793][T14177] __alloc_pages+0x149/0x4a0 [ 517.526462][T14177] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 517.533308][T14177] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 517.539452][T14177] __folio_alloc+0x16/0x40 [ 517.544031][T14177] vma_alloc_folio+0x155/0x880 [ 517.548941][T14177] ? policy_nodemask+0x1c0/0x1c0 [ 517.553967][T14177] ? find_held_lock+0x2d/0x110 [ 517.558838][T14177] shmem_alloc_folio+0xff/0x1c0 [ 517.563777][T14177] ? shmem_link+0x370/0x370 [ 517.568494][T14177] ? filemap_add_folio+0x1e0/0x1e0 [ 517.573704][T14177] shmem_alloc_and_acct_folio+0x15e/0x5d0 [ 517.579608][T14177] shmem_get_folio_gfp+0xacd/0x1950 [ 517.584883][T14177] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 517.591032][T14177] shmem_fault+0x1cc/0x8b0 [ 517.595597][T14177] ? shmem_get_folio_gfp+0x1950/0x1950 [ 517.601222][T14177] ? mark_lock.part.0+0xee/0x1970 [ 517.606309][T14177] __do_fault+0x107/0x600 [ 517.610675][T14177] __handle_mm_fault+0x24f3/0x3e60 [ 517.615833][T14177] ? vm_iomap_memory+0x190/0x190 [ 517.620831][T14177] handle_mm_fault+0x2ba/0x9c0 [ 517.625656][T14177] __get_user_pages+0x4da/0xf30 [ 517.630568][T14177] ? follow_page_mask+0x10a0/0x10a0 [ 517.635818][T14177] ? mas_find+0x200/0x200 [ 517.640190][T14177] ? __down_read_common+0x884/0xf30 [ 517.645546][T14177] populate_vma_page_range+0x2df/0x420 [ 517.651072][T14177] ? follow_page+0x140/0x140 [ 517.655802][T14177] ? find_vma+0x1b0/0x1b0 [ 517.660534][T14177] __mm_populate+0x105/0x3b0 [ 517.665182][T14177] ? faultin_vma_page_range+0x300/0x300 [ 517.670798][T14177] ? up_write+0x1b4/0x520 [ 517.675176][T14177] do_shmat+0xcd4/0x1180 [ 517.679461][T14177] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 517.685314][T14177] __ia32_compat_sys_shmat+0xd2/0x160 [ 517.690744][T14177] ? __ia32_sys_shmat+0x160/0x160 [ 517.695808][T14177] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 517.702439][T14177] ? lockdep_hardirqs_on+0x7d/0x100 [ 517.707677][T14177] __do_fast_syscall_32+0x65/0xf0 [ 517.712738][T14177] do_fast_syscall_32+0x33/0x70 [ 517.717637][T14177] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 517.724024][T14177] RIP: 0023:0xf7f30579 [ 517.728125][T14177] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 517.748022][T14177] RSP: 002b:00000000f7f2b5cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 517.756473][T14177] RAX: ffffffffffffffda RBX: 0000000000000051 RCX: 00000000202f4000 [ 517.764483][T14177] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 19:28:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xa}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:21 executing program 5: mlockall(0x2) (async) mlockall(0x1) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 517.772481][T14177] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 517.780490][T14177] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 517.788489][T14177] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 517.796515][T14177] 19:28:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:21 executing program 3: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) r1 = shmget(0x2, 0x3000, 0x4, &(0x7f000027b000/0x3000)=nil) (async) r2 = shmget(0x0, 0x3000, 0x80, &(0x7f0000ffd000/0x3000)=nil) shmat(r2, &(0x7f0000254000/0x2000)=nil, 0x6000) (async) shmat(r1, &(0x7f0000111000/0x4000)=nil, 0x0) (async) r3 = shmget$private(0x0, 0x4000, 0x800, &(0x7f00001ca000/0x4000)=nil) shmctl$SHM_UNLOCK(r3, 0xc) 19:28:21 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:21 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_reconf_req={{0x19, 0xff, 0x8}, {0x4, 0x7ff, [0x2, 0xffff]}}}}, 0x15) 19:28:21 executing program 5: mlockall(0x2) (async) mlockall(0x1) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x2}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:21 executing program 2: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/97) mlockall(0x5) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x110, 0x0, 0x4, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x3b, 0x72}}}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b0b8f3d041c4bb3d8a76e62a4898644e9ad554219575ede4"}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "9b760ba7f6595ec94adeda70c1a7b44cefe0dd9d9b9063b2"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "80b70c9e2e3955aeebbf9360f1a0750b005730124d89b2f6"}, @NL80211_ATTR_MNTR_FLAGS={0x28, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}]}, 0x110}}, 0x4) ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={0x0, @isdn={0x22, 0x3, 0x5, 0x1f, 0x6}, @xdp={0x2c, 0x4, 0x0, 0x15}, @generic={0x2, "1f801468f1f05488d76c4b234b76"}, 0x400, 0x0, 0x0, 0x0, 0xe502, &(0x7f0000000000)='veth0_to_bridge\x00', 0x5, 0x3, 0x3}) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x7fff, 0x6}}, './file0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a39deec"], 0x8) 19:28:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x3}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:21 executing program 3: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) r1 = shmget(0x2, 0x3000, 0x4, &(0x7f000027b000/0x3000)=nil) r2 = shmget(0x0, 0x3000, 0x80, &(0x7f0000ffd000/0x3000)=nil) shmat(r2, &(0x7f0000254000/0x2000)=nil, 0x6000) (async, rerun: 32) shmat(r1, &(0x7f0000111000/0x4000)=nil, 0x0) (async, rerun: 32) r3 = shmget$private(0x0, 0x4000, 0x800, &(0x7f00001ca000/0x4000)=nil) shmctl$SHM_UNLOCK(r3, 0xc) 19:28:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x4}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:22 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) (async) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x110, 0x0, 0x4, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x3b, 0x72}}}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b0b8f3d041c4bb3d8a76e62a4898644e9ad554219575ede4"}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "9b760ba7f6595ec94adeda70c1a7b44cefe0dd9d9b9063b2"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "80b70c9e2e3955aeebbf9360f1a0750b005730124d89b2f6"}, @NL80211_ATTR_MNTR_FLAGS={0x28, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}]}, 0x110}}, 0x4) ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={0x0, @isdn={0x22, 0x3, 0x5, 0x1f, 0x6}, @xdp={0x2c, 0x4, 0x0, 0x15}, @generic={0x2, "1f801468f1f05488d76c4b234b76"}, 0x400, 0x0, 0x0, 0x0, 0xe502, &(0x7f0000000000)='veth0_to_bridge\x00', 0x5, 0x3, 0x3}) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x7fff, 0x6}}, './file0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a39deec"], 0x8) 19:28:22 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) (async) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x110, 0x0, 0x4, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x3b, 0x72}}}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b0b8f3d041c4bb3d8a76e62a4898644e9ad554219575ede4"}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "9b760ba7f6595ec94adeda70c1a7b44cefe0dd9d9b9063b2"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "80b70c9e2e3955aeebbf9360f1a0750b005730124d89b2f6"}, @NL80211_ATTR_MNTR_FLAGS={0x28, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}]}, 0x110}}, 0x4) (async, rerun: 32) ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={0x0, @isdn={0x22, 0x3, 0x5, 0x1f, 0x6}, @xdp={0x2c, 0x4, 0x0, 0x15}, @generic={0x2, "1f801468f1f05488d76c4b234b76"}, 0x400, 0x0, 0x0, 0x0, 0xe502, &(0x7f0000000000)='veth0_to_bridge\x00', 0x5, 0x3, 0x3}) (async, rerun: 32) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x7fff, 0x6}}, './file0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05005a39deec"], 0x8) 19:28:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x5}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:22 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5002) 19:28:22 executing program 2: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/97) mlockall(0x5) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:22 executing program 5: seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000000)=0xfffffffc) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x6}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:22 executing program 3: mlockall(0x4) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:22 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}}}, 0x9) 19:28:22 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}}}, 0x9) 19:28:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x7}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:22 executing program 3: mlockall(0x4) (async) mlockall(0x4) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:22 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}}}, 0x9) 19:28:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x8}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:22 executing program 3: mlockall(0x4) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x4) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) 19:28:22 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmat(r0, &(0x7f000022d000/0x4000)=nil, 0x5000) 19:28:22 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5003) 19:28:22 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) 19:28:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x9}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:22 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x2000, 0x78000000, &(0x7f0000ffe000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:22 executing program 5: seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000000)=0xfffffffc) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:22 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) (rerun: 64) 19:28:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0xa}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:23 executing program 3: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x2000, 0x78000000, &(0x7f0000ffe000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0xb}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:23 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) (async) 19:28:23 executing program 2: mlockall(0x2) (async, rerun: 64) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (rerun: 64) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmat(r0, &(0x7f000022d000/0x4000)=nil, 0x5000) 19:28:23 executing program 3: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x2000, 0x78000000, &(0x7f0000ffe000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:23 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5004) 19:28:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0xe}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:23 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x2) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'erspan0\x00', &(0x7f0000000140)={'erspan0\x00', 0x0, 0x8000, 0x10, 0x2, 0x3f, {{0x35, 0x4, 0x3, 0x5, 0xd4, 0x68, 0x0, 0x81, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x16}, @multicast2, {[@ra={0x94, 0x4, 0x1}, @noop, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0x1e, 0x3, 0x3, [{@multicast1, 0xffffffff}, {@local, 0x5}, {@local, 0x2f}, {@multicast1, 0xd5469c8a}, {@loopback, 0x6}]}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x14, 0x1d, 0x1, 0x1, [{@dev={0xac, 0x14, 0x14, 0x2f}, 0x75}, {@dev={0xac, 0x14, 0x14, 0x36}, 0xffff}]}, @timestamp_prespec={0x44, 0x14, 0x16, 0x3, 0x7, [{@local, 0x7}, {@loopback, 0x6}]}, @lsrr={0x83, 0xf, 0xd6, [@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @empty]}, @cipso={0x86, 0x2d, 0x2, [{0x0, 0xa, "0eff1006ddb642a1"}, {0x6, 0xf, "2b97c748c4a2a7efb0c9ed481c"}, {0x7, 0x5, "34d1cd"}, {0x6, 0x9, "827032968c0cd2"}]}, @ssrr={0x89, 0x23, 0xfe, [@initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102, @broadcast, @dev={0xac, 0x14, 0x14, 0x15}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}) r2 = openat$dlm_plock(0xffffff9c, &(0x7f0000000300), 0x32d080, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0xd, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xb}, [@ldst={0x0, 0x2, 0x3, 0xb, 0x9, 0x4, 0x4}, @map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xfffffffb}, @call={0x85, 0x0, 0x0, 0x62}, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffff}, @alu={0x4, 0x0, 0xb, 0x7, 0x1, 0x80, 0x10}, @map_val={0x18, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x536}, @ldst={0x3, 0x0, 0x3, 0xb, 0x0, 0xffffffffffffffff, 0x8}]}, &(0x7f00000000c0)='GPL\x00', 0x96f2, 0x2f, &(0x7f0000000100)=""/47, 0x40f00, 0x2, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x7, 0x57, 0x96f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000340)=[r2]}, 0x80) 19:28:23 executing program 3: mlockall(0x2) mlockall(0x6) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x1) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x0) 19:28:23 executing program 5: seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000000)=0xfffffffc) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000000)=0xfffffffc) (async) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) 19:28:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0xf}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:23 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x2) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'erspan0\x00', &(0x7f0000000140)={'erspan0\x00', 0x0, 0x8000, 0x10, 0x2, 0x3f, {{0x35, 0x4, 0x3, 0x5, 0xd4, 0x68, 0x0, 0x81, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x16}, @multicast2, {[@ra={0x94, 0x4, 0x1}, @noop, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0x1e, 0x3, 0x3, [{@multicast1, 0xffffffff}, {@local, 0x5}, {@local, 0x2f}, {@multicast1, 0xd5469c8a}, {@loopback, 0x6}]}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x14, 0x1d, 0x1, 0x1, [{@dev={0xac, 0x14, 0x14, 0x2f}, 0x75}, {@dev={0xac, 0x14, 0x14, 0x36}, 0xffff}]}, @timestamp_prespec={0x44, 0x14, 0x16, 0x3, 0x7, [{@local, 0x7}, {@loopback, 0x6}]}, @lsrr={0x83, 0xf, 0xd6, [@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @empty]}, @cipso={0x86, 0x2d, 0x2, [{0x0, 0xa, "0eff1006ddb642a1"}, {0x6, 0xf, "2b97c748c4a2a7efb0c9ed481c"}, {0x7, 0x5, "34d1cd"}, {0x6, 0x9, "827032968c0cd2"}]}, @ssrr={0x89, 0x23, 0xfe, [@initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102, @broadcast, @dev={0xac, 0x14, 0x14, 0x15}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}) (async) r2 = openat$dlm_plock(0xffffff9c, &(0x7f0000000300), 0x32d080, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0xd, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xb}, [@ldst={0x0, 0x2, 0x3, 0xb, 0x9, 0x4, 0x4}, @map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xfffffffb}, @call={0x85, 0x0, 0x0, 0x62}, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffff}, @alu={0x4, 0x0, 0xb, 0x7, 0x1, 0x80, 0x10}, @map_val={0x18, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x536}, @ldst={0x3, 0x0, 0x3, 0xb, 0x0, 0xffffffffffffffff, 0x8}]}, &(0x7f00000000c0)='GPL\x00', 0x96f2, 0x2f, &(0x7f0000000100)=""/47, 0x40f00, 0x2, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x7, 0x57, 0x96f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000340)=[r2]}, 0x80) 19:28:23 executing program 3: mlockall(0x2) (async, rerun: 64) mlockall(0x6) (async, rerun: 64) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x1) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x0) 19:28:23 executing program 2: mlockall(0x2) (async) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmat(r0, &(0x7f000022d000/0x4000)=nil, 0x5000) 19:28:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x10}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:23 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x2) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'erspan0\x00', &(0x7f0000000140)={'erspan0\x00', 0x0, 0x8000, 0x10, 0x2, 0x3f, {{0x35, 0x4, 0x3, 0x5, 0xd4, 0x68, 0x0, 0x81, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x16}, @multicast2, {[@ra={0x94, 0x4, 0x1}, @noop, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0x1e, 0x3, 0x3, [{@multicast1, 0xffffffff}, {@local, 0x5}, {@local, 0x2f}, {@multicast1, 0xd5469c8a}, {@loopback, 0x6}]}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x14, 0x1d, 0x1, 0x1, [{@dev={0xac, 0x14, 0x14, 0x2f}, 0x75}, {@dev={0xac, 0x14, 0x14, 0x36}, 0xffff}]}, @timestamp_prespec={0x44, 0x14, 0x16, 0x3, 0x7, [{@local, 0x7}, {@loopback, 0x6}]}, @lsrr={0x83, 0xf, 0xd6, [@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @empty]}, @cipso={0x86, 0x2d, 0x2, [{0x0, 0xa, "0eff1006ddb642a1"}, {0x6, 0xf, "2b97c748c4a2a7efb0c9ed481c"}, {0x7, 0x5, "34d1cd"}, {0x6, 0x9, "827032968c0cd2"}]}, @ssrr={0x89, 0x23, 0xfe, [@initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102, @broadcast, @dev={0xac, 0x14, 0x14, 0x15}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}) r2 = openat$dlm_plock(0xffffff9c, &(0x7f0000000300), 0x32d080, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0xd, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xb}, [@ldst={0x0, 0x2, 0x3, 0xb, 0x9, 0x4, 0x4}, @map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xfffffffb}, @call={0x85, 0x0, 0x0, 0x62}, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffff}, @alu={0x4, 0x0, 0xb, 0x7, 0x1, 0x80, 0x10}, @map_val={0x18, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x536}, @ldst={0x3, 0x0, 0x3, 0xb, 0x0, 0xffffffffffffffff, 0x8}]}, &(0x7f00000000c0)='GPL\x00', 0x96f2, 0x2f, &(0x7f0000000100)=""/47, 0x40f00, 0x2, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x7, 0x57, 0x96f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000340)=[r2]}, 0x80) creat(&(0x7f0000000000)='./file0\x00', 0x2) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'erspan0\x00', &(0x7f0000000140)={'erspan0\x00', 0x0, 0x8000, 0x10, 0x2, 0x3f, {{0x35, 0x4, 0x3, 0x5, 0xd4, 0x68, 0x0, 0x81, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x16}, @multicast2, {[@ra={0x94, 0x4, 0x1}, @noop, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0x1e, 0x3, 0x3, [{@multicast1, 0xffffffff}, {@local, 0x5}, {@local, 0x2f}, {@multicast1, 0xd5469c8a}, {@loopback, 0x6}]}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x14, 0x1d, 0x1, 0x1, [{@dev={0xac, 0x14, 0x14, 0x2f}, 0x75}, {@dev={0xac, 0x14, 0x14, 0x36}, 0xffff}]}, @timestamp_prespec={0x44, 0x14, 0x16, 0x3, 0x7, [{@local, 0x7}, {@loopback, 0x6}]}, @lsrr={0x83, 0xf, 0xd6, [@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @empty]}, @cipso={0x86, 0x2d, 0x2, [{0x0, 0xa, "0eff1006ddb642a1"}, {0x6, 0xf, "2b97c748c4a2a7efb0c9ed481c"}, {0x7, 0x5, "34d1cd"}, {0x6, 0x9, "827032968c0cd2"}]}, @ssrr={0x89, 0x23, 0xfe, [@initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102, @broadcast, @dev={0xac, 0x14, 0x14, 0x15}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}) (async) openat$dlm_plock(0xffffff9c, &(0x7f0000000300), 0x32d080, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0xd, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xb}, [@ldst={0x0, 0x2, 0x3, 0xb, 0x9, 0x4, 0x4}, @map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xfffffffb}, @call={0x85, 0x0, 0x0, 0x62}, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffff}, @alu={0x4, 0x0, 0xb, 0x7, 0x1, 0x80, 0x10}, @map_val={0x18, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x536}, @ldst={0x3, 0x0, 0x3, 0xb, 0x0, 0xffffffffffffffff, 0x8}]}, &(0x7f00000000c0)='GPL\x00', 0x96f2, 0x2f, &(0x7f0000000100)=""/47, 0x40f00, 0x2, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x7, 0x57, 0x96f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000340)=[r2]}, 0x80) (async) 19:28:23 executing program 3: mlockall(0x2) (async) mlockall(0x6) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x1) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) mlockall(0x0) 19:28:23 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5005) 19:28:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x11}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:23 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000194000/0x4000)=nil) 19:28:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x1c, r1, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x7f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x48800) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000003c0), r0) sendmsg$L2TP_CMD_NOOP(r2, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000fedbdf2500000000050021000300000008000b00040000080000000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x8000) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)={0x4c, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @remote}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e23}]}, 0x4c}}, 0x0) r4 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, r1, 0x800, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x7}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r4}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000040}, 0x20000000) lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@random={'trusted.', '-&\\$\x00'}, &(0x7f0000000100)=""/249, 0xf9) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x20, 0xc8, 0xc8, 0x7}}}, 0x8) 19:28:23 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x3000, 0x200, &(0x7f00002f2000/0x3000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:23 executing program 5: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x3000, 0x200, &(0x7f00002f2000/0x3000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) (async) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x1c, r1, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x7f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x48800) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000003c0), r0) sendmsg$L2TP_CMD_NOOP(r2, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000fedbdf2500000000050021000300000008000b00040000080000000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x8000) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)={0x4c, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @remote}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e23}]}, 0x4c}}, 0x0) (async) r4 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, r1, 0x800, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x7}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r4}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000040}, 0x20000000) lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@random={'trusted.', '-&\\$\x00'}, &(0x7f0000000100)=""/249, 0xf9) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x20, 0xc8, 0xc8, 0x7}}}, 0x8) 19:28:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x13}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:24 executing program 2: mlockall(0x2) mlockall(0x4) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:24 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x3000, 0x200, &(0x7f00002f2000/0x3000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x60}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:24 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) (async) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x1c, r1, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x7f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x48800) syz_genetlink_get_family_id$l2tp(&(0x7f00000003c0), r0) (async) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000003c0), r0) sendmsg$L2TP_CMD_NOOP(r2, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000fedbdf2500000000050021000300000008000b00040000080000000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x8000) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)={0x4c, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @remote}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e23}]}, 0x4c}}, 0x0) r4 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, r1, 0x800, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x7}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r4}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000040}, 0x20000000) lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@random={'trusted.', '-&\\$\x00'}, &(0x7f0000000100)=""/249, 0xf9) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x20, 0xc8, 0xc8, 0x7}}}, 0x8) 19:28:24 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5006) 19:28:24 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000194000/0x4000)=nil) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000194000/0x4000)=nil) (async) 19:28:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:24 executing program 5: mlockall(0x2) mlockall(0x3) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00000ef000/0x3000)=nil, 0x800) mlockall(0x1) r1 = shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffc000/0x2000)=nil) mlockall(0x6) shmat(r1, &(0x7f0000fff000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(r1, 0xc) shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000000)=""/23) 19:28:24 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) lseek(r2, 0x7fff, 0x3) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r2, r1, 0x0, 0x800100020013) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000000)={0x38, 0x7, r1, 0x0, 0x18001, 0x0, 0xa, 0x1babc3, 0x51fd5}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04f1050076000000"], 0x8) 19:28:24 executing program 5: mlockall(0x2) (async) mlockall(0x3) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00000ef000/0x3000)=nil, 0x800) mlockall(0x1) r1 = shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffc000/0x2000)=nil) mlockall(0x6) (async) shmat(r1, &(0x7f0000fff000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(r1, 0xc) shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000000)=""/23) 19:28:24 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) (async) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) (async) lseek(r2, 0x7fff, 0x3) (async) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async) sendfile(r2, r1, 0x0, 0x800100020013) (async, rerun: 64) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000000)={0x38, 0x7, r1, 0x0, 0x18001, 0x0, 0xa, 0x1babc3, 0x51fd5}) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04f1050076000000"], 0x8) 19:28:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x2}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:24 executing program 2: mlockall(0x2) mlockall(0x4) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) (async) mlockall(0x4) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) 19:28:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x3}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:24 executing program 5: mlockall(0x2) (async) mlockall(0x3) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00000ef000/0x3000)=nil, 0x800) (async) mlockall(0x1) (async) r1 = shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffc000/0x2000)=nil) mlockall(0x6) (async) shmat(r1, &(0x7f0000fff000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(r1, 0xc) shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000000)=""/23) 19:28:24 executing program 4: creat(&(0x7f0000000380)='./bus\x00', 0x0) (async) r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) lseek(r2, 0x7fff, 0x3) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r2, r1, 0x0, 0x800100020013) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000000)={0x38, 0x7, r1, 0x0, 0x18001, 0x0, 0xa, 0x1babc3, 0x51fd5}) (async) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000000)={0x38, 0x7, r1, 0x0, 0x18001, 0x0, 0xa, 0x1babc3, 0x51fd5}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04f1050076000000"], 0x8) 19:28:24 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5007) 19:28:24 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000194000/0x4000)=nil) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000194000/0x4000)=nil) (async) 19:28:24 executing program 5: mlockall(0x5) mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r0 = shmget(0x3, 0x3000, 0x20, &(0x7f0000147000/0x3000)=nil) shmat(r0, &(0x7f000002c000/0x1000)=nil, 0x0) 19:28:24 executing program 4: ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000000)={0x334, 0x401, {0xffffffffffffffff}, {0xee01}, 0x0, 0x6}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000240)={0x80000001, 0xb5}) kcmp(r0, 0x0, 0x0, r1, 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r3, 0x300, 0x70bd25, 0x1000, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x8, 0x5f}}}}, [@NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x5c, 0x0, 0x3, 0x0, {0x40, 0x6, 0x0, 0x6, 0x0, 0x1, 0x0, 0x1}, 0x70e, 0x3, 0x3f}}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4010) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x2b}, {0x3, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x0, 0x1, 0x3, "db78ca", 0xffff}, {@any, 0x7f, 0xe6, 0x2, "da438a", 0x400}, {@none, 0x6, 0x8, 0xeb, "da51f0", 0x5}]}}}, 0x2e) r4 = openat$vimc0(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$BTRFS_IOC_DEFRAG(r4, 0x50009402, 0x0) 19:28:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x4}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:25 executing program 5: mlockall(0x5) mlockall(0x2) (async) mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r0 = shmget(0x3, 0x3000, 0x20, &(0x7f0000147000/0x3000)=nil) shmat(r0, &(0x7f000002c000/0x1000)=nil, 0x0) 19:28:25 executing program 4: ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000000)={0x334, 0x401, {0xffffffffffffffff}, {0xee01}, 0x0, 0x6}) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) (async) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000240)={0x80000001, 0xb5}) (async, rerun: 64) kcmp(r0, 0x0, 0x0, r1, 0xffffffffffffffff) (async, rerun: 64) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r3, 0x300, 0x70bd25, 0x1000, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x8, 0x5f}}}}, [@NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x5c, 0x0, 0x3, 0x0, {0x40, 0x6, 0x0, 0x6, 0x0, 0x1, 0x0, 0x1}, 0x70e, 0x3, 0x3f}}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4010) (async) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x2b}, {0x3, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x0, 0x1, 0x3, "db78ca", 0xffff}, {@any, 0x7f, 0xe6, 0x2, "da438a", 0x400}, {@none, 0x6, 0x8, 0xeb, "da51f0", 0x5}]}}}, 0x2e) (async) r4 = openat$vimc0(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$BTRFS_IOC_DEFRAG(r4, 0x50009402, 0x0) 19:28:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x5}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:25 executing program 2: mlockall(0x2) (async) mlockall(0x4) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:25 executing program 5: mlockall(0x5) mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r0 = shmget(0x3, 0x3000, 0x20, &(0x7f0000147000/0x3000)=nil) shmat(r0, &(0x7f000002c000/0x1000)=nil, 0x0) mlockall(0x5) (async) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmget(0x3, 0x3000, 0x20, &(0x7f0000147000/0x3000)=nil) (async) shmat(r0, &(0x7f000002c000/0x1000)=nil, 0x0) (async) 19:28:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x6}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:25 executing program 4: ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000000)={0x334, 0x401, {0xffffffffffffffff}, {0xee01}, 0x0, 0x6}) (async) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000000)={0x334, 0x401, {0xffffffffffffffff}, {0xee01}, 0x0, 0x6}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000240)={0x80000001, 0xb5}) kcmp(r0, 0x0, 0x0, r1, 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r3, 0x300, 0x70bd25, 0x1000, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x8, 0x5f}}}}, [@NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x5c, 0x0, 0x3, 0x0, {0x40, 0x6, 0x0, 0x6, 0x0, 0x1, 0x0, 0x1}, 0x70e, 0x3, 0x3f}}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4010) (async) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r3, 0x300, 0x70bd25, 0x1000, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x8, 0x5f}}}}, [@NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x5c, 0x0, 0x3, 0x0, {0x40, 0x6, 0x0, 0x6, 0x0, 0x1, 0x0, 0x1}, 0x70e, 0x3, 0x3f}}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4010) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x2b}, {0x3, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x0, 0x1, 0x3, "db78ca", 0xffff}, {@any, 0x7f, 0xe6, 0x2, "da438a", 0x400}, {@none, 0x6, 0x8, 0xeb, "da51f0", 0x5}]}}}, 0x2e) r4 = openat$vimc0(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$BTRFS_IOC_DEFRAG(r4, 0x50009402, 0x0) (async) ioctl$BTRFS_IOC_DEFRAG(r4, 0x50009402, 0x0) 19:28:25 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5008) 19:28:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x7}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:25 executing program 3: mlockall(0x2) mlockall(0x6) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:25 executing program 4: sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="30010000", @ANYRES16=0x0, @ANYBLOB="00082abd0200fddbdf254b000000dd00a800e5173612616132cde5b8729d7e395c526875b44484eae354ccffb616ea2d640a81f3ae6767b6e288d15c568e86dd84c8a8f0f949189c963988705635e8e411836ae9a29c1344c1e9f584f48e08f6e6d30607b33f5780024bb6c979d9af0fc44578c082012d8dee8be9ac101eb5db69c16fe1308e5e2e9fa50c18549ad5c933d94c52eb1cc04276faca75ef461c68ddcbbf3c8d3e6bbe3e550b1ef2632fe3bc89106cd2a948d3ef7fbc7de29b7f53e005aabffd130161c00373e1b98241697c79fe957c07322f0b9b16e739b794bd965a0630c825c3129205230000000f00a9007365636f6e646e616d6500000c00a6000500000034fd000008000300000000000800030001000000080003000300000008000300000000004703f559b6d232d9c85702108f6d36d3fd5946"], 0x130}, 0x1, 0x0, 0x0, 0x2000c004}, 0x80) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)={0x1fc, 0x0, 0x400, 0x70bd2c, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x1f}, {0xc, 0x90, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x3}, {0xc, 0x90, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0xfff}, {0xc}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0xfffffffffffffff8}, {0xc, 0x90, 0x8000000000000001}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xffffffffffffffff}, {0xc, 0x90, 0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x800}, {0xc, 0x90, 0x400}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x8}, {0xc, 0x90, 0x1}}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x80}, 0x10) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES8=0x0], 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x3}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x2, 0x4}, {0x1, 0x9}}}}, 0x11) 19:28:25 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) r4 = socket(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) r8 = socket(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r11, @ANYBLOB="00000000ffffffff000000000affffd21fe465e77db30cdf7058f403da8a273e51a06e94ba4252d1197ed0dd006266696f95b01e9b221f83305ed8a57e3d1e630af6b7f14b73e676474f784ce8dadd7b3226be74dc8bb21a59b62582082345936bb58dd4cfa703f92a0750adf1422ded0474fa3eb98b1084ee8599964f17c4168ca381a2ecbc3995580179789fd359a388eda2670484ba3a95da634a1a8b9019b98f207f5745fc740786c5736fb5ff41f4db1ea5e96d20374d6af711b2bcc905a42505ad77d79f5e562c73b5d69a0e3346e58b656e96302d5624b3d4476eec2470bb81c3373aa2289a4d9ccdf152ed6ae7f400bf4f32516f86f9b2a41c4003746194fe47eed251d67b75f058d59dee80eef2493942c835"], 0x38}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0xa, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000100)=[{}], 0x8, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80020010}, 0xc, &(0x7f00000004c0)={&(0x7f0000000340)={0x158, 0x0, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}]}]}, 0x158}, 0x1, 0x0, 0x0, 0xc880}, 0x4) mlockall(0x2) r13 = shmget$private(0x0, 0x3000, 0x11, &(0x7f0000150000/0x3000)=nil) shmat(r13, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x8}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:25 executing program 4: sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="30010000", @ANYRES16=0x0, @ANYBLOB="00082abd0200fddbdf254b000000dd00a800e5173612616132cde5b8729d7e395c526875b44484eae354ccffb616ea2d640a81f3ae6767b6e288d15c568e86dd84c8a8f0f949189c963988705635e8e411836ae9a29c1344c1e9f584f48e08f6e6d30607b33f5780024bb6c979d9af0fc44578c082012d8dee8be9ac101eb5db69c16fe1308e5e2e9fa50c18549ad5c933d94c52eb1cc04276faca75ef461c68ddcbbf3c8d3e6bbe3e550b1ef2632fe3bc89106cd2a948d3ef7fbc7de29b7f53e005aabffd130161c00373e1b98241697c79fe957c07322f0b9b16e739b794bd965a0630c825c3129205230000000f00a9007365636f6e646e616d6500000c00a6000500000034fd000008000300000000000800030001000000080003000300000008000300000000004703f559b6d232d9c85702108f6d36d3fd5946"], 0x130}, 0x1, 0x0, 0x0, 0x2000c004}, 0x80) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)={0x1fc, 0x0, 0x400, 0x70bd2c, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x1f}, {0xc, 0x90, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x3}, {0xc, 0x90, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0xfff}, {0xc}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0xfffffffffffffff8}, {0xc, 0x90, 0x8000000000000001}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xffffffffffffffff}, {0xc, 0x90, 0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x800}, {0xc, 0x90, 0x400}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x8}, {0xc, 0x90, 0x1}}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x80}, 0x10) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES8=0x0], 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x3}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x2, 0x4}, {0x1, 0x9}}}}, 0x11) 19:28:25 executing program 3: mlockall(0x2) (async, rerun: 64) mlockall(0x6) (async, rerun: 64) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 522.035019][T14430] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 19:28:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x9}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:25 executing program 4: sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="30010000", @ANYRES16=0x0, @ANYBLOB="00082abd0200fddbdf254b000000dd00a800e5173612616132cde5b8729d7e395c526875b44484eae354ccffb616ea2d640a81f3ae6767b6e288d15c568e86dd84c8a8f0f949189c963988705635e8e411836ae9a29c1344c1e9f584f48e08f6e6d30607b33f5780024bb6c979d9af0fc44578c082012d8dee8be9ac101eb5db69c16fe1308e5e2e9fa50c18549ad5c933d94c52eb1cc04276faca75ef461c68ddcbbf3c8d3e6bbe3e550b1ef2632fe3bc89106cd2a948d3ef7fbc7de29b7f53e005aabffd130161c00373e1b98241697c79fe957c07322f0b9b16e739b794bd965a0630c825c3129205230000000f00a9007365636f6e646e616d6500000c00a6000500000034fd000008000300000000000800030001000000080003000300000008000300000000004703f559b6d232d9c85702108f6d36d3fd5946"], 0x130}, 0x1, 0x0, 0x0, 0x2000c004}, 0x80) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r1, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)={0x1fc, 0x0, 0x400, 0x70bd2c, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x1f}, {0xc, 0x90, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x3}, {0xc, 0x90, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0xfff}, {0xc}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0xfffffffffffffff8}, {0xc, 0x90, 0x8000000000000001}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xffffffffffffffff}, {0xc, 0x90, 0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x800}, {0xc, 0x90, 0x400}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x8}, {0xc, 0x90, 0x1}}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x80}, 0x10) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES8=0x0], 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) (async) syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x3}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x2, 0x4}, {0x1, 0x9}}}}, 0x11) [ 522.216041][T14430] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 19:28:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xa}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:25 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0x20, 0xc8, 0x1, 0x0, 0x1, 0x8}}}, 0xe) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xf5}, "756a4427fc3bfd520c50da33800b5770bbbc592149e65cf7355cb67a1a269912d076edd3b3fc6d5380c4ed90f6f97c434eb9dc60b66124939b3346dd69473b404fef5214a1234dd771faae7c77e8a22393a1fa69286e9ba84d545e3672420cf4e7d519edc612d23eecba8b07b6ce6eb0d57801be70ab523c2b74d9eaa56eddfd8eb48115cb607899189b984b3c9c4d5907b9289bca5940da1c9a9b841e7570d811a2538c4c14a4ea18d923e8ff95eda302f837e6bdb263b97f986299065afcfbc2d09f2091c128be88a15213f8ea9b64808278d06dc1fa9243fdfc5565010eb70f8e1ac907bbbbe27594405be2c767d4b5e9957186"}, 0xf9) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) [ 522.331333][T14430] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 522.416735][T14434] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. 19:28:26 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5009) 19:28:26 executing program 2: mlockall(0x2) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x0) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) r2 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r2, &(0x7f0000000000/0x2000)=nil, 0x4000) mlockall(0x0) shmctl$IPC_RMID(r2, 0x0) mlockall(0x6) shmat(r2, &(0x7f0000003000/0x2000)=nil, 0x2000) r3 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r3, &(0x7f0000000000/0x2000)=nil, 0x4000) shmctl$IPC_RMID(r3, 0x0) shmat(r3, &(0x7f0000003000/0x2000)=nil, 0x2000) r4 = shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffc000/0x2000)=nil) shmat(r4, &(0x7f0000fff000/0x1000)=nil, 0x4000) shmctl$SHM_UNLOCK(r4, 0xc) shmat(r4, &(0x7f00002a7000/0x2000)=nil, 0x6000) r5 = shmget$private(0x0, 0x4000, 0x800, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r5, 0x0) mlockall(0x7) shmat(r0, &(0x7f0000ffe000/0x1000)=nil, 0x0) shmat(r0, &(0x7f00003ee000/0x1000)=nil, 0x2000) shmat(r1, &(0x7f00002fd000/0x4000)=nil, 0x3000) shmat(r0, &(0x7f0000335000/0x3000)=nil, 0x4000) r6 = shmget(0x1, 0x1000, 0x80, &(0x7f0000fff000/0x1000)=nil) shmat(r6, &(0x7f0000ffe000/0x2000)=nil, 0x0) 19:28:26 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0x20, 0xc8, 0x1, 0x0, 0x1, 0x8}}}, 0xe) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xf5}, "756a4427fc3bfd520c50da33800b5770bbbc592149e65cf7355cb67a1a269912d076edd3b3fc6d5380c4ed90f6f97c434eb9dc60b66124939b3346dd69473b404fef5214a1234dd771faae7c77e8a22393a1fa69286e9ba84d545e3672420cf4e7d519edc612d23eecba8b07b6ce6eb0d57801be70ab523c2b74d9eaa56eddfd8eb48115cb607899189b984b3c9c4d5907b9289bca5940da1c9a9b841e7570d811a2538c4c14a4ea18d923e8ff95eda302f837e6bdb263b97f986299065afcfbc2d09f2091c128be88a15213f8ea9b64808278d06dc1fa9243fdfc5565010eb70f8e1ac907bbbbe27594405be2c767d4b5e9957186"}, 0xf9) (async) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 19:28:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xb}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:26 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) (async) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) (async) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) (async, rerun: 32) sendmsg$nl_route_sched(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}}, 0x0) (async, rerun: 32) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) (async) r4 = socket(0x10, 0x3, 0x0) (async) r5 = socket$netlink(0x10, 0x3, 0x0) (async) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) (async, rerun: 32) sendmsg$nl_route_sched(r4, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}}, 0x0) (async, rerun: 32) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) (async, rerun: 32) r8 = socket(0x10, 0x3, 0x0) (async, rerun: 32) r9 = socket$netlink(0x10, 0x3, 0x0) (async) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) (async) sendmsg$nl_route_sched(r8, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r11, @ANYBLOB="00000000ffffffff000000000affffd21fe465e77db30cdf7058f403da8a273e51a06e94ba4252d1197ed0dd006266696f95b01e9b221f83305ed8a57e3d1e630af6b7f14b73e676474f784ce8dadd7b3226be74dc8bb21a59b62582082345936bb58dd4cfa703f92a0750adf1422ded0474fa3eb98b1084ee8599964f17c4168ca381a2ecbc3995580179789fd359a388eda2670484ba3a95da634a1a8b9019b98f207f5745fc740786c5736fb5ff41f4db1ea5e96d20374d6af711b2bcc905a42505ad77d79f5e562c73b5d69a0e3346e58b656e96302d5624b3d4476eec2470bb81c3373aa2289a4d9ccdf152ed6ae7f400bf4f32516f86f9b2a41c4003746194fe47eed251d67b75f058d59dee80eef2493942c835"], 0x38}}, 0x0) (async, rerun: 64) sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) (rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0xa, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000100)=[{}], 0x8, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80020010}, 0xc, &(0x7f00000004c0)={&(0x7f0000000340)={0x158, 0x0, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}]}]}, 0x158}, 0x1, 0x0, 0x0, 0xc880}, 0x4) (async, rerun: 64) mlockall(0x2) (async, rerun: 64) r13 = shmget$private(0x0, 0x3000, 0x11, &(0x7f0000150000/0x3000)=nil) shmat(r13, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:26 executing program 3: mlockall(0x2) (async) mlockall(0x2) mlockall(0x6) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:26 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0x20, 0xc8, 0x1, 0x0, 0x1, 0x8}}}, 0xe) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xf5}, "756a4427fc3bfd520c50da33800b5770bbbc592149e65cf7355cb67a1a269912d076edd3b3fc6d5380c4ed90f6f97c434eb9dc60b66124939b3346dd69473b404fef5214a1234dd771faae7c77e8a22393a1fa69286e9ba84d545e3672420cf4e7d519edc612d23eecba8b07b6ce6eb0d57801be70ab523c2b74d9eaa56eddfd8eb48115cb607899189b984b3c9c4d5907b9289bca5940da1c9a9b841e7570d811a2538c4c14a4ea18d923e8ff95eda302f837e6bdb263b97f986299065afcfbc2d09f2091c128be88a15213f8ea9b64808278d06dc1fa9243fdfc5565010eb70f8e1ac907bbbbe27594405be2c767d4b5e9957186"}, 0xf9) (async) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 19:28:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xe}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:26 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmat(r0, &(0x7f0000028000/0x2000)=nil, 0x5000) 19:28:26 executing program 2: mlockall(0x2) (async) mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) mlockall(0x0) (async) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) (async) r2 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r2, &(0x7f0000000000/0x2000)=nil, 0x4000) mlockall(0x0) (async, rerun: 32) shmctl$IPC_RMID(r2, 0x0) (rerun: 32) mlockall(0x6) (async, rerun: 32) shmat(r2, &(0x7f0000003000/0x2000)=nil, 0x2000) (async, rerun: 32) r3 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r3, &(0x7f0000000000/0x2000)=nil, 0x4000) (async) shmctl$IPC_RMID(r3, 0x0) shmat(r3, &(0x7f0000003000/0x2000)=nil, 0x2000) (async) r4 = shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffc000/0x2000)=nil) shmat(r4, &(0x7f0000fff000/0x1000)=nil, 0x4000) (async) shmctl$SHM_UNLOCK(r4, 0xc) (async, rerun: 32) shmat(r4, &(0x7f00002a7000/0x2000)=nil, 0x6000) (async, rerun: 32) r5 = shmget$private(0x0, 0x4000, 0x800, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r5, 0x0) (async, rerun: 32) mlockall(0x7) (async, rerun: 32) shmat(r0, &(0x7f0000ffe000/0x1000)=nil, 0x0) (async, rerun: 64) shmat(r0, &(0x7f00003ee000/0x1000)=nil, 0x2000) (async, rerun: 64) shmat(r1, &(0x7f00002fd000/0x4000)=nil, 0x3000) (async) shmat(r0, &(0x7f0000335000/0x3000)=nil, 0x4000) (async, rerun: 64) r6 = shmget(0x1, 0x1000, 0x80, &(0x7f0000fff000/0x1000)=nil) (rerun: 64) shmat(r6, &(0x7f0000ffe000/0x2000)=nil, 0x0) 19:28:26 executing program 5: r0 = socket(0x10, 0x3, 0x0) (async) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) (async) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) (async) r4 = socket(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32) r6 = socket(0x10, 0x3, 0x0) (rerun: 32) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) (async) sendmsg$nl_route_sched(r4, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) (async) r8 = socket(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) (async) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) (async) sendmsg$nl_route_sched(r8, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r11, @ANYBLOB="00000000ffffffff000000000affffd21fe465e77db30cdf7058f403da8a273e51a06e94ba4252d1197ed0dd006266696f95b01e9b221f83305ed8a57e3d1e630af6b7f14b73e676474f784ce8dadd7b3226be74dc8bb21a59b62582082345936bb58dd4cfa703f92a0750adf1422ded0474fa3eb98b1084ee8599964f17c4168ca381a2ecbc3995580179789fd359a388eda2670484ba3a95da634a1a8b9019b98f207f5745fc740786c5736fb5ff41f4db1ea5e96d20374d6af711b2bcc905a42505ad77d79f5e562c73b5d69a0e3346e58b656e96302d5624b3d4476eec2470bb81c3373aa2289a4d9ccdf152ed6ae7f400bf4f32516f86f9b2a41c4003746194fe47eed251d67b75f058d59dee80eef2493942c835"], 0x38}}, 0x0) (async) sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0xa, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000100)=[{}], 0x8, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80020010}, 0xc, &(0x7f00000004c0)={&(0x7f0000000340)={0x158, 0x0, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}]}]}, 0x158}, 0x1, 0x0, 0x0, 0xc880}, 0x4) mlockall(0x2) r13 = shmget$private(0x0, 0x3000, 0x11, &(0x7f0000150000/0x3000)=nil) shmat(r13, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:26 executing program 4: r0 = syz_io_uring_setup(0x5300, &(0x7f0000000000)={0x0, 0x65dc, 0x20, 0x2, 0xb9}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) r1 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x50, 0xffffffffffffffff, 0x10000000) r2 = syz_io_uring_setup(0x4f55, &(0x7f0000000340)={0x0, 0xb1f6, 0x380, 0x2, 0x7, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400)) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000002, 0x80010, r2, 0x8000000) syz_io_uring_submit(r8, r1, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x20, 0x2007, @fd=r4, 0x1f, &(0x7f00000004c0)=""/40, 0x28, 0x4, 0x0, {0x0, r3}}, 0xfffe) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0e0e00000000783a17841853a9efb881542a9d3b5629dada70369d13bca4402fbb28c40228fa44a2d2a9a08211c045a041df789a7b4ec760e65d49822176f48529b5f21fa40c997fe315ca3cf1c78305488c65ffd16e0010a7e47cf2c447563e14291f08367471afa5aded487b8edbf103fec05ac814a5966308f1584e762ebf8dd37673030c3d17b6069020fb517cd0180cf17b9fe70ee839a9293dcc0a68bf13f28fffff37dfe50a52018410485b51db31f17b87e38cfe683818d085733b000000"], 0x8) r9 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r10, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r10, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r10, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) r11 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ipv6_route\x00') setsockopt$inet6_tcp_TLS_TX(r11, 0x6, 0x1, &(0x7f0000000480)=@gcm_256={{0x303}, "52c0204202f859cb", "325c2fab20f9d791922742f8aff00cb245eeaf805b99c0dcaa0aa0ea753ce1e9", "c4cdd83d", "9385fab5c1d6e5d3"}, 0x38) sendfile(r10, r9, 0x0, 0x800100020013) syz_io_uring_setup(0x1a73, &(0x7f0000000240)={0x0, 0xdd86, 0x200, 0x3, 0x291, 0x0, r9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) [ 522.825882][T14486] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 19:28:26 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500a) 19:28:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xf}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:26 executing program 2: mlockall(0x2) (async) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x0) (async) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) (async) r2 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r2, &(0x7f0000000000/0x2000)=nil, 0x4000) mlockall(0x0) (async) shmctl$IPC_RMID(r2, 0x0) (async) mlockall(0x6) (async) shmat(r2, &(0x7f0000003000/0x2000)=nil, 0x2000) (async) r3 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r3, &(0x7f0000000000/0x2000)=nil, 0x4000) shmctl$IPC_RMID(r3, 0x0) (async) shmat(r3, &(0x7f0000003000/0x2000)=nil, 0x2000) (async) r4 = shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffc000/0x2000)=nil) shmat(r4, &(0x7f0000fff000/0x1000)=nil, 0x4000) (async) shmctl$SHM_UNLOCK(r4, 0xc) (async) shmat(r4, &(0x7f00002a7000/0x2000)=nil, 0x6000) r5 = shmget$private(0x0, 0x4000, 0x800, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r5, 0x0) (async) mlockall(0x7) (async) shmat(r0, &(0x7f0000ffe000/0x1000)=nil, 0x0) (async) shmat(r0, &(0x7f00003ee000/0x1000)=nil, 0x2000) shmat(r1, &(0x7f00002fd000/0x4000)=nil, 0x3000) shmat(r0, &(0x7f0000335000/0x3000)=nil, 0x4000) r6 = shmget(0x1, 0x1000, 0x80, &(0x7f0000fff000/0x1000)=nil) shmat(r6, &(0x7f0000ffe000/0x2000)=nil, 0x0) 19:28:26 executing program 4: r0 = syz_io_uring_setup(0x5300, &(0x7f0000000000)={0x0, 0x65dc, 0x20, 0x2, 0xb9}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) r1 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x50, 0xffffffffffffffff, 0x10000000) (async) r2 = syz_io_uring_setup(0x4f55, &(0x7f0000000340)={0x0, 0xb1f6, 0x380, 0x2, 0x7, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400)) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000002, 0x80010, r2, 0x8000000) syz_io_uring_submit(r8, r1, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x20, 0x2007, @fd=r4, 0x1f, &(0x7f00000004c0)=""/40, 0x28, 0x4, 0x0, {0x0, r3}}, 0xfffe) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0e0e00000000783a17841853a9efb881542a9d3b5629dada70369d13bca4402fbb28c40228fa44a2d2a9a08211c045a041df789a7b4ec760e65d49822176f48529b5f21fa40c997fe315ca3cf1c78305488c65ffd16e0010a7e47cf2c447563e14291f08367471afa5aded487b8edbf103fec05ac814a5966308f1584e762ebf8dd37673030c3d17b6069020fb517cd0180cf17b9fe70ee839a9293dcc0a68bf13f28fffff37dfe50a52018410485b51db31f17b87e38cfe683818d085733b000000"], 0x8) (async) r9 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) (async, rerun: 32) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 32) sendto$inet6(r10, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r10, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r10, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async) r11 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ipv6_route\x00') setsockopt$inet6_tcp_TLS_TX(r11, 0x6, 0x1, &(0x7f0000000480)=@gcm_256={{0x303}, "52c0204202f859cb", "325c2fab20f9d791922742f8aff00cb245eeaf805b99c0dcaa0aa0ea753ce1e9", "c4cdd83d", "9385fab5c1d6e5d3"}, 0x38) (async, rerun: 32) sendfile(r10, r9, 0x0, 0x800100020013) (async, rerun: 32) syz_io_uring_setup(0x1a73, &(0x7f0000000240)={0x0, 0xdd86, 0x200, 0x3, 0x291, 0x0, r9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) [ 522.935799][T14486] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 19:28:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x10}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:26 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x0) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:26 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) munmap(&(0x7f0000239000/0x3000)=nil, 0x3000) mlockall(0x1) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:26 executing program 3: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) (async, rerun: 64) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async, rerun: 64) shmat(r0, &(0x7f0000028000/0x2000)=nil, 0x5000) 19:28:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x11}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:26 executing program 4: r0 = syz_io_uring_setup(0x5300, &(0x7f0000000000)={0x0, 0x65dc, 0x20, 0x2, 0xb9}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) r1 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x50, 0xffffffffffffffff, 0x10000000) (async, rerun: 32) r2 = syz_io_uring_setup(0x4f55, &(0x7f0000000340)={0x0, 0xb1f6, 0x380, 0x2, 0x7, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400)) (async, rerun: 32) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000d40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r5, 0x49f269a56e1422c3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000002, 0x80010, r2, 0x8000000) syz_io_uring_submit(r8, r1, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x20, 0x2007, @fd=r4, 0x1f, &(0x7f00000004c0)=""/40, 0x28, 0x4, 0x0, {0x0, r3}}, 0xfffe) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0e0e00000000783a17841853a9efb881542a9d3b5629dada70369d13bca4402fbb28c40228fa44a2d2a9a08211c045a041df789a7b4ec760e65d49822176f48529b5f21fa40c997fe315ca3cf1c78305488c65ffd16e0010a7e47cf2c447563e14291f08367471afa5aded487b8edbf103fec05ac814a5966308f1584e762ebf8dd37673030c3d17b6069020fb517cd0180cf17b9fe70ee839a9293dcc0a68bf13f28fffff37dfe50a52018410485b51db31f17b87e38cfe683818d085733b000000"], 0x8) (async, rerun: 32) r9 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) (async, rerun: 32) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r10, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r10, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r10, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) r11 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ipv6_route\x00') setsockopt$inet6_tcp_TLS_TX(r11, 0x6, 0x1, &(0x7f0000000480)=@gcm_256={{0x303}, "52c0204202f859cb", "325c2fab20f9d791922742f8aff00cb245eeaf805b99c0dcaa0aa0ea753ce1e9", "c4cdd83d", "9385fab5c1d6e5d3"}, 0x38) sendfile(r10, r9, 0x0, 0x800100020013) syz_io_uring_setup(0x1a73, &(0x7f0000000240)={0x0, 0xdd86, 0x200, 0x3, 0x291, 0x0, r9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) 19:28:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x13}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x60}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:27 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500b) 19:28:27 executing program 2: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x0) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xf0}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:27 executing program 5: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) munmap(&(0x7f0000239000/0x3000)=nil, 0x3000) mlockall(0x1) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x300}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:27 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmat(r0, &(0x7f0000028000/0x2000)=nil, 0x5000) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmctl$SHM_UNLOCK(r0, 0xc) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmat(r0, &(0x7f0000028000/0x2000)=nil, 0x5000) (async) 19:28:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x44d}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:27 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500c) 19:28:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x500}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:27 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000180)="3e778da13e2cf44c8dc47886d2dddcf59434f2ada9147c95fd1e58eca757ab594e9bfcbc55934f7a2192a76fe9445e3b24a6057c95475bffa06d8934af7e43911508bc9a23be4b75e7ffbc1dc5abf7d396a40389f4fef1687aa47871598434268c6de2c7d032e06b4d952ce33588d838bb8c7c457751958650a59accdc00b2b9427cdffff7580a048c1faee7908c4ae7462111", 0x93}, {&(0x7f0000000240)="d804312308a1e4ff3520edaadf5ec875797367260c83f5ae939a8840796e71644aac8d690d21573be24804e2aa1b181b0dd7f1b4740f50de38d255fbc49a90843abb9e99174418932e73b06df72a8c0e6453e716e28e06471463d43661667c8f", 0x60}, {&(0x7f0000000340)="fc42fee8c16b93659372367f81278904f212810809e968449e10168cb2e7d38587d579a9c6ad893fba8b3a918bf4a9f6e1008a7ffe5f096e21222c9dd05c7446fc44e7bebaa77d5cde816e9542a502dba51d02b1c7ed76a359cf91c694def85494e138fc3fd8d4f57f84384705d4dbf13682cea46dc9603fecaaf0e6396e4511ebc31a6ac318d07822927c7166a40c086f3eaef767fd8529270b4e1a793c77df1d660e22322843c2bce17d4fdb5529c84cffc4f7bce84094409f2fca263910af734e9a0fa80f088164ae7fcf287aa97f5488d300faee48ab325b2fdca2f7d51eba6c45d0682137915f103f2aa66a51229100d201383335263e5eec78c3fb45b558b27e35f4585a0cd06e7658b745bb18923b86b6c43e227b67641ee78881121095aa725a780f866fcc762d7b15d51d403379a2213bfd884d2aed5644fb0537fa4553fa50b0a18c0ebed34c28dc6f630f99ee30ec84a1f0388cb7fd975f2303aa954514665a5a2bee30fa0dbebbe16bbdcd1bb415d8346c09e82c2d4dc49ad1f94922292650c617fb3ca9008336b390d7b85aad5ec8ff3d767d9f27c4cd65447991a3ed2c3af8138de6c22f0d66ef23779c3b2bb91a05bfe8c645d67b4044cfce41be58482be375ad76086f61aa9287a6dc568323e7e0ca95fea926d065afca4f192065d3b3b431c48a325288e7a683f5cca2fdd21b4f6858a237f19f03ab9c742a33e4d1365920e0069c2762f236636bc2dca72cc88fe09b853fe0dba263d22425b492c2990c430525827c3af56072c785a5fb50924b6582336706b2b5d073b65878913550aeadf644557a64a94eed4eddd45a42641376c370244fdc90918c605197d6f158180684abc2377ebfe828f6bc174e1e50c29fc9fe4686c0a68e66f39346c47bc36173279523beb8416e90b2f9d4a128865935391e6946d0e0abfa8c1ca0196805465b1bf8ec346969cf41ea979454b419b19b6c5d7788c3eb5e44b859d4376b91eefb3e6cfe8ddb4f1c3505510f63c6128c23625867efa8d0efa37269f6c1473cb759ed277a1b8c7571b73a8dc717ccd138dd58cfd94dccc45f86a15bdac42ffa5f11253a1f86cdf52d73e873ef2aa1ba76ed618035674d9c02e5d6ba5deb4f3bd1114549050e09554be227adf8b58cb0e1b77561555f1e32ca7e2d33ca756372c9dcc4927392ac1d07f205b62a79ca6885d5eb5431cd3d60ef0445005b094f9bbe204632e67c06214baa1e9bd74d9b307b936ee9c9aac0ffd2f8bea12e71c72dd7316b3f2bc29b95c3cf9a6d356800784baf9d14eb67b9be7868d606f42452ca1268f30c6a91233f44ba937a4c8d9d09f67fe7d3f684938d6d79d72fabfaaf0f449fcc676b3544a5571c11d30de910a0fdf8e36b9a4b527621157f277b35b38d2a885f0b58eb265c60c75ccc17558946792ed68c4f3fe9f2baeb49de7bf452c5e4c5c31bffe6b3bbe8d622dd8794df35ba47d76a119ac711c4fbb4a7cc3756842f24646aef9711e023a9c22d3e80d33006660fef70d674b8209bfc4812cc6841e1a542a7b3dd47c5b5bf4bcf309d91b2da227ffc84139557b97b1d389bfbaf238966dc887c94bf74c45bc622a887d2de7c59a68613c11e69f470cfd32e99e7a77381b9f165049f2072997d639d7f0412925965d345de786c09792712fe6bb8ae2542f4f28f501107abc745aa6037886540d6d8185c4622b5cca40c2a513de5b6107b2aa90b75437bb66436ee7ec94b71af0e9e13ee2bdcd30c4aaf579889ac7113258d0629538dc007d40f53c9a4bc0dc363a6c95228cbd156ece3fde57f5bd0a19526c3c1b9a8b834a482dd33300e046151233ba3c3d112ffa030f714f325ce30f8b4d6f8eceae347ca4dc40a9349e3a7917ccb59986801849512b8ee85bc8b89f38e890bfc4be5705b28c460df9ea11e3a751bf57fa2a64b571b25946098f0c4ff5d9e835108c2cba2ef0c633cb62611ebe612efc930c25a9b15230ef8c3a3efc1a3ab951c176a4c1b1dc888ba4ac85fe8e20e508436699e9fcc48d900f1ceee57ebd865f1fb7f5e0e2f528bc8d33d84119626c0ccb1000bf1c7a0b4afd246868708bf9563676d5fea3fe378ec6d61497f64f454cb7515747406646045f722a31a4dcad58ac19fa3a6b7e5bf9801f821b139786ee2120628ddda03781c6ece76b770115a76680f8be9672f8a8389514f88681c47544716320bd42dd8e23f53a42eb88e71e868292e10743de0259323c614634e224a630bf9c7f2c8fabd20736b079dd4b67ff5c8c8e0622a0d78cb35ba6080ddc9f4ef06d0b939a3b8b2a48367e2557501a83b8a7d6e34a3b9739552379c6a6e394a63ccbe8049bc44b9c1e64a7555d6a900aa546b1cc953a3e128c909feb1138209d5380548632f94f0fc2c6ea29096ec974aeb29e96efde66ab3ccf06d5470ecfa49b4fa7c46cb4d3bec5da4609912ba7f40765bd2136f28868e4ea02c0d1b81b4cd5bdd2fbe6d7d5f94e1e20270caf8f3ebe7aff2d7a3e464578a7b09ee93a84ef6ca18cab8b6507847273a15a4c9c980eabdcd6e883b3a0082aea54ed0cd577d2b34b39714b86d70399acd7a3274918bd0fe7b68f952f72353ee614241a7b94dbb7474de680cc78d97a748531b8da2b00b6adf081bbb6cb6cbe4d712d0f0fd82514bb5acdd48a968496dcae023419771ad23aa53976dd3c7b705d48a1ef938d3ba3a2bad654996df41c64beb72635b242eab960b44534f8d9d6877c641ae6f11022eea7ed4b8d95f6db2bd9788bd10ceee45942e0cc30e33921b67e4bd85158e3e9543440f025d7e5a77cc4e0cd7c2f4bd1556ea89a9070462fd488a7289dceb429a1171f52268eb2a7e1043d8a338991f1977fbf74628c828f4cac511c14f2e5d8a867b3bb0a4d53246e167e25384a3cd55d9481d447f24b6cc39d13c64957a80f5af950f3cea0d470835ae0e6530bfea8b1ff37b8da5dbd18319316e873f06a1457281cd5997ee46f609af0d17317aed5e1b2cc428a5c886b85982cc896fb4b63448ba0b93d8da85419b47232b666591dc351cdc68cb33ba98f633fd6a95df88e02e7e816f4f131a5c348d1890e2a0fde94a9feb466e2a0308daae3a95aebe2f277389d43e117001086f159bf72e64dacb0f4ca9e130a59527123d7552b1ffd4bfffced2c576b3b6f9fdbd59bf2e5019bb0377e8c975f2d0921336bc462125c17b95a0a6cd63c8eaac739d611c8a8640aeb7dac5980490b5337dc1575aac0ed22461db2b8c3724f497965b5bfd59991a8774f478211b57a123b435d7ce4ece58c8d120136b806b815a2cd3e4f6e4d6f0dcc7c30537c3795be73443c98f19fd1bc8badd61f9ed39bcb4858afc667a2bee50374a25b1beef78c100f742b56527450529d4e214a0edf0c1cefd4b9509597284a2d0f546945a892a906b147ba8919a45744ad549d804ce871229a88ff666dd034928d17892a3027c9f7534d2de9d1571c7b3acb2d405d14c5bf53cdc45b9290f2f8e4440f5dc54d91a4005997a7fb09077ed95534a79126008367f0dc35f227f12963ba68c2eb98a831cb69193e88b446869c17ea9b7b81c7e8699176a4fd15887daf3f55b00316273b44cd02e8cb52a2d8b929ef8714273cb057f67289b5466536e9f39bfc93f5b7b53e1708c972f5dcb84f7d69f76cf6d71c00c99c20be3afb25aca1b6fe268cae59f5cc0e22771024dbde56d23edf76c2b0ce60228391792c3b2238ac1152d8779974c4b95d8b574cc73fbc987f0355a29e24ac759337d1f4e4719613856b929920a62e1108a4f2219b20ce054db62bfd89ed1453b931db939f0d77a24aa87e7b981b0e79697ab508517826867d99a0b2bac8d654dcbfc309d8bdb527a5abd2ace277fab91fbed71c93b221d1b7a1ef0213e6b6cfe0b5ce5ad535560860512099405a115ed4c4051fd94058bb9a68aed189cac983290d1d5e454af2fa9acbf93cbb81b48d69a7744e15b1905665c09a1770fac7b340857c477d66dc3448e9855b141583167fd5b5335253315ed76c23d18d5130fc1a65333d5b34d6dc87008e3a42d072ebf8387794f59282ee4598fdc6746bce64722d528dc1356e9fed921742e82679310fb5e796eee3f5aafb5acc4e2d495a5e4af5f2a69449416212914e99000b09995b1fb4e3f62b29acdbab0e6fc770046b7006617e51fead059b0c39702a22deb43565bd8979ae9c4b4e15e0d72b5e72b1284e7e39baac84058e09a9a036d61f38d92d026057fa07b3f6a1c8c281abd880504809042be82b677a4a5ae5c36b913fd9951d12f829c2e65548c25323c95977bcb50897acf0c982ebb2229634d6e8a3647019988900683357af91b8807956101ffa9a6d2269b0ee1bb3624e17da826fbe599ceb10c29b83d57eea08b304e1b908a7c6eea70cbbf44a600465acf66a6f74deabb9c9632f724818c866a3e45727e90db0e53424f832e16bb0390b416ea72fc4c02b46fb14e5b414cec7aadea902f6461b1e70d28fe24ee112818c345213d140d2bae601a348cf09785aa9d9a72a47960aea9097e217d368495865838e36d2803b4d4cb8d0dbd501cefa3e9a556245ae91f8aba24aad9e268d7a4be017d04c8f9b356967450318d3bc47c4e34bb270ab21f6d1ee1d9d2f894af968afbcd1355269a424e9ed692da637d4c2d7bf4a61b528ac107fdc1d8ed3c46a6e3232b2e261bd5a1fc387471c8c74dd6f1b3bb5533789e2564e281def3a5c84307b2275def7172e1f543b788ffab57624de9a73258ca4622066db0bd506082a62c453b68d1db7a02f0fb8566cf9419e206689937c922cf0f4bc6dba3e414583f85861c0cf5d5bc696c47b5e038b733133d2f4bf3cac0c4d92133f6dcf496fe2dd2de518d8ab896d71a221674e62c2afd2bd207c79047e2dffccde3a595d43bb3b2cb59f62cf2b008d137627a0c12ecdc423e7f054351dfc72ab58be7dec54b710b7db55182d4570dc915d36086a64bac3963e62c63f362f8ebac95794577cbc52ce7ca6c2359f1811fb8ae9483de902697d1b3ce796c0cb92c1ef786557166207a18be4b02f3e925aacbb1a336faaffb8e0e36b0160ab6806a3d90540c63cabb38e4404e265a7e1ec5df22ecfb7fcee20090b82bdd7fb33163abba5c2eae088d1b60e7408329fac8bf35d2054a7693be3bc4c106b85b55490f892a4188f9f86650919fe13862ab5f16cffb569cff9d5fd4e7881cb59ba7e3057a2970165c98b1bb632b308c9972d103da714dca95222e7cee6fdb0af8a307a3d967bd752c86f964d2ca54b24ce37912f3f264321b3e7af82449ead13a46f3575466783610a2a0f22cb17c5246054f797910cc34cb40f85c9bac1ab333bb6436c839c271afbe0ef15ba1fa3a8fa2c3131f398610cb22685f9f8c43cdd102fb004135e4181964e85e7a3edcd12d41d8463adc48a2451550c5d13d1934217ea44955a5940c0e9f6dfd0b12ffa9ca614df5ba6f1e90d0df18eff30b4b0046c89c009fb21a80aa1558decda30d5277c202cf393e95bfabfb3509100703930eeb01c6810dbf42901c76e267f2e8228efc528183faf308d6cfe9190be7d359d7870f4297aeeefc6442a412fb44778d287d9d26bd03291c6dbee69a639583fbd2bb793eb397c1ad4d3b4f74b85740b784fb9303284036518f0e8d62fd099377815c2f3fed97d6798a5ac40015303ebf8ea4b23b0d349e306923e0d03e1f7b3d161f27836f56046332f912d7ad2836d34a0bd6874c3d20ef9cade9e0f82331411d6e9e91f7c5ce5b4c7ed534b995b8367edad43262", 0x1000}, {&(0x7f0000001340)="05f5a727de7f812db1f56c8ed121ba0eedb720cd7b23bfed8c2f48ba1db52c3a57bbd9d1e33876f20cc24cfa8b33b5965b950c00b9602ea4f1c8e855af3335f910d0ad29919c1d7a5f30ef21c7c0940626cb754ec85b09f67d3395cc782444baf18cab84181709f2d90f669012d80756d39107ce5a590e2dd8f64def6584a96dca474335ca2721f74159e048e11931d724fada4682a319adf59b7aae10b8e137400b771335be109c0cce0a1c2d6ac82f49f55f1f01de42f622e172fe3a4434d616e92fab8931e6da6771aa2d647e4bfbc91bdf43fc6eac15afe72201f4bc2199856175014689322f7652aeb0ef09b34d769511bcab4dd6", 0xf7}, {&(0x7f0000001440)="8092835cf7ea99c677f97da467f27c71312999dbf2539aa6e7d3d85ad2c733016ee69e9e56864ee613bb7996d6f3a9f16511f4e027dbf865ac3572dd720594cfd66c33114480b9c4f5ac8cfd2e00a7ecc8298b934b4e5ef92f28686e6d4abc377729fd1063d91b7691468be1902b75227deb720c3153595f89b79718c1d353260420ff3068d836ec81fbd9a55954f674f6eca1800453", 0x96}, {&(0x7f0000000000)="11d8d87998b943291a8776d9ddd35a04ea4e85372798f761fbbcd0fa7154b6eede061ee19e98", 0x26}, {&(0x7f0000001500)="1720729fff330f6a07d438197e32240aac29409919bbfb2bef00bf0e57049867308e9ab8baafb542d97f6a7ed02926d599b66a6ed5d5d52e588740b72a0a55d7f0255b425c03f80fc53fc457da53d66e2a59d581455dc78c2abc63f6972fac3e5d380c5c767a7626f35497e8e75a84dd3ca301887f61bdc1e4b06921fe7f79b14e15cfc388e246a558a41f907433", 0x8e}], 0x7) sendfile(r1, r0, 0x0, 0x800100020013) io_uring_setup(0x572a, &(0x7f0000000080)={0x0, 0x35d8, 0x4, 0x0, 0x51, 0x0, r0}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r3, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000015c0)='dctcp-reno\x00', 0xb) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) 19:28:27 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x0) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) mlockall(0x0) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) 19:28:27 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) munmap(&(0x7f0000239000/0x3000)=nil, 0x3000) mlockall(0x1) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x600}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:27 executing program 3: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r0 = shmget$private(0x0, 0x4000, 0x400, &(0x7f000010e000/0x4000)=nil) r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000090000/0x1000)=nil) shmat(r0, &(0x7f00003e4000/0x4000)=nil, 0x4000) r2 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r2, &(0x7f0000000000/0x2000)=nil, 0x4000) r3 = shmget$private(0x0, 0x3000, 0x4, &(0x7f0000270000/0x3000)=nil) shmat(r3, &(0x7f0000ffd000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(r2, 0x0) shmctl$SHM_UNLOCK(r1, 0xc) shmat(r1, &(0x7f0000187000/0x1000)=nil, 0xe000) 19:28:27 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500d) 19:28:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x700}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:28 executing program 3: mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) r0 = shmget$private(0x0, 0x4000, 0x400, &(0x7f000010e000/0x4000)=nil) (async) r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000090000/0x1000)=nil) shmat(r0, &(0x7f00003e4000/0x4000)=nil, 0x4000) (async) r2 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r2, &(0x7f0000000000/0x2000)=nil, 0x4000) r3 = shmget$private(0x0, 0x3000, 0x4, &(0x7f0000270000/0x3000)=nil) shmat(r3, &(0x7f0000ffd000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(r2, 0x0) shmctl$SHM_UNLOCK(r1, 0xc) (async) shmat(r1, &(0x7f0000187000/0x1000)=nil, 0xe000) 19:28:28 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) (async) writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000180)="3e778da13e2cf44c8dc47886d2dddcf59434f2ada9147c95fd1e58eca757ab594e9bfcbc55934f7a2192a76fe9445e3b24a6057c95475bffa06d8934af7e43911508bc9a23be4b75e7ffbc1dc5abf7d396a40389f4fef1687aa47871598434268c6de2c7d032e06b4d952ce33588d838bb8c7c457751958650a59accdc00b2b9427cdffff7580a048c1faee7908c4ae7462111", 0x93}, {&(0x7f0000000240)="d804312308a1e4ff3520edaadf5ec875797367260c83f5ae939a8840796e71644aac8d690d21573be24804e2aa1b181b0dd7f1b4740f50de38d255fbc49a90843abb9e99174418932e73b06df72a8c0e6453e716e28e06471463d43661667c8f", 0x60}, {&(0x7f0000000340)="fc42fee8c16b93659372367f81278904f212810809e968449e10168cb2e7d38587d579a9c6ad893fba8b3a918bf4a9f6e1008a7ffe5f096e21222c9dd05c7446fc44e7bebaa77d5cde816e9542a502dba51d02b1c7ed76a359cf91c694def85494e138fc3fd8d4f57f84384705d4dbf13682cea46dc9603fecaaf0e6396e4511ebc31a6ac318d07822927c7166a40c086f3eaef767fd8529270b4e1a793c77df1d660e22322843c2bce17d4fdb5529c84cffc4f7bce84094409f2fca263910af734e9a0fa80f088164ae7fcf287aa97f5488d300faee48ab325b2fdca2f7d51eba6c45d0682137915f103f2aa66a51229100d201383335263e5eec78c3fb45b558b27e35f4585a0cd06e7658b745bb18923b86b6c43e227b67641ee78881121095aa725a780f866fcc762d7b15d51d403379a2213bfd884d2aed5644fb0537fa4553fa50b0a18c0ebed34c28dc6f630f99ee30ec84a1f0388cb7fd975f2303aa954514665a5a2bee30fa0dbebbe16bbdcd1bb415d8346c09e82c2d4dc49ad1f94922292650c617fb3ca9008336b390d7b85aad5ec8ff3d767d9f27c4cd65447991a3ed2c3af8138de6c22f0d66ef23779c3b2bb91a05bfe8c645d67b4044cfce41be58482be375ad76086f61aa9287a6dc568323e7e0ca95fea926d065afca4f192065d3b3b431c48a325288e7a683f5cca2fdd21b4f6858a237f19f03ab9c742a33e4d1365920e0069c2762f236636bc2dca72cc88fe09b853fe0dba263d22425b492c2990c430525827c3af56072c785a5fb50924b6582336706b2b5d073b65878913550aeadf644557a64a94eed4eddd45a42641376c370244fdc90918c605197d6f158180684abc2377ebfe828f6bc174e1e50c29fc9fe4686c0a68e66f39346c47bc36173279523beb8416e90b2f9d4a128865935391e6946d0e0abfa8c1ca0196805465b1bf8ec346969cf41ea979454b419b19b6c5d7788c3eb5e44b859d4376b91eefb3e6cfe8ddb4f1c3505510f63c6128c23625867efa8d0efa37269f6c1473cb759ed277a1b8c7571b73a8dc717ccd138dd58cfd94dccc45f86a15bdac42ffa5f11253a1f86cdf52d73e873ef2aa1ba76ed618035674d9c02e5d6ba5deb4f3bd1114549050e09554be227adf8b58cb0e1b77561555f1e32ca7e2d33ca756372c9dcc4927392ac1d07f205b62a79ca6885d5eb5431cd3d60ef0445005b094f9bbe204632e67c06214baa1e9bd74d9b307b936ee9c9aac0ffd2f8bea12e71c72dd7316b3f2bc29b95c3cf9a6d356800784baf9d14eb67b9be7868d606f42452ca1268f30c6a91233f44ba937a4c8d9d09f67fe7d3f684938d6d79d72fabfaaf0f449fcc676b3544a5571c11d30de910a0fdf8e36b9a4b527621157f277b35b38d2a885f0b58eb265c60c75ccc17558946792ed68c4f3fe9f2baeb49de7bf452c5e4c5c31bffe6b3bbe8d622dd8794df35ba47d76a119ac711c4fbb4a7cc3756842f24646aef9711e023a9c22d3e80d33006660fef70d674b8209bfc4812cc6841e1a542a7b3dd47c5b5bf4bcf309d91b2da227ffc84139557b97b1d389bfbaf238966dc887c94bf74c45bc622a887d2de7c59a68613c11e69f470cfd32e99e7a77381b9f165049f2072997d639d7f0412925965d345de786c09792712fe6bb8ae2542f4f28f501107abc745aa6037886540d6d8185c4622b5cca40c2a513de5b6107b2aa90b75437bb66436ee7ec94b71af0e9e13ee2bdcd30c4aaf579889ac7113258d0629538dc007d40f53c9a4bc0dc363a6c95228cbd156ece3fde57f5bd0a19526c3c1b9a8b834a482dd33300e046151233ba3c3d112ffa030f714f325ce30f8b4d6f8eceae347ca4dc40a9349e3a7917ccb59986801849512b8ee85bc8b89f38e890bfc4be5705b28c460df9ea11e3a751bf57fa2a64b571b25946098f0c4ff5d9e835108c2cba2ef0c633cb62611ebe612efc930c25a9b15230ef8c3a3efc1a3ab951c176a4c1b1dc888ba4ac85fe8e20e508436699e9fcc48d900f1ceee57ebd865f1fb7f5e0e2f528bc8d33d84119626c0ccb1000bf1c7a0b4afd246868708bf9563676d5fea3fe378ec6d61497f64f454cb7515747406646045f722a31a4dcad58ac19fa3a6b7e5bf9801f821b139786ee2120628ddda03781c6ece76b770115a76680f8be9672f8a8389514f88681c47544716320bd42dd8e23f53a42eb88e71e868292e10743de0259323c614634e224a630bf9c7f2c8fabd20736b079dd4b67ff5c8c8e0622a0d78cb35ba6080ddc9f4ef06d0b939a3b8b2a48367e2557501a83b8a7d6e34a3b9739552379c6a6e394a63ccbe8049bc44b9c1e64a7555d6a900aa546b1cc953a3e128c909feb1138209d5380548632f94f0fc2c6ea29096ec974aeb29e96efde66ab3ccf06d5470ecfa49b4fa7c46cb4d3bec5da4609912ba7f40765bd2136f28868e4ea02c0d1b81b4cd5bdd2fbe6d7d5f94e1e20270caf8f3ebe7aff2d7a3e464578a7b09ee93a84ef6ca18cab8b6507847273a15a4c9c980eabdcd6e883b3a0082aea54ed0cd577d2b34b39714b86d70399acd7a3274918bd0fe7b68f952f72353ee614241a7b94dbb7474de680cc78d97a748531b8da2b00b6adf081bbb6cb6cbe4d712d0f0fd82514bb5acdd48a968496dcae023419771ad23aa53976dd3c7b705d48a1ef938d3ba3a2bad654996df41c64beb72635b242eab960b44534f8d9d6877c641ae6f11022eea7ed4b8d95f6db2bd9788bd10ceee45942e0cc30e33921b67e4bd85158e3e9543440f025d7e5a77cc4e0cd7c2f4bd1556ea89a9070462fd488a7289dceb429a1171f52268eb2a7e1043d8a338991f1977fbf74628c828f4cac511c14f2e5d8a867b3bb0a4d53246e167e25384a3cd55d9481d447f24b6cc39d13c64957a80f5af950f3cea0d470835ae0e6530bfea8b1ff37b8da5dbd18319316e873f06a1457281cd5997ee46f609af0d17317aed5e1b2cc428a5c886b85982cc896fb4b63448ba0b93d8da85419b47232b666591dc351cdc68cb33ba98f633fd6a95df88e02e7e816f4f131a5c348d1890e2a0fde94a9feb466e2a0308daae3a95aebe2f277389d43e117001086f159bf72e64dacb0f4ca9e130a59527123d7552b1ffd4bfffced2c576b3b6f9fdbd59bf2e5019bb0377e8c975f2d0921336bc462125c17b95a0a6cd63c8eaac739d611c8a8640aeb7dac5980490b5337dc1575aac0ed22461db2b8c3724f497965b5bfd59991a8774f478211b57a123b435d7ce4ece58c8d120136b806b815a2cd3e4f6e4d6f0dcc7c30537c3795be73443c98f19fd1bc8badd61f9ed39bcb4858afc667a2bee50374a25b1beef78c100f742b56527450529d4e214a0edf0c1cefd4b9509597284a2d0f546945a892a906b147ba8919a45744ad549d804ce871229a88ff666dd034928d17892a3027c9f7534d2de9d1571c7b3acb2d405d14c5bf53cdc45b9290f2f8e4440f5dc54d91a4005997a7fb09077ed95534a79126008367f0dc35f227f12963ba68c2eb98a831cb69193e88b446869c17ea9b7b81c7e8699176a4fd15887daf3f55b00316273b44cd02e8cb52a2d8b929ef8714273cb057f67289b5466536e9f39bfc93f5b7b53e1708c972f5dcb84f7d69f76cf6d71c00c99c20be3afb25aca1b6fe268cae59f5cc0e22771024dbde56d23edf76c2b0ce60228391792c3b2238ac1152d8779974c4b95d8b574cc73fbc987f0355a29e24ac759337d1f4e4719613856b929920a62e1108a4f2219b20ce054db62bfd89ed1453b931db939f0d77a24aa87e7b981b0e79697ab508517826867d99a0b2bac8d654dcbfc309d8bdb527a5abd2ace277fab91fbed71c93b221d1b7a1ef0213e6b6cfe0b5ce5ad535560860512099405a115ed4c4051fd94058bb9a68aed189cac983290d1d5e454af2fa9acbf93cbb81b48d69a7744e15b1905665c09a1770fac7b340857c477d66dc3448e9855b141583167fd5b5335253315ed76c23d18d5130fc1a65333d5b34d6dc87008e3a42d072ebf8387794f59282ee4598fdc6746bce64722d528dc1356e9fed921742e82679310fb5e796eee3f5aafb5acc4e2d495a5e4af5f2a69449416212914e99000b09995b1fb4e3f62b29acdbab0e6fc770046b7006617e51fead059b0c39702a22deb43565bd8979ae9c4b4e15e0d72b5e72b1284e7e39baac84058e09a9a036d61f38d92d026057fa07b3f6a1c8c281abd880504809042be82b677a4a5ae5c36b913fd9951d12f829c2e65548c25323c95977bcb50897acf0c982ebb2229634d6e8a3647019988900683357af91b8807956101ffa9a6d2269b0ee1bb3624e17da826fbe599ceb10c29b83d57eea08b304e1b908a7c6eea70cbbf44a600465acf66a6f74deabb9c9632f724818c866a3e45727e90db0e53424f832e16bb0390b416ea72fc4c02b46fb14e5b414cec7aadea902f6461b1e70d28fe24ee112818c345213d140d2bae601a348cf09785aa9d9a72a47960aea9097e217d368495865838e36d2803b4d4cb8d0dbd501cefa3e9a556245ae91f8aba24aad9e268d7a4be017d04c8f9b356967450318d3bc47c4e34bb270ab21f6d1ee1d9d2f894af968afbcd1355269a424e9ed692da637d4c2d7bf4a61b528ac107fdc1d8ed3c46a6e3232b2e261bd5a1fc387471c8c74dd6f1b3bb5533789e2564e281def3a5c84307b2275def7172e1f543b788ffab57624de9a73258ca4622066db0bd506082a62c453b68d1db7a02f0fb8566cf9419e206689937c922cf0f4bc6dba3e414583f85861c0cf5d5bc696c47b5e038b733133d2f4bf3cac0c4d92133f6dcf496fe2dd2de518d8ab896d71a221674e62c2afd2bd207c79047e2dffccde3a595d43bb3b2cb59f62cf2b008d137627a0c12ecdc423e7f054351dfc72ab58be7dec54b710b7db55182d4570dc915d36086a64bac3963e62c63f362f8ebac95794577cbc52ce7ca6c2359f1811fb8ae9483de902697d1b3ce796c0cb92c1ef786557166207a18be4b02f3e925aacbb1a336faaffb8e0e36b0160ab6806a3d90540c63cabb38e4404e265a7e1ec5df22ecfb7fcee20090b82bdd7fb33163abba5c2eae088d1b60e7408329fac8bf35d2054a7693be3bc4c106b85b55490f892a4188f9f86650919fe13862ab5f16cffb569cff9d5fd4e7881cb59ba7e3057a2970165c98b1bb632b308c9972d103da714dca95222e7cee6fdb0af8a307a3d967bd752c86f964d2ca54b24ce37912f3f264321b3e7af82449ead13a46f3575466783610a2a0f22cb17c5246054f797910cc34cb40f85c9bac1ab333bb6436c839c271afbe0ef15ba1fa3a8fa2c3131f398610cb22685f9f8c43cdd102fb004135e4181964e85e7a3edcd12d41d8463adc48a2451550c5d13d1934217ea44955a5940c0e9f6dfd0b12ffa9ca614df5ba6f1e90d0df18eff30b4b0046c89c009fb21a80aa1558decda30d5277c202cf393e95bfabfb3509100703930eeb01c6810dbf42901c76e267f2e8228efc528183faf308d6cfe9190be7d359d7870f4297aeeefc6442a412fb44778d287d9d26bd03291c6dbee69a639583fbd2bb793eb397c1ad4d3b4f74b85740b784fb9303284036518f0e8d62fd099377815c2f3fed97d6798a5ac40015303ebf8ea4b23b0d349e306923e0d03e1f7b3d161f27836f56046332f912d7ad2836d34a0bd6874c3d20ef9cade9e0f82331411d6e9e91f7c5ce5b4c7ed534b995b8367edad43262", 0x1000}, {&(0x7f0000001340)="05f5a727de7f812db1f56c8ed121ba0eedb720cd7b23bfed8c2f48ba1db52c3a57bbd9d1e33876f20cc24cfa8b33b5965b950c00b9602ea4f1c8e855af3335f910d0ad29919c1d7a5f30ef21c7c0940626cb754ec85b09f67d3395cc782444baf18cab84181709f2d90f669012d80756d39107ce5a590e2dd8f64def6584a96dca474335ca2721f74159e048e11931d724fada4682a319adf59b7aae10b8e137400b771335be109c0cce0a1c2d6ac82f49f55f1f01de42f622e172fe3a4434d616e92fab8931e6da6771aa2d647e4bfbc91bdf43fc6eac15afe72201f4bc2199856175014689322f7652aeb0ef09b34d769511bcab4dd6", 0xf7}, {&(0x7f0000001440)="8092835cf7ea99c677f97da467f27c71312999dbf2539aa6e7d3d85ad2c733016ee69e9e56864ee613bb7996d6f3a9f16511f4e027dbf865ac3572dd720594cfd66c33114480b9c4f5ac8cfd2e00a7ecc8298b934b4e5ef92f28686e6d4abc377729fd1063d91b7691468be1902b75227deb720c3153595f89b79718c1d353260420ff3068d836ec81fbd9a55954f674f6eca1800453", 0x96}, {&(0x7f0000000000)="11d8d87998b943291a8776d9ddd35a04ea4e85372798f761fbbcd0fa7154b6eede061ee19e98", 0x26}, {&(0x7f0000001500)="1720729fff330f6a07d438197e32240aac29409919bbfb2bef00bf0e57049867308e9ab8baafb542d97f6a7ed02926d599b66a6ed5d5d52e588740b72a0a55d7f0255b425c03f80fc53fc457da53d66e2a59d581455dc78c2abc63f6972fac3e5d380c5c767a7626f35497e8e75a84dd3ca301887f61bdc1e4b06921fe7f79b14e15cfc388e246a558a41f907433", 0x8e}], 0x7) sendfile(r1, r0, 0x0, 0x800100020013) (async) io_uring_setup(0x572a, &(0x7f0000000080)={0x0, 0x35d8, 0x4, 0x0, 0x51, 0x0, r0}) (async) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r3, 0x0) (async) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000015c0)='dctcp-reno\x00', 0xb) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (rerun: 64) 19:28:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x900}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:28 executing program 3: mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) r0 = shmget$private(0x0, 0x4000, 0x400, &(0x7f000010e000/0x4000)=nil) r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000090000/0x1000)=nil) (async) shmat(r0, &(0x7f00003e4000/0x4000)=nil, 0x4000) (async) r2 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r2, &(0x7f0000000000/0x2000)=nil, 0x4000) (async) r3 = shmget$private(0x0, 0x3000, 0x4, &(0x7f0000270000/0x3000)=nil) shmat(r3, &(0x7f0000ffd000/0x3000)=nil, 0x6000) shmctl$IPC_RMID(r2, 0x0) shmctl$SHM_UNLOCK(r1, 0xc) (async) shmat(r1, &(0x7f0000187000/0x1000)=nil, 0xe000) 19:28:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xa00}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:28 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) (async) writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000180)="3e778da13e2cf44c8dc47886d2dddcf59434f2ada9147c95fd1e58eca757ab594e9bfcbc55934f7a2192a76fe9445e3b24a6057c95475bffa06d8934af7e43911508bc9a23be4b75e7ffbc1dc5abf7d396a40389f4fef1687aa47871598434268c6de2c7d032e06b4d952ce33588d838bb8c7c457751958650a59accdc00b2b9427cdffff7580a048c1faee7908c4ae7462111", 0x93}, {&(0x7f0000000240)="d804312308a1e4ff3520edaadf5ec875797367260c83f5ae939a8840796e71644aac8d690d21573be24804e2aa1b181b0dd7f1b4740f50de38d255fbc49a90843abb9e99174418932e73b06df72a8c0e6453e716e28e06471463d43661667c8f", 0x60}, {&(0x7f0000000340)="fc42fee8c16b93659372367f81278904f212810809e968449e10168cb2e7d38587d579a9c6ad893fba8b3a918bf4a9f6e1008a7ffe5f096e21222c9dd05c7446fc44e7bebaa77d5cde816e9542a502dba51d02b1c7ed76a359cf91c694def85494e138fc3fd8d4f57f84384705d4dbf13682cea46dc9603fecaaf0e6396e4511ebc31a6ac318d07822927c7166a40c086f3eaef767fd8529270b4e1a793c77df1d660e22322843c2bce17d4fdb5529c84cffc4f7bce84094409f2fca263910af734e9a0fa80f088164ae7fcf287aa97f5488d300faee48ab325b2fdca2f7d51eba6c45d0682137915f103f2aa66a51229100d201383335263e5eec78c3fb45b558b27e35f4585a0cd06e7658b745bb18923b86b6c43e227b67641ee78881121095aa725a780f866fcc762d7b15d51d403379a2213bfd884d2aed5644fb0537fa4553fa50b0a18c0ebed34c28dc6f630f99ee30ec84a1f0388cb7fd975f2303aa954514665a5a2bee30fa0dbebbe16bbdcd1bb415d8346c09e82c2d4dc49ad1f94922292650c617fb3ca9008336b390d7b85aad5ec8ff3d767d9f27c4cd65447991a3ed2c3af8138de6c22f0d66ef23779c3b2bb91a05bfe8c645d67b4044cfce41be58482be375ad76086f61aa9287a6dc568323e7e0ca95fea926d065afca4f192065d3b3b431c48a325288e7a683f5cca2fdd21b4f6858a237f19f03ab9c742a33e4d1365920e0069c2762f236636bc2dca72cc88fe09b853fe0dba263d22425b492c2990c430525827c3af56072c785a5fb50924b6582336706b2b5d073b65878913550aeadf644557a64a94eed4eddd45a42641376c370244fdc90918c605197d6f158180684abc2377ebfe828f6bc174e1e50c29fc9fe4686c0a68e66f39346c47bc36173279523beb8416e90b2f9d4a128865935391e6946d0e0abfa8c1ca0196805465b1bf8ec346969cf41ea979454b419b19b6c5d7788c3eb5e44b859d4376b91eefb3e6cfe8ddb4f1c3505510f63c6128c23625867efa8d0efa37269f6c1473cb759ed277a1b8c7571b73a8dc717ccd138dd58cfd94dccc45f86a15bdac42ffa5f11253a1f86cdf52d73e873ef2aa1ba76ed618035674d9c02e5d6ba5deb4f3bd1114549050e09554be227adf8b58cb0e1b77561555f1e32ca7e2d33ca756372c9dcc4927392ac1d07f205b62a79ca6885d5eb5431cd3d60ef0445005b094f9bbe204632e67c06214baa1e9bd74d9b307b936ee9c9aac0ffd2f8bea12e71c72dd7316b3f2bc29b95c3cf9a6d356800784baf9d14eb67b9be7868d606f42452ca1268f30c6a91233f44ba937a4c8d9d09f67fe7d3f684938d6d79d72fabfaaf0f449fcc676b3544a5571c11d30de910a0fdf8e36b9a4b527621157f277b35b38d2a885f0b58eb265c60c75ccc17558946792ed68c4f3fe9f2baeb49de7bf452c5e4c5c31bffe6b3bbe8d622dd8794df35ba47d76a119ac711c4fbb4a7cc3756842f24646aef9711e023a9c22d3e80d33006660fef70d674b8209bfc4812cc6841e1a542a7b3dd47c5b5bf4bcf309d91b2da227ffc84139557b97b1d389bfbaf238966dc887c94bf74c45bc622a887d2de7c59a68613c11e69f470cfd32e99e7a77381b9f165049f2072997d639d7f0412925965d345de786c09792712fe6bb8ae2542f4f28f501107abc745aa6037886540d6d8185c4622b5cca40c2a513de5b6107b2aa90b75437bb66436ee7ec94b71af0e9e13ee2bdcd30c4aaf579889ac7113258d0629538dc007d40f53c9a4bc0dc363a6c95228cbd156ece3fde57f5bd0a19526c3c1b9a8b834a482dd33300e046151233ba3c3d112ffa030f714f325ce30f8b4d6f8eceae347ca4dc40a9349e3a7917ccb59986801849512b8ee85bc8b89f38e890bfc4be5705b28c460df9ea11e3a751bf57fa2a64b571b25946098f0c4ff5d9e835108c2cba2ef0c633cb62611ebe612efc930c25a9b15230ef8c3a3efc1a3ab951c176a4c1b1dc888ba4ac85fe8e20e508436699e9fcc48d900f1ceee57ebd865f1fb7f5e0e2f528bc8d33d84119626c0ccb1000bf1c7a0b4afd246868708bf9563676d5fea3fe378ec6d61497f64f454cb7515747406646045f722a31a4dcad58ac19fa3a6b7e5bf9801f821b139786ee2120628ddda03781c6ece76b770115a76680f8be9672f8a8389514f88681c47544716320bd42dd8e23f53a42eb88e71e868292e10743de0259323c614634e224a630bf9c7f2c8fabd20736b079dd4b67ff5c8c8e0622a0d78cb35ba6080ddc9f4ef06d0b939a3b8b2a48367e2557501a83b8a7d6e34a3b9739552379c6a6e394a63ccbe8049bc44b9c1e64a7555d6a900aa546b1cc953a3e128c909feb1138209d5380548632f94f0fc2c6ea29096ec974aeb29e96efde66ab3ccf06d5470ecfa49b4fa7c46cb4d3bec5da4609912ba7f40765bd2136f28868e4ea02c0d1b81b4cd5bdd2fbe6d7d5f94e1e20270caf8f3ebe7aff2d7a3e464578a7b09ee93a84ef6ca18cab8b6507847273a15a4c9c980eabdcd6e883b3a0082aea54ed0cd577d2b34b39714b86d70399acd7a3274918bd0fe7b68f952f72353ee614241a7b94dbb7474de680cc78d97a748531b8da2b00b6adf081bbb6cb6cbe4d712d0f0fd82514bb5acdd48a968496dcae023419771ad23aa53976dd3c7b705d48a1ef938d3ba3a2bad654996df41c64beb72635b242eab960b44534f8d9d6877c641ae6f11022eea7ed4b8d95f6db2bd9788bd10ceee45942e0cc30e33921b67e4bd85158e3e9543440f025d7e5a77cc4e0cd7c2f4bd1556ea89a9070462fd488a7289dceb429a1171f52268eb2a7e1043d8a338991f1977fbf74628c828f4cac511c14f2e5d8a867b3bb0a4d53246e167e25384a3cd55d9481d447f24b6cc39d13c64957a80f5af950f3cea0d470835ae0e6530bfea8b1ff37b8da5dbd18319316e873f06a1457281cd5997ee46f609af0d17317aed5e1b2cc428a5c886b85982cc896fb4b63448ba0b93d8da85419b47232b666591dc351cdc68cb33ba98f633fd6a95df88e02e7e816f4f131a5c348d1890e2a0fde94a9feb466e2a0308daae3a95aebe2f277389d43e117001086f159bf72e64dacb0f4ca9e130a59527123d7552b1ffd4bfffced2c576b3b6f9fdbd59bf2e5019bb0377e8c975f2d0921336bc462125c17b95a0a6cd63c8eaac739d611c8a8640aeb7dac5980490b5337dc1575aac0ed22461db2b8c3724f497965b5bfd59991a8774f478211b57a123b435d7ce4ece58c8d120136b806b815a2cd3e4f6e4d6f0dcc7c30537c3795be73443c98f19fd1bc8badd61f9ed39bcb4858afc667a2bee50374a25b1beef78c100f742b56527450529d4e214a0edf0c1cefd4b9509597284a2d0f546945a892a906b147ba8919a45744ad549d804ce871229a88ff666dd034928d17892a3027c9f7534d2de9d1571c7b3acb2d405d14c5bf53cdc45b9290f2f8e4440f5dc54d91a4005997a7fb09077ed95534a79126008367f0dc35f227f12963ba68c2eb98a831cb69193e88b446869c17ea9b7b81c7e8699176a4fd15887daf3f55b00316273b44cd02e8cb52a2d8b929ef8714273cb057f67289b5466536e9f39bfc93f5b7b53e1708c972f5dcb84f7d69f76cf6d71c00c99c20be3afb25aca1b6fe268cae59f5cc0e22771024dbde56d23edf76c2b0ce60228391792c3b2238ac1152d8779974c4b95d8b574cc73fbc987f0355a29e24ac759337d1f4e4719613856b929920a62e1108a4f2219b20ce054db62bfd89ed1453b931db939f0d77a24aa87e7b981b0e79697ab508517826867d99a0b2bac8d654dcbfc309d8bdb527a5abd2ace277fab91fbed71c93b221d1b7a1ef0213e6b6cfe0b5ce5ad535560860512099405a115ed4c4051fd94058bb9a68aed189cac983290d1d5e454af2fa9acbf93cbb81b48d69a7744e15b1905665c09a1770fac7b340857c477d66dc3448e9855b141583167fd5b5335253315ed76c23d18d5130fc1a65333d5b34d6dc87008e3a42d072ebf8387794f59282ee4598fdc6746bce64722d528dc1356e9fed921742e82679310fb5e796eee3f5aafb5acc4e2d495a5e4af5f2a69449416212914e99000b09995b1fb4e3f62b29acdbab0e6fc770046b7006617e51fead059b0c39702a22deb43565bd8979ae9c4b4e15e0d72b5e72b1284e7e39baac84058e09a9a036d61f38d92d026057fa07b3f6a1c8c281abd880504809042be82b677a4a5ae5c36b913fd9951d12f829c2e65548c25323c95977bcb50897acf0c982ebb2229634d6e8a3647019988900683357af91b8807956101ffa9a6d2269b0ee1bb3624e17da826fbe599ceb10c29b83d57eea08b304e1b908a7c6eea70cbbf44a600465acf66a6f74deabb9c9632f724818c866a3e45727e90db0e53424f832e16bb0390b416ea72fc4c02b46fb14e5b414cec7aadea902f6461b1e70d28fe24ee112818c345213d140d2bae601a348cf09785aa9d9a72a47960aea9097e217d368495865838e36d2803b4d4cb8d0dbd501cefa3e9a556245ae91f8aba24aad9e268d7a4be017d04c8f9b356967450318d3bc47c4e34bb270ab21f6d1ee1d9d2f894af968afbcd1355269a424e9ed692da637d4c2d7bf4a61b528ac107fdc1d8ed3c46a6e3232b2e261bd5a1fc387471c8c74dd6f1b3bb5533789e2564e281def3a5c84307b2275def7172e1f543b788ffab57624de9a73258ca4622066db0bd506082a62c453b68d1db7a02f0fb8566cf9419e206689937c922cf0f4bc6dba3e414583f85861c0cf5d5bc696c47b5e038b733133d2f4bf3cac0c4d92133f6dcf496fe2dd2de518d8ab896d71a221674e62c2afd2bd207c79047e2dffccde3a595d43bb3b2cb59f62cf2b008d137627a0c12ecdc423e7f054351dfc72ab58be7dec54b710b7db55182d4570dc915d36086a64bac3963e62c63f362f8ebac95794577cbc52ce7ca6c2359f1811fb8ae9483de902697d1b3ce796c0cb92c1ef786557166207a18be4b02f3e925aacbb1a336faaffb8e0e36b0160ab6806a3d90540c63cabb38e4404e265a7e1ec5df22ecfb7fcee20090b82bdd7fb33163abba5c2eae088d1b60e7408329fac8bf35d2054a7693be3bc4c106b85b55490f892a4188f9f86650919fe13862ab5f16cffb569cff9d5fd4e7881cb59ba7e3057a2970165c98b1bb632b308c9972d103da714dca95222e7cee6fdb0af8a307a3d967bd752c86f964d2ca54b24ce37912f3f264321b3e7af82449ead13a46f3575466783610a2a0f22cb17c5246054f797910cc34cb40f85c9bac1ab333bb6436c839c271afbe0ef15ba1fa3a8fa2c3131f398610cb22685f9f8c43cdd102fb004135e4181964e85e7a3edcd12d41d8463adc48a2451550c5d13d1934217ea44955a5940c0e9f6dfd0b12ffa9ca614df5ba6f1e90d0df18eff30b4b0046c89c009fb21a80aa1558decda30d5277c202cf393e95bfabfb3509100703930eeb01c6810dbf42901c76e267f2e8228efc528183faf308d6cfe9190be7d359d7870f4297aeeefc6442a412fb44778d287d9d26bd03291c6dbee69a639583fbd2bb793eb397c1ad4d3b4f74b85740b784fb9303284036518f0e8d62fd099377815c2f3fed97d6798a5ac40015303ebf8ea4b23b0d349e306923e0d03e1f7b3d161f27836f56046332f912d7ad2836d34a0bd6874c3d20ef9cade9e0f82331411d6e9e91f7c5ce5b4c7ed534b995b8367edad43262", 0x1000}, {&(0x7f0000001340)="05f5a727de7f812db1f56c8ed121ba0eedb720cd7b23bfed8c2f48ba1db52c3a57bbd9d1e33876f20cc24cfa8b33b5965b950c00b9602ea4f1c8e855af3335f910d0ad29919c1d7a5f30ef21c7c0940626cb754ec85b09f67d3395cc782444baf18cab84181709f2d90f669012d80756d39107ce5a590e2dd8f64def6584a96dca474335ca2721f74159e048e11931d724fada4682a319adf59b7aae10b8e137400b771335be109c0cce0a1c2d6ac82f49f55f1f01de42f622e172fe3a4434d616e92fab8931e6da6771aa2d647e4bfbc91bdf43fc6eac15afe72201f4bc2199856175014689322f7652aeb0ef09b34d769511bcab4dd6", 0xf7}, {&(0x7f0000001440)="8092835cf7ea99c677f97da467f27c71312999dbf2539aa6e7d3d85ad2c733016ee69e9e56864ee613bb7996d6f3a9f16511f4e027dbf865ac3572dd720594cfd66c33114480b9c4f5ac8cfd2e00a7ecc8298b934b4e5ef92f28686e6d4abc377729fd1063d91b7691468be1902b75227deb720c3153595f89b79718c1d353260420ff3068d836ec81fbd9a55954f674f6eca1800453", 0x96}, {&(0x7f0000000000)="11d8d87998b943291a8776d9ddd35a04ea4e85372798f761fbbcd0fa7154b6eede061ee19e98", 0x26}, {&(0x7f0000001500)="1720729fff330f6a07d438197e32240aac29409919bbfb2bef00bf0e57049867308e9ab8baafb542d97f6a7ed02926d599b66a6ed5d5d52e588740b72a0a55d7f0255b425c03f80fc53fc457da53d66e2a59d581455dc78c2abc63f6972fac3e5d380c5c767a7626f35497e8e75a84dd3ca301887f61bdc1e4b06921fe7f79b14e15cfc388e246a558a41f907433", 0x8e}], 0x7) (async) sendfile(r1, r0, 0x0, 0x800100020013) io_uring_setup(0x572a, &(0x7f0000000080)={0x0, 0x35d8, 0x4, 0x0, 0x51, 0x0, r0}) (async) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r3, 0x0) (async) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000015c0)='dctcp-reno\x00', 0xb) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (rerun: 64) 19:28:28 executing program 2: ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@ipmr_delroute={0x2c, 0x19, 0x1, 0x70bd2b, 0x25dfdbff, {0x80, 0x80, 0x14, 0x8, 0x0, 0xb9f5a20894322fc3, 0xfe, 0x5, 0x1000}, [@RTA_OIF={0x8, 0x4, r0}, @RTA_SPORT={0x6, 0x1c, 0x4e22}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x4004010) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000)=""/141) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:28 executing program 5: mlockall(0x0) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x4) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) r1 = shmget(0x0, 0x1000, 0x100, &(0x7f0000017000/0x1000)=nil) shmat(r1, &(0x7f00000d6000/0x2000)=nil, 0xe000) 19:28:28 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) msync(&(0x7f0000260000/0x4000)=nil, 0x4000, 0x4) 19:28:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xb00}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:28 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500e) 19:28:28 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x1, 0x49}, @l2cap_cid_signaling={{0x45}, [@l2cap_move_chan_rsp={{0xf, 0x6a, 0x4}, {0x5, 0x8}}, @l2cap_conn_req={{0x2, 0x7, 0x4}, {0x6, 0x9e}}, @l2cap_cmd_rej_unk={{0x1, 0x8, 0x2}, {0xfff}}, @l2cap_move_chan_req={{0xe, 0x2, 0x3}, {0x8, 0x1}}, @l2cap_move_chan_req={{0xe, 0x3, 0x3}, {0x5}}, @l2cap_conn_req={{0x2, 0x3f, 0x4}, {0x4, 0x6}}, @l2cap_info_rsp={{0xb, 0xfb, 0x15}, {0x3f, 0xff01, "d95384c873ee22c6bc19f352e7943d1b06"}}]}}, 0x4e) 19:28:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xe00}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:28 executing program 5: mlockall(0x0) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x4) (async, rerun: 64) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async, rerun: 64) r1 = shmget(0x0, 0x1000, 0x100, &(0x7f0000017000/0x1000)=nil) shmat(r1, &(0x7f00000d6000/0x2000)=nil, 0xe000) 19:28:28 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x1, 0x49}, @l2cap_cid_signaling={{0x45}, [@l2cap_move_chan_rsp={{0xf, 0x6a, 0x4}, {0x5, 0x8}}, @l2cap_conn_req={{0x2, 0x7, 0x4}, {0x6, 0x9e}}, @l2cap_cmd_rej_unk={{0x1, 0x8, 0x2}, {0xfff}}, @l2cap_move_chan_req={{0xe, 0x2, 0x3}, {0x8, 0x1}}, @l2cap_move_chan_req={{0xe, 0x3, 0x3}, {0x5}}, @l2cap_conn_req={{0x2, 0x3f, 0x4}, {0x4, 0x6}}, @l2cap_info_rsp={{0xb, 0xfb, 0x15}, {0x3f, 0xff01, "d95384c873ee22c6bc19f352e7943d1b06"}}]}}, 0x4e) 19:28:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xf00}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:28 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x1, 0x49}, @l2cap_cid_signaling={{0x45}, [@l2cap_move_chan_rsp={{0xf, 0x6a, 0x4}, {0x5, 0x8}}, @l2cap_conn_req={{0x2, 0x7, 0x4}, {0x6, 0x9e}}, @l2cap_cmd_rej_unk={{0x1, 0x8, 0x2}, {0xfff}}, @l2cap_move_chan_req={{0xe, 0x2, 0x3}, {0x8, 0x1}}, @l2cap_move_chan_req={{0xe, 0x3, 0x3}, {0x5}}, @l2cap_conn_req={{0x2, 0x3f, 0x4}, {0x4, 0x6}}, @l2cap_info_rsp={{0xb, 0xfb, 0x15}, {0x3f, 0xff01, "d95384c873ee22c6bc19f352e7943d1b06"}}]}}, 0x4e) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x1, 0x49}, @l2cap_cid_signaling={{0x45}, [@l2cap_move_chan_rsp={{0xf, 0x6a, 0x4}, {0x5, 0x8}}, @l2cap_conn_req={{0x2, 0x7, 0x4}, {0x6, 0x9e}}, @l2cap_cmd_rej_unk={{0x1, 0x8, 0x2}, {0xfff}}, @l2cap_move_chan_req={{0xe, 0x2, 0x3}, {0x8, 0x1}}, @l2cap_move_chan_req={{0xe, 0x3, 0x3}, {0x5}}, @l2cap_conn_req={{0x2, 0x3f, 0x4}, {0x4, 0x6}}, @l2cap_info_rsp={{0xb, 0xfb, 0x15}, {0x3f, 0xff01, "d95384c873ee22c6bc19f352e7943d1b06"}}]}}, 0x4e) (async) 19:28:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x1100}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:28 executing program 2: ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@ipmr_delroute={0x2c, 0x19, 0x1, 0x70bd2b, 0x25dfdbff, {0x80, 0x80, 0x14, 0x8, 0x0, 0xb9f5a20894322fc3, 0xfe, 0x5, 0x1000}, [@RTA_OIF={0x8, 0x4, r0}, @RTA_SPORT={0x6, 0x1c, 0x4e22}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x4004010) (async) mlockall(0x2) (async) r1 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000)=""/141) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:28 executing program 3: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async, rerun: 64) msync(&(0x7f0000260000/0x4000)=nil, 0x4000, 0x4) (rerun: 64) 19:28:28 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRESOCT], 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8}}, 0x4) syz_emit_vhci(&(0x7f00000000c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x55}, @l2cap_cid_signaling={{0x51}, [@l2cap_cmd_rej_unk={{0x1, 0x4, 0x2}, {0x1}}, @l2cap_conf_rsp={{0x5, 0xa, 0x9}, {0x0, 0x6, 0x1, [@l2cap_conf_fcs={0x5, 0x1, 0x1}]}}, @l2cap_info_req={{0xa, 0x0, 0x2}, {0xff00}}, @l2cap_conf_rsp={{0x5, 0x0, 0x13}, {0x9, 0xff, 0xab6, [@l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_mtu={0x1, 0x2, 0x484}, @l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_fcs={0x5, 0x1, 0x1}]}}, @l2cap_info_rsp={{0xb, 0x9, 0x17}, {0x0, 0x7, "348b8475c11b0332fc85c39ff751fd38b926ad"}}, @l2cap_cmd_rej_unk={{0x1, 0x0, 0x2}, {0x1ff}}]}}, 0x5a) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x3, 0x22}, @l2cap_cid_signaling={{0x1e}, [@l2cap_move_chan_req={{0xe, 0x1d, 0x3}, {0x40, 0xea}}, @l2cap_conf_req={{0x4, 0x40, 0x13}, {0x7, 0x4, [@l2cap_conf_rfc={0x4, 0x9, {0x3, 0xd8, 0xa2, 0x2, 0x3ff, 0x4}}, @l2cap_conf_ews={0x7, 0x2, 0x1}]}}]}}, 0x27) 19:28:28 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x500f) 19:28:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x1300}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:29 executing program 5: mlockall(0x0) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0x4) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) r1 = shmget(0x0, 0x1000, 0x100, &(0x7f0000017000/0x1000)=nil) shmat(r1, &(0x7f00000d6000/0x2000)=nil, 0xe000) 19:28:29 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRESOCT], 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8}}, 0x4) (async) syz_emit_vhci(&(0x7f00000000c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x55}, @l2cap_cid_signaling={{0x51}, [@l2cap_cmd_rej_unk={{0x1, 0x4, 0x2}, {0x1}}, @l2cap_conf_rsp={{0x5, 0xa, 0x9}, {0x0, 0x6, 0x1, [@l2cap_conf_fcs={0x5, 0x1, 0x1}]}}, @l2cap_info_req={{0xa, 0x0, 0x2}, {0xff00}}, @l2cap_conf_rsp={{0x5, 0x0, 0x13}, {0x9, 0xff, 0xab6, [@l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_mtu={0x1, 0x2, 0x484}, @l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_fcs={0x5, 0x1, 0x1}]}}, @l2cap_info_rsp={{0xb, 0x9, 0x17}, {0x0, 0x7, "348b8475c11b0332fc85c39ff751fd38b926ad"}}, @l2cap_cmd_rej_unk={{0x1, 0x0, 0x2}, {0x1ff}}]}}, 0x5a) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x3, 0x22}, @l2cap_cid_signaling={{0x1e}, [@l2cap_move_chan_req={{0xe, 0x1d, 0x3}, {0x40, 0xea}}, @l2cap_conf_req={{0x4, 0x40, 0x13}, {0x7, 0x4, [@l2cap_conf_rfc={0x4, 0x9, {0x3, 0xd8, 0xa2, 0x2, 0x3ff, 0x4}}, @l2cap_conf_ews={0x7, 0x2, 0x1}]}}]}}, 0x27) 19:28:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x3f00}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:29 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRESOCT], 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8}}, 0x4) (async) syz_emit_vhci(&(0x7f00000000c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x55}, @l2cap_cid_signaling={{0x51}, [@l2cap_cmd_rej_unk={{0x1, 0x4, 0x2}, {0x1}}, @l2cap_conf_rsp={{0x5, 0xa, 0x9}, {0x0, 0x6, 0x1, [@l2cap_conf_fcs={0x5, 0x1, 0x1}]}}, @l2cap_info_req={{0xa, 0x0, 0x2}, {0xff00}}, @l2cap_conf_rsp={{0x5, 0x0, 0x13}, {0x9, 0xff, 0xab6, [@l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_mtu={0x1, 0x2, 0x484}, @l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_fcs={0x5, 0x1, 0x1}]}}, @l2cap_info_rsp={{0xb, 0x9, 0x17}, {0x0, 0x7, "348b8475c11b0332fc85c39ff751fd38b926ad"}}, @l2cap_cmd_rej_unk={{0x1, 0x0, 0x2}, {0x1ff}}]}}, 0x5a) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x3, 0x22}, @l2cap_cid_signaling={{0x1e}, [@l2cap_move_chan_req={{0xe, 0x1d, 0x3}, {0x40, 0xea}}, @l2cap_conf_req={{0x4, 0x40, 0x13}, {0x7, 0x4, [@l2cap_conf_rfc={0x4, 0x9, {0x3, 0xd8, 0xa2, 0x2, 0x3ff, 0x4}}, @l2cap_conf_ews={0x7, 0x2, 0x1}]}}]}}, 0x27) 19:28:29 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00003b8000/0x3000)=nil, 0x7000) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmat(r0, &(0x7f00002c5000/0x1000)=nil, 0x4000) 19:28:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x4d04}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:29 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000000)=0x2) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_NOP={{0x7f}, 0x3}}}, 0x2e) 19:28:29 executing program 2: ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@ipmr_delroute={0x2c, 0x19, 0x1, 0x70bd2b, 0x25dfdbff, {0x80, 0x80, 0x14, 0x8, 0x0, 0xb9f5a20894322fc3, 0xfe, 0x5, 0x1000}, [@RTA_OIF={0x8, 0x4, r0}, @RTA_SPORT={0x6, 0x1c, 0x4e22}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x4004010) (async) mlockall(0x2) (async) r1 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000)=""/141) (async) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:29 executing program 3: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) msync(&(0x7f0000260000/0x4000)=nil, 0x4000, 0x4) 19:28:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0x6000}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:29 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) (async) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000000)=0x2) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_NOP={{0x7f}, 0x3}}}, 0x2e) 19:28:29 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x400000) 19:28:29 executing program 5: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00003b8000/0x3000)=nil, 0x7000) (async, rerun: 32) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (rerun: 32) shmat(r0, &(0x7f00002c5000/0x1000)=nil, 0x4000) 19:28:29 executing program 2: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0xacc166dfa5a896be) mlockall(0x3) shmget(0x1, 0x3000, 0x1, &(0x7f0000353000/0x3000)=nil) shmget(0x3, 0x1000, 0x1, &(0x7f00002a5000/0x1000)=nil) shmget(0x3, 0x1000, 0x78000000, &(0x7f00001b5000/0x1000)=nil) shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000342000/0x2000)=nil) r0 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r0, &(0x7f0000000000/0x2000)=nil, 0x4000) shmat(r0, &(0x7f0000ff9000/0x5000)=nil, 0xd000) 19:28:29 executing program 4: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r0, 0x208200) (async, rerun: 64) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000000)=0x2) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_NOP={{0x7f}, 0x3}}}, 0x2e) [ 526.345656][ T27] audit: type=1800 audit(1678994909.882:12): pid=14678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=221 res=0 errno=0 19:28:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xf000}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:29 executing program 2: mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0xacc166dfa5a896be) (async, rerun: 64) mlockall(0x3) (rerun: 64) shmget(0x1, 0x3000, 0x1, &(0x7f0000353000/0x3000)=nil) shmget(0x3, 0x1000, 0x1, &(0x7f00002a5000/0x1000)=nil) (async) shmget(0x3, 0x1000, 0x78000000, &(0x7f00001b5000/0x1000)=nil) shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000342000/0x2000)=nil) r0 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r0, &(0x7f0000000000/0x2000)=nil, 0x4000) (async, rerun: 64) shmat(r0, &(0x7f0000ff9000/0x5000)=nil, 0xd000) (rerun: 64) 19:28:30 executing program 4: r0 = getpgrp(0x0) getpriority(0x0, r0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0xc9}}}, 0x4) 19:28:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{0xb, 0x0, 0xffff}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 526.539031][ T27] audit: type=1800 audit(1678994910.072:13): pid=14690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=224 res=0 errno=0 19:28:30 executing program 4: r0 = getpgrp(0x0) getpriority(0x0, r0) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0xc9}}}, 0x4) 19:28:30 executing program 2: mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) mlockall(0xacc166dfa5a896be) mlockall(0x3) shmget(0x1, 0x3000, 0x1, &(0x7f0000353000/0x3000)=nil) (async) shmget(0x3, 0x1000, 0x1, &(0x7f00002a5000/0x1000)=nil) (async) shmget(0x3, 0x1000, 0x78000000, &(0x7f00001b5000/0x1000)=nil) shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000342000/0x2000)=nil) (async) r0 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r0, &(0x7f0000000000/0x2000)=nil, 0x4000) (async, rerun: 32) shmat(r0, &(0x7f0000ff9000/0x5000)=nil, 0xd000) (rerun: 32) 19:28:30 executing program 4: r0 = getpgrp(0x0) getpriority(0x0, r0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0xc9}}}, 0x4) 19:28:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x3, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:30 executing program 3: ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000001040)=ANY=[@ANYBLOB="d215a01c8ccab085f018ebae91150eaef07c98183547b1a27ee9f497645b45cb25bb203afed83e04a76417724493ddaee24f532678e90c301024a9eb9f08a0b39e8e9026fb3031b14d9215f4c682c573d3747257405d6d4985bf0a0213e386f766636ddcc996de9e94299ea3c823d7b336813491", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000040)={{0x0, 0x5, 0x2663, 0x396dcb13, 0x101, 0x3, 0x4, 0x9, 0x5, 0x5, 0x100, 0x0, 0x1, 0x3, 0x400}}) mlockall(0x2) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r1, 0x208200) ioctl$KVM_RUN(r1, 0xae80, 0x0) r2 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r3 = open(&(0x7f0000000300)='./bus\x00', 0x200040, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r4, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r4, r3, 0x0, 0x800100020013) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 526.811252][T14700] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 526.886924][ T27] audit: type=1800 audit(1678994910.422:14): pid=14707 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=227 res=0 errno=0 19:28:30 executing program 5: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00003b8000/0x3000)=nil, 0x7000) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async, rerun: 32) shmat(r0, &(0x7f00002c5000/0x1000)=nil, 0x4000) (rerun: 32) 19:28:30 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_host_features={{0x3d, 0xe}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, "d8e43e8a6aad04bb"}}}, 0x11) 19:28:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0xb, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:30 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_host_features={{0x3d, 0xe}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, "d8e43e8a6aad04bb"}}}, 0x11) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_host_features={{0x3d, 0xe}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, "d8e43e8a6aad04bb"}}}, 0x11) (async) 19:28:30 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r0, &(0x7f0000000000/0x2000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) shmat(r0, &(0x7f0000003000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000266000/0x4000)=nil, 0x0) mlockall(0x0) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x5000) mlockall(0x1) [ 527.006590][T14712] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 19:28:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x14, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 527.059065][T14712] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 19:28:30 executing program 1: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r1, r0, 0x0, 0x800100020013) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x40046207, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r4 = dup2(r3, r2) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r3, r5) r6 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0xc, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r6}], 0x0, 0x0, 0x0}) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x40046207, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r9 = dup2(r8, r7) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r8, r10) r11 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r10, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000001c0)={0xc, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r11}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001300)={0x94, 0x0, &(0x7f00000011c0)=[@free_buffer={0x40086303, r6}, @clear_death={0x400c630f, 0x2}, @request_death={0x400c630e, 0x1}, @decrefs={0x40046307, 0x3}, @register_looper, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001100)={@ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/4096, 0x1000, 0x0, 0x36}, @fd, @ptr={0x70742a85, 0x0, &(0x7f0000001000)=""/240, 0xf0, 0x0, 0x6}}, &(0x7f0000001180)={0x0, 0x28, 0x40}}}, @free_buffer={0x40086303, r11}, @exit_looper], 0x7c, 0x0, &(0x7f0000001280)="d4ebbd4035140cbebfdd8f2288fcfcd99263ffb34c98d05548b2026a24ff5bf9c06f34efb802ec3ff3856d3c2dcbbf58831eaf4cff6b62bc2204b545d694c89492c12fc4734dd79b5059275027acaeb47b83918c9a7ecfb97f1ec5ddcadf489692c4e0931cff9d701727bafb1c41a778a158f581c9d1e8235cd7e6fe"}) mlockall(0x2) r12 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r12, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmctl$SHM_UNLOCK(0xffffffffffffffff, 0xc) 19:28:30 executing program 2: mlockall(0x2) (async) mlockall(0x2) r0 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r0, &(0x7f0000000000/0x2000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) shmat(r0, &(0x7f0000003000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000266000/0x4000)=nil, 0x0) mlockall(0x0) (async) mlockall(0x0) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x5000) mlockall(0x1) (async) mlockall(0x1) 19:28:30 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_def_err_data_reporting}}, 0x8) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_host_features={{0x3d, 0xe}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, "d8e43e8a6aad04bb"}}}, 0x11) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_host_features={{0x3d, 0xe}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, "d8e43e8a6aad04bb"}}}, 0x11) [ 527.205433][T14723] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 19:28:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x117, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:30 executing program 3: ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000001040)=ANY=[@ANYBLOB="d215a01c8ccab085f018ebae91150eaef07c98183547b1a27ee9f497645b45cb25bb203afed83e04a76417724493ddaee24f532678e90c301024a9eb9f08a0b39e8e9026fb3031b14d9215f4c682c573d3747257405d6d4985bf0a0213e386f766636ddcc996de9e94299ea3c823d7b336813491", @ANYRES32, @ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00./file0\x00']) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000001040)=ANY=[@ANYBLOB="d215a01c8ccab085f018ebae91150eaef07c98183547b1a27ee9f497645b45cb25bb203afed83e04a76417724493ddaee24f532678e90c301024a9eb9f08a0b39e8e9026fb3031b14d9215f4c682c573d3747257405d6d4985bf0a0213e386f766636ddcc996de9e94299ea3c823d7b336813491", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000040)={{0x0, 0x5, 0x2663, 0x396dcb13, 0x101, 0x3, 0x4, 0x9, 0x5, 0x5, 0x100, 0x0, 0x1, 0x3, 0x400}}) mlockall(0x2) (async) mlockall(0x2) creat(&(0x7f0000000380)='./bus\x00', 0x0) (async) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r1, 0x208200) ioctl$KVM_RUN(r1, 0xae80, 0x0) r2 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r3 = open(&(0x7f0000000300)='./bus\x00', 0x200040, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r4, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r4, r3, 0x0, 0x800100020013) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:30 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r0, &(0x7f0000000000/0x2000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) shmat(r0, &(0x7f0000003000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000266000/0x4000)=nil, 0x0) mlockall(0x0) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x5000) mlockall(0x1) mlockall(0x2) (async) shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) (async) shmat(r0, &(0x7f0000000000/0x2000)=nil, 0x4000) (async) shmctl$IPC_RMID(r0, 0x0) (async) shmat(r0, &(0x7f0000003000/0x2000)=nil, 0x2000) (async) shmat(r0, &(0x7f0000266000/0x4000)=nil, 0x0) (async) mlockall(0x0) (async) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x5000) (async) mlockall(0x1) (async) [ 527.362568][T14735] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 19:28:31 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) r4 = socket(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) r8 = socket(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r11, @ANYBLOB="00000000ffffffff000000000affffd21fe465e77db30cdf7058f403da8a273e51a06e94ba4252d1197ed0dd006266696f95b01e9b221f83305ed8a57e3d1e630af6b7f14b73e676474f784ce8dadd7b3226be74dc8bb21a59b62582082345936bb58dd4cfa703f92a0750adf1422ded0474fa3eb98b1084ee8599964f17c4168ca381a2ecbc3995580179789fd359a388eda2670484ba3a95da634a1a8b9019b98f207f5745fc740786c5736fb5ff41f4db1ea5e96d20374d6af711b2bcc905a42505ad77d79f5e562c73b5d69a0e3346e58b656e96302d5624b3d4476eec2470bb81c3373aa2289a4d9ccdf152ed6ae7f400bf4f32516f86f9b2a41c4003746194fe47eed251d67b75f058d59dee80eef2493942c835"], 0x38}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0xa, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000100)=[{}], 0x8, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80020010}, 0xc, &(0x7f00000004c0)={&(0x7f0000000340)={0x158, 0x0, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}]}]}, 0x158}, 0x1, 0x0, 0x0, 0xc880}, 0x4) mlockall(0x2) r13 = shmget$private(0x0, 0x3000, 0x11, &(0x7f0000150000/0x3000)=nil) shmat(r13, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:31 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x2000, 0x0, &(0x7f00002f5000/0x2000)=nil) shmat(r0, &(0x7f00002f5000/0x1000)=nil, 0x4000) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x142, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:31 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000003000/0x2000)=nil, 0x2000) shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000)=""/138) 19:28:31 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x2000, 0x0, &(0x7f00002f5000/0x2000)=nil) shmat(r0, &(0x7f00002f5000/0x1000)=nil, 0x4000) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) (async) shmget$private(0x0, 0x2000, 0x0, &(0x7f00002f5000/0x2000)=nil) (async) shmat(r0, &(0x7f00002f5000/0x1000)=nil, 0x4000) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) [ 527.517589][T14744] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 527.528385][T14746] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 19:28:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x2, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:31 executing program 1: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) (async) sendfile(r1, r0, 0x0, 0x800100020013) (async) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x40046207, 0x0) (async) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r4 = dup2(r3, r2) (async) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r3, r5) r6 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0xc, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r6}], 0x0, 0x0, 0x0}) (async) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x40046207, 0x0) (async) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r9 = dup2(r8, r7) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r8, r10) (async) r11 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r10, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000001c0)={0xc, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r11}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001300)={0x94, 0x0, &(0x7f00000011c0)=[@free_buffer={0x40086303, r6}, @clear_death={0x400c630f, 0x2}, @request_death={0x400c630e, 0x1}, @decrefs={0x40046307, 0x3}, @register_looper, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001100)={@ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/4096, 0x1000, 0x0, 0x36}, @fd, @ptr={0x70742a85, 0x0, &(0x7f0000001000)=""/240, 0xf0, 0x0, 0x6}}, &(0x7f0000001180)={0x0, 0x28, 0x40}}}, @free_buffer={0x40086303, r11}, @exit_looper], 0x7c, 0x0, &(0x7f0000001280)="d4ebbd4035140cbebfdd8f2288fcfcd99263ffb34c98d05548b2026a24ff5bf9c06f34efb802ec3ff3856d3c2dcbbf58831eaf4cff6b62bc2204b545d694c89492c12fc4734dd79b5059275027acaeb47b83918c9a7ecfb97f1ec5ddcadf489692c4e0931cff9d701727bafb1c41a778a158f581c9d1e8235cd7e6fe"}) (async) mlockall(0x2) (async) r12 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r12, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmctl$SHM_UNLOCK(0xffffffffffffffff, 0xc) 19:28:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x5, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:31 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x2000, 0x0, &(0x7f00002f5000/0x2000)=nil) shmat(r0, &(0x7f00002f5000/0x1000)=nil, 0x4000) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) (async) shmget$private(0x0, 0x2000, 0x0, &(0x7f00002f5000/0x2000)=nil) (async) shmat(r0, &(0x7f00002f5000/0x1000)=nil, 0x4000) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) [ 527.699677][T14744] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 19:28:31 executing program 1: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) (async, rerun: 64) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async, rerun: 64) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r1, r0, 0x0, 0x800100020013) (async) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x40046207, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r4 = dup2(r3, r2) (async, rerun: 64) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (rerun: 64) dup2(r3, r5) (async) r6 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0xc, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r6}], 0x0, 0x0, 0x0}) (async) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x40046207, 0x0) (async, rerun: 64) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (rerun: 64) r9 = dup2(r8, r7) (async) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r8, r10) r11 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r10, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000001c0)={0xc, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r11}], 0x0, 0x0, 0x0}) (async, rerun: 64) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001300)={0x94, 0x0, &(0x7f00000011c0)=[@free_buffer={0x40086303, r6}, @clear_death={0x400c630f, 0x2}, @request_death={0x400c630e, 0x1}, @decrefs={0x40046307, 0x3}, @register_looper, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001100)={@ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/4096, 0x1000, 0x0, 0x36}, @fd, @ptr={0x70742a85, 0x0, &(0x7f0000001000)=""/240, 0xf0, 0x0, 0x6}}, &(0x7f0000001180)={0x0, 0x28, 0x40}}}, @free_buffer={0x40086303, r11}, @exit_looper], 0x7c, 0x0, &(0x7f0000001280)="d4ebbd4035140cbebfdd8f2288fcfcd99263ffb34c98d05548b2026a24ff5bf9c06f34efb802ec3ff3856d3c2dcbbf58831eaf4cff6b62bc2204b545d694c89492c12fc4734dd79b5059275027acaeb47b83918c9a7ecfb97f1ec5ddcadf489692c4e0931cff9d701727bafb1c41a778a158f581c9d1e8235cd7e6fe"}) (rerun: 64) mlockall(0x2) (async, rerun: 64) r12 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (rerun: 64) shmat(r12, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmctl$SHM_UNLOCK(0xffffffffffffffff, 0xc) [ 527.804662][T14750] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 527.937483][T14744] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 19:28:31 executing program 3: ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000001040)=ANY=[@ANYBLOB="d215a01c8ccab085f018ebae91150eaef07c98183547b1a27ee9f497645b45cb25bb203afed83e04a76417724493ddaee24f532678e90c301024a9eb9f08a0b39e8e9026fb3031b14d9215f4c682c573d3747257405d6d4985bf0a0213e386f766636ddcc996de9e94299ea3c823d7b336813491", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000040)={{0x0, 0x5, 0x2663, 0x396dcb13, 0x101, 0x3, 0x4, 0x9, 0x5, 0x5, 0x100, 0x0, 0x1, 0x3, 0x400}}) (async, rerun: 64) mlockall(0x2) (async, rerun: 64) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r1, 0x208200) ioctl$KVM_RUN(r1, 0xae80, 0x0) r2 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async, rerun: 32) r3 = open(&(0x7f0000000300)='./bus\x00', 0x200040, 0x0) (async, rerun: 32) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r4, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) (async) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r4, r3, 0x0, 0x800100020013) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) shmat(r2, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:31 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmat(r0, &(0x7f0000331000/0x1000)=nil, 0x5000) 19:28:31 executing program 4: mlockall(0x3) mlockall(0x5) r0 = shmget$private(0x0, 0x2000, 0x8, &(0x7f0000219000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x4000) 19:28:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x6, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:31 executing program 1: mlockall(0x2) mlockall(0x0) r0 = shmget$private(0x0, 0x3000, 0x8, &(0x7f00002f7000/0x3000)=nil) mlockall(0x3) mlockall(0x5) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) shmctl$SHM_LOCK(r1, 0xb) shmget$private(0x0, 0x1000, 0x10, &(0x7f00002f7000/0x1000)=nil) 19:28:31 executing program 5: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) (async) shmctl$IPC_RMID(r1, 0x0) (async) shmat(r1, &(0x7f0000003000/0x2000)=nil, 0x2000) (async) shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000)=""/138) 19:28:31 executing program 1: mlockall(0x2) mlockall(0x0) r0 = shmget$private(0x0, 0x3000, 0x8, &(0x7f00002f7000/0x3000)=nil) mlockall(0x3) mlockall(0x5) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) shmctl$SHM_LOCK(r1, 0xb) shmget$private(0x0, 0x1000, 0x10, &(0x7f00002f7000/0x1000)=nil) mlockall(0x2) (async) mlockall(0x0) (async) shmget$private(0x0, 0x3000, 0x8, &(0x7f00002f7000/0x3000)=nil) (async) mlockall(0x3) (async) mlockall(0x5) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) (async) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) (async) shmctl$SHM_LOCK(r1, 0xb) (async) shmget$private(0x0, 0x1000, 0x10, &(0x7f00002f7000/0x1000)=nil) (async) 19:28:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x8, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:31 executing program 3: mlockall(0x2) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:31 executing program 4: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5003) 19:28:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x9, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 528.344793][T14794] netlink: 'syz-executor.0': attribute type 8 has an invalid length. 19:28:31 executing program 1: mlockall(0x2) (async, rerun: 32) mlockall(0x0) (async, rerun: 32) r0 = shmget$private(0x0, 0x3000, 0x8, &(0x7f00002f7000/0x3000)=nil) (async) mlockall(0x3) mlockall(0x5) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) (async, rerun: 32) shmctl$SHM_LOCK(r1, 0xb) (async, rerun: 32) shmget$private(0x0, 0x1000, 0x10, &(0x7f00002f7000/0x1000)=nil) 19:28:32 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) shmat(r0, &(0x7f0000331000/0x1000)=nil, 0x5000) 19:28:32 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f000029d000/0x4000)=nil, 0x5000) shmctl$SHM_LOCK(r0, 0xb) 19:28:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0xa, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:32 executing program 5: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) (async) shmctl$IPC_RMID(r1, 0x0) (async) shmat(r1, &(0x7f0000003000/0x2000)=nil, 0x2000) shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000)=""/138) 19:28:32 executing program 1: mlockall(0x2) (async) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f000029d000/0x4000)=nil, 0x5000) shmctl$SHM_LOCK(r0, 0xb) 19:28:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0xb, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:32 executing program 3: mlockall(0x2) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x2) (async) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) 19:28:32 executing program 1: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f000029d000/0x4000)=nil, 0x5000) shmctl$SHM_LOCK(r0, 0xb) 19:28:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x10, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:32 executing program 4: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5005) 19:28:32 executing program 1: mlockall(0x2) mlockall(0x5) mlockall(0x1) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r0 = shmget$private(0x0, 0x3000, 0x8, &(0x7f0000ffc000/0x3000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:32 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmat(r0, &(0x7f0000331000/0x1000)=nil, 0x5000) [ 528.991555][T14832] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 19:28:32 executing program 1: mlockall(0x2) (async) mlockall(0x5) (async) mlockall(0x1) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) r0 = shmget$private(0x0, 0x3000, 0x8, &(0x7f0000ffc000/0x3000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x11, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:32 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) r1 = shmget(0x0, 0x2000, 0x78000000, &(0x7f00000bc000/0x2000)=nil) shmat(r1, &(0x7f000008c000/0x2000)=nil, 0x4000) 19:28:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x13, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:32 executing program 1: mlockall(0x2) (async) mlockall(0x5) (async) mlockall(0x1) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r0 = shmget$private(0x0, 0x3000, 0x8, &(0x7f0000ffc000/0x3000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:32 executing program 3: mlockall(0x2) (async) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x70, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:33 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) shmat(r0, &(0x7f00002b0000/0x2000)=nil, 0x1000) mlockall(0x5) mlockall(0x2) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000315000/0x3000)=nil) r2 = shmget(0x0, 0x2000, 0x1, &(0x7f00001c0000/0x2000)=nil) mlockall(0x1) shmget$private(0x0, 0x3000, 0x80, &(0x7f00001ee000/0x3000)=nil) shmat(r2, &(0x7f000037e000/0x4000)=nil, 0x1000) mlockall(0x0) 19:28:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x117, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:33 executing program 4: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) r1 = shmget(0x0, 0x2000, 0x78000000, &(0x7f00000bc000/0x2000)=nil) shmat(r1, &(0x7f000008c000/0x2000)=nil, 0x4000) 19:28:33 executing program 1: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) (async) shmat(r0, &(0x7f00002b0000/0x2000)=nil, 0x1000) mlockall(0x5) (async) mlockall(0x2) (async) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000315000/0x3000)=nil) (async) r2 = shmget(0x0, 0x2000, 0x1, &(0x7f00001c0000/0x2000)=nil) mlockall(0x1) shmget$private(0x0, 0x3000, 0x80, &(0x7f00001ee000/0x3000)=nil) (async) shmat(r2, &(0x7f000037e000/0x4000)=nil, 0x1000) mlockall(0x0) 19:28:33 executing program 2: mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:33 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) r1 = shmget(0x0, 0x2000, 0x78000000, &(0x7f00000bc000/0x2000)=nil) shmat(r1, &(0x7f000008c000/0x2000)=nil, 0x4000) 19:28:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x142, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:33 executing program 2: mlockall(0x2) (async) mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:33 executing program 1: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) r1 = shmget$private(0x0, 0x3000, 0x1a00, &(0x7f0000ffd000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x2000)=nil, 0x4000) (async) shmat(r0, &(0x7f00002b0000/0x2000)=nil, 0x1000) (async) mlockall(0x5) (async) mlockall(0x2) (async) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000315000/0x3000)=nil) r2 = shmget(0x0, 0x2000, 0x1, &(0x7f00001c0000/0x2000)=nil) mlockall(0x1) (async) shmget$private(0x0, 0x3000, 0x80, &(0x7f00001ee000/0x3000)=nil) (async) shmat(r2, &(0x7f000037e000/0x4000)=nil, 0x1000) (async) mlockall(0x0) [ 529.781741][T14881] netlink: 'syz-executor.0': attribute type 322 has an invalid length. 19:28:33 executing program 3: ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000000)={0x7, @capture={0x1000, 0x1, {}, 0x5}}) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f000023f000/0x2000)=nil, 0x3000) mlockall(0x4) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmget$private(0x0, 0x1000, 0x78000000, &(0x7f0000360000/0x1000)=nil) 19:28:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x3}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:33 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000070000/0x4000)=nil) mlockall(0x9363f78770dd7bd6) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:33 executing program 2: mlockall(0x2) shmat(0x0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0xb}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 529.975908][T14893] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 530.148796][T14900] netlink: 'syz-executor.0': attribute type 8 has an invalid length. 19:28:33 executing program 4: r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x304}, "ffb75df2a83e25c0", "2cdb8ead6c8e9c290bebacb766ff2832", "44d857de", "171291df37239255"}, 0x28) sendfile(r1, r0, 0x0, 0x800100020013) getsockname$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000140)=0x1c) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x10}}}]}, 0x48}}, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000000), 0x20000000, &(0x7f0000000080)) 19:28:33 executing program 1: mlockall(0x2) shmget$private(0x0, 0x4000, 0x0, &(0x7f0000070000/0x4000)=nil) (async) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000070000/0x4000)=nil) mlockall(0x9363f78770dd7bd6) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:33 executing program 2: r0 = fsmount(0xffffffffffffffff, 0x1, 0x80) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000000)=""/159) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0xc}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:33 executing program 5: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmget(0x0, 0x2000, 0x78000000, &(0x7f00000bc000/0x2000)=nil) (async) r1 = shmget(0x0, 0x2000, 0x78000000, &(0x7f00000bc000/0x2000)=nil) shmat(r1, &(0x7f000008c000/0x2000)=nil, 0x4000) 19:28:33 executing program 3: ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000000)={0x7, @capture={0x1000, 0x1, {}, 0x5}}) (async) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000000)={0x7, @capture={0x1000, 0x1, {}, 0x5}}) mlockall(0x2) (async) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f000023f000/0x2000)=nil, 0x3000) mlockall(0x4) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmget$private(0x0, 0x1000, 0x78000000, &(0x7f0000360000/0x1000)=nil) 19:28:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0xf000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:33 executing program 1: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000070000/0x4000)=nil) (async) mlockall(0x9363f78770dd7bd6) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 530.299645][T14909] netlink: 'syz-executor.0': attribute type 8 has an invalid length. 19:28:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x70}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:34 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x9000) 19:28:34 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f0000000040)=r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x7, 0x0, &(0x7f0000000080)) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f0000000100)=@raw=[@map_idx={0x18, 0x3, 0x5, 0x0, 0xf}, @ldst={0x1, 0x0, 0x3, 0x9, 0x5, 0x20, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @exit, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}], &(0x7f0000000140)='syzkaller\x00', 0x200, 0x12, &(0x7f0000000180)=""/18, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x3, 0x9, 0x1a, 0x1f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x80) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r4, 0x8905, 0x0) r5 = syz_clone(0x40000000, &(0x7f0000000340)="b2764d240403ff75ede44e16fc966b56251331ccea8e2fd95a0536afe7db2f0d0693ac39121f7d004914deb23804d0833bc83b683bde317b190caa27161209cf07c36c476109a1ff1f1dcc7424972b993a3781c109eac5a83c1a01d9adfa6d7d6da46245d74f4b59bddbe1f66b1995197ca607f017b5b8120be9aa3fbd20fbf84f1e62309d6b59cc46df8baabd5454f20f69702609d31ad5eaa60d25207c941afb5e294938f6bdf5c64bf5acbce042796aa4cc11e5f8bc5bb222055abc59dba484d88b252e36dbccca51e5ee860ee72f3f857192a3e72b4e79f18fff748d4526cd15b4c097d44195ee5b659af99ac149", 0xf0, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)="de63ce621c3dd56c896cfe845b4451ec8c8c21e99a5c8e8ed2c201030fc6c4cd0e36aa0d033491d7aa34f178c950741315c4d586581e6593cc067806dc8b87aa5dfa8db51e88638e76dbcfb56206fa2301ac99491eb9e71292d1f348b2293605f9d40f250a74dc264a2f86729bf7926599d70dd5b52fa5976af2834ad2d95fb0320a451754b5e3c2928af347bd60aa58d4ace537ce44d36ec0955f3629e0d558128d99ac01c02f439a13801112434a71c958e85795a479f0ea4797b429794e1e3786e2e2ec406e14fcb4b3366afc669298e0b97c7242cb6fb55690a8285f3a1f570d9f3e3cb949798034762466688fdb728c2e24a480c0b85d1b772efccfbd5d0cffaef821aeb0c5997da7fc668e178ba1a44aae6870fd5d8302d87f6832263d7d2a25c26e474841da235cb4e9d002dca0f297394bcf87353a1ed1ed48da2c9f8e18aed0eb49f0496479cd2a5de2cc0354f9dd2cdae39bb9591eee13145c51c100ecd75a7f74a1e600694ae73865a08329fed80f9bf8582b3d46c5f1c9c10bc43184663dae0f35db4651ceb358d96d0bea4529c2179ec9c275ca8ec4cbf929e5c00f8b16b2e7517d95d6a7690530a3429f74973bab20defbb7bfabacaa4c7bcc33d343ad00d1be7ac997420431961db0630ed62e3ca91b500a67ce494fe7a26e83b095728f7d2c76ae72768ca0777e9d4ff478f80a8299d5233d88ca1675d100027b6048fa8f27cdde7d970c49f72de6a744f66cede8faa672565de975d032e49d879c060a1b9302b73f5cb324ec0bb262ac61008e39982e30603244e32856746e44d9c387c5c01735aeab171316efe16026ecef66d9a456e35d148f73c351aa66235cf969af50242658a34a586549de4d22d571b60e0273a9016c5aaefd32aebad30bdb442cd003602fbf8e413ed42189070bbe5c14a301e2be58aa3fe083ca0677fb474b7b2c409e447ff1cbc61c2a915958a9d09af9e44e881f5a923c369d16af9aa1af8847282a3d3246a43db215a341a8f8dda569286d4de215dd91474fbba9262ae3206caedbfeaf8ca9f93f761b68e763b662ebec0b0da99f6c76cf912be9a179b93ac534e9a44f9b0e60e79b59ead3f5ec737f11157532c0859715656d8927e2ac5cfdf75a268cc8e6dc63cbc457040e49d58a485948e884135f0b62bf01ea9dbad8b21862a68598ac7304c8009c687e44477d1d32acdda7e7d073fbe10e1e0e9e169f3ed38b5a7a1e8a4ff24eb0d1c46a660dd327fed70b7d7ea2c60973e444b8ff50dd9705b6552bb1d9d3a0510c57aacb620a21321c08686edd633937d8f6084c5d077ab0e9b68d0be3d8c4e3a3d52be634865e8c58934e1c871d1669b4d81e7181fa4d997058bf32c05f9ceebe359a08b3846ff02ffb08af01e4990a7e57081281b07a3b013aee4a9c3195e46c3ec9ade2e17869c37b85d3df0086a67f9a4a08e080c3b376afd010b86f06c2244d9a97357cf39450fae8892d1a6e9c98d3c7abee49a9577a6457a348787443b8648cc8ad085f296fdbaf894be67b5ac9938c754c38bbcfd488fc92fc5b5638f9f41f54aed556eb719b0e7d74064361e5620d6b145c9bc9b9269e14b71b40d87a0cf798bc12943175d04a506fec7aebb7dcdffd69c41383b2fcf8883004726a74727d502d813dc9499a7e812648177a15941c6ae297b8cd49301e57503d8926273ed0ada240658f3f5c79deb64afb20dd0d857b0b5ade01d6b0f997fbd53fecda6ae720e52afbbaf31e56f1e17a33a8ca03616a0c13b42e7e7139dcd08beba4c8db6bab14636fd2e6401b7215a2a9902cb8baf5ed8025f85b8e41a1fe705ade504f3544ec2e09e30d09eb06aecf1ea064d4d6e1c060ba25dbf4379a9ed05c1695767930d35b978b6c58f59ef203229a6d9b84f87688070fb519d5ee00674e63bd80f677625745646f41ffcc232845f8b1b22ee5889779a5877ffcf518cef11756d2d68d7d2ad2cd8a3ebeb47a24a567ba2768f490173820f95bacae1b34447efa01b26946c20dfb07c65b04eaf0065c072e4b2f698f27c362f50e824927e480f859db9a881544967530019253324ca835c55570eb76cbbf095de6c9d105facde54774924e3359b60d532e9c5d04482330936937fd7c2fb20f1ed02fc482cc40ff74cfc4752e45d036e7e0164009c2c49bd027c9b28f135888734bfe4ada854d65579fef7c4c0d7d8ba9abc9be15d90eb76ec1b63f3ac7793ccc3cab664abeddd5fedc89662f50ea20e3a3397f38dada6e9d89fbe04d9798c65ba391d088e88ed9364967d9eff1ca8a3becb4ef860ecefe0888d6f8260abc133f51b83b29ea69464c4a64627c2cca9f6f092a10876b8aeb1d7dc4d626814c31e1e1062cee675dcc46ef16fdef41a8fca8e5f894978e0d128677fea20192e2840458585f4128ff512783f905c07b995f707382898d88cae306c5f0f623defdbd1445b9ad940ac7b42c5e12827fa7409054ae56b54cf0b2a9c545de5761b60bb205dc5fa1d06ebc96aee496b83b46784c8ea0f677dcfce1d41bdfb25b2efb8f01553f3054c930e9026b7eca0a171e53b40252024845fb625aebd3ab4a5a4ee42d8540a69efe01b4799e8fa7e03bf4bb9892be1d2699f288e13769e99d1a5ecf5b5ac074c46bdda3b6da499d5f50207dd8e1cdb93479181446932c36e8ffe74d59ccdcea2549655e1e334d7505020a18c6ff4600875ac94f3d1c2d0ac41ca108bfd70aa8fb6c9d0000644e511f6db2eea52680d40a4f89d5f9513e669e04fef7c1d197e55fe3fb4c8d09feda55e866012383d17b80a539dab27f0c0b917f6502195c668c507aa4df9db993431ac8f1683c7bc8bfdd52fbc4ee1d21ee2abba0a19c3d02ca8afacbeab35b2f8ba1655dbed20e0ac650a72d75ebe1dd4d26e0ffa86e5a10e91e5c5cf53bafb668c7a0c471bf02e79363a17165af58db6940d5d727b19bcb24074313e0aace7d22dea3105b385c219eaae7213247e2d58d230fed04d968c1839ff2daf2fdb0fbde17e3eb95b73b71007e862f7874dda3fb2c72a8a8f124e01793b9c67e6ce583a882f57d73f605969bffff581ccddfe98cb0cc7b46e402abad4a45389f4d1aa5943a1506c2ec62108ae0d5470c9e89602f9eb705794949b8505cf2dd620c42b8185590ce8932ad86866c6db1f95416dff70160a47a41753c0da46b0e8026fde36f87bd49057222867713bb048ffc1a7d696a9c1522491e82f5ae45afc80bde331ede6b639c49813597611907dd702b59d18d3347e1c22a666a0778a77e9d6edbe30ea2795e19e2dd9977a62740fb019fac8ba59e818604bb95276d6826920d6b5ee9e816677b5ff18170f8f5bca5efacd58494afc36114bcc26f19a4b7e12b798ec969883992795f395f9bd4ae0edc62570c1372eceaf66cc5caae7032e4f2a8ad134ac65daa4426285d8f1c21694091cd03d0d9abf836ac349a01b3d1ba5c86cac7a58714d8a31fd1473dce19d6b70443ae99e5621dacd7d5f5bd79fde7e727bf7fbe35dd5a1602ecca750724f63878a0183ddd28560f98abd0d1cbcf2da28ce5f90b786a7a8775c3676eba4c9c5407a88b29c508dd7dca81e4b1bc05f44b6b9dd71c8abb49caf28d44371aa9194a45d122dd63246ee167947a5d6595e76f05aeb9f4346a6593a5e70f415259fea97a6d6274a592ba7f6e2e141c85c4f98e45ba757d0edafd4ec499e723325743b3fc95198989b3a47d297c7b3ce2a917d47b4d3ae15381d16bda0c6a9c8f8f99bf79a06ec811f794a3637d95bc90105dc44429f7d18432efd289cf663c14208abf5ce983ea7177f875692e6c706fc7efe7626f71142c11071ad5571cbb34fbb490eaaadab5a9617c9a26bfc4212fcbcad2951b279a2e9c9d8ead555b2436eddb8ae35332286727023b2e96a691f3740a79e1fb9695b0d32decab98aa28ee99af172e3db175525d6d2535bf09a00e086742e842be92ecb26bed07ab572cbd5b8f547b0a55dc96d304011b4f7f229a26ebd2639b61f16795d2f468d4022c56baacc766060f5e6e75dfa1a14a521dc17957e218012aac7918b440f781e919ac82df77f8af568ba058f87f4472de97eb3d3676d1db017d26d335d9148b96821a53d571a6088181c316ac37d5e284111b2cfe75a28742e7262ad9713ddb23bdfc8b12fd70d0cf95520b36ab67b03ccf62a62ef51e45d19a51edd7eaf7da26622d15b79cbce60321d78e26c3dd4470c07315272d1eb31362ee3cdbdbd3865a99cf3da72c29a22f998619930a547703cc561ae08338f69ef885116b29638c25c3b25cb49b47e4cc7040a90ad921459a5efaa9f636e1f6e239892a008cf77cfdd7bae5bf6b8697dba3f5095e42c2fc69d029a443b614fbc98abaf1ea07eee6c48747915f64727bd83e19bda56b9f39a6cefc835c38ac5f1287c9e8fd556508b90c6a5dce5f8aa42bf0b556957fc2db32a61fa1ce4b14cfcce046e922eb0c89a9f94004877b47f4b864a294b59d6e8fe8fb1801c2da205ffcb5ec29aa511fe423d76b19d578e205fce779e1aa479f51f7a981f51a57b8e64dde704f59fb444fd46f26a5592b8b38cf5b4df66b01677216090b45ea32eaf7c857a3a8f900d047e0ff500dd4a1cd8c7b255a83e03e596942eba92d01ec562173b4cb76eb1dd9bab317ede1da3c6dbce1106f7e87d457d0fd958ba243170ab8f9f98248c4df313e01ce5aae39e0e1bbab8c9a05c5274bbb9e2ca284b75587ad320a4093970c971e21a0be052f260a462331b1bc2c199d9477b7fc520b41600911891247aa50044a629467ac9b8a755dd464e4360e33146ea9c715d2a0b6a1483717a220449d2b1907f001aef5495669ab62b44beb3d3a8cab44202cd7ea16a9e520fa75881d7170bb3fb5c4c829e12fbd6b2bcbca4b9c7102e451c2fbee7a0db175ff2e22a2c9896ba32b606c12060e71ee3668cf9e6d23e7bfac5c1b2b068cb5f52f83cf7f8dfdf5305de1b6903b6b788c6d4fe0cfe25558fb2b4e8277291074a25033f41d197c263e77bb2b72bd26b6c6bf022152ce168a15bd1bd7f8823e5732fd47687fae7e322aaa423ffffe0ed9d087a80ca123a1fe74e481db5793f51e9ac875e199ada6546d6a4ab1e1f8b646b923d39deb849beb78ba9f89681da83ea9431de58fa5c3582a14b1ed52252c7a52321c21cc969ea85c3d5de27c8158965d8fe5c305af124663acd43e264e7dec2c200163079a95ea319544650a4420f466539f52d923ff14f3d57f904a66eee8ffdd9fe02857173eb8c312fc7588f4b6865429203053567e6d421f218593a5fe67cc95aee47dfb308a44f9ac81e1d2eeb8d75954dc27171c27c433d8631fbff1588ae4203e0f76f80d3120bbd6f0382164b517a0ffb4062cc31501c7657c25f7ee84fb7a946f1126a8349113e3580b05261619fe65a2a285b0bb17466231529aa4296848cff1c5873e6f957529f6c6667c7980a9dce804a14e81b923a9e40f1a781da9b43a02ef92fe9b6b3707026c6b122f0ef077a638b3d85a95dcf625feb8ae27cbf13d5fa358e3cd57c8f80b1f26fc9af7fb520a976c020a763dc3372ce43163550c0fc14d3ee9e7642ac5d380872cbfb70dfb25bb35a936c46b6f506851a5227fb8ef6e9bb71045e0c0f1537777fa4688f0e472b9aca5645e9d72d25c589bbc635c359ffd1d933fe3d6c2cecbbca1871132dafe85eb31383a4202eb8d35a303c3978f69d25b3c549b1eee0c04dfeccd120291aecbb5aed1fa499d05ada34c3080623d71b7eb7e8610f041732e9bf71da69d431ddab451") write$FUSE_LK(r4, &(0x7f00000014c0)={0x28, 0x0, 0x0, {{0x67, 0x101, 0x1, r5}}}, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000000c0)='cdev_update\x00', r2}, 0x10) read$hidraw(r4, &(0x7f0000001500)=""/239, 0xef) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000001600), &(0x7f0000001640)=0x14) [ 530.502165][T14923] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 19:28:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x3}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:34 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x9000) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x9000) (async) [ 530.620304][T14907] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 530.659450][T14907] CPU: 0 PID: 14907 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 530.669958][T14907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 530.680150][T14907] Call Trace: [ 530.683474][T14907] [ 530.686450][T14907] dump_stack_lvl+0x136/0x150 [ 530.691199][T14907] dump_header+0x10a/0xd70 [ 530.695696][T14907] oom_kill_process+0x25d/0x600 [ 530.700635][T14907] out_of_memory+0x35c/0x1660 [ 530.705380][T14907] ? find_held_lock+0x2d/0x110 [ 530.710228][T14907] ? oom_killer_disable+0x2b0/0x2b0 [ 530.715493][T14907] ? rcu_read_unlock+0x9/0x60 19:28:34 executing program 1: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x9000) [ 530.720294][T14907] ? find_held_lock+0x2d/0x110 [ 530.725144][T14907] mem_cgroup_out_of_memory+0x206/0x270 [ 530.730820][T14907] ? mem_cgroup_margin+0x130/0x130 [ 530.736007][T14907] ? lock_downgrade+0x690/0x690 [ 530.740941][T14907] try_charge_memcg+0xf9b/0x13b0 [ 530.745973][T14907] ? mem_cgroup_handle_over_high+0x520/0x520 [ 530.752042][T14907] ? rcu_read_unlock+0x9/0x60 [ 530.756789][T14907] ? lock_downgrade+0x690/0x690 [ 530.761700][T14907] ? find_held_lock+0x2d/0x110 [ 530.766559][T14907] charge_memcg+0x90/0x3b0 [ 530.771064][T14907] __mem_cgroup_charge+0x2b/0x90 [ 530.776054][T14907] ? folio_flags.constprop.0+0x53/0x150 [ 530.781768][T14907] shmem_add_to_page_cache+0x64e/0xd50 [ 530.787360][T14907] ? shmem_get_unmapped_area+0x860/0x860 [ 530.793165][T14907] ? folio_flags.constprop.0+0x53/0x150 [ 530.798791][T14907] ? shmem_alloc_and_acct_folio+0x1af/0x5d0 [ 530.804771][T14907] shmem_get_folio_gfp+0x6a8/0x1950 [ 530.810068][T14907] ? shmem_alloc_and_acct_folio+0x5d0/0x5d0 [ 530.816059][T14907] shmem_fault+0x1cc/0x8b0 [ 530.820555][T14907] ? shmem_get_folio_gfp+0x1950/0x1950 [ 530.826130][T14907] ? mark_lock.part.0+0xee/0x1970 [ 530.831253][T14907] __do_fault+0x107/0x600 [ 530.835702][T14907] __handle_mm_fault+0x24f3/0x3e60 [ 530.840891][T14907] ? vm_iomap_memory+0x190/0x190 [ 530.845951][T14907] handle_mm_fault+0x2ba/0x9c0 [ 530.850783][T14907] __get_user_pages+0x4da/0xf30 [ 530.855729][T14907] ? follow_page_mask+0x10a0/0x10a0 [ 530.861010][T14907] ? mas_find+0x200/0x200 [ 530.865426][T14907] ? __down_read_common+0x884/0xf30 [ 530.870799][T14907] populate_vma_page_range+0x2df/0x420 [ 530.876340][T14907] ? follow_page+0x140/0x140 [ 530.881003][T14907] ? find_vma+0x1b0/0x1b0 [ 530.885410][T14907] __mm_populate+0x105/0x3b0 [ 530.890081][T14907] ? faultin_vma_page_range+0x300/0x300 [ 530.895704][T14907] ? up_write+0x1b4/0x520 [ 530.900104][T14907] do_shmat+0xcd4/0x1180 [ 530.904417][T14907] ? __x64_compat_sys_old_shmctl+0xc0/0xc0 [ 530.910288][T14907] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 530.916272][T14907] __ia32_compat_sys_shmat+0xd2/0x160 [ 530.921745][T14907] ? __ia32_sys_shmat+0x160/0x160 [ 530.924371][T14937] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 530.926807][T14907] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 530.941589][T14907] ? lockdep_hardirqs_on+0x7d/0x100 [ 530.946858][T14907] __do_fast_syscall_32+0x65/0xf0 [ 530.952033][T14907] do_fast_syscall_32+0x33/0x70 [ 530.956958][T14907] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 530.963355][T14907] RIP: 0023:0xf7f1c579 [ 530.967467][T14907] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 530.987136][T14907] RSP: 002b:00000000f7f175cc EFLAGS: 00000296 ORIG_RAX: 000000000000018d [ 530.995641][T14907] RAX: ffffffffffffffda RBX: 00000000000000ab RCX: 00000000202f4000 [ 531.003669][T14907] RDX: 0000000000005000 RSI: 0000000000000000 RDI: 0000000000000000 [ 531.011697][T14907] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 19:28:34 executing program 2: r0 = fsmount(0xffffffffffffffff, 0x1, 0x80) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000000)=""/159) mlockall(0x2) (async) r1 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 531.019719][T14907] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 531.027741][T14907] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 531.035784][T14907] [ 531.111320][T14907] memory: usage 307200kB, limit 307200kB, failcnt 72 [ 531.118175][T14907] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 531.134354][T14907] Memory cgroup stats for /syz5: [ 531.135263][T14907] anon 114688 [ 531.135263][T14907] file 311955456 [ 531.135263][T14907] kernel 2502656 [ 531.135263][T14907] kernel_stack 65536 [ 531.135263][T14907] pagetables 77824 [ 531.135263][T14907] sec_pagetables 0 [ 531.135263][T14907] percpu 11904 [ 531.135263][T14907] sock 0 [ 531.135263][T14907] vmalloc 0 [ 531.135263][T14907] shmem 311955456 [ 531.135263][T14907] zswap 0 [ 531.135263][T14907] zswapped 0 [ 531.135263][T14907] file_mapped 1728512 [ 531.135263][T14907] file_dirty 0 [ 531.135263][T14907] file_writeback 0 [ 531.135263][T14907] swapcached 0 [ 531.135263][T14907] anon_thp 0 [ 531.135263][T14907] file_thp 0 [ 531.135263][T14907] shmem_thp 0 [ 531.135263][T14907] inactive_anon 293675008 [ 531.135263][T14907] active_anon 8515584 [ 531.135263][T14907] inactive_file 0 [ 531.135263][T14907] active_file 0 [ 531.135263][T14907] unevictable 9879552 [ 531.135263][T14907] slab_reclaimable 971768 [ 531.135263][T14907] slab_unreclaimable 1360016 [ 531.135263][T14907] slab 2331784 [ 531.135263][T14907] workingset_refault_anon 0 [ 531.135263][T14907] workingset_refault_file 0 [ 531.135263][T14907] workingset_activate_anon 0 [ 531.135263][T14907] workingset_activate_file 0 [ 531.135263][T14907] workingset_restore_anon 0 [ 531.135263][T14907] workingset_restore_file 0 [ 531.135263][T14907] workingset_nodereclaim 0 [ 531.135263][T14907] pgscan 0 [ 531.135263][T14907] pgsteal 0 [ 531.135263][T14907] pgscan_kswapd 0 [ 531.135263][T14907] pgscan_direct 0 [ 531.135263][T14907] pgscan_khugepaged 0 [ 531.135263][T14907] pgsteal_kswapd 0 [ 531.135263][T14907] pgsteal_direct 0 [ 531.135263][T14907] pgsteal_khugepaged 0 [ 531.135263][T14907] pgfault 146238 [ 531.135263][T14907] pgmajfault 0 [ 531.135263][T14907] pgrefill 0 [ 531.135263][T14907] pgactivate 0 [ 531.135263][T14907] pgdeactivate 0 [ 531.135263][T14907] pglazyfree 0 [ 531.135263][T14907] pglazyfreed 0 [ 531.135263][T14907] zswpin 0 [ 531.135263][T14907] zswpout 0 [ 531.345282][T14907] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14906,uid=0 [ 531.372758][T14907] Memory cgroup out of memory: Killed process 14906 (syz-executor.5) total-vm:50472kB, anon-rss:316kB, file-rss:8832kB, shmem-rss:1408kB, UID:0 pgtables:72kB oom_score_adj:1000 19:28:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0xb}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:34 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x2000, 0x8, &(0x7f0000062000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:34 executing program 3: ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000000)={0x7, @capture={0x1000, 0x1, {}, 0x5}}) (async) mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f000023f000/0x2000)=nil, 0x3000) mlockall(0x4) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) shmget$private(0x0, 0x1000, 0x78000000, &(0x7f0000360000/0x1000)=nil) 19:28:34 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f0000000040)=r0) (async, rerun: 32) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 32) getsockopt$inet6_tcp_int(r1, 0x6, 0x7, 0x0, &(0x7f0000000080)) (async, rerun: 32) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f0000000100)=@raw=[@map_idx={0x18, 0x3, 0x5, 0x0, 0xf}, @ldst={0x1, 0x0, 0x3, 0x9, 0x5, 0x20, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @exit, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}], &(0x7f0000000140)='syzkaller\x00', 0x200, 0x12, &(0x7f0000000180)=""/18, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x3, 0x9, 0x1a, 0x1f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x80) (rerun: 32) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) (async) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r4, 0x8905, 0x0) r5 = syz_clone(0x40000000, &(0x7f0000000340)="b2764d240403ff75ede44e16fc966b56251331ccea8e2fd95a0536afe7db2f0d0693ac39121f7d004914deb23804d0833bc83b683bde317b190caa27161209cf07c36c476109a1ff1f1dcc7424972b993a3781c109eac5a83c1a01d9adfa6d7d6da46245d74f4b59bddbe1f66b1995197ca607f017b5b8120be9aa3fbd20fbf84f1e62309d6b59cc46df8baabd5454f20f69702609d31ad5eaa60d25207c941afb5e294938f6bdf5c64bf5acbce042796aa4cc11e5f8bc5bb222055abc59dba484d88b252e36dbccca51e5ee860ee72f3f857192a3e72b4e79f18fff748d4526cd15b4c097d44195ee5b659af99ac149", 0xf0, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)="de63ce621c3dd56c896cfe845b4451ec8c8c21e99a5c8e8ed2c201030fc6c4cd0e36aa0d033491d7aa34f178c950741315c4d586581e6593cc067806dc8b87aa5dfa8db51e88638e76dbcfb56206fa2301ac99491eb9e71292d1f348b2293605f9d40f250a74dc264a2f86729bf7926599d70dd5b52fa5976af2834ad2d95fb0320a451754b5e3c2928af347bd60aa58d4ace537ce44d36ec0955f3629e0d558128d99ac01c02f439a13801112434a71c958e85795a479f0ea4797b429794e1e3786e2e2ec406e14fcb4b3366afc669298e0b97c7242cb6fb55690a8285f3a1f570d9f3e3cb949798034762466688fdb728c2e24a480c0b85d1b772efccfbd5d0cffaef821aeb0c5997da7fc668e178ba1a44aae6870fd5d8302d87f6832263d7d2a25c26e474841da235cb4e9d002dca0f297394bcf87353a1ed1ed48da2c9f8e18aed0eb49f0496479cd2a5de2cc0354f9dd2cdae39bb9591eee13145c51c100ecd75a7f74a1e600694ae73865a08329fed80f9bf8582b3d46c5f1c9c10bc43184663dae0f35db4651ceb358d96d0bea4529c2179ec9c275ca8ec4cbf929e5c00f8b16b2e7517d95d6a7690530a3429f74973bab20defbb7bfabacaa4c7bcc33d343ad00d1be7ac997420431961db0630ed62e3ca91b500a67ce494fe7a26e83b095728f7d2c76ae72768ca0777e9d4ff478f80a8299d5233d88ca1675d100027b6048fa8f27cdde7d970c49f72de6a744f66cede8faa672565de975d032e49d879c060a1b9302b73f5cb324ec0bb262ac61008e39982e30603244e32856746e44d9c387c5c01735aeab171316efe16026ecef66d9a456e35d148f73c351aa66235cf969af50242658a34a586549de4d22d571b60e0273a9016c5aaefd32aebad30bdb442cd003602fbf8e413ed42189070bbe5c14a301e2be58aa3fe083ca0677fb474b7b2c409e447ff1cbc61c2a915958a9d09af9e44e881f5a923c369d16af9aa1af8847282a3d3246a43db215a341a8f8dda569286d4de215dd91474fbba9262ae3206caedbfeaf8ca9f93f761b68e763b662ebec0b0da99f6c76cf912be9a179b93ac534e9a44f9b0e60e79b59ead3f5ec737f11157532c0859715656d8927e2ac5cfdf75a268cc8e6dc63cbc457040e49d58a485948e884135f0b62bf01ea9dbad8b21862a68598ac7304c8009c687e44477d1d32acdda7e7d073fbe10e1e0e9e169f3ed38b5a7a1e8a4ff24eb0d1c46a660dd327fed70b7d7ea2c60973e444b8ff50dd9705b6552bb1d9d3a0510c57aacb620a21321c08686edd633937d8f6084c5d077ab0e9b68d0be3d8c4e3a3d52be634865e8c58934e1c871d1669b4d81e7181fa4d997058bf32c05f9ceebe359a08b3846ff02ffb08af01e4990a7e57081281b07a3b013aee4a9c3195e46c3ec9ade2e17869c37b85d3df0086a67f9a4a08e080c3b376afd010b86f06c2244d9a97357cf39450fae8892d1a6e9c98d3c7abee49a9577a6457a348787443b8648cc8ad085f296fdbaf894be67b5ac9938c754c38bbcfd488fc92fc5b5638f9f41f54aed556eb719b0e7d74064361e5620d6b145c9bc9b9269e14b71b40d87a0cf798bc12943175d04a506fec7aebb7dcdffd69c41383b2fcf8883004726a74727d502d813dc9499a7e812648177a15941c6ae297b8cd49301e57503d8926273ed0ada240658f3f5c79deb64afb20dd0d857b0b5ade01d6b0f997fbd53fecda6ae720e52afbbaf31e56f1e17a33a8ca03616a0c13b42e7e7139dcd08beba4c8db6bab14636fd2e6401b7215a2a9902cb8baf5ed8025f85b8e41a1fe705ade504f3544ec2e09e30d09eb06aecf1ea064d4d6e1c060ba25dbf4379a9ed05c1695767930d35b978b6c58f59ef203229a6d9b84f87688070fb519d5ee00674e63bd80f677625745646f41ffcc232845f8b1b22ee5889779a5877ffcf518cef11756d2d68d7d2ad2cd8a3ebeb47a24a567ba2768f490173820f95bacae1b34447efa01b26946c20dfb07c65b04eaf0065c072e4b2f698f27c362f50e824927e480f859db9a881544967530019253324ca835c55570eb76cbbf095de6c9d105facde54774924e3359b60d532e9c5d04482330936937fd7c2fb20f1ed02fc482cc40ff74cfc4752e45d036e7e0164009c2c49bd027c9b28f135888734bfe4ada854d65579fef7c4c0d7d8ba9abc9be15d90eb76ec1b63f3ac7793ccc3cab664abeddd5fedc89662f50ea20e3a3397f38dada6e9d89fbe04d9798c65ba391d088e88ed9364967d9eff1ca8a3becb4ef860ecefe0888d6f8260abc133f51b83b29ea69464c4a64627c2cca9f6f092a10876b8aeb1d7dc4d626814c31e1e1062cee675dcc46ef16fdef41a8fca8e5f894978e0d128677fea20192e2840458585f4128ff512783f905c07b995f707382898d88cae306c5f0f623defdbd1445b9ad940ac7b42c5e12827fa7409054ae56b54cf0b2a9c545de5761b60bb205dc5fa1d06ebc96aee496b83b46784c8ea0f677dcfce1d41bdfb25b2efb8f01553f3054c930e9026b7eca0a171e53b40252024845fb625aebd3ab4a5a4ee42d8540a69efe01b4799e8fa7e03bf4bb9892be1d2699f288e13769e99d1a5ecf5b5ac074c46bdda3b6da499d5f50207dd8e1cdb93479181446932c36e8ffe74d59ccdcea2549655e1e334d7505020a18c6ff4600875ac94f3d1c2d0ac41ca108bfd70aa8fb6c9d0000644e511f6db2eea52680d40a4f89d5f9513e669e04fef7c1d197e55fe3fb4c8d09feda55e866012383d17b80a539dab27f0c0b917f6502195c668c507aa4df9db993431ac8f1683c7bc8bfdd52fbc4ee1d21ee2abba0a19c3d02ca8afacbeab35b2f8ba1655dbed20e0ac650a72d75ebe1dd4d26e0ffa86e5a10e91e5c5cf53bafb668c7a0c471bf02e79363a17165af58db6940d5d727b19bcb24074313e0aace7d22dea3105b385c219eaae7213247e2d58d230fed04d968c1839ff2daf2fdb0fbde17e3eb95b73b71007e862f7874dda3fb2c72a8a8f124e01793b9c67e6ce583a882f57d73f605969bffff581ccddfe98cb0cc7b46e402abad4a45389f4d1aa5943a1506c2ec62108ae0d5470c9e89602f9eb705794949b8505cf2dd620c42b8185590ce8932ad86866c6db1f95416dff70160a47a41753c0da46b0e8026fde36f87bd49057222867713bb048ffc1a7d696a9c1522491e82f5ae45afc80bde331ede6b639c49813597611907dd702b59d18d3347e1c22a666a0778a77e9d6edbe30ea2795e19e2dd9977a62740fb019fac8ba59e818604bb95276d6826920d6b5ee9e816677b5ff18170f8f5bca5efacd58494afc36114bcc26f19a4b7e12b798ec969883992795f395f9bd4ae0edc62570c1372eceaf66cc5caae7032e4f2a8ad134ac65daa4426285d8f1c21694091cd03d0d9abf836ac349a01b3d1ba5c86cac7a58714d8a31fd1473dce19d6b70443ae99e5621dacd7d5f5bd79fde7e727bf7fbe35dd5a1602ecca750724f63878a0183ddd28560f98abd0d1cbcf2da28ce5f90b786a7a8775c3676eba4c9c5407a88b29c508dd7dca81e4b1bc05f44b6b9dd71c8abb49caf28d44371aa9194a45d122dd63246ee167947a5d6595e76f05aeb9f4346a6593a5e70f415259fea97a6d6274a592ba7f6e2e141c85c4f98e45ba757d0edafd4ec499e723325743b3fc95198989b3a47d297c7b3ce2a917d47b4d3ae15381d16bda0c6a9c8f8f99bf79a06ec811f794a3637d95bc90105dc44429f7d18432efd289cf663c14208abf5ce983ea7177f875692e6c706fc7efe7626f71142c11071ad5571cbb34fbb490eaaadab5a9617c9a26bfc4212fcbcad2951b279a2e9c9d8ead555b2436eddb8ae35332286727023b2e96a691f3740a79e1fb9695b0d32decab98aa28ee99af172e3db175525d6d2535bf09a00e086742e842be92ecb26bed07ab572cbd5b8f547b0a55dc96d304011b4f7f229a26ebd2639b61f16795d2f468d4022c56baacc766060f5e6e75dfa1a14a521dc17957e218012aac7918b440f781e919ac82df77f8af568ba058f87f4472de97eb3d3676d1db017d26d335d9148b96821a53d571a6088181c316ac37d5e284111b2cfe75a28742e7262ad9713ddb23bdfc8b12fd70d0cf95520b36ab67b03ccf62a62ef51e45d19a51edd7eaf7da26622d15b79cbce60321d78e26c3dd4470c07315272d1eb31362ee3cdbdbd3865a99cf3da72c29a22f998619930a547703cc561ae08338f69ef885116b29638c25c3b25cb49b47e4cc7040a90ad921459a5efaa9f636e1f6e239892a008cf77cfdd7bae5bf6b8697dba3f5095e42c2fc69d029a443b614fbc98abaf1ea07eee6c48747915f64727bd83e19bda56b9f39a6cefc835c38ac5f1287c9e8fd556508b90c6a5dce5f8aa42bf0b556957fc2db32a61fa1ce4b14cfcce046e922eb0c89a9f94004877b47f4b864a294b59d6e8fe8fb1801c2da205ffcb5ec29aa511fe423d76b19d578e205fce779e1aa479f51f7a981f51a57b8e64dde704f59fb444fd46f26a5592b8b38cf5b4df66b01677216090b45ea32eaf7c857a3a8f900d047e0ff500dd4a1cd8c7b255a83e03e596942eba92d01ec562173b4cb76eb1dd9bab317ede1da3c6dbce1106f7e87d457d0fd958ba243170ab8f9f98248c4df313e01ce5aae39e0e1bbab8c9a05c5274bbb9e2ca284b75587ad320a4093970c971e21a0be052f260a462331b1bc2c199d9477b7fc520b41600911891247aa50044a629467ac9b8a755dd464e4360e33146ea9c715d2a0b6a1483717a220449d2b1907f001aef5495669ab62b44beb3d3a8cab44202cd7ea16a9e520fa75881d7170bb3fb5c4c829e12fbd6b2bcbca4b9c7102e451c2fbee7a0db175ff2e22a2c9896ba32b606c12060e71ee3668cf9e6d23e7bfac5c1b2b068cb5f52f83cf7f8dfdf5305de1b6903b6b788c6d4fe0cfe25558fb2b4e8277291074a25033f41d197c263e77bb2b72bd26b6c6bf022152ce168a15bd1bd7f8823e5732fd47687fae7e322aaa423ffffe0ed9d087a80ca123a1fe74e481db5793f51e9ac875e199ada6546d6a4ab1e1f8b646b923d39deb849beb78ba9f89681da83ea9431de58fa5c3582a14b1ed52252c7a52321c21cc969ea85c3d5de27c8158965d8fe5c305af124663acd43e264e7dec2c200163079a95ea319544650a4420f466539f52d923ff14f3d57f904a66eee8ffdd9fe02857173eb8c312fc7588f4b6865429203053567e6d421f218593a5fe67cc95aee47dfb308a44f9ac81e1d2eeb8d75954dc27171c27c433d8631fbff1588ae4203e0f76f80d3120bbd6f0382164b517a0ffb4062cc31501c7657c25f7ee84fb7a946f1126a8349113e3580b05261619fe65a2a285b0bb17466231529aa4296848cff1c5873e6f957529f6c6667c7980a9dce804a14e81b923a9e40f1a781da9b43a02ef92fe9b6b3707026c6b122f0ef077a638b3d85a95dcf625feb8ae27cbf13d5fa358e3cd57c8f80b1f26fc9af7fb520a976c020a763dc3372ce43163550c0fc14d3ee9e7642ac5d380872cbfb70dfb25bb35a936c46b6f506851a5227fb8ef6e9bb71045e0c0f1537777fa4688f0e472b9aca5645e9d72d25c589bbc635c359ffd1d933fe3d6c2cecbbca1871132dafe85eb31383a4202eb8d35a303c3978f69d25b3c549b1eee0c04dfeccd120291aecbb5aed1fa499d05ada34c3080623d71b7eb7e8610f041732e9bf71da69d431ddab451") write$FUSE_LK(r4, &(0x7f00000014c0)={0x28, 0x0, 0x0, {{0x67, 0x101, 0x1, r5}}}, 0x28) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000000c0)='cdev_update\x00', r2}, 0x10) read$hidraw(r4, &(0x7f0000001500)=""/239, 0xef) (async) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000001600), &(0x7f0000001640)=0x14) 19:28:34 executing program 5: mlockall(0x2) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r0 = shmget$private(0x0, 0x4000, 0x10, &(0x7f000014b000/0x4000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x2800) 19:28:34 executing program 2: r0 = fsmount(0xffffffffffffffff, 0x1, 0x80) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000000)=""/159) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) fsmount(0xffffffffffffffff, 0x1, 0x80) (async) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000000)=""/159) (async) mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) (async) shmat(r1, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) 19:28:35 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x2000, 0x8, &(0x7f0000062000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) 19:28:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x14}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:35 executing program 1: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x2000, 0x8, &(0x7f0000062000/0x2000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 531.604459][T14959] netlink: 'syz-executor.0': attribute type 20 has an invalid length. 19:28:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x117}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) 19:28:35 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmget$private(0x0, 0x4000, 0x4, &(0x7f0000217000/0x4000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x6) [ 531.752591][T14961] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 531.799989][T14961] CPU: 0 PID: 14961 Comm: syz-executor.5 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 531.810498][T14961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 531.820603][T14961] Call Trace: [ 531.823931][T14961] [ 531.826901][T14961] dump_stack_lvl+0x136/0x150 [ 531.831645][T14961] dump_header+0x10a/0xd70 [ 531.836131][T14961] oom_kill_process+0x25d/0x600 [ 531.841057][T14961] out_of_memory+0x35c/0x1660 19:28:35 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmget$private(0x0, 0xc00000, 0x8, &(0x7f000033a000/0xc00000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 531.845810][T14961] ? find_held_lock+0x2d/0x110 [ 531.850656][T14961] ? oom_killer_disable+0x2b0/0x2b0 [ 531.855922][T14961] ? rcu_read_unlock+0x9/0x60 [ 531.860668][T14961] ? find_held_lock+0x2d/0x110 [ 531.865517][T14961] mem_cgroup_out_of_memory+0x206/0x270 [ 531.871139][T14961] ? mem_cgroup_margin+0x130/0x130 [ 531.876321][T14961] ? lock_downgrade+0x690/0x690 [ 531.881259][T14961] try_charge_memcg+0xf9b/0x13b0 [ 531.886292][T14961] ? mem_cgroup_handle_over_high+0x520/0x520 [ 531.892361][T14961] ? rcu_read_unlock+0x9/0x60 [ 531.897106][T14961] ? lock_downgrade+0x690/0x690 [ 531.902032][T14961] charge_memcg+0x90/0x3b0 [ 531.906531][T14961] __mem_cgroup_charge+0x2b/0x90 [ 531.911533][T14961] do_wp_page+0x8ea/0x3610 [ 531.916026][T14961] ? lock_release+0x670/0x670 [ 531.920851][T14961] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 531.926287][T14961] ? do_raw_spin_lock+0x124/0x2b0 [ 531.931375][T14961] ? spin_bug+0x1c0/0x1c0 [ 531.935786][T14961] __handle_mm_fault+0x19a1/0x3e60 [ 531.940976][T14961] ? vm_iomap_memory+0x190/0x190 [ 531.946009][T14961] handle_mm_fault+0x2ba/0x9c0 [ 531.950842][T14961] do_user_addr_fault+0x475/0x1230 [ 531.956116][T14961] ? rcu_is_watching+0x12/0xb0 [ 531.960952][T14961] exc_page_fault+0x98/0x170 [ 531.965610][T14961] asm_exc_page_fault+0x26/0x30 [ 531.970533][T14961] RIP: 0023:0xf7220688 [ 531.974645][T14961] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 531.994307][T14961] RSP: 002b:00000000f749fa60 EFLAGS: 00010246 19:28:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x142}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}}, 0x0) [ 532.000433][T14961] RAX: 00000000f7370000 RBX: 00000000416b5867 RCX: 0000000000001867 [ 532.008470][T14961] RDX: 0000000000000000 RSI: 00000000f734d000 RDI: 0000000081c2110d [ 532.016495][T14961] RBP: 00000000f7370000 R08: 0000000000000000 R09: 0000000000000000 [ 532.024580][T14961] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 532.032600][T14961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 532.040647][T14961] [ 532.122301][T14978] ------------[ cut here ]------------ [ 532.128099][T14978] WARNING: CPU: 0 PID: 14978 at lib/nlattr.c:118 nla_get_range_unsigned+0x199/0x560 [ 532.137652][T14978] Modules linked in: [ 532.141622][T14978] CPU: 0 PID: 14978 Comm: syz-executor.0 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 532.152156][T14978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 532.162415][T14978] RIP: 0010:nla_get_range_unsigned+0x199/0x560 [ 532.168713][T14978] Code: 00 00 a8 90 0f 85 41 02 00 00 a9 08 00 08 00 75 20 e8 cb 1b 47 fd 0f 0b 5b 41 5c 41 5d 41 5e 5d e9 bc 1b 47 fd e8 b7 1b 47 fd <0f> 0b e9 50 ff ff ff e8 ab 1b 47 fd 4d 8d 74 24 08 48 b8 00 00 00 [ 532.188462][T14978] RSP: 0018:ffffc900051ff390 EFLAGS: 00010212 [ 532.194640][T14978] RAX: 000000000000039c RBX: ffffffff8b7bf160 RCX: ffffc90005f8b000 [ 532.202685][T14978] RDX: 0000000000040000 RSI: ffffffff843bc949 RDI: 0000000000000003 [ 532.210785][T14978] RBP: ffffc900051ff3b0 R08: 0000000000000003 R09: 0000000000000000 [ 532.218872][T14978] R10: 000000000000ffff R11: 0000000000094001 R12: ffffc900051ff468 [ 532.227155][T14978] R13: ffffffff8b7bf161 R14: 000000000000ffff R15: ffff88807d4bc01c [ 532.235249][T14978] FS: 0000000000000000(0000) GS:ffff8880b9800000(0063) knlGS:00000000f7efeb40 [ 532.244326][T14978] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 532.250977][T14978] CR2: 0000000033422000 CR3: 000000001ce20000 CR4: 00000000003506f0 [ 532.259100][T14978] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 19:28:35 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f0000000040)=r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x7, 0x0, &(0x7f0000000080)) (async) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f0000000100)=@raw=[@map_idx={0x18, 0x3, 0x5, 0x0, 0xf}, @ldst={0x1, 0x0, 0x3, 0x9, 0x5, 0x20, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @exit, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}], &(0x7f0000000140)='syzkaller\x00', 0x200, 0x12, &(0x7f0000000180)=""/18, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x3, 0x9, 0x1a, 0x1f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x80) (async) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) (async) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r4, 0x8905, 0x0) (async) r5 = syz_clone(0x40000000, &(0x7f0000000340)="b2764d240403ff75ede44e16fc966b56251331ccea8e2fd95a0536afe7db2f0d0693ac39121f7d004914deb23804d0833bc83b683bde317b190caa27161209cf07c36c476109a1ff1f1dcc7424972b993a3781c109eac5a83c1a01d9adfa6d7d6da46245d74f4b59bddbe1f66b1995197ca607f017b5b8120be9aa3fbd20fbf84f1e62309d6b59cc46df8baabd5454f20f69702609d31ad5eaa60d25207c941afb5e294938f6bdf5c64bf5acbce042796aa4cc11e5f8bc5bb222055abc59dba484d88b252e36dbccca51e5ee860ee72f3f857192a3e72b4e79f18fff748d4526cd15b4c097d44195ee5b659af99ac149", 0xf0, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)="de63ce621c3dd56c896cfe845b4451ec8c8c21e99a5c8e8ed2c201030fc6c4cd0e36aa0d033491d7aa34f178c950741315c4d586581e6593cc067806dc8b87aa5dfa8db51e88638e76dbcfb56206fa2301ac99491eb9e71292d1f348b2293605f9d40f250a74dc264a2f86729bf7926599d70dd5b52fa5976af2834ad2d95fb0320a451754b5e3c2928af347bd60aa58d4ace537ce44d36ec0955f3629e0d558128d99ac01c02f439a13801112434a71c958e85795a479f0ea4797b429794e1e3786e2e2ec406e14fcb4b3366afc669298e0b97c7242cb6fb55690a8285f3a1f570d9f3e3cb949798034762466688fdb728c2e24a480c0b85d1b772efccfbd5d0cffaef821aeb0c5997da7fc668e178ba1a44aae6870fd5d8302d87f6832263d7d2a25c26e474841da235cb4e9d002dca0f297394bcf87353a1ed1ed48da2c9f8e18aed0eb49f0496479cd2a5de2cc0354f9dd2cdae39bb9591eee13145c51c100ecd75a7f74a1e600694ae73865a08329fed80f9bf8582b3d46c5f1c9c10bc43184663dae0f35db4651ceb358d96d0bea4529c2179ec9c275ca8ec4cbf929e5c00f8b16b2e7517d95d6a7690530a3429f74973bab20defbb7bfabacaa4c7bcc33d343ad00d1be7ac997420431961db0630ed62e3ca91b500a67ce494fe7a26e83b095728f7d2c76ae72768ca0777e9d4ff478f80a8299d5233d88ca1675d100027b6048fa8f27cdde7d970c49f72de6a744f66cede8faa672565de975d032e49d879c060a1b9302b73f5cb324ec0bb262ac61008e39982e30603244e32856746e44d9c387c5c01735aeab171316efe16026ecef66d9a456e35d148f73c351aa66235cf969af50242658a34a586549de4d22d571b60e0273a9016c5aaefd32aebad30bdb442cd003602fbf8e413ed42189070bbe5c14a301e2be58aa3fe083ca0677fb474b7b2c409e447ff1cbc61c2a915958a9d09af9e44e881f5a923c369d16af9aa1af8847282a3d3246a43db215a341a8f8dda569286d4de215dd91474fbba9262ae3206caedbfeaf8ca9f93f761b68e763b662ebec0b0da99f6c76cf912be9a179b93ac534e9a44f9b0e60e79b59ead3f5ec737f11157532c0859715656d8927e2ac5cfdf75a268cc8e6dc63cbc457040e49d58a485948e884135f0b62bf01ea9dbad8b21862a68598ac7304c8009c687e44477d1d32acdda7e7d073fbe10e1e0e9e169f3ed38b5a7a1e8a4ff24eb0d1c46a660dd327fed70b7d7ea2c60973e444b8ff50dd9705b6552bb1d9d3a0510c57aacb620a21321c08686edd633937d8f6084c5d077ab0e9b68d0be3d8c4e3a3d52be634865e8c58934e1c871d1669b4d81e7181fa4d997058bf32c05f9ceebe359a08b3846ff02ffb08af01e4990a7e57081281b07a3b013aee4a9c3195e46c3ec9ade2e17869c37b85d3df0086a67f9a4a08e080c3b376afd010b86f06c2244d9a97357cf39450fae8892d1a6e9c98d3c7abee49a9577a6457a348787443b8648cc8ad085f296fdbaf894be67b5ac9938c754c38bbcfd488fc92fc5b5638f9f41f54aed556eb719b0e7d74064361e5620d6b145c9bc9b9269e14b71b40d87a0cf798bc12943175d04a506fec7aebb7dcdffd69c41383b2fcf8883004726a74727d502d813dc9499a7e812648177a15941c6ae297b8cd49301e57503d8926273ed0ada240658f3f5c79deb64afb20dd0d857b0b5ade01d6b0f997fbd53fecda6ae720e52afbbaf31e56f1e17a33a8ca03616a0c13b42e7e7139dcd08beba4c8db6bab14636fd2e6401b7215a2a9902cb8baf5ed8025f85b8e41a1fe705ade504f3544ec2e09e30d09eb06aecf1ea064d4d6e1c060ba25dbf4379a9ed05c1695767930d35b978b6c58f59ef203229a6d9b84f87688070fb519d5ee00674e63bd80f677625745646f41ffcc232845f8b1b22ee5889779a5877ffcf518cef11756d2d68d7d2ad2cd8a3ebeb47a24a567ba2768f490173820f95bacae1b34447efa01b26946c20dfb07c65b04eaf0065c072e4b2f698f27c362f50e824927e480f859db9a881544967530019253324ca835c55570eb76cbbf095de6c9d105facde54774924e3359b60d532e9c5d04482330936937fd7c2fb20f1ed02fc482cc40ff74cfc4752e45d036e7e0164009c2c49bd027c9b28f135888734bfe4ada854d65579fef7c4c0d7d8ba9abc9be15d90eb76ec1b63f3ac7793ccc3cab664abeddd5fedc89662f50ea20e3a3397f38dada6e9d89fbe04d9798c65ba391d088e88ed9364967d9eff1ca8a3becb4ef860ecefe0888d6f8260abc133f51b83b29ea69464c4a64627c2cca9f6f092a10876b8aeb1d7dc4d626814c31e1e1062cee675dcc46ef16fdef41a8fca8e5f894978e0d128677fea20192e2840458585f4128ff512783f905c07b995f707382898d88cae306c5f0f623defdbd1445b9ad940ac7b42c5e12827fa7409054ae56b54cf0b2a9c545de5761b60bb205dc5fa1d06ebc96aee496b83b46784c8ea0f677dcfce1d41bdfb25b2efb8f01553f3054c930e9026b7eca0a171e53b40252024845fb625aebd3ab4a5a4ee42d8540a69efe01b4799e8fa7e03bf4bb9892be1d2699f288e13769e99d1a5ecf5b5ac074c46bdda3b6da499d5f50207dd8e1cdb93479181446932c36e8ffe74d59ccdcea2549655e1e334d7505020a18c6ff4600875ac94f3d1c2d0ac41ca108bfd70aa8fb6c9d0000644e511f6db2eea52680d40a4f89d5f9513e669e04fef7c1d197e55fe3fb4c8d09feda55e866012383d17b80a539dab27f0c0b917f6502195c668c507aa4df9db993431ac8f1683c7bc8bfdd52fbc4ee1d21ee2abba0a19c3d02ca8afacbeab35b2f8ba1655dbed20e0ac650a72d75ebe1dd4d26e0ffa86e5a10e91e5c5cf53bafb668c7a0c471bf02e79363a17165af58db6940d5d727b19bcb24074313e0aace7d22dea3105b385c219eaae7213247e2d58d230fed04d968c1839ff2daf2fdb0fbde17e3eb95b73b71007e862f7874dda3fb2c72a8a8f124e01793b9c67e6ce583a882f57d73f605969bffff581ccddfe98cb0cc7b46e402abad4a45389f4d1aa5943a1506c2ec62108ae0d5470c9e89602f9eb705794949b8505cf2dd620c42b8185590ce8932ad86866c6db1f95416dff70160a47a41753c0da46b0e8026fde36f87bd49057222867713bb048ffc1a7d696a9c1522491e82f5ae45afc80bde331ede6b639c49813597611907dd702b59d18d3347e1c22a666a0778a77e9d6edbe30ea2795e19e2dd9977a62740fb019fac8ba59e818604bb95276d6826920d6b5ee9e816677b5ff18170f8f5bca5efacd58494afc36114bcc26f19a4b7e12b798ec969883992795f395f9bd4ae0edc62570c1372eceaf66cc5caae7032e4f2a8ad134ac65daa4426285d8f1c21694091cd03d0d9abf836ac349a01b3d1ba5c86cac7a58714d8a31fd1473dce19d6b70443ae99e5621dacd7d5f5bd79fde7e727bf7fbe35dd5a1602ecca750724f63878a0183ddd28560f98abd0d1cbcf2da28ce5f90b786a7a8775c3676eba4c9c5407a88b29c508dd7dca81e4b1bc05f44b6b9dd71c8abb49caf28d44371aa9194a45d122dd63246ee167947a5d6595e76f05aeb9f4346a6593a5e70f415259fea97a6d6274a592ba7f6e2e141c85c4f98e45ba757d0edafd4ec499e723325743b3fc95198989b3a47d297c7b3ce2a917d47b4d3ae15381d16bda0c6a9c8f8f99bf79a06ec811f794a3637d95bc90105dc44429f7d18432efd289cf663c14208abf5ce983ea7177f875692e6c706fc7efe7626f71142c11071ad5571cbb34fbb490eaaadab5a9617c9a26bfc4212fcbcad2951b279a2e9c9d8ead555b2436eddb8ae35332286727023b2e96a691f3740a79e1fb9695b0d32decab98aa28ee99af172e3db175525d6d2535bf09a00e086742e842be92ecb26bed07ab572cbd5b8f547b0a55dc96d304011b4f7f229a26ebd2639b61f16795d2f468d4022c56baacc766060f5e6e75dfa1a14a521dc17957e218012aac7918b440f781e919ac82df77f8af568ba058f87f4472de97eb3d3676d1db017d26d335d9148b96821a53d571a6088181c316ac37d5e284111b2cfe75a28742e7262ad9713ddb23bdfc8b12fd70d0cf95520b36ab67b03ccf62a62ef51e45d19a51edd7eaf7da26622d15b79cbce60321d78e26c3dd4470c07315272d1eb31362ee3cdbdbd3865a99cf3da72c29a22f998619930a547703cc561ae08338f69ef885116b29638c25c3b25cb49b47e4cc7040a90ad921459a5efaa9f636e1f6e239892a008cf77cfdd7bae5bf6b8697dba3f5095e42c2fc69d029a443b614fbc98abaf1ea07eee6c48747915f64727bd83e19bda56b9f39a6cefc835c38ac5f1287c9e8fd556508b90c6a5dce5f8aa42bf0b556957fc2db32a61fa1ce4b14cfcce046e922eb0c89a9f94004877b47f4b864a294b59d6e8fe8fb1801c2da205ffcb5ec29aa511fe423d76b19d578e205fce779e1aa479f51f7a981f51a57b8e64dde704f59fb444fd46f26a5592b8b38cf5b4df66b01677216090b45ea32eaf7c857a3a8f900d047e0ff500dd4a1cd8c7b255a83e03e596942eba92d01ec562173b4cb76eb1dd9bab317ede1da3c6dbce1106f7e87d457d0fd958ba243170ab8f9f98248c4df313e01ce5aae39e0e1bbab8c9a05c5274bbb9e2ca284b75587ad320a4093970c971e21a0be052f260a462331b1bc2c199d9477b7fc520b41600911891247aa50044a629467ac9b8a755dd464e4360e33146ea9c715d2a0b6a1483717a220449d2b1907f001aef5495669ab62b44beb3d3a8cab44202cd7ea16a9e520fa75881d7170bb3fb5c4c829e12fbd6b2bcbca4b9c7102e451c2fbee7a0db175ff2e22a2c9896ba32b606c12060e71ee3668cf9e6d23e7bfac5c1b2b068cb5f52f83cf7f8dfdf5305de1b6903b6b788c6d4fe0cfe25558fb2b4e8277291074a25033f41d197c263e77bb2b72bd26b6c6bf022152ce168a15bd1bd7f8823e5732fd47687fae7e322aaa423ffffe0ed9d087a80ca123a1fe74e481db5793f51e9ac875e199ada6546d6a4ab1e1f8b646b923d39deb849beb78ba9f89681da83ea9431de58fa5c3582a14b1ed52252c7a52321c21cc969ea85c3d5de27c8158965d8fe5c305af124663acd43e264e7dec2c200163079a95ea319544650a4420f466539f52d923ff14f3d57f904a66eee8ffdd9fe02857173eb8c312fc7588f4b6865429203053567e6d421f218593a5fe67cc95aee47dfb308a44f9ac81e1d2eeb8d75954dc27171c27c433d8631fbff1588ae4203e0f76f80d3120bbd6f0382164b517a0ffb4062cc31501c7657c25f7ee84fb7a946f1126a8349113e3580b05261619fe65a2a285b0bb17466231529aa4296848cff1c5873e6f957529f6c6667c7980a9dce804a14e81b923a9e40f1a781da9b43a02ef92fe9b6b3707026c6b122f0ef077a638b3d85a95dcf625feb8ae27cbf13d5fa358e3cd57c8f80b1f26fc9af7fb520a976c020a763dc3372ce43163550c0fc14d3ee9e7642ac5d380872cbfb70dfb25bb35a936c46b6f506851a5227fb8ef6e9bb71045e0c0f1537777fa4688f0e472b9aca5645e9d72d25c589bbc635c359ffd1d933fe3d6c2cecbbca1871132dafe85eb31383a4202eb8d35a303c3978f69d25b3c549b1eee0c04dfeccd120291aecbb5aed1fa499d05ada34c3080623d71b7eb7e8610f041732e9bf71da69d431ddab451") write$FUSE_LK(r4, &(0x7f00000014c0)={0x28, 0x0, 0x0, {{0x67, 0x101, 0x1, r5}}}, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000000c0)='cdev_update\x00', r2}, 0x10) (async) read$hidraw(r4, &(0x7f0000001500)=""/239, 0xef) (async) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000001600), &(0x7f0000001640)=0x14) 19:28:35 executing program 1: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmget$private(0x0, 0x4000, 0x4, &(0x7f0000217000/0x4000)=nil) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) (async) mlockall(0x6) [ 532.267178][T14978] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 532.275270][T14978] Call Trace: [ 532.278604][T14978] [ 532.281586][T14978] __nla_validate_parse+0x16be/0x25e0 [ 532.287135][T14978] ? nla_get_range_signed+0x520/0x520 [ 532.292623][T14978] ? __kmem_cache_alloc_node+0x1b0/0x320 [ 532.298419][T14978] __nla_parse+0x41/0x50 [ 532.302752][T14978] genl_family_rcv_msg_attrs_parse.constprop.0+0x1ab/0x290 [ 532.310117][T14978] genl_family_rcv_msg_doit.isra.0+0x9f/0x2d0 [ 532.316330][T14978] ? genl_start+0x660/0x660 [ 532.320923][T14978] ? apparmor_capable+0x1dc/0x460 [ 532.326095][T14978] ? bpf_lsm_capable+0x9/0x10 [ 532.330853][T14978] ? security_capable+0x93/0xc0 [ 532.336006][T14978] ? ns_capable+0xe0/0x110 [ 532.340540][T14978] genl_rcv_msg+0x4ff/0x7e0 [ 532.345205][T14978] ? genl_family_rcv_msg_doit.isra.0+0x2d0/0x2d0 [ 532.351646][T14978] ? validate_beacon_tx_rate+0x790/0x790 [ 532.357436][T14978] ? cfg80211_ft_event+0x810/0x810 [ 532.362629][T14978] ? cfg80211_vendor_cmd_reply+0x2f0/0x2f0 [ 532.368632][T14978] netlink_rcv_skb+0x165/0x440 [ 532.373482][T14978] ? genl_family_rcv_msg_doit.isra.0+0x2d0/0x2d0 [ 532.380003][T14978] ? netlink_ack+0x1360/0x1360 [ 532.384933][T14978] genl_rcv+0x28/0x40 [ 532.389026][T14978] netlink_unicast+0x547/0x7f0 [ 532.393961][T14978] ? netlink_attachskb+0x890/0x890 [ 532.399220][T14978] ? __virt_addr_valid+0x61/0x2e0 [ 532.404440][T14961] memory: usage 307200kB, limit 307200kB, failcnt 174 [ 532.404468][T14961] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 532.411309][T14978] ? __phys_addr_symbol+0x30/0x70 [ 532.423313][T14978] ? __check_object_size+0x333/0x6e0 [ 532.428796][T14978] netlink_sendmsg+0x925/0xe30 [ 532.433659][T14978] ? netlink_unicast+0x7f0/0x7f0 [ 532.438760][T14978] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 532.444155][T14978] ? netlink_unicast+0x7f0/0x7f0 [ 532.449186][T14978] sock_sendmsg+0xde/0x190 [ 532.453701][T14978] ____sys_sendmsg+0x71c/0x900 [ 532.458635][T14978] ? kernel_sendmsg+0x50/0x50 [ 532.463388][T14978] ? get_compat_msghdr+0xf9/0x150 [ 532.468556][T14978] ? __get_compat_msghdr+0x4b0/0x4b0 19:28:36 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmget$private(0x0, 0xc00000, 0x8, &(0x7f000033a000/0xc00000)=nil) (async) shmget$private(0x0, 0xc00000, 0x8, &(0x7f000033a000/0xc00000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 532.473932][T14978] ___sys_sendmsg+0x110/0x1b0 [ 532.478767][T14978] ? do_recvmmsg+0x6e0/0x6e0 [ 532.483457][T14978] ? __fget_files+0x248/0x480 [ 532.483516][T14961] Memory cgroup stats for [ 532.488241][T14978] ? lock_downgrade+0x690/0x690 [ 532.488288][T14978] ? futex_wake_mark+0x1a0/0x1a0 [ 532.488438][T14978] ? __fget_files+0x26a/0x480 [ 532.507595][T14978] ? __fget_light+0xe5/0x270 [ 532.512282][T14978] __sys_sendmsg+0xf7/0x1c0 [ 532.516958][T14978] ? __sys_sendmsg_sock+0x40/0x40 [ 532.522080][T14978] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 532.528157][T14978] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 532.532049][T14961] /syz5 [ 532.534857][T14978] __do_fast_syscall_32+0x65/0xf0 [ 532.542902][T14978] do_fast_syscall_32+0x33/0x70 [ 532.547912][T14978] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 532.552168][T14961] : [ 532.554358][T14978] RIP: 0023:0xf7f03579 [ 532.554389][T14978] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 532.554424][T14978] RSP: 002b:00000000f7efe5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 532.554458][T14978] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180 [ 532.554481][T14978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 532.554501][T14978] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 532.554522][T14978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 532.554545][T14978] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 532.577399][T14961] anon 110592 [ 532.577399][T14961] file 311955456 [ 532.577399][T14961] kernel 2506752 [ 532.577399][T14961] kernel_stack 65536 [ 532.577399][T14961] pagetables 69632 [ 532.577399][T14961] sec_pagetables 0 [ 532.577399][T14961] percpu 11968 [ 532.577399][T14961] sock 0 [ 532.577399][T14961] vmalloc 0 [ 532.577399][T14961] shmem 311955456 [ 532.577399][T14961] zswap 0 [ 532.577399][T14961] zswapped 0 [ 532.577399][T14961] file_mapped 237568 [ 532.577399][T14961] file_dirty 0 [ 532.577399][T14961] file_writeback 0 [ 532.577399][T14961] swapcached 0 [ 532.577399][T14961] anon_thp 0 [ 532.577399][T14961] file_thp 0 [ 532.577399][T14961] shmem_thp 0 [ 532.577399][T14961] inactive_anon 295165952 [ 532.577399][T14961] active_anon 8511488 [ 532.577399][T14961] inactive_file 0 [ 532.577399][T14961] active_file 0 [ 532.577399][T14961] unevictable 8388608 [ 532.577399][T14961] slab_reclaimable 971768 [ 532.577399][T14961] slab_unreclaimable 1371144 [ 532.577399][T14961] slab 2342912 [ 532.577399][T14961] workingset_refault_anon 0 [ 532.577399][T14961] workingset_refault_file 0 [ 532.577399][T14961] workingset_activate_anon 0 [ 532.577399][T14961] workingset_activate_file 0 [ 532.577399][T14961] workingset_restore_anon 0 [ 532.577399][T14961] workingset_restore_file 0 [ 532.577399][T14961] workingset_nodereclaim 0 [ 532.577399][T14961] pgscan 0 [ 532.577399][T14961] pgsteal 0 [ 532.577399][T14961] pgscan_kswapd 0 [ 532.577399][T14961] pgscan_direct 0 [ 532.577399][T14961] pgscan_khugepaged 0 [ 532.577399][T14961] pgsteal_kswapd 0 [ 532.577399][T14961] pgsteal_direct 0 [ 532.577399][T14961] pgsteal_khugepaged 0 [ 532.577399][T14961] pgfault 146282 [ 532.577399][T14961] pgmajfault 0 [ 532.577399][T14961] pgrefill 0 [ 532.577399][T14961] pgactivate 0 [ 532.577399][T14961] pgdeactivate 0 [ 532.577399][T14961] pglazyfree 0 [ 532.577399][T14961] pglazyfreed 0 [ 532.577399][T14961] zswpin 0 [ 532.577399][T14961] zswpout 0 [ 532.580786][T14978] [ 532.812279][T14978] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 532.819616][T14978] CPU: 0 PID: 14978 Comm: syz-executor.0 Not tainted 6.3.0-rc2-syzkaller-00050-g9c1bec9c0b08 #0 [ 532.822928][T14961] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14961,uid=0 [ 532.823127][T14961] Memory cgroup out of memory: Killed process 14961 (syz-executor.5) total-vm:54312kB, anon-rss:316kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 [ 532.862909][T14978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 19:28:36 executing program 5: mlockall(0x2) (async) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r0 = shmget$private(0x0, 0x4000, 0x10, &(0x7f000014b000/0x4000)=nil) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x2800) 19:28:36 executing program 2: r0 = open(&(0x7f0000000240)='./bus\x00', 0x700, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xffffffffffffff28, 0x20000004, &(0x7f0000000140)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "edd405eaefb8673a", "74fefe8e1bbadd77b8ebe8c8e62c80e2", "50a8feea", "b4422d8706725cf0"}, 0x8) sendfile(r1, r0, 0x0, 0x800100020013) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) ftruncate(r2, 0x208200) r3 = socket(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001440)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0) ioctl$TUNSETIFINDEX(r2, 0x400454da, &(0x7f0000000280)=r6) ioctl$EVIOCSABS2F(r0, 0x401845ef, &(0x7f0000000080)={0x2, 0x5, 0x1, 0x7, 0x9, 0x7f}) clock_nanosleep(0x7, 0x0, &(0x7f0000000000)={0x77359400}, &(0x7f0000000040)) mlockall(0x2) r7 = accept4$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @private2}, &(0x7f00000001c0)=0x1c, 0x800) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) r8 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r8, &(0x7f00002f4000/0x2000)=nil, 0x5000) [ 532.873018][T14978] Call Trace: [ 532.876337][T14978] [ 532.879311][T14978] dump_stack_lvl+0xd9/0x150 [ 532.884091][T14978] panic+0x688/0x730 [ 532.888065][T14978] ? panic_smp_self_stop+0x90/0x90 [ 532.893252][T14978] ? show_trace_log_lvl+0x285/0x390 [ 532.898555][T14978] ? nla_get_range_unsigned+0x199/0x560 [ 532.904188][T14978] check_panic_on_warn+0xb1/0xc0 [ 532.909210][T14978] __warn+0xf2/0x390 [ 532.913185][T14978] ? nla_get_range_unsigned+0x199/0x560 [ 532.918817][T14978] report_bug+0x2da/0x500 [ 532.923224][T14978] handle_bug+0x3c/0x70 [ 532.927442][T14978] exc_invalid_op+0x18/0x50 [ 532.932012][T14978] asm_exc_invalid_op+0x1a/0x20 [ 532.936937][T14978] RIP: 0010:nla_get_range_unsigned+0x199/0x560 [ 532.943173][T14978] Code: 00 00 a8 90 0f 85 41 02 00 00 a9 08 00 08 00 75 20 e8 cb 1b 47 fd 0f 0b 5b 41 5c 41 5d 41 5e 5d e9 bc 1b 47 fd e8 b7 1b 47 fd <0f> 0b e9 50 ff ff ff e8 ab 1b 47 fd 4d 8d 74 24 08 48 b8 00 00 00 [ 532.962847][T14978] RSP: 0018:ffffc900051ff390 EFLAGS: 00010212 [ 532.970286][T14978] RAX: 000000000000039c RBX: ffffffff8b7bf160 RCX: ffffc90005f8b000 [ 532.978320][T14978] RDX: 0000000000040000 RSI: ffffffff843bc949 RDI: 0000000000000003 [ 532.986351][T14978] RBP: ffffc900051ff3b0 R08: 0000000000000003 R09: 0000000000000000 [ 532.994383][T14978] R10: 000000000000ffff R11: 0000000000094001 R12: ffffc900051ff468 [ 533.002417][T14978] R13: ffffffff8b7bf161 R14: 000000000000ffff R15: ffff88807d4bc01c [ 533.010476][T14978] ? nla_get_range_unsigned+0x199/0x560 [ 533.016125][T14978] __nla_validate_parse+0x16be/0x25e0 [ 533.021605][T14978] ? nla_get_range_signed+0x520/0x520 [ 533.027074][T14978] ? __kmem_cache_alloc_node+0x1b0/0x320 [ 533.032830][T14978] __nla_parse+0x41/0x50 [ 533.037167][T14978] genl_family_rcv_msg_attrs_parse.constprop.0+0x1ab/0x290 [ 533.042485][T14986] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 533.054721][T14978] genl_family_rcv_msg_doit.isra.0+0x9f/0x2d0 [ 533.060888][T14978] ? genl_start+0x660/0x660 [ 533.065482][T14978] ? apparmor_capable+0x1dc/0x460 [ 533.070662][T14978] ? bpf_lsm_capable+0x9/0x10 [ 533.075422][T14978] ? security_capable+0x93/0xc0 [ 533.080361][T14978] ? ns_capable+0xe0/0x110 [ 533.085042][T14978] genl_rcv_msg+0x4ff/0x7e0 [ 533.089625][T14978] ? genl_family_rcv_msg_doit.isra.0+0x2d0/0x2d0 [ 533.096041][T14978] ? validate_beacon_tx_rate+0x790/0x790 [ 533.101739][T14978] ? cfg80211_ft_event+0x810/0x810 [ 533.106921][T14978] ? cfg80211_vendor_cmd_reply+0x2f0/0x2f0 [ 533.112826][T14978] netlink_rcv_skb+0x165/0x440 [ 533.117665][T14978] ? genl_family_rcv_msg_doit.isra.0+0x2d0/0x2d0 [ 533.124076][T14978] ? netlink_ack+0x1360/0x1360 [ 533.128943][T14978] genl_rcv+0x28/0x40 [ 533.132994][T14978] netlink_unicast+0x547/0x7f0 [ 533.137831][T14978] ? netlink_attachskb+0x890/0x890 [ 533.143014][T14978] ? __virt_addr_valid+0x61/0x2e0 [ 533.148123][T14978] ? __phys_addr_symbol+0x30/0x70 [ 533.153208][T14978] ? __check_object_size+0x333/0x6e0 [ 533.158564][T14978] netlink_sendmsg+0x925/0xe30 [ 533.163408][T14978] ? netlink_unicast+0x7f0/0x7f0 [ 533.168426][T14978] ? bpf_lsm_socket_sendmsg+0x9/0x10 19:28:36 executing program 1: mlockall(0x2) (async) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmget$private(0x0, 0x4000, 0x4, &(0x7f0000217000/0x4000)=nil) (async) shmat(r0, &(0x7f00002f4000/0x2000)=nil, 0x5000) mlockall(0x6) [ 533.173774][T14978] ? netlink_unicast+0x7f0/0x7f0 [ 533.178802][T14978] sock_sendmsg+0xde/0x190 [ 533.183295][T14978] ____sys_sendmsg+0x71c/0x900 [ 533.188310][T14978] ? kernel_sendmsg+0x50/0x50 [ 533.193059][T14978] ? get_compat_msghdr+0xf9/0x150 [ 533.198149][T14978] ? __get_compat_msghdr+0x4b0/0x4b0 [ 533.203517][T14978] ___sys_sendmsg+0x110/0x1b0 [ 533.208281][T14978] ? do_recvmmsg+0x6e0/0x6e0 [ 533.212959][T14978] ? __fget_files+0x248/0x480 [ 533.217716][T14978] ? lock_downgrade+0x690/0x690 [ 533.222627][T14978] ? futex_wake_mark+0x1a0/0x1a0 [ 533.227650][T14978] ? __fget_files+0x26a/0x480 [ 533.232426][T14978] ? __fget_light+0xe5/0x270 [ 533.237200][T14978] __sys_sendmsg+0xf7/0x1c0 [ 533.241795][T14978] ? __sys_sendmsg_sock+0x40/0x40 [ 533.246998][T14978] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 533.252977][T14978] ? syscall_enter_from_user_mode_prepare+0x1d/0x80 [ 533.259645][T14978] __do_fast_syscall_32+0x65/0xf0 [ 533.264728][T14978] do_fast_syscall_32+0x33/0x70 [ 533.269638][T14978] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 533.276314][T14978] RIP: 0023:0xf7f03579 [ 533.280447][T14978] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 533.300109][T14978] RSP: 002b:00000000f7efe5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 533.308583][T14978] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180 [ 533.316628][T14978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 533.324650][T14978] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 533.332671][T14978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 533.340777][T14978] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 533.348817][T14978] [ 533.352039][T14978] Kernel Offset: disabled [ 533.356431][T14978] Rebooting in 86400 seconds..