[ 43.105161] audit: type=1400 audit(1556676660.884:35): avc: denied { map } for pid=7654 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts. 2019/05/01 02:11:07 fuzzer started syzkaller login: [ 49.702560] audit: type=1400 audit(1556676667.484:36): avc: denied { map } for pid=7665 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/05/01 02:11:10 dialing manager at 10.128.0.105:39971 2019/05/01 02:11:10 syscalls: 2450 2019/05/01 02:11:10 code coverage: enabled 2019/05/01 02:11:10 comparison tracing: enabled 2019/05/01 02:11:10 extra coverage: extra coverage is not supported by the kernel 2019/05/01 02:11:10 setuid sandbox: enabled 2019/05/01 02:11:10 namespace sandbox: enabled 2019/05/01 02:11:10 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/01 02:11:10 fault injection: enabled 2019/05/01 02:11:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/01 02:11:10 net packet injection: enabled 2019/05/01 02:11:10 net device setup: enabled 02:13:20 executing program 0: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001900050c00000000000000000a000000000000000000000014002d44d4525ae1979828050000000000000000"], 0x1}}, 0x0) [ 182.248171] audit: type=1400 audit(1556676800.024:37): avc: denied { map } for pid=7681 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14391 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 182.370957] IPVS: ftp: loaded support on port[0] = 21 02:13:20 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x5c65, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4c832, 0xffffffffffffffff, 0x0) pipe2(0x0, 0x84000) [ 182.539101] chnl_net:caif_netlink_parms(): no params data found [ 182.610770] IPVS: ftp: loaded support on port[0] = 21 [ 182.626550] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.640388] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.648966] device bridge_slave_0 entered promiscuous mode [ 182.661044] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.670383] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.678401] device bridge_slave_1 entered promiscuous mode 02:13:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3) ioctl$TIOCGETD(r1, 0x5424, &(0x7f0000000000)) [ 182.722476] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.746377] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.823273] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.831901] team0: Port device team_slave_0 added [ 182.870919] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.880033] team0: Port device team_slave_1 added [ 182.917114] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.926043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.948403] chnl_net:caif_netlink_parms(): no params data found 02:13:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) set_mempolicy(0x8002, &(0x7f0000000040)=0x1000401, 0x7) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 182.982234] IPVS: ftp: loaded support on port[0] = 21 [ 183.024357] device hsr_slave_0 entered promiscuous mode [ 183.089204] device hsr_slave_1 entered promiscuous mode [ 183.162225] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 183.174736] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 183.183601] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.192738] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.200466] device bridge_slave_0 entered promiscuous mode [ 183.215838] IPVS: ftp: loaded support on port[0] = 21 [ 183.218922] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.228385] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.238173] device bridge_slave_1 entered promiscuous mode 02:13:21 executing program 4: r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000004100)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) [ 183.281971] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.288541] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.296020] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.302469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.364134] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.393795] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.447318] IPVS: ftp: loaded support on port[0] = 21 [ 183.455878] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.467479] team0: Port device team_slave_0 added [ 183.476368] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.487812] team0: Port device team_slave_1 added [ 183.524247] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.542427] bridge0: port 2(bridge_slave_1) entered disabled state 02:13:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2}) r3 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r3}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r3}) [ 183.568874] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.623204] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.662421] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.791430] device hsr_slave_0 entered promiscuous mode [ 183.829024] device hsr_slave_1 entered promiscuous mode [ 183.884712] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.895225] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 183.939538] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 183.951473] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.963327] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 183.966765] IPVS: ftp: loaded support on port[0] = 21 [ 183.970345] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.990615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.999301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.007040] chnl_net:caif_netlink_parms(): no params data found [ 184.020898] chnl_net:caif_netlink_parms(): no params data found [ 184.053511] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.081904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.090142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.097850] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.104356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.121553] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.156946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.165401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.173205] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.179606] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.205785] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.214333] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.221790] device bridge_slave_0 entered promiscuous mode [ 184.235519] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.242087] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.249313] device bridge_slave_1 entered promiscuous mode [ 184.266733] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.276216] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 184.322201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.332791] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.343220] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.356852] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 184.363944] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.370782] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.378139] device bridge_slave_0 entered promiscuous mode [ 184.387816] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.395036] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.402826] device bridge_slave_1 entered promiscuous mode [ 184.430189] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.438724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.449101] chnl_net:caif_netlink_parms(): no params data found [ 184.475852] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.504948] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.516414] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.525055] team0: Port device team_slave_0 added [ 184.545250] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.553611] team0: Port device team_slave_0 added [ 184.560214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.568360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.593711] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.603313] team0: Port device team_slave_1 added [ 184.612167] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.620827] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.628172] team0: Port device team_slave_1 added [ 184.633922] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.641631] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.659847] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.667327] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.674943] device bridge_slave_0 entered promiscuous mode [ 184.682121] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.688562] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.696684] device bridge_slave_1 entered promiscuous mode [ 184.706476] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.714117] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.742635] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.760344] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 184.784284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.793001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.801538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.809556] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.872051] device hsr_slave_0 entered promiscuous mode [ 184.929074] device hsr_slave_1 entered promiscuous mode [ 184.989563] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 184.998002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 185.052170] device hsr_slave_0 entered promiscuous mode [ 185.089099] device hsr_slave_1 entered promiscuous mode [ 185.133900] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.142139] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 185.168227] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 185.177362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.185368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.195070] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.203095] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 185.230283] chnl_net:caif_netlink_parms(): no params data found [ 185.246502] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 185.252953] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.266390] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.296032] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.313846] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.322349] team0: Port device team_slave_0 added [ 185.328294] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.336251] team0: Port device team_slave_1 added [ 185.346472] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 185.367561] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.383033] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 185.390967] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.397380] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.407728] device bridge_slave_0 entered promiscuous mode [ 185.415858] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 185.423218] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.433539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.441242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.452189] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 185.458282] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.466552] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.475622] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.482466] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.490263] device bridge_slave_1 entered promiscuous mode [ 185.527906] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.539806] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.549894] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.559697] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.584547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.592786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.600569] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.606962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.614204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.622294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.630035] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.636484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.681849] device hsr_slave_0 entered promiscuous mode [ 185.718974] device hsr_slave_1 entered promiscuous mode [ 185.779101] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 185.800557] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.812749] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.822187] team0: Port device team_slave_0 added [ 185.827424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.835224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.844346] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 185.862302] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.870166] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.877587] team0: Port device team_slave_1 added [ 185.884169] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.892885] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.910604] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.917060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.926935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 185.938855] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.953569] audit: type=1400 audit(1556676803.734:38): avc: denied { associate } for pid=7682 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 185.985871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.003915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.012884] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.021408] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.044945] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.059875] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.081709] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.124353] device hsr_slave_0 entered promiscuous mode [ 186.169780] device hsr_slave_1 entered promiscuous mode [ 186.229860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.237966] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.252377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.262377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.276960] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready 02:13:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)) [ 186.303562] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 186.329903] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.340589] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 186.359438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.369542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.380193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 186.399858] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 186.407052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.423891] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 02:13:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)) [ 186.462111] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 186.475161] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.486092] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 186.495984] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.504021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.512746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.532777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.555736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 02:13:24 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) gettid() [ 186.563734] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.570281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.591334] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.609968] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.638077] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 186.650287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.657587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.667069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.674751] hrtimer: interrupt took 33380 ns [ 186.675628] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.685614] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.697623] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.717444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 186.728335] 8021q: adding VLAN 0 to HW filter on device bond0 02:13:24 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) gettid() [ 186.746119] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.757034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.770762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.790307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.816841] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.826068] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 186.842919] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.856855] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 186.867334] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.919383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.930225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.956105] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.984161] audit: type=1400 audit(1556676804.764:39): avc: denied { map } for pid=7727 comm="syz-executor.1" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=28625 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 [ 186.987017] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready 02:13:24 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) gettid() [ 187.034973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.047093] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.060379] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.066883] bridge0: port 1(bridge_slave_0) entered forwarding state 02:13:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000100)="0adc1f523c123f319bd070") r4 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r4}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r2}) [ 187.080103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.090984] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.105704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.126116] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.135897] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.163091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 187.180383] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 187.186488] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.212278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.229221] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 02:13:25 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) gettid() [ 187.236439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.245805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.270867] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.277380] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.301027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.312795] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.327001] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.340050] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 02:13:25 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 187.348308] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 187.366788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.376808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.397848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.422891] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.429359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.451585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.462928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.481501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.497307] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 187.506562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.522754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.531269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.539475] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.549753] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.573319] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 187.587073] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 187.594832] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.606039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.616349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.624365] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.630781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.637766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.645882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.653859] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.664396] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.684641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.705515] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 187.720630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.736774] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 187.747333] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.765672] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.775282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.784634] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.794139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.804903] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 187.815350] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 187.828333] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.836075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.844399] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.852268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.860594] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.868307] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.878907] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.889909] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 187.901493] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 187.907667] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.917078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.925305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.932837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.941211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.951523] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 187.960168] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 187.986099] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.993361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.001794] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.010726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.018381] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.027926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.035988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.044139] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.050544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.058616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.067947] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 188.074537] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.089321] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 188.100880] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 188.110499] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.123195] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.139275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.147000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.161452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.170898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.179778] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.186217] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.197127] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 188.206166] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 188.213387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.236830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.253575] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.276890] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 02:13:26 executing program 2: clone(0x200813fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x2800, 0x0) ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) syz_execute_func(&(0x7f0000000bc0)="c4e379614832074a2be92c3a980f0544dbeac4a37bf0c59f41e2e9c4e251b74c6e0f0f6e6232480f6ee736f344a738463da16379637902000000cc876112dc3ae00000c48253a3c4c40f5bc90f01570a02c48f8970915fbac4028d8ebf0500000041d09d54b00000491e2f163e83933a7f0000324cbec5a44d0f2c718f56c4e14dee1a6565400f0f34208e660f38dce844c3b45959410f8bbbb6a718dda4304a0000006a0f7a3134f08351595966410f38000843ad80807b4733ad0a000066450f3825a89d2424a4c423c96cb83d000000fe66410fd1e46bd104f0e14340d9e56a660f6eb45b000880417cd8f30f38f6d22636120ff360313143fd6cc80a00d8000f18c340406666413ac330c435cc5ac7d5000000000fdca0ef000000266573896f893f898900000100f199400f17976a5000000f092ddd8f0b00c4a17ae64295c4a174149b5e000000650fae59e1fb2e36646466264681b908000024000dc4c2d3f50b33c46645020fdf5f7777e12172e200c9c412b1bf70b47804000000c422a5ae9aad6974d8db90bb00000044ff7eaf79c15438c0c0c078470f0d8478038dacc60f01deb3dd676566f20f1a25ea656fc9edf2085621660f73e7da00008f8920016afcd0d0008fc93001aee15973d40c0b5765672d000000002f0fadb50000000065002d08000000439ba7452d00000000a9bb000042c4414974ecc4622d2d2551430000ffb2214e214e083143e200") add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) add_key(&(0x7f0000000280)='id_legacy\x00', &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000300)="3775f0e87a84809b8a1cab52fb96df4a5739c4d92dddfc143d0d94715193c4e1665c245f7fbcb08e7e43919e690585ffa826d3e3", 0x34, 0xfffffffffffffff8) r1 = add_key(&(0x7f0000000400)='ceph\x00', &(0x7f0000000440)={'syz', 0x2}, &(0x7f0000000480)="6678379705f38d34b7", 0x9, 0xfffffffffffffff9) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f00000003c0)={'syz', 0x2}, 0x0, 0x0, r1) request_key(&(0x7f00000000c0)='cifs.spnego\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='posix_acl_accesseth1\x8a/em1}proccpuset(*=posix_acl_access*&}!cgroup,\x00', 0x0) [ 188.297977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.322067] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.345255] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.359181] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.368166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.376360] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.384944] mmap: syz-executor.2 (7758) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 188.407678] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 188.429640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.438002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 02:13:26 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) [ 188.472891] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 188.499352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.507098] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.526261] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 188.539557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.587574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.598643] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 188.610338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.636333] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 02:13:26 executing program 4: r0 = getpgrp(0x0) prlimit64(r0, 0x0, 0x0, 0x0) [ 188.677933] 8021q: adding VLAN 0 to HW filter on device batadv0 02:13:26 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:26 executing program 3: socket$inet(0x2, 0x0, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x6, 0x100010, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x80, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x7, 0x80) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x20003, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 02:13:26 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='io.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB='\n'], 0x1) 02:13:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8000001000008912, &(0x7f0000000180)="11dca5055e0bcfec7be070") r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r1, 0x80247009, &(0x7f0000000080)) 02:13:26 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) 02:13:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, 0x0) syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0xc32e, 0x0) fsetxattr$security_smack_transmute(r2, 0x0, &(0x7f0000000300)='TRUE', 0x4, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000380)=[0x4], 0x2) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000480)=[@in6={0xa, 0x0, 0xff, @dev}, @in={0x2, 0x0, @multicast2}, @in={0x2, 0x4e21, @local}], 0x3c) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, &(0x7f0000000340)) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000040)={r3}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 'y\x14\bK\x16^\x9e\xc5/\x15\x95\xab)\xeb\xf0\x15\xf3{T\x1aWP\xac\xb2\xac\x95\xe9\xad9b\xaf5.S#\xb7y\x82\x1f\xa5^\xe1K\xf9'}) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 02:13:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/88, 0x4a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x3102001ff4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000080)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dccc402318c0a") socket$inet6(0xa, 0x0, 0x0) ioctl$VT_SETMODE(r0, 0x5602, 0x0) 02:13:26 executing program 2: r0 = socket$kcm(0x11, 0xa, 0x300) sendmsg(r0, &(0x7f0000000600)={&(0x7f0000000000)=@l2, 0x80, 0x0}, 0x0) 02:13:26 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) 02:13:26 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:26 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, 0x0) syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0xc32e, 0x0) fsetxattr$security_smack_transmute(r2, 0x0, &(0x7f0000000300)='TRUE', 0x4, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000380)=[0x4], 0x2) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000480)=[@in6={0xa, 0x0, 0xff, @dev}, @in={0x2, 0x0, @multicast2}, @in={0x2, 0x4e21, @local}], 0x3c) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, &(0x7f0000000340)) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000040)={r3}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 'y\x14\bK\x16^\x9e\xc5/\x15\x95\xab)\xeb\xf0\x15\xf3{T\x1aWP\xac\xb2\xac\x95\xe9\xad9b\xaf5.S#\xb7y\x82\x1f\xa5^\xe1K\xf9'}) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 02:13:27 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) 02:13:27 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, 0x0) syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0xc32e, 0x0) fsetxattr$security_smack_transmute(r2, 0x0, &(0x7f0000000300)='TRUE', 0x4, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000380)=[0x4], 0x2) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000480)=[@in6={0xa, 0x0, 0xff, @dev}, @in={0x2, 0x0, @multicast2}, @in={0x2, 0x4e21, @local}], 0x3c) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, &(0x7f0000000340)) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000040)={r3}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 'y\x14\bK\x16^\x9e\xc5/\x15\x95\xab)\xeb\xf0\x15\xf3{T\x1aWP\xac\xb2\xac\x95\xe9\xad9b\xaf5.S#\xb7y\x82\x1f\xa5^\xe1K\xf9'}) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 02:13:27 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, 0x0) syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0xc32e, 0x0) fsetxattr$security_smack_transmute(r2, 0x0, &(0x7f0000000300)='TRUE', 0x4, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000380)=[0x4], 0x2) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000480)=[@in6={0xa, 0x0, 0xff, @dev}, @in={0x2, 0x0, @multicast2}, @in={0x2, 0x4e21, @local}], 0x3c) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, &(0x7f0000000340)) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000040)={r3}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 'y\x14\bK\x16^\x9e\xc5/\x15\x95\xab)\xeb\xf0\x15\xf3{T\x1aWP\xac\xb2\xac\x95\xe9\xad9b\xaf5.S#\xb7y\x82\x1f\xa5^\xe1K\xf9'}) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 02:13:28 executing program 1: r0 = socket$unix(0x1, 0x800000000005, 0x0) bind$unix(r0, &(0x7f0000000040)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x9) connect(r1, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) close(r0) 02:13:28 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:28 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:28 executing program 2: syz_emit_ethernet(0x211d49, &(0x7f0000000000)={@local, @empty=[0x80fe, 0x3, 0x0, 0x300], [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300002, 0x3c, 0x0, @ipv4={[0x2], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff88, 0x0, 0x0, 0x0, [0x9, 0x29], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[], [], @broadcast}, @ipv4={[], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 02:13:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) 02:13:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8000001000008912, &(0x7f0000000180)="11dca5055e0bcfec7be070") r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:28 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) keyctl$session_to_parent(0x12) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) write(r1, &(0x7f00000001c0), 0xfffffef3) write$eventfd(r1, 0x0, 0x0) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r2, &(0x7f00000000c0)=ANY=[], 0xfffffffffffffe1d) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x200000010, 0x0, 0x0) recvmmsg(r3, &(0x7f0000002bc0)=[{{0x0, 0xffffffffffffff74, &(0x7f0000002b00), 0x0, &(0x7f0000000080)=""/62, 0x3e}}], 0x20a, 0x0, 0x0) 02:13:28 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) syz_open_pts(r0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) 02:13:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8000001000008912, &(0x7f0000000180)="11dca5055e0bcfec7be070") r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:28 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:28 executing program 1: r0 = socket$unix(0x1, 0x800000000005, 0x0) bind$unix(r0, &(0x7f0000000040)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x9) connect(r1, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) close(r0) 02:13:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) 02:13:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8000001000008912, &(0x7f0000000180)="11dca5055e0bcfec7be070") r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) [ 190.741899] syz-executor.0 (7889) used greatest stack depth: 22304 bytes left 02:13:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$usbmon(0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000000100000000000000fffffdfd00000000006aaf7520"]) 02:13:28 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) syz_open_pts(r0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) [ 190.782269] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 190.782269] program syz-executor.2 not setting count and/or reply_len properly 02:13:28 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x20}, 0x1c) 02:13:28 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8000001000008912, &(0x7f0000000180)="11dca5055e0bcfec7be070") r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:28 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0) umount2(0x0, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000030c0), 0xffffffb5) unlink(&(0x7f00000005c0)='./file0/file0\x00') umount2(&(0x7f0000000040)='./file0\x00', 0x1) 02:13:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8000001000008912, &(0x7f0000000180)="11dca5055e0bcfec7be070") ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) [ 191.101797] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 191.101797] program syz-executor.2 not setting count and/or reply_len properly 02:13:28 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8000001000008912, &(0x7f0000000180)="11dca5055e0bcfec7be070") ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:29 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf03000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") 02:13:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8000001000008912, &(0x7f0000000180)="11dca5055e0bcfec7be070") ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 191.358851] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 191.358851] program syz-executor.2 not setting count and/or reply_len properly 02:13:29 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) syz_open_pts(r0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) 02:13:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4138ae84, &(0x7f0000000140)) 02:13:29 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:29 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:29 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) [ 191.864136] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 191.864136] program syz-executor.2 not setting count and/or reply_len properly 02:13:29 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:29 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) 02:13:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") write(0xffffffffffffffff, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:29 executing program 1: pipe2(&(0x7f0000000080), 0x4800) accept4$unix(0xffffffffffffffff, &(0x7f0000000400)=@abs, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x4000001, 0x182) lseek(0xffffffffffffffff, 0x0, 0x155d80fa1ababfe6) r1 = memfd_create(&(0x7f0000000380)='iC;`\xb6p+\x10', 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) write(0xffffffffffffffff, 0x0, 0x0) read(r2, &(0x7f0000000200)=""/250, 0x50c7e3e3) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, 0xffffffffffffffff, 0x0, 0x2000005) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x11, &(0x7f0000000100)=0xe37a, 0x4) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000180)={0x0, 0x0, 0x4}, 0x0, 0x0, 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) 02:13:29 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") write(0xffffffffffffffff, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:30 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:30 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") write(0xffffffffffffffff, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:30 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) 02:13:30 executing program 1: 02:13:30 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:30 executing program 1: 02:13:30 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:30 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:30 executing program 1: 02:13:30 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) 02:13:30 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 192.773760] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 192.773760] program syz-executor.2 not setting count and/or reply_len properly 02:13:31 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:31 executing program 4: openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:31 executing program 1: 02:13:31 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:31 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:31 executing program 3: 02:13:31 executing program 3: 02:13:31 executing program 4: openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) [ 193.450985] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 193.450985] program syz-executor.2 not setting count and/or reply_len properly 02:13:31 executing program 1: 02:13:31 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:31 executing program 1: 02:13:31 executing program 3: [ 193.713800] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 193.713800] program syz-executor.2 not setting count and/or reply_len properly 02:13:32 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:32 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:32 executing program 4: openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf, 0x0, 0xa9}) 02:13:32 executing program 1: 02:13:32 executing program 3: 02:13:32 executing program 2: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:32 executing program 3: 02:13:32 executing program 1: [ 194.339198] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 194.339198] program syz-executor.2 not setting count and/or reply_len properly 02:13:32 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0) 02:13:32 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:32 executing program 2: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:32 executing program 1: [ 194.583302] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 194.583302] program syz-executor.2 not setting count and/or reply_len properly 02:13:32 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:32 executing program 3: 02:13:32 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0) 02:13:32 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:32 executing program 1: 02:13:32 executing program 2: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:33 executing program 1: 02:13:33 executing program 3: [ 195.209323] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 195.209323] program syz-executor.2 not setting count and/or reply_len properly 02:13:33 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0) 02:13:33 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:33 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:33 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xa9}) 02:13:33 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000000)=0x1, 0x8c, 0x1, 0x0, 0x0, 0x1) 02:13:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r2, 0x8030ae7c, 0x0) 02:13:33 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:33 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xa9}) 02:13:33 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(r1, 0x4010ae42, &(0x7f00000023c0)) 02:13:33 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:33 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) socket$inet_udplite(0x2, 0x2, 0x88) read(r0, &(0x7f0000000280)=""/11, 0xfe17) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:33 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:33 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xa9}) 02:13:33 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:33 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(r1, 0x4010ae42, &(0x7f00000023c0)) 02:13:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) socket$inet_udplite(0x2, 0x2, 0x88) read(r0, &(0x7f0000000280)=""/11, 0xfe17) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:33 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf}) 02:13:33 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 195.930307] sg_write: 2 callbacks suppressed [ 195.930321] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 195.930321] program syz-executor.2 not setting count and/or reply_len properly 02:13:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:33 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(r1, 0x4010ae42, &(0x7f00000023c0)) 02:13:33 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf}) 02:13:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) socket$inet_udplite(0x2, 0x2, 0x88) read(r0, &(0x7f0000000280)=""/11, 0xfe17) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:33 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:33 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 196.106914] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 196.106914] program syz-executor.2 not setting count and/or reply_len properly 02:13:34 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xf}) 02:13:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:34 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:34 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(r1, 0x4010ae68, &(0x7f00000023c0)) [ 196.323119] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 196.323119] program syz-executor.2 not setting count and/or reply_len properly 02:13:34 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:34 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0xaad) 02:13:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:34 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:34 executing program 4: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000080)={0x0}) 02:13:34 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) [ 196.596958] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 196.596958] program syz-executor.2 not setting count and/or reply_len properly 02:13:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:34 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:34 executing program 3: r0 = getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x400, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fb, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x100000000}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x2000000000000002, 0x2, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000100)={[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf002, [], 0x5}) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, [], [], [], 0x0, 0x0, 0x0, 0x0, "c8d989727578bda7d81210d1cc3198c3"}) r3 = open(&(0x7f00000004c0)='./file0\x00', 0x14104a, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000300)={'syz'}, 0x0) ioctl$TIOCGPTLCK(r3, 0x80045439, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) 02:13:34 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 196.827616] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 196.827616] program syz-executor.2 not setting count and/or reply_len properly 02:13:34 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:34 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1000) 02:13:34 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:34 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 197.025954] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 197.025954] program syz-executor.2 not setting count and/or reply_len properly 02:13:34 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1000) 02:13:35 executing program 4: syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(&(0x7f0000000040)='ntfs\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=ANY=[]) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x0) 02:13:35 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:35 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:35 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1000) 02:13:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:35 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:35 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 197.533100] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 197.533100] program syz-executor.2 not setting count and/or reply_len properly 02:13:35 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:35 executing program 1: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:35 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 197.660786] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 02:13:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)) r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:35 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 197.805421] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 197.805421] program syz-executor.2 not setting count and/or reply_len properly 02:13:35 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 197.971377] overlayfs: filesystem on './file0' not supported as upperdir [ 197.989695] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 02:13:36 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:36 executing program 1: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:36 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)) r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:36 executing program 4: r0 = getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x400, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fb, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x100000000}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x2000000000000002, 0x2, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000100)={[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf002, [], 0x5}) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, [], [], [], 0x0, 0x0, 0x0, 0x0, "c8d989727578bda7d81210d1cc3198c3"}) open(&(0x7f00000004c0)='./file0\x00', 0x14104a, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000300)={'syz'}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) ioctl$KVM_ENABLE_CAP(r4, 0x4068aea3, &(0x7f0000000000)={0x79}) 02:13:36 executing program 3: ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:36 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:36 executing program 3: ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 198.359283] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 198.359283] program syz-executor.2 not setting count and/or reply_len properly 02:13:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)) r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:36 executing program 1: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) [ 198.524642] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 198.524642] program syz-executor.2 not setting count and/or reply_len properly 02:13:36 executing program 3: ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c12") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:36 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:36 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:36 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:36 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c12") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:36 executing program 4: r0 = getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x400, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fb, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x100000000}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x2000000000000002, 0x2, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000100)={[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf002, [], 0x5}) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, [], [], [], 0x0, 0x0, 0x0, 0x0, "c8d989727578bda7d81210d1cc3198c3"}) open(&(0x7f00000004c0)='./file0\x00', 0x14104a, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000300)={'syz'}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) ioctl$KVM_ENABLE_CAP(r4, 0x4068aea3, &(0x7f0000000000)={0x79}) 02:13:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c12") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:37 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:37 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:37 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319b") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:37 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:37 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:37 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:37 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319b") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:37 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:37 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:37 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:37 executing program 3: openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:37 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319b") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:38 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:38 executing program 3: openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:38 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd0") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:38 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:38 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:38 executing program 3: openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd0") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:38 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:38 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, 0x0) 02:13:38 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:38 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd0") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:38 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:38 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:38 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, 0x0) 02:13:38 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:39 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, 0x0, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 201.224750] sg_write: 8 callbacks suppressed [ 201.224776] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 201.224776] program syz-executor.2 not setting count and/or reply_len properly 02:13:39 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, 0x0) 02:13:39 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:39 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_tgsigqueueinfo(0x0, 0x0, 0x37, &(0x7f00000002c0)) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(0x0, 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:39 executing program 5: ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000001c0)=0xffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(0xffffffffffffffff, &(0x7f0000000280)=""/11, 0xfe17) r1 = syz_open_pts(0xffffffffffffffff, 0x0) r2 = dup3(r1, 0xffffffffffffffff, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:39 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_tgsigqueueinfo(0x0, 0x0, 0x37, &(0x7f00000002c0)) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:39 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, 0x0, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:39 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x0, @sdr={0xe7}}) 02:13:39 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(0x0, 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:39 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_tgsigqueueinfo(0x0, 0x0, 0x37, &(0x7f00000002c0)) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:39 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, 0x0, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:40 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x0, @sdr={0xe7}}) 02:13:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(0x0, 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:40 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:40 executing program 4: r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:40 executing program 5: ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000001c0)=0xffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(0xffffffffffffffff, &(0x7f0000000280)=""/11, 0xfe17) r1 = syz_open_pts(0xffffffffffffffff, 0x0) r2 = dup3(r1, 0xffffffffffffffff, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:40 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:40 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x0, @sdr={0xe7}}) 02:13:40 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:40 executing program 4: r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:40 executing program 5: ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000001c0)=0xffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(0xffffffffffffffff, &(0x7f0000000280)=""/11, 0xfe17) r1 = syz_open_pts(0xffffffffffffffff, 0x0) r2 = dup3(r1, 0xffffffffffffffff, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:40 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr}) 02:13:40 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:40 executing program 4: r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:40 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:40 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:40 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:40 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:40 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr}) 02:13:40 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:40 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(0xffffffffffffffff, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:40 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:40 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:40 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:40 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr}) 02:13:40 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(0xffffffffffffffff, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:41 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:41 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:41 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:41 executing program 3: syz_execute_func(&(0x7f0000000480)="4a2be91c39980f05f7a6aae28920aec4a37bf0c50141e2e922ebc4a2fd1ceb262f43ca070064d11bc421fa6f3d136c000000f2d2dec461dc57b1e67d0b25c4837916d2befac4c27d939c3995410000e1491e2f160f41fe4cbec5c54d0f2c718f56c4627d793b47d34206c4827d460a7bf8c483057f6e3e5340b267d84860c4a31149a00700000024fa846c76ed1fc402fd34ad010000001feda827c4a2a9095351c48255973b0f3a16288836670fe0a9f27f00009ad691eedcf4fc0f383ca3300a0000ef8b8b27c4a2798f092802ce463307383baa32d467460f3300028f6a78106f6503000000c4e1782ff466413a010fc442fd21b19b0b0000f2f1a1c9000000001adddd411171f200594f01dcdc62c9ae4918f19ad08181942400092ddd8f0b00c4a17ae64295007bf208f522ba22baa9a73000c481fc2eae2500000036338d8d83b9520800000dc4e27d0ed280002c85aad9c7d26c1b014c593e40d9f50f001e5764807c7bfde2a858ed43fbc42119da3cb01100430fd1a2d08212d4e51cc466f30f6f64931717cc474cf9f240150f9e8b79000021f15a0cdac421fd29fa002d08000000009b5d8ea7a728285675444157653e460f19690dd5c4c1cdc28a0000000000fcc4c36d4b7b0ead32ad32750831c44109f89700008020") prctl$PR_GET_SECUREBITS(0x1b) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) 02:13:41 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(0xffffffffffffffff, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:41 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:41 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, 0x0, 0x0) 02:13:41 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1000) 02:13:41 executing program 3: syz_genetlink_get_family_id$nbd(0x0) syz_execute_func(&(0x7f0000000300)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abc421b8c25cb100008d3581810000262f7946d9f96646da4e32c4c2b9b6b90000000000d2dec461dc55b166440f56a82c7bd9172525000e818f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace2d56c4613fc21d9099c7ab86c4213e5377000043d9497dbf82595943f30fbca90010000242d17f0066073a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c481faf06b00f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee4b6c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e400f4260fe88c4200000000ca30cac46190546104f3450f2c6b0009912af3430fc4c17829c8c463ad0b5890ca6c0f84500000006466420f3a0b0100d8008fe978cce16a9d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c1002470fae52c3b2aa246681380010c4026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fad7fbfbc9ec1b1b0fadd5663ef0430fabb90800000064660f01de880c000000c4627925b7a91f6037") 02:13:41 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 203.602185] audit: type=1400 audit(1556676821.384:40): avc: denied { create } for pid=8673 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 203.721410] audit: type=1400 audit(1556676821.384:41): avc: denied { write } for pid=8673 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 203.758184] audit: type=1400 audit(1556676821.454:42): avc: denied { read } for pid=8673 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 02:13:41 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:41 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:41 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, 0x0}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, 0x0, 0x0) 02:13:41 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1000) 02:13:41 executing program 3: syz_execute_func(&(0x7f0000000180)="3666440f50f564ff0941c3dbc4d9a5f97300006269f7a41d000000003a8e16649c6700617b12cc64660f2ef4c442019dccd2111db8d36f") syz_execute_func(&(0x7f0000000640)="c4e3f9614832f04a2be9c4c1117df6980f053ef3aec4a37bf0c50441e2e926b5c9c482052b1aa30000262ff342906646da4e32c4c3d17f90550000009100d23bde36cdff4081a20a0000009a000000c4a2f932b70d0000000f94c98fa860a394dc00000000b0abe285d39e1d9e1de9defe0f49e0ebf3f336f3f3470fb4950000002056c4229d97a800000000697480140b00006576c166470ff9646e7fc48209b63d4f7f0000c4a2712e85b7000000c46171f31bc4c2092e79966f65da8000000000564105ba16f2ae16c42de26d3b22c481fb2d079a000800008372e4a25600b12bc309c8218f48609a567be289e28974ce76660f7f24ae77dee4b67f43f01a73f34d1b4d1b6e0fc4617a2c9f0d0000007feff242dd5b0b6566400f54cf3b7d0f12e400f4260fe88c4200000000410f38038144000000bb3cbb3c02f3a5f345d15e5392262600456c0f8450000000d0b62f8181943e66420f3a0da281709cd99ad800dd4805e0c4f3460faec32b6e0b0ba17ac64295c4c311691d09000000ca2ef20f38f05300c364f32e8f490001cf2ec4a17c1002973606b2aa260f38c9ba0f007300000080708f72450f0d26f247acec9636660f38058b976192361d09f4f5e597dc7b8e47910002466fc4c145f8436cf20f2d9b0c000000c4e1f95a3b66400f1be92ef246e16df3440f5fa2279b0000c4614d63338f690801900fac00000b31660f6b2f0000383803fbf010cff30fbd950d000000") 02:13:42 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, 0x0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:42 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, 0x0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, 0x0, 0x0) 02:13:42 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1000) 02:13:42 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, 0x0}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:42 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, 0x0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:42 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280), 0x0) 02:13:42 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:42 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, 0x0, 0x0) 02:13:42 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, 0x0}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:42 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_execute_func(&(0x7f0000000000)="c441f055ce64ff0941c34b09e1c4a195673d740a8fff26640f580b69f7a41d000000005181617b12e564660f2ef4c442019dccd2111db8d3f5") syz_execute_func(&(0x7f0000000040)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d9621506640f79c78d5822dbf36410fc1f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c67777dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af9006666430f5ef04805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc467a2dd990cb1b110217cedf9c403816ee3bd39058b97619236725bf4e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") 02:13:42 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:42 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280), 0x0) 02:13:42 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:43 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, 0x0, 0x0) 02:13:43 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, 0x0) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:43 executing program 3: pause() syz_execute_func(&(0x7f0000000080)="3666440f50f564ff0941c3dbc4d9a5f97300006269f7a41d00003a8e16649c6700617b12cc64660f2ef4c442019dccd2111db8d36f") syz_execute_func(&(0x7f0000000300)="c4e3f9614832f04a2be9c4c1117df6980f053ef3aec4a37bf0c50441e2e926b5c9c482052b1aa30000262ff342906646da4e32c4c3d17f90550000009100d23bde36cdffe617c4a2f932b70d0000000f94c98fa860a394dc00000000b0abe285d39e1d9e1de9defef20f1afaebf3f336f3f3470fb4950000002056c4229d97a800000000697480140b00006576c166470ff9646e7fc48209b63d4f7f0000c4a2712e85b7000000c46171f31bc4c2092e79966f65da8000000000564105ba16f2ae66410ffe3a16c42de26d3b22c481fb2d079a000800008372e4a25600b12bc309c8218f48609a567be289e28974ce76660f7f24ae77dee4b67f43f01a1aeded186e0fc4617a2c9f0d0000007feff242dd5b0b6566400f54cf3b7d0f12e400f4260fe88c4200000000ca30ca410f38038144000000bb3cbb3c02f3a5f345d15e5392262600456c0f8450000000d0b62f8181943e66420f3a0da281709cd99ad800dd4805e0c4f3460faec32b6e0b0ba17ac64295c4c311691d09000000ca2ef20f38f05300c364f32e8f490001cf2ec4a17c1002973606b2aa260f38c9ba0f007300000080708f72450f0d26f247acec9636660f38058b976192361d09f4f5e597dc7b8e47910002466fc4c145f8436cf20f2d9b0c000000c4e1f95a3b66400f1be92ef246e16df3440f5fa2279b0000c4614d63338f690801900fac00000b31660f6b2f0000383803fbf010cff30fbd950d000000") 02:13:43 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:43 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, 0x0, 0x0) 02:13:43 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, 0x0) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280), 0x0) 02:13:43 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, 0x0) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:43 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:43 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:43 executing program 1: syz_execute_func(&(0x7f0000000300)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abc421b8c25cb100008d3581810000262f7946d9f96646da4e32c4c2b9b6b90000000000d2dec461dc55b166440f56a82c7bd9172525000e818f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace2d56c4613fc21d9099c7ab86c4213e5377000043d9497dbf82595943f30fbca90010000242d17f0066073a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c481faf06b00f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee4b6c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e400f4260fe88c4200000000ca30cac46190546104f3450f2c6b0009912af3430fc4c17829c8c463ad0b5890ca6c0f84500000006466420f3a0b0100d8008fe978cce16a9d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c1002470fae52c3b2aa246681380010c4026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fad7fbfbc9ec1b1b0fadd5663ef0430fabb90800000064660f01de880c000000c4627925b7a91f6037") 02:13:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffff", 0x24) 02:13:43 executing program 3: syz_execute_func(&(0x7f0000000ac0)="640f2c6d35afaf2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad8f30f5d9f080000002525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427c4a119158affda0000ffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d9621506640f79c78d5822dbf36410fc1f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c67777dce7440f704eee9864f2ff4ed000f4c4617be6d209912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af9006666430f5ef04805c462a52b6e0b8fa810ecd6091a1af20fa576c4acacc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc467a2dd990cb1b110217cedf9c403816ee3bd39058b97619236725bf4e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc2105126f34e0f38f60b42d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") [ 206.279978] IPVS: ftp: loaded support on port[0] = 21 [ 206.399035] syz-executor.1 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 206.456256] audit: type=1400 audit(1556676824.234:43): avc: denied { syslog } for pid=8802 comm="syz-executor.1" capability=34 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 02:13:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:44 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{0x0}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffff", 0x24) 02:13:44 executing program 3: syz_genetlink_get_family_id$nbd(0x0) syz_execute_func(&(0x7f00000000c0)="3666440f50f564ff0941c366440f56c9660f3a16649c6700c4617b12e5c441dfd04b00c442019dcc0f11d46f") syz_execute_func(&(0x7f0000000ec0)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abc421b8c25cb100008d3581810000262f7946d9f96646da4e32c4c2b9b6b90000000000d2dec461dc55b166440f56a82c7bd9172525000e818f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace2d56c4613fc21d9099c7ab86c4213e5377000043d9497dbf82595943f30fbca90010000242d17f0066073a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c481faf06b00f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee4b6c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e4d61d260fe88c4200000000ca30cac46190546104f3450f2c6b0009912af3430fc4c17829c8c463ad0b5890ca6c0f84500000006466420f3a0b0100d8008fe978cce16a85856d6d81759d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c1002470fae52c3b2aa246681380010c4026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fad7fbfbc9ec1b1b0fadd5663ef0430fabb90800000064660f01de880c000000c4627925b7a91f6037") 02:13:44 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:44 executing program 4: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:44 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{0x0}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffff", 0x24) 02:13:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x20001000008912, &(0x7f0000000000)="0adc1f123c123f339bd070") madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xf) 02:13:44 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{0x0}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8", 0x36) 02:13:44 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) syz_execute_func(&(0x7f00000004c0)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09c462f10cbc5d66450f38007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d962150386c6cb336410fc1f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c646dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af90000004805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc4a2dd910cb11010217cedf9c403816ee3bd39058b97619236725bf4f1e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") [ 207.194104] sg_write: data in/out 167162/6 bytes for SCSI command 0xff-- guessing data in; [ 207.194104] program syz-executor.2 not setting count and/or reply_len properly 02:13:45 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000000)="0f210bf2acbad104edbaf80c66b86c88028d66efbafc0c66b8c662c81466ef8590bdccf0815df100000f22dc660fc5fc0d0f01c20fc73a", 0x37}], 0x1, 0x53, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:13:45 executing program 1: syz_execute_func(&(0x7f0000000000)="c441f055ce64ff0941c34b09e1c4a195673d740a8fff26640f580b69f7a41d000000005181617b12e564660f2ef4c442019dccd2111db8d3f5") syz_execute_func(&(0x7f0000000600)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9007e1d9066440f6595010000003447c6441846002200262ff3909245d9ff440f0f4f64b46645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081697069704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d9621506640f79c78d5822dbf36410fc1f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c67777dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af9006666430f5ef04805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc467a2dd990cb1b110217cedf9c403816ee3bd39058b97619236725bf4e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb44d11b570b9d9d61c9e86c2e8a3d11be00003422") 02:13:45 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8", 0x36) [ 207.765458] sg_write: data in/out 167162/6 bytes for SCSI command 0xff-- guessing data in; [ 207.765458] program syz-executor.2 not setting count and/or reply_len properly 02:13:45 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8", 0x36) 02:13:45 executing program 4: syz_execute_func(&(0x7f00000009c0)="c4e379614832074a2be92c3e93980f053ef3aec4a37bf0c50141e2e922eb66d995f214400666440f383dbe080000001d660f38463da16379637902000000f2d2dec4613657b1b60000c482513e64450faea0ff83c2f5fa3700d54bd4d4491e2f16ae66f30f5c248ec442319ebb70fe6581f0430fc0b267f34cb4bab2585641564105ba16f2ae66410f3a162888c423c96cb83d000000fe66410fd1e426660fdf53098f69609bfb87a8e1430faecd471858d8d8a1a12ad764c466460fe5ad0008804181ac5fe0643619ec8004f440646666413a0f3830ca30ca404f38253d03000067ddeac4c2f61d9c96c9e8e9362665e94612c8009ad0818194d8000f096426f2440f7c6a07c4a17ae64295c401977c4ffef32e36646466264683b9080000000d5df86767400fae1336b2aac4c4627d78410141afa28f6baf4900c6e3d641dbe4cb19cbc0414e591a8374fb0a070f48d0633c0ccd581deded660ffb09f20f1dbe0010000000e5c57c65978047910002c10b47ccc46451bc07f92f382c2c0fae1df794c790439b42a7a75e0f4401a9bb000042c4414974ecd5313166dbd1c4a275083159e9") [ 207.961738] sg_write: data in/out 167162/6 bytes for SCSI command 0xff-- guessing data in; [ 207.961738] program syz-executor.2 not setting count and/or reply_len properly 02:13:45 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:45 executing program 3: pause() syz_open_dev$usbmon(0x0, 0x0, 0x0) syz_execute_func(&(0x7f0000000080)="3666440f50f564ff0941c366440f56c9660f3a16649c6700c4617b12e58f697882c8c442019dcc0f11d46f") syz_execute_func(&(0x7f0000000300)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abc421b8c25cb100008d3581810000262f7946d9f96646da4e32c4c2b9b6b90000000000d2dec461dc55b166440f56a82c7bd9172525000e818f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace2d56c4613fc21d9099c7ab86c4213e5377000043d9497dbf82595943f30fbca90010000242d17f0066073a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c481faf06b00f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee4b6c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e400f4260fe88c4200000000ca30cac46190546104f3450f2c6b0009912af3430fc4c17829c8c463ad0b5890ca6c0f84500000006466420f3a0b0100d8008fe978cce16a9d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c1002470fae52c3b2aa246681380010c4026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fad7fbfbc9ec1b1b0fadd5663ef0430fabb90800000064660f01de880c000000c4627925b7a91f6037") 02:13:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01", 0x3f) [ 208.142125] sg_write: data in/out 167162/15 bytes for SCSI command 0xff-- guessing data in; [ 208.142125] program syz-executor.2 not setting count and/or reply_len properly 02:13:46 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:46 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:46 executing program 1: syz_execute_func(&(0x7f0000000100)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abc421b8c25cb100008d3581810000262f7946d9f96646da4e32c4c2b9b6b90000000000d2dec461dc55b166440f56a82c7bd9172525000e818f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace2d56c4613fc21d9099c7ab86c4213e5377000043d9497dbf82595943f30fbca90010000242d17f0066073a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c481faf06b00f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee4b6c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e4d61d260fe88c4200000000ca30cac46190546104f3450f2c6b0009912af3430fc4c17829c8c463ad0b5890ca6c0f84500000006466420f3a0b0100d8008fe978cce16a85856d6d81759d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c1002470fae52c3b2aa246681380010c4026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fad7fbfbc9ec1b1b0fadd5663ef0430fabb90800000064660f01de880c000000c4627925b7a91f6037") 02:13:46 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x400000000000004}, 0x1c) syz_execute_func(&(0x7f0000000240)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09c462f10cbc5d66450f38007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad809132525000e818f450f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081f3cfd59ecfd59e704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d962150386c6cb336410fc1f1c4817d28ef491feefe8f08e4a25666400f3a203f050fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c646dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af90000004805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cbc4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc4a2dd910cb11010217cedf9c403816ee3bd39058b97619236725bf4f1e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") 02:13:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01", 0x3f) 02:13:46 executing program 1: syz_execute_func(&(0x7f0000000240)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09c462f10cbc5d66450f38007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad809132525000e818f450f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081f3cfd59ecfd59e704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d962150386c6cb336410fc1f1c4817d28ef491feefe8f08e4a25666400f3a203f050fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c646dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af90000004805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cbc4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc4a2dd910cb11010217cedf9c403816ee3bd39058b97619236725bf4f1e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") [ 208.646788] sg_write: data in/out 167162/15 bytes for SCSI command 0xff-- guessing data in; [ 208.646788] program syz-executor.2 not setting count and/or reply_len properly 02:13:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01", 0x3f) [ 208.815162] sg_write: data in/out 167162/15 bytes for SCSI command 0xff-- guessing data in; [ 208.815162] program syz-executor.2 not setting count and/or reply_len properly 02:13:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b8", 0x44) [ 208.911556] sg_write: data in/out 167162/20 bytes for SCSI command 0xff-- guessing data in; [ 208.911556] program syz-executor.2 not setting count and/or reply_len properly 02:13:46 executing program 4: syz_execute_func(&(0x7f0000000400)="c4e379614832074a2be924b593980f053ef3aec4a37bf0c50141e2e90f683966d995f2144006262ff34290660f8fc978c65e1b1b63f1707802a60000f2d2c461fb12c736266765f241e109dc55b1e6250000c48251364669fa88008800859ecf491e2f16c2e54c80184cddcd2c718f56c42239b84900c442319ebb70fe6581f0430dc0b267f34cb4ba1c585641564105ba16f2aec4018dfafbc423c96cb83d000000fe7341ff500909660fc4c2799ff28f69609b5687a8e1430fae277cd8d8a1a12ad764b5c1c4213a5fc05fc18d308e8ed4f20f12e40000f440646666413a0f3830ca30ca5b5b0f38253d030000005f5f0221c82b032b0309000000c4c2801d6766660f38158a8e616d0dc4a149deac665f000000c9e8e9368f684895a3000000803fad467c4700a59ad081819cd800f0092ddd8f0b00c4a17ae64295807b1cffd2fb2e36646466264683b9080000000d64e42e36b2aac4075e2ea20f6baf00c4e39978c4c2712e51f5414c598374fb0a07b3ddaccd58ededd71249e5a2a992af4c4e0b0ba1389f9f92008000008047910002c1045c0b47cc47ccf92ff265460f940665002d08000000c40208f35824420fae06a75e0f4401a9bb000042c4414974ecd53131fbdbc9") 02:13:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b8", 0x44) [ 209.047059] sg_write: data in/out 167162/20 bytes for SCSI command 0xff-- guessing data in; [ 209.047059] program syz-executor.2 not setting count and/or reply_len properly 02:13:46 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b8", 0x44) [ 209.197200] sg_write: data in/out 167162/20 bytes for SCSI command 0xff-- guessing data in; [ 209.197200] program syz-executor.2 not setting count and/or reply_len properly 02:13:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f80", 0x46) [ 209.301371] sg_write: data in/out 167162/22 bytes for SCSI command 0xff-- guessing data in; [ 209.301371] program syz-executor.2 not setting count and/or reply_len properly 02:13:47 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:47 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@remote, 0x8}, 0x20) 02:13:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f80", 0x46) 02:13:47 executing program 3: ppoll(0x0, 0x0, 0x0, 0x0, 0x0) syz_execute_func(&(0x7f0000000d80)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac5197f9c402d98e935059f70801d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36a0e14edb5eeedb5cf4cacbc9999ba16f2ae664e0f3a611b04c4c29d9621506640f79c78d5822dbf36412f41f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c67777dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af9006666430f5ef04805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a07469cc4027502b0f3fe550dc467a2dd990cb1b110217cedf9c403816ee3bd39058b97619236725bf4e58847910060c10415420b0bcc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") 02:13:47 executing program 1: syz_execute_func(&(0x7f0000000200)="c4e379614832074a2be924b593980f053ef3aec4a37bf0c50141e2e90f683966d995f2144006262ff34290660f8fc978c65e1b1b63f1707802a60000f2d2c461fb12c736266765f241e109dc55b1e6250000c48251364669fa88008800859ecf491e2f16c2e54c80184cddcd2c718f56c42239b84900c442319ebb70fe6581f0430dc0b267f34cb4ba1c585641564105ba16f2aec4018dfafbc423c96cb83d000000fe7341ff500909660fc4c2799ff28f69609b5687a8e1430fae277cd8d8a1a12ad764b5c1c4213a5fc05fc18d308e8ed4f20f12e40000f440646666413a0f3830ca30ca5b5b0f38253d030000005f5f0221c82b032b0309000000c4c2801d6766660f38158a8e616d0dc4a149deac665f000000c9e8e9368f684895a3000000803fad467c4700a59ad081819cd800f0092ddd8f0b00c4a17ae64295807b1cffd2fb2e36646466264683b9080000000d64e42e36b2aac4075e2ea20f6baf00c4e39978c4c2712e51f5414c598374fb0a07b3ddaccd58ededd71249e5a2a992af4c4e0b0ba1389f9f92008000008047910002c1045c0b47cc47ccf92ff265460f940665002d08000000c40208f35824420fae06a75e0f4401a9bb000042c4414974ecd53131fbdbc9") 02:13:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f80", 0x46) 02:13:47 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='sessionid\x00') preadv(r0, &(0x7f00000017c0), 0x368, 0x0) 02:13:47 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='sessionid\x00') preadv(r0, &(0x7f00000017c0), 0x368, 0x0) 02:13:47 executing program 1: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_execute_func(&(0x7f0000000000)="c441f055ce64ff0941c34b09e1c4a195673d740a8fff26640f580b69f7a41d000000005181617b12e564660f2ef4c442019dccd2111db8d3f5") syz_execute_func(&(0x7f0000000040)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d9621506640f79c78d5822dbf36410fc1f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c67777dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af9006666430f5ef04805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc467a2dd990cb1b110217cedf9c403816ee3bd39058b97619236725bf4e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") 02:13:47 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051", 0x47) 02:13:47 executing program 4: pause() syz_execute_func(&(0x7f0000000640)="c4e3f9614832f04a2be9c4c1117df6980f053ef3aec4a37bf0c50441e2e926b5c9c482052b1aa30000262ff342906646da4e32c4c3d17f90550000009100d23bde36cdff4081a20a0000009a000000c4a2f932b70d0000000f94c98fa860a394dc00000000b0abe285d39e1d9e1de9defe0f49e0ebf3f336f3f3470fb4950000002056c4229d97a800000000697480140b00006576c166470ff9646e7fc48209b63d4f7f0000c4a2712e85b7000000c46171f31bc4c2092e79966f65da8000000000564105ba16f2ae16c42de26d3b22c481fb2d079a000800008372e4a25600b12bc309c8218f48609a567be289e28974ce76660f7f24ae77dee4b67f43f01a73f34d1b4d1b6e0fc4617a2c9f0d0000007feff242dd5b0b6566400f54cf3b7d0f12e400f4260fe88c4200000000410f38038144000000bb3cbb3c02f3a5f345d15e5392262600456c0f8450000000d0b62f8181943e66420f3a0da281709cd99ad800dd4805e0c4f3460faec32b6e0b0ba17ac64295c4c311691d09000000ca2ef20f38f05300c364f32e8f490001cf2ec4a17c1002973606b2aa260f38c9ba0f007300000080708f72450f0d26f247acec9636660f38058b976192361d09f4f5e597dc7b8e47910002466fc4c145f8436cf20f2d9b0c000000c4e1f95a3b66400f1be92ef246e16df3440f5fa2279b0000c4614d63338f690801900fac00000b31660f6b2f0000383803fbf010cff30fbd950d000000") 02:13:48 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) 02:13:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051", 0x47) 02:13:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) 02:13:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051", 0x47) 02:13:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xc0045878, 0x0) 02:13:48 executing program 2: msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)) 02:13:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) 02:13:48 executing program 2: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000080)='threaded\x00', 0x91f274) utime(&(0x7f0000000100)='./file0\x00', 0x0) 02:13:48 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xc0045878, 0x0) 02:13:48 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c000000070a0501ff008dfffdffff2e0a1000000c000100ffff00007d0a00010c000200000022ff02f10000"], 0x2c}}, 0x0) [ 210.918156] audit: type=1400 audit(1556676828.693:44): avc: denied { create } for pid=9004 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 210.992467] audit: type=1400 audit(1556676828.693:45): avc: denied { write } for pid=9004 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 02:13:48 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:48 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000007060901ff008dfffdffff2e0a1000000c000100ffff00007d0a00010c000200000022ff02f10000"], 0x2c}}, 0x0) 02:13:48 executing program 1: openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:13:48 executing program 4: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = getpid() openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) chdir(0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x97cb06ebee444840, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000500)='sched\x00') 02:13:49 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 211.239568] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 02:13:49 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000000c0)=""/246) ioctl$PPPIOCSACTIVE(r0, 0x40087446, &(0x7f0000000280)={0x0, 0x0}) 02:13:49 executing program 3: madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x80000000f) r0 = inotify_init() ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) openat$kvm(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a45352, &(0x7f0000000300)={{0x100000000, 0xda}, 'port1\x00', 0x4, 0x1, 0xffffffffffffffcc, 0xe35c, 0xbb9, 0x200, 0x5, 0x0, 0x4, 0x8}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'eql\x00', 0x10000803}) ioctl$TUNSETLINK(r2, 0x400454cd, 0x30a) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) delete_module(&(0x7f0000000200)='/dev/zero\x00', 0x800) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x80, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000240)={0x100000, 0x10fffd}) ioctl$sock_ifreq(r1, 0x8914, &(0x7f00000000c0)={'eql\x00\x00\x00\xa9[\x00\x05\x00\x00\xff\xff\xff\xff', @ifru_mtu=0x1}) dup(0xffffffffffffff9c) 02:13:49 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:49 executing program 4: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = getpid() openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) chdir(0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x97cb06ebee444840, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000500)='sched\x00') 02:13:49 executing program 1: 02:13:49 executing program 3: 02:13:49 executing program 1: 02:13:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:49 executing program 4: 02:13:49 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x0, 0x0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:49 executing program 1: 02:13:49 executing program 3: 02:13:49 executing program 2: 02:13:49 executing program 1: 02:13:49 executing program 3: 02:13:49 executing program 4: 02:13:50 executing program 2: 02:13:50 executing program 1: 02:13:50 executing program 2: 02:13:50 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:50 executing program 3: 02:13:50 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x0, 0x0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:50 executing program 4: 02:13:50 executing program 2: 02:13:50 executing program 1: 02:13:50 executing program 3: 02:13:50 executing program 4: 02:13:50 executing program 1: 02:13:50 executing program 2: 02:13:50 executing program 4: 02:13:50 executing program 3: 02:13:51 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:51 executing program 1: 02:13:51 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x0, 0x0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:51 executing program 2: 02:13:51 executing program 4: 02:13:51 executing program 3: 02:13:51 executing program 4: 02:13:51 executing program 1: 02:13:51 executing program 2: 02:13:51 executing program 3: 02:13:51 executing program 4: 02:13:51 executing program 1: 02:13:52 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:52 executing program 2: 02:13:52 executing program 3: 02:13:52 executing program 4: 02:13:52 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:52 executing program 1: 02:13:52 executing program 4: 02:13:52 executing program 3: 02:13:52 executing program 2: 02:13:52 executing program 1: 02:13:52 executing program 3: 02:13:52 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:53 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:53 executing program 2: 02:13:53 executing program 1: 02:13:53 executing program 4: 02:13:53 executing program 3: 02:13:53 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:53 executing program 4: 02:13:53 executing program 1: 02:13:53 executing program 2: 02:13:53 executing program 3: 02:13:53 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480), 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:53 executing program 2: 02:13:54 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:13:54 executing program 4: 02:13:54 executing program 3: 02:13:54 executing program 1: 02:13:54 executing program 2: 02:13:54 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480), 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:54 executing program 3: 02:13:54 executing program 4: 02:13:54 executing program 1: 02:13:54 executing program 2: 02:13:54 executing program 3: 02:13:54 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r0, &(0x7f0000000480)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 218.306012] RSP: 002b:00007f2c63695c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 218.315413] RAX: ffffffffffffffda RBX: 00007f2c63695c90 RCX: 0000000000458da9 02:13:56 executing program 4 (fault-call:1 fault-nth:0): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:56 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 218.322816] RDX: 0000000000001000 RSI: 0000000020000200 RDI: 0000000000000004 [ 218.322834] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 218.334056] syz-executor.0 (9305) used greatest stack depth: 22240 bytes left [ 218.339070] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c636966d4 [ 218.339082] R13: 00000000004c5c17 R14: 00000000004da0a0 R15: 0000000000000005 [ 218.380423] CPU: 1 PID: 9301 Comm: syz-executor.1 Not tainted 4.19.37 #5 [ 218.387660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.397278] Call Trace: [ 218.400033] dump_stack+0x172/0x1f0 [ 218.404155] should_fail.cold+0xa/0x1b [ 218.408081] ? mark_held_locks+0x100/0x100 [ 218.412712] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 218.412732] ? perf_trace_lock_acquire+0xf5/0x580 [ 218.412760] __should_failslab+0x121/0x190 [ 218.412780] should_failslab+0x9/0x14 [ 218.433069] kmem_cache_alloc+0x47/0x700 [ 218.433091] ? lock_downgrade+0x810/0x810 [ 218.433113] __debug_object_init+0x755/0xc30 [ 218.433131] ? blk_queue_exit+0x13f/0x270 [ 218.433146] ? debug_object_fixup+0x30/0x30 [ 218.433159] ? blk_mq_alloc_request+0xc0/0x240 [ 218.433178] ? blk_mq_get_request+0x1660/0x1660 [ 218.464773] ? pci_mmcfg_check_reserved+0x170/0x170 [ 218.464799] debug_object_init+0x16/0x20 [ 218.464836] init_rcu_head+0x10/0x20 [ 218.464858] scsi_initialize_rq+0x27/0xc0 [ 218.464877] ? scsi_old_exit_rq+0x110/0x110 [ 218.501466] blk_get_request+0x11a/0x720 [ 218.506063] ? debug_smp_processor_id+0x1c/0x20 [ 218.511592] sg_common_write.isra.0+0x56d/0x22c0 [ 218.516580] ? sg_open+0x1820/0x1820 [ 218.520449] ? vprintk_func+0x86/0x189 [ 218.524387] ? printk+0xba/0xed [ 218.525157] FAULT_INJECTION: forcing a failure. [ 218.525157] name failslab, interval 1, probability 0, space 0, times 0 [ 218.527884] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 218.527909] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 218.527928] ? ___ratelimit+0x60/0x595 [ 218.527958] sg_write.part.0+0x855/0xeb0 [ 218.559137] ? sg_ioctl+0x28d0/0x28d0 [ 218.563293] ? perf_trace_lock_acquire+0xf5/0x580 [ 218.568756] ? kstrtouint+0x142/0x1a0 [ 218.572894] ? __lock_acquire+0x6eb/0x48f0 [ 218.577514] ? find_held_lock+0x35/0x130 [ 218.582012] ? get_pid_task+0xd4/0x190 [ 218.586392] ? mark_held_locks+0x100/0x100 [ 218.590876] ? debug_smp_processor_id+0x1c/0x20 [ 218.595957] ? perf_trace_lock_acquire+0xf5/0x580 [ 218.601094] ? __fget+0x340/0x540 [ 218.604815] sg_write+0x6e/0x93 [ 218.608367] __vfs_write+0x116/0x820 [ 218.612314] ? sg_write.part.0+0xeb0/0xeb0 [ 218.616593] ? kernel_read+0x120/0x120 [ 218.620770] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 218.626588] ? __inode_security_revalidate+0xda/0x120 [ 218.632076] ? avc_policy_seqno+0xd/0x70 [ 218.636548] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 218.641613] ? selinux_file_permission+0x92/0x550 [ 218.646766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.652830] ? security_file_permission+0x8f/0x230 [ 218.658230] ? rw_verify_area+0x118/0x360 [ 218.662428] vfs_write+0x20c/0x560 [ 218.666010] ksys_write+0xea/0x1f0 [ 218.669587] ? __ia32_sys_read+0xb0/0xb0 [ 218.674276] ? do_syscall_64+0x26/0x610 [ 218.678458] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.684065] ? do_syscall_64+0x26/0x610 [ 218.688612] __x64_sys_write+0x73/0xb0 [ 218.692612] do_syscall_64+0x103/0x610 [ 218.696646] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.701900] RIP: 0033:0x458da9 [ 218.705666] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 218.725769] RSP: 002b:00007ff6ef188c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 218.733864] RAX: ffffffffffffffda RBX: 00007ff6ef188c90 RCX: 0000000000458da9 [ 218.741640] RDX: 0000000000000048 RSI: 0000000020000280 RDI: 0000000000000004 [ 218.749306] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 218.756995] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff6ef1896d4 [ 218.764830] R13: 00000000004c4d89 R14: 00000000004de1b0 R15: 0000000000000005 [ 218.772716] CPU: 0 PID: 9319 Comm: syz-executor.4 Not tainted 4.19.37 #5 [ 218.780412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.790286] Call Trace: [ 218.793085] dump_stack+0x172/0x1f0 [ 218.796845] should_fail.cold+0xa/0x1b [ 218.801147] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 218.807197] ? lock_downgrade+0x810/0x810 [ 218.811986] ? ___might_sleep+0x163/0x280 [ 218.816459] __should_failslab+0x121/0x190 [ 218.821081] should_failslab+0x9/0x14 [ 218.825002] kmem_cache_alloc_node_trace+0x277/0x720 [ 218.830599] ? kasan_check_read+0x11/0x20 [ 218.835072] __kmalloc_node+0x3d/0x80 [ 218.839305] kvmalloc_node+0x68/0x100 [ 218.843499] video_usercopy+0x454/0x10d0 [ 218.847776] ? v4l_s_fmt+0x960/0x960 [ 218.851800] ? v4l_enumstd+0x70/0x70 [ 218.855751] ? mark_held_locks+0x100/0x100 [ 218.860207] ? proc_fail_nth_write+0x9d/0x1e0 [ 218.865088] ? proc_cwd_link+0x1d0/0x1d0 [ 218.869396] ? __fget+0x340/0x540 [ 218.873068] ? video_usercopy+0x10d0/0x10d0 [ 218.877646] video_ioctl2+0x2d/0x35 [ 218.881600] v4l2_ioctl+0x156/0x1b0 [ 218.885262] ? video_devdata+0xa0/0xa0 [ 218.889198] do_vfs_ioctl+0xd6e/0x1390 [ 218.893115] ? selinux_file_ioctl+0x46f/0x5e0 [ 218.898195] ? selinux_file_ioctl+0x125/0x5e0 [ 218.903216] ? ioctl_preallocate+0x210/0x210 [ 218.908003] ? selinux_file_mprotect+0x620/0x620 [ 218.912934] ? iterate_fd+0x360/0x360 [ 218.917012] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 218.923020] ? fput+0x128/0x1a0 [ 218.926579] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.932650] ? security_file_ioctl+0x93/0xc0 [ 218.937405] ksys_ioctl+0xab/0xd0 [ 218.941014] __x64_sys_ioctl+0x73/0xb0 [ 218.945034] do_syscall_64+0x103/0x610 [ 218.949506] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.954773] RIP: 0033:0x458da9 [ 218.958006] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:13:56 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:56 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x1000000, 0x0, 0x0, 0x0, 0x0) 02:13:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:56 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) [ 218.978002] RSP: 002b:00007f30aa427c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 218.986253] RAX: ffffffffffffffda RBX: 00007f30aa427c90 RCX: 0000000000458da9 [ 218.986269] RDX: 00000000200002c0 RSI: 00000000c0d05640 RDI: 0000000000000003 [ 219.001764] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 219.007299] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 219.007299] program syz-executor.1 not setting count and/or reply_len properly 02:13:56 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0) 02:13:56 executing program 3 (fault-call:2 fault-nth:1): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) [ 219.010060] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f30aa4286d4 [ 219.010070] R13: 00000000004c4151 R14: 00000000004d7790 R15: 0000000000000004 [ 219.127776] FAULT_INJECTION: forcing a failure. [ 219.127776] name failslab, interval 1, probability 0, space 0, times 0 02:13:56 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:56 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x1000000) 02:13:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63d305e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:57 executing program 4 (fault-call:1 fault-nth:1): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 219.248621] CPU: 1 PID: 9338 Comm: syz-executor.3 Not tainted 4.19.37 #5 [ 219.255860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.265627] Call Trace: [ 219.268626] dump_stack+0x172/0x1f0 [ 219.272401] should_fail.cold+0xa/0x1b [ 219.276536] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 219.282167] ? lock_downgrade+0x810/0x810 [ 219.286593] ? ___might_sleep+0x163/0x280 [ 219.290992] __should_failslab+0x121/0x190 [ 219.295456] should_failslab+0x9/0x14 [ 219.299303] __kmalloc+0x2e5/0x750 [ 219.303449] ? mark_held_locks+0x100/0x100 [ 219.307825] ? __vb2_queue_alloc+0xe9/0xec0 [ 219.308226] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 219.308226] program syz-executor.1 not setting count and/or reply_len properly [ 219.312939] __vb2_queue_alloc+0xe9/0xec0 [ 219.312961] ? fs_reclaim_acquire+0x20/0x20 [ 219.312985] ? __lock_is_held+0xb6/0x140 [ 219.313005] ? vivid_rds_gen_fill+0x470/0x470 02:13:57 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 219.313033] vb2_core_reqbufs+0x432/0xce0 [ 219.352779] ? vb2_core_create_bufs+0x790/0x790 [ 219.357584] ? rcu_read_lock_sched_held+0x110/0x130 [ 219.363301] ? vb2_fop_read+0xf0/0x410 [ 219.367510] __vb2_init_fileio+0x33f/0xbe0 [ 219.371800] ? __mutex_lock+0x3cd/0x1300 [ 219.375993] ? vb2_fop_read+0xf0/0x410 [ 219.380613] __vb2_perform_fileio+0xbff/0x1140 [ 219.385470] ? mutex_trylock+0x1e0/0x1e0 [ 219.389770] ? find_held_lock+0x35/0x130 [ 219.394475] ? get_pid_task+0xd4/0x190 02:13:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63da45e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 219.398595] ? vb2_thread_start+0x370/0x370 [ 219.402969] ? mark_held_locks+0x100/0x100 [ 219.407608] vb2_read+0x3b/0x50 [ 219.411331] vb2_fop_read+0x212/0x410 [ 219.415180] ? vb2_fop_write+0x410/0x410 [ 219.419457] v4l2_read+0x1ce/0x230 [ 219.423048] __vfs_read+0x116/0x800 [ 219.426978] ? v4l2_write+0x230/0x230 [ 219.430910] ? vfs_copy_file_range+0xba0/0xba0 [ 219.435546] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 219.436096] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 219.436096] program syz-executor.1 not setting count and/or reply_len properly [ 219.441352] ? __inode_security_revalidate+0xda/0x120 [ 219.441369] ? avc_policy_seqno+0xd/0x70 [ 219.441386] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 219.441408] ? security_file_permission+0x1ce/0x230 [ 219.441424] ? security_file_permission+0x8f/0x230 [ 219.441453] ? rw_verify_area+0x118/0x360 [ 219.489152] vfs_read+0x194/0x3d0 [ 219.492680] ksys_read+0xea/0x1f0 02:13:57 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:57 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x2, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e2400000000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:57 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000) [ 219.496714] ? kernel_write+0x120/0x120 [ 219.501037] ? do_syscall_64+0x26/0x610 [ 219.505734] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.511737] ? do_syscall_64+0x26/0x610 [ 219.515875] __x64_sys_read+0x73/0xb0 [ 219.519982] do_syscall_64+0x103/0x610 [ 219.524085] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.529407] RIP: 0033:0x458da9 02:13:57 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = open(&(0x7f0000000000)='./file0\x00', 0x800, 0x1) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r1, 0xc0105303, &(0x7f0000000040)={0x7ff, 0x7ff, 0x3}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x101000, 0x20) [ 219.532755] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 219.554063] RSP: 002b:00007f2c63695c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 219.562611] RAX: ffffffffffffffda RBX: 00007f2c63695c90 RCX: 0000000000458da9 [ 219.570569] RDX: 0000000000001000 RSI: 0000000020000200 RDI: 0000000000000004 [ 219.578359] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 219.586035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c636966d4 [ 219.593839] R13: 00000000004c5c17 R14: 00000000004da0a0 R15: 0000000000000005 02:13:57 executing program 3 (fault-call:2 fault-nth:2): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:57 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x4b47, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:57 executing program 2: clone(0x810000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d040000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:57 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:57 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 219.840468] sg_write: data in/out 298234/24 bytes for SCSI command 0xff-- guessing data in; [ 219.840468] program syz-executor.1 not setting count and/or reply_len properly [ 219.849282] FAULT_INJECTION: forcing a failure. [ 219.849282] name failslab, interval 1, probability 0, space 0, times 0 [ 219.907761] CPU: 0 PID: 9399 Comm: syz-executor.3 Not tainted 4.19.37 #5 [ 219.915043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.925112] Call Trace: [ 219.927927] dump_stack+0x172/0x1f0 [ 219.931999] should_fail.cold+0xa/0x1b [ 219.936318] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 219.942138] ? lock_downgrade+0x810/0x810 [ 219.947447] ? ___might_sleep+0x163/0x280 [ 219.955014] __should_failslab+0x121/0x190 [ 219.955038] should_failslab+0x9/0x14 [ 219.955054] kmem_cache_alloc_trace+0x2cf/0x760 [ 219.955076] ? rcu_read_lock_sched_held+0x110/0x130 [ 219.955093] ? __kmalloc+0x5e4/0x750 [ 219.955116] ? lock_downgrade+0x810/0x810 [ 219.983518] vb2_vmalloc_alloc+0x71/0x290 [ 219.987812] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 219.993609] __vb2_queue_alloc+0x4be/0xec0 [ 219.998505] ? vivid_rds_gen_fill+0x470/0x470 [ 220.003434] vb2_core_reqbufs+0x432/0xce0 [ 220.007855] ? vb2_core_create_bufs+0x790/0x790 [ 220.012944] ? rcu_read_lock_sched_held+0x110/0x130 [ 220.018035] ? vb2_fop_read+0xf0/0x410 [ 220.022233] __vb2_init_fileio+0x33f/0xbe0 [ 220.026770] ? __mutex_lock+0x3cd/0x1300 [ 220.031068] ? vb2_fop_read+0xf0/0x410 [ 220.035100] __vb2_perform_fileio+0xbff/0x1140 [ 220.040178] ? mutex_trylock+0x1e0/0x1e0 [ 220.044521] ? find_held_lock+0x35/0x130 [ 220.048835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.054808] ? vb2_thread_start+0x370/0x370 [ 220.059190] ? mark_held_locks+0x100/0x100 [ 220.063539] vb2_read+0x3b/0x50 [ 220.067073] vb2_fop_read+0x212/0x410 [ 220.071199] ? vb2_fop_write+0x410/0x410 [ 220.076374] v4l2_read+0x1ce/0x230 [ 220.081107] __vfs_read+0x116/0x800 [ 220.085389] ? v4l2_write+0x230/0x230 [ 220.089648] ? vfs_copy_file_range+0xba0/0xba0 [ 220.094857] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 220.100865] ? __inode_security_revalidate+0xda/0x120 [ 220.106572] ? avc_policy_seqno+0xd/0x70 [ 220.110959] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 220.116447] ? security_file_permission+0x1ce/0x230 [ 220.121536] ? security_file_permission+0x8f/0x230 [ 220.126537] ? rw_verify_area+0x118/0x360 [ 220.131005] vfs_read+0x194/0x3d0 [ 220.134664] ksys_read+0xea/0x1f0 [ 220.138211] ? kernel_write+0x120/0x120 [ 220.142501] ? do_syscall_64+0x26/0x610 [ 220.146780] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.152651] ? do_syscall_64+0x26/0x610 02:13:57 executing program 2: syz_mount_image$nfs(&(0x7f00000000c0)='nfs\x00', &(0x7f0000000100)='./file0\x00', 0x80, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="40b90ac3a835a4700d2a81f9851044e385c2875bb06f39ce7fbfc3439e5bb9fa39377081e2e25e6783817101b486436e780d159aa3cbadef8559cbedf788", 0x3e, 0x100000000}, {&(0x7f0000000180)="f4be73d4c068a343f19c6cb17cb331d23c05d8292cc6b4b3410d02f558a12d79409e8fe8bececb0f52a3694233f9bd0170", 0x31, 0xfffffffffffffffa}], 0x80000, &(0x7f0000000280)='/dev/audio#\x00') clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0xfffffffffffffffc, 0x2080) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000500)=0x1001000, 0xfffffffffffffd86) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000003c0)=@sack_info={0x0, 0x9}, &(0x7f0000000400)=0xc) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000440)={r2}, &(0x7f0000000480)=0x8) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000340)={0x63, 0x0, 0x3, 0x7}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000380)={0xaaf9, r3, 0x2, 0x1}) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:57 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 220.157002] __x64_sys_read+0x73/0xb0 [ 220.160866] do_syscall_64+0x103/0x610 [ 220.165185] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.171207] RIP: 0033:0x458da9 [ 220.174983] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.195330] RSP: 002b:00007f2c63695c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 02:13:58 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x4b49, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000002500003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 220.203305] RAX: ffffffffffffffda RBX: 00007f2c63695c90 RCX: 0000000000458da9 [ 220.212900] RDX: 0000000000001000 RSI: 0000000020000200 RDI: 0000000000000004 [ 220.220941] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 220.229933] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c636966d4 [ 220.237914] R13: 00000000004c5c17 R14: 00000000004da0a0 R15: 0000000000000005 02:13:58 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x8, 0x88000) write$USERIO_CMD_REGISTER(r1, &(0x7f0000000040)={0x0, 0x2}, 0x2) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x2a6, 0x0, 0x0, 0x0, 0xfffffffffffffffb) [ 220.302885] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 220.302885] program syz-executor.1 not setting count and/or reply_len properly 02:13:58 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x541b, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:58 executing program 3 (fault-call:2 fault-nth:3): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:58 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) syz_execute_func(&(0x7f0000000000)="c4236d6b2cc60ec4c175df4d41c78508000000c0720000fd65f2436f2e670fefc1f32667dfd8f3a544188151090000f2440f2b44d600") move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020200003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:13:58 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 220.586650] FAULT_INJECTION: forcing a failure. [ 220.586650] name failslab, interval 1, probability 0, space 0, times 0 [ 220.589167] sg_write: data in/out 33721594/24 bytes for SCSI command 0xff-- guessing data in; [ 220.589167] program syz-executor.1 not setting count and/or reply_len properly [ 220.637215] CPU: 0 PID: 9444 Comm: syz-executor.3 Not tainted 4.19.37 #5 [ 220.644458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.654457] Call Trace: [ 220.657118] dump_stack+0x172/0x1f0 [ 220.660910] should_fail.cold+0xa/0x1b [ 220.664965] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 220.670337] ? lock_downgrade+0x810/0x810 [ 220.674738] ? ___might_sleep+0x163/0x280 [ 220.679370] __should_failslab+0x121/0x190 [ 220.684397] should_failslab+0x9/0x14 [ 220.688439] kmem_cache_alloc_node_trace+0x277/0x720 [ 220.694059] ? __lock_is_held+0xb6/0x140 [ 220.698164] __get_vm_area_node+0x12b/0x3a0 [ 220.702965] __vmalloc_node_range+0xc7/0x790 [ 220.708588] ? vb2_vmalloc_alloc+0xdb/0x290 [ 220.713055] ? rcu_read_lock_sched_held+0x110/0x130 [ 220.718203] ? vb2_vmalloc_alloc+0xdb/0x290 [ 220.723598] vmalloc_user+0x71/0x160 [ 220.727822] ? vb2_vmalloc_alloc+0xdb/0x290 [ 220.733265] vb2_vmalloc_alloc+0xdb/0x290 [ 220.737454] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 220.743174] __vb2_queue_alloc+0x4be/0xec0 [ 220.747444] ? vivid_rds_gen_fill+0x470/0x470 [ 220.752226] vb2_core_reqbufs+0x432/0xce0 [ 220.756823] ? vb2_core_create_bufs+0x790/0x790 [ 220.761841] ? rcu_read_lock_sched_held+0x110/0x130 [ 220.767244] ? vb2_fop_read+0xf0/0x410 [ 220.771402] __vb2_init_fileio+0x33f/0xbe0 [ 220.775945] ? __mutex_lock+0x3cd/0x1300 [ 220.780511] ? vb2_fop_read+0xf0/0x410 [ 220.795642] __vb2_perform_fileio+0xbff/0x1140 [ 220.800412] ? mutex_trylock+0x1e0/0x1e0 [ 220.804945] ? find_held_lock+0x35/0x130 [ 220.809196] ? get_pid_task+0xd4/0x190 [ 220.813245] ? vb2_thread_start+0x370/0x370 [ 220.817939] ? mark_held_locks+0x100/0x100 [ 220.822564] vb2_read+0x3b/0x50 [ 220.826935] vb2_fop_read+0x212/0x410 [ 220.831038] ? vb2_fop_write+0x410/0x410 [ 220.835905] v4l2_read+0x1ce/0x230 [ 220.839730] __vfs_read+0x116/0x800 [ 220.843611] ? v4l2_write+0x230/0x230 [ 220.848408] ? vfs_copy_file_range+0xba0/0xba0 [ 220.853034] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 220.859421] ? __inode_security_revalidate+0xda/0x120 [ 220.865819] ? avc_policy_seqno+0xd/0x70 [ 220.870118] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 220.875646] ? security_file_permission+0x1ce/0x230 [ 220.881464] ? security_file_permission+0x8f/0x230 [ 220.886506] ? rw_verify_area+0x118/0x360 [ 220.890976] vfs_read+0x194/0x3d0 [ 220.894818] ksys_read+0xea/0x1f0 [ 220.898773] ? kernel_write+0x120/0x120 [ 220.902878] ? do_syscall_64+0x26/0x610 [ 220.907182] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.913156] ? do_syscall_64+0x26/0x610 [ 220.917486] __x64_sys_read+0x73/0xb0 [ 220.921556] do_syscall_64+0x103/0x610 [ 220.925881] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.931564] RIP: 0033:0x458da9 [ 220.935365] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.955141] RSP: 002b:00007f2c63695c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 220.962988] RAX: ffffffffffffffda RBX: 00007f2c63695c90 RCX: 0000000000458da9 [ 220.971290] RDX: 0000000000001000 RSI: 0000000020000200 RDI: 0000000000000004 [ 220.979020] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 02:13:58 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:58 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x5421, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:58 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x406000, 0x0) r1 = msgget(0x1, 0x0) msgctl$MSG_INFO(r1, 0xc, &(0x7f0000000480)=""/4096) r2 = dup(0xffffffffffffffff) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, &(0x7f0000000340)={{0x5, 0x1, 0x404, 0x800, 'syz0\x00', 0x7}, 0x9efc16, 0x10000000, 0x1, r0, 0x6, 0x10000000000, 'syz1\x00', &(0x7f0000000140)=['em0GPL}\x00', '\x00', '/dev/vga_arbiter\x00', '}\x00', '/dev/full\x00', '\x00'], 0x27, [], [0x1, 0x10001, 0x4c728251, 0x5]}) r3 = accept4$rose(0xffffffffffffffff, &(0x7f0000000000)=@full={0xb, @dev, @bcast, 0x0, [@null, @remote, @rose, @null, @remote, @default]}, &(0x7f0000000040)=0x40, 0x80000) fcntl$setpipe(r2, 0x407, 0x3) r4 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x400000, 0x0) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x200300, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f00000001c0)={0x1, r5, 0xffffffffffffffff}) ioctl$VIDIOC_S_HW_FREQ_SEEK(r3, 0x40305652, &(0x7f0000000080)={0x0, 0x5, 0x3a9, 0x9, 0x8, 0x8001, 0x1}) [ 220.988156] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c636966d4 [ 220.995743] R13: 00000000004c5c17 R14: 00000000004da0a0 R15: 0000000000000005 02:13:58 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:58 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x5450, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 221.067296] syz-executor.3: vmalloc: allocation failure: 32768 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) 02:13:58 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x5, 0x80) ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000040)) 02:13:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020300003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 221.149873] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 221.172414] CPU: 0 PID: 9444 Comm: syz-executor.3 Not tainted 4.19.37 #5 [ 221.182306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.192261] Call Trace: [ 221.195225] dump_stack+0x172/0x1f0 [ 221.198911] warn_alloc.cold+0x7b/0x173 [ 221.203996] ? zone_watermark_ok_safe+0x260/0x260 [ 221.209285] ? __get_vm_area_node+0x12b/0x3a0 [ 221.214173] ? rcu_read_lock_sched_held+0x110/0x130 [ 221.220033] ? __lock_is_held+0xb6/0x140 [ 221.224379] ? __get_vm_area_node+0x2df/0x3a0 [ 221.229489] __vmalloc_node_range+0x484/0x790 [ 221.234359] ? rcu_read_lock_sched_held+0x110/0x130 [ 221.239858] ? vb2_vmalloc_alloc+0xdb/0x290 [ 221.244807] vmalloc_user+0x71/0x160 02:13:59 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, 0x0, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) [ 221.248777] ? vb2_vmalloc_alloc+0xdb/0x290 [ 221.254389] vb2_vmalloc_alloc+0xdb/0x290 [ 221.259140] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 221.265256] __vb2_queue_alloc+0x4be/0xec0 [ 221.270127] ? vivid_rds_gen_fill+0x470/0x470 [ 221.274947] vb2_core_reqbufs+0x432/0xce0 [ 221.279966] ? vb2_core_create_bufs+0x790/0x790 [ 221.285232] ? rcu_read_lock_sched_held+0x110/0x130 [ 221.290950] ? vb2_fop_read+0xf0/0x410 [ 221.295516] __vb2_init_fileio+0x33f/0xbe0 [ 221.300475] ? __mutex_lock+0x3cd/0x1300 [ 221.305153] ? vb2_fop_read+0xf0/0x410 [ 221.309118] __vb2_perform_fileio+0xbff/0x1140 [ 221.313792] ? mutex_trylock+0x1e0/0x1e0 [ 221.318225] ? find_held_lock+0x35/0x130 [ 221.322549] ? get_pid_task+0xd4/0x190 [ 221.326848] ? vb2_thread_start+0x370/0x370 [ 221.331713] ? mark_held_locks+0x100/0x100 [ 221.336353] vb2_read+0x3b/0x50 [ 221.340246] vb2_fop_read+0x212/0x410 [ 221.344214] ? vb2_fop_write+0x410/0x410 [ 221.344233] v4l2_read+0x1ce/0x230 [ 221.344262] __vfs_read+0x116/0x800 [ 221.344281] ? v4l2_write+0x230/0x230 [ 221.356903] ? vfs_copy_file_range+0xba0/0xba0 [ 221.356930] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 221.356953] ? __inode_security_revalidate+0xda/0x120 [ 221.379147] ? avc_policy_seqno+0xd/0x70 [ 221.383444] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 221.389056] ? security_file_permission+0x1ce/0x230 [ 221.395263] ? security_file_permission+0x8f/0x230 [ 221.400677] ? rw_verify_area+0x118/0x360 [ 221.404963] vfs_read+0x194/0x3d0 [ 221.408672] ksys_read+0xea/0x1f0 [ 221.412315] ? kernel_write+0x120/0x120 [ 221.416777] ? do_syscall_64+0x26/0x610 [ 221.420811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 221.427991] ? do_syscall_64+0x26/0x610 [ 221.432041] __x64_sys_read+0x73/0xb0 [ 221.437241] do_syscall_64+0x103/0x610 [ 221.441452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 221.446875] RIP: 0033:0x458da9 [ 221.450242] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 221.470253] RSP: 002b:00007f2c63695c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 221.478160] RAX: ffffffffffffffda RBX: 00007f2c63695c90 RCX: 0000000000458da9 [ 221.485880] RDX: 0000000000001000 RSI: 0000000020000200 RDI: 0000000000000004 [ 221.493374] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 221.501193] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c636966d4 [ 221.508776] R13: 00000000004c5c17 R14: 00000000004da0a0 R15: 0000000000000005 [ 221.530565] Mem-Info: [ 221.532864] sg_write: data in/out 50498810/24 bytes for SCSI command 0xff-- guessing data in; [ 221.532864] program syz-executor.1 not setting count and/or reply_len properly [ 221.533450] active_anon:104243 inactive_anon:189 isolated_anon:0 [ 221.533450] active_file:7843 inactive_file:33145 isolated_file:0 [ 221.533450] unevictable:13995 dirty:184 writeback:0 unstable:0 [ 221.533450] slab_reclaimable:13952 slab_unreclaimable:110825 [ 221.533450] mapped:63293 shmem:243 pagetables:1872 bounce:0 [ 221.533450] free:1243741 free_pcp:582 free_cma:0 [ 221.599000] Node 0 active_anon:416976kB inactive_anon:756kB active_file:31228kB inactive_file:132580kB unevictable:55980kB isolated(anon):0kB isolated(file):0kB mapped:253172kB dirty:732kB writeback:0kB shmem:972kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 356352kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 221.645527] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 221.674641] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 221.702259] lowmem_reserve[]: 0 2555 2557 2557 [ 221.707392] Node 0 DMA32 free:1174692kB min:36248kB low:45308kB high:54368kB active_anon:417076kB inactive_anon:756kB active_file:31228kB inactive_file:132580kB unevictable:55980kB writepending:732kB present:3129332kB managed:2619972kB mlocked:55980kB kernel_stack:8320kB pagetables:7488kB bounce:0kB free_pcp:2416kB local_pcp:1420kB free_cma:0kB [ 221.740552] lowmem_reserve[]: 0 0 2 2 [ 221.744751] Node 0 Normal free:12kB min:32kB low:40kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2428kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 221.773380] lowmem_reserve[]: 0 0 0 0 [ 221.777804] Node 1 Normal free:3783928kB min:53608kB low:67008kB high:80408kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 221.808640] lowmem_reserve[]: 0 0 0 0 [ 221.813188] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 221.830055] Node 0 DMA32: 9345*4kB (UME) 1134*8kB (UME) 762*16kB (UME) 311*32kB (UME) 74*64kB (UME) 40*128kB (UME) 6*256kB (UM) 0*512kB 1*1024kB (U) 2*2048kB (ME) 266*4096kB (M) = 1174644kB [ 221.848215] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 221.860361] Node 1 Normal: 58*4kB (UME) 274*8kB (UME) 260*16kB (UME) 68*32kB (UE) 17*64kB (UME) 7*128kB (U) 5*256kB (UM) 5*512kB (UME) 3*1024kB (UM) 1*2048kB (E) 919*4096kB (M) = 3783928kB [ 221.878954] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 221.888161] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 02:13:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:13:59 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x5451, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:59 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, 0x0, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:59 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x40100, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x4) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020400003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 221.897252] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 221.907407] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 221.916646] 46110 total pagecache pages [ 221.920759] 0 pages in swap cache [ 221.924402] Swap cache stats: add 0, delete 0, find 0/0 [ 221.929991] Free swap = 0kB [ 221.933144] Total swap = 0kB [ 221.936450] 1965979 pages RAM [ 221.939835] 0 pages HighMem/MovableOnly [ 221.943916] 338856 pages reserved [ 221.947370] 0 pages cma reserved 02:13:59 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000040)) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000080), &(0x7f00000000c0)=0x40) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 222.019350] sg_write: data in/out 67276026/24 bytes for SCSI command 0xff-- guessing data in; [ 222.019350] program syz-executor.1 not setting count and/or reply_len properly 02:13:59 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x5452, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:13:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:13:59 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x0, 0x0) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f00000000c0)={0x1, @null, @netrom={'nr', 0x0}, 0x8, 'syz0\x00', @null, 0x3, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x4) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000140)=0x6) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) 02:13:59 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, 0x0, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:13:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1002) 02:14:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020500003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:00 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x5460, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:00 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0xffffffffffffff21, 0x0, 0x0, 0x0, 0x0) 02:14:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:00 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_tgsigqueueinfo(0x0, 0x0, 0x37, &(0x7f00000002c0)) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:00 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x40049409, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 222.405193] sg_write: data in/out 84053242/24 bytes for SCSI command 0xff-- guessing data in; [ 222.405193] program syz-executor.1 not setting count and/or reply_len properly 02:14:00 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1003) 02:14:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020600003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:00 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x40086602, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:00 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x140, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f0000000040)={0x1ff, 0x0, 0x10001, 0x3211}) openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x121000, 0x0) ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000080)={0x63, r2}) 02:14:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020700003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1004) 02:14:00 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x40087602, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:00 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:00 executing program 2: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x8, 0x800) syz_open_pts(r0, 0x0) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpid() ioctl$TCGETA(r0, 0x5405, &(0x7f0000000040)) rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319b") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:00 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f0000000000)={0x0, 0x8000, 0x1}) move_pages(r0, 0xfffffffffffffefb, 0x0, 0x0, 0x0, 0x0) 02:14:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d024800003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:00 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x4020940d, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 223.039214] sg_write: 2 callbacks suppressed [ 223.039229] sg_write: data in/out 1208126714/24 bytes for SCSI command 0xff-- guessing data in; [ 223.039229] program syz-executor.1 not setting count and/or reply_len properly 02:14:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319b") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:00 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x30000000000, 0x8000) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @remote, 'bridge_slave_0\x00'}}) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)={0xe, 0xfe}) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:00 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1005) 02:14:01 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x80086601, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:01 executing program 2: clone(0x42380000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f0000000080)={0x1d, 0x7fffc, 0x6}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d024c00003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:01 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319b") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:01 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0x80087601, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:01 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0x0, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:01 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1006) [ 223.459906] sg_write: data in/out 1275235578/24 bytes for SCSI command 0xff-- guessing data in; [ 223.459906] program syz-executor.1 not setting count and/or reply_len properly 02:14:01 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0045878, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 223.517597] IPVS: ftp: loaded support on port[0] = 21 02:14:01 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd0") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:01 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0045878, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:01 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0x0, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d026800003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:01 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1007) [ 223.883943] sg_write: data in/out 1744997626/24 bytes for SCSI command 0xff-- guessing data in; [ 223.883943] program syz-executor.1 not setting count and/or reply_len properly [ 223.946204] IPVS: ftp: loaded support on port[0] = 21 02:14:01 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x80000, 0x0) setsockopt$netrom_NETROM_T4(r1, 0x103, 0x6, &(0x7f0000000100)=0x70b, 0x4) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:01 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0189436, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:01 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd0") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:01 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0x0, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d026c00003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:01 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x100c) 02:14:01 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000040)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@multicast1}}, &(0x7f0000000140)=0xe8) sendmsg$can_bcm(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x1d, r2}, 0x10, &(0x7f0000000240)={&(0x7f00000001c0)={0x2, 0x0, 0xfffffffffffffffb, {}, {0x0, 0x7530}, {0xe10, 0x4, 0x1, 0x3}, 0x1, @can={{0x0, 0x8001, 0x1, 0x2}, 0x5, 0x1, 0x0, 0x0, "b17ccf38238ae409"}}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x90) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 224.104796] sg_write: data in/out 1812106490/24 bytes for SCSI command 0xff-- guessing data in; [ 224.104796] program syz-executor.1 not setting count and/or reply_len properly 02:14:01 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0205647, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:02 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd0") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d027400003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:02 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0205649, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:02 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:02 executing program 2: clone(0x2041fa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f0000000000)={0x2d, 0x0, 0x5}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x6) 02:14:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x9000) [ 224.417090] sg_write: data in/out 1946324218/24 bytes for SCSI command 0xff-- guessing data in; [ 224.417090] program syz-executor.1 not setting count and/or reply_len properly 02:14:02 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(0xffffffffffffffff, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:02 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc020660b, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:02 executing program 2: pipe2(&(0x7f0000000200)={0xffffffffffffffff}, 0x800) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000280)={0x4, &(0x7f0000000240)=[{}, {}, {}, {}]}) clone(0x80000001, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) getsockname(0xffffffffffffff9c, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, &(0x7f0000000080)=0x80) ioctl$SIOCRSGL2CALL(r2, 0x89e5, &(0x7f00000000c0)=@bcast) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) ioctl$PPPIOCGIDLE(r3, 0x8010743f, &(0x7f0000000180)) move_pages(r1, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f0000000100)={'syzkaller1\x00', {0x2, 0x4e21, @multicast1}}) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0x7, &(0x7f00000001c0)={0x2, 0x7c6f, 0x8001, 0x1}, 0x10) 02:14:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d027a00003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:02 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:02 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(0xffffffffffffffff, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:02 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0285628, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x20001200) [ 224.721200] sg_write: data in/out 2046987514/24 bytes for SCSI command 0xff-- guessing data in; [ 224.721200] program syz-executor.1 not setting count and/or reply_len properly 02:14:02 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)={0x0, 0x7}) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x40000, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f00000000c0)={'team_slave_0\x00', 0x2}) ioctl$TIOCSTI(r1, 0x5412, 0x3) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f0000000040)=""/62) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_getparam(r0, &(0x7f0000000080)) 02:14:02 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(0xffffffffffffffff, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) [ 224.868657] sg_write: data in/out 2046987514/24 bytes for SCSI command 0xff-- guessing data in; [ 224.868657] program syz-executor.1 not setting count and/or reply_len properly 02:14:02 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0285629, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:02 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x80000002) 02:14:02 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:02 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0xff9f, 0x0, 0x0, 0x0, 0x6) 02:14:02 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat$cgroup(r0, &(0x7f0000000040)='syz0\x00', 0x1ff) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) 02:14:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020003003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, 0x0, 0x0) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0585609, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:03 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x305e00, 0x0) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000040)) 02:14:03 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc058560f, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:03 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)={0x1d, 0x0, 0xffffffffffffffe1}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) rt_tgsigqueueinfo(r0, r0, 0x2a, &(0x7f0000000100)={0xc, 0xac6}) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000001340)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f0000001380)={0x0, {0x2, 0x4e22, @multicast1}, {0x2, 0x4e24, @loopback}, {0x2, 0x4e21, @multicast1}, 0x88, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffedea, 0x13739acc0000, 0x8}) getcwd(&(0x7f0000000000)=""/255, 0xff) 02:14:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, 0x0, 0x0) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:03 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000040)=""/26, &(0x7f0000000080)=0x1a) [ 225.440195] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 225.440195] program syz-executor.1 not setting count and/or reply_len properly 02:14:03 executing program 2: clone(0x40000000041f9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x82) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x28, &(0x7f00000001c0)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={r1, 0xffffffffffffa20e, 0x18}, 0xc) r2 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x3, 0x2000) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000040)={0xfffffffffffffff8, 0x9, 0x2, 0xf78, 0x7, 0x3}) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0585611, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:03 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020005003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, 0x0, 0x0) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:03 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x10) open(&(0x7f0000000080)='./file0\x00', 0x500, 0x120) ioprio_set$uid(0x3, r1, 0x1) r2 = socket$inet6(0xa, 0x80000000000003, 0x80000000000006) getsockopt(r2, 0xff, 0x0, 0x0, &(0x7f0000000080)) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:03 executing program 3: r0 = perf_event_open(&(0x7f00000013c0)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="28000000040000000000000000000000030000000000000004000000000000001600000002000000"], 0x28) write$FUSE_INTERRUPT(r1, &(0x7f0000001580)={0x10, 0xfffffffffffffffe, 0x6}, 0x10) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000001200)=ANY=[@ANYBLOB="fffeffffffffffffffffffffffffffff020000000200000007871f000000000004000000000000002605000000000000000001000000000000000000000000000000000000000000010000000000000000000000000000000400000000000000080000000000000008000000000000000000000000000000000000000000000001010000000000000000000000000000feffffffffffffff0000000000000000090000000000000000000000000000000000000000000000000400000000000000000000000000000010000000000000050000000000000000100000000000000000000000000000000000000000000000010000000000000000000000000000f8ffffffffffffffff7f0000000000001e07000000000000000000000000000000000000000000000800000000000000000000000000000080ffffffffffffff010000000100000004000000000000000000000000000000000000000000000082130000000000000000000000000000050000000000000006000000000000000101000000000000000000000000000000000000000000000200"/424]) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1000) modify_ldt$read(0x0, &(0x7f00000016c0)=""/254, 0x5a87b383) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="2a000000030000000000000000000000060003000000000009000000000000002f6465762f736723000036b604bc4edcd7805243b624ece614b6a2d45f83fd09d1473215710f4b9149e883d451757dd2071ae13366082500412f8470d5568fb0ecff85e0149efdf237cc52b32ca3dbfc"], 0x2a) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0xfffffffffffff378, 0x84200) ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f0000001600)) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000017c0), &(0x7f0000001800)=0x4) fcntl$getflags(r1, 0x40b) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000180)) ioctl$VIDIOC_DECODER_CMD(r1, 0xc0485660, &(0x7f0000001640)={0x1, 0x2, @start={0x5}}) getpeername$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0}, &(0x7f00000014c0)=0x14) ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000001540)={0xb, 0xffb, 0x1000, 0x800, r1}) recvfrom$packet(r1, &(0x7f0000000040)=""/224, 0xe0, 0x20, &(0x7f0000001500)={0x11, 0xf7, r2, 0x1, 0x3ff, 0x6, @broadcast}, 0x14) fremovexattr(r1, &(0x7f00000015c0)=@known='system.sockprotoname\x00') 02:14:03 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x204000, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x7) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = getuid() r3 = getegid() write$FUSE_CREATE_OPEN(r1, &(0x7f0000000040)={0xa0, 0x0, 0x1, {{0x3, 0x3, 0x0, 0x8e0, 0xfffffffffffffffc, 0x5, {0x5, 0xab0e, 0x1, 0xfffffffffffffffc, 0x10001, 0xfff, 0x8, 0x5, 0x5, 0x6, 0x644d, r2, r3, 0x2, 0x55}}, {0x0, 0x4}}}, 0xa0) 02:14:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc058565d, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 225.857366] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 225.857366] program syz-executor.1 not setting count and/or reply_len properly 02:14:03 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x3, 0x200) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@local, @in6=@dev}}, {{@in=@empty}, 0x0, @in6=@remote}}, &(0x7f0000000280)=0xe8) lsetxattr$security_smack_transmute(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f00000000c0)='TRUE', 0x4, 0x1) move_pages(r0, 0xfee9, 0x0, 0x0, 0x0, 0x1) 02:14:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(0xffffffffffffffff, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:03 executing program 3: openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) fcntl$getown(r0, 0x9) read$FUSE(r1, &(0x7f0000000200), 0x1000) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x24000, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000100)={'team0\x00', r3}) fchmod(r1, 0x1) 02:14:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05667, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:03 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020006003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 226.071620] cgroup: fork rejected by pids controller in /syz2 02:14:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x3, @sdr={0xe7}}) 02:14:04 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/status\x00', 0x0, 0x0) setsockopt$netrom_NETROM_T2(r1, 0x103, 0x2, &(0x7f0000000100)=0x7f, 0x4) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r2 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, 0x0, &(0x7f0000000080)=@secondary='builtin_and_secondary_trusted\x00') prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x8) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 226.192779] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 226.192779] program syz-executor.1 not setting count and/or reply_len properly 02:14:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020007003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:04 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x4, @sdr={0xe7}}) 02:14:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000002200), 0x1000) 02:14:04 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:04 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x5, @sdr={0xe7}}) 02:14:04 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(0xffffffffffffffff, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020048003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:04 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpid() sched_rr_get_interval(r1, &(0x7f0000000000)) 02:14:04 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000001200)='/dev/swradio#\x00', 0x0, 0x2) ioctl$BLKRESETZONE(r1, 0x40101283, &(0x7f0000001240)={0xcbf8, 0x6ff3}) openat$kvm(0xffffffffffffff9c, &(0x7f0000001280)='/dev/kvm\x00', 0x101c42, 0x0) pread64(r0, &(0x7f0000000040)=""/202, 0xca, 0x0) read$FUSE(r1, &(0x7f0000000200), 0x1000) openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x82000, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x90000, 0x0) 02:14:04 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x6, @sdr={0xe7}}) 02:14:04 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:04 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x7, @sdr={0xe7}}) 02:14:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d02004c003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:04 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 02:14:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) r1 = getpgid(0x0) write$P9_RGETLOCK(r0, &(0x7f00000000c0)={0x1f, 0x37, 0x2, {0x3, 0x3, 0x1, r1, 0x1, '\xff'}}, 0x1f) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) syz_open_dev$sndmidi(&(0x7f0000000040)='/dev/snd/midiC#D#\x00', 0xffffffffe176b73d, 0x400000) read$FUSE(r2, &(0x7f0000000200), 0x1000) 02:14:04 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x80001, 0x0) ioctl$VIDIOC_DBG_S_REGISTER(r1, 0x4038564f, &(0x7f0000000100)={{0x0, @name="89813f0cc4f46b5ec74ac823ea2d97eb27c4794fcef0010808d226bdc6706114"}, 0x8, 0x7fff, 0x2}) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x400, 0x0) ioctl$UI_SET_RELBIT(r2, 0x40045566, 0xb) rt_tgsigqueueinfo(r0, r0, 0x17, &(0x7f0000000000)={0x0, 0x0, 0x2}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:04 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x8, @sdr={0xe7}}) 02:14:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(0xffffffffffffffff, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:05 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x9, @sdr={0xe7}}) 02:14:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020068003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:05 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:05 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x4400, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000001200)={0x168, r1, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_NODE={0x40, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x52}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9e58}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xf5}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb69}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}]}, @TIPC_NLA_NODE={0x2c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1d}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10001}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x21f4}]}, @TIPC_NLA_NODE={0x3c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}]}, @TIPC_NLA_BEARER={0x40, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'irlan0\x00'}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5d65}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}]}, @TIPC_NLA_MEDIA={0x4}]}, 0x168}, 0x1, 0x0, 0x0, 0x80}, 0x8004) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r2, &(0x7f0000000200), 0x1000) 02:14:05 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) 02:14:05 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0xa, @sdr={0xe7}}) 02:14:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d02006c003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:05 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) 02:14:05 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) fcntl$getownex(r1, 0x10, &(0x7f0000000040)={0x0, 0x0}) fcntl$setownex(r0, 0xf, &(0x7f0000000080)={0x3, r2}) [ 228.080580] sg_write: 5 callbacks suppressed [ 228.080595] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 228.080595] program syz-executor.1 not setting count and/or reply_len properly 02:14:06 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0xb, @sdr={0xe7}}) 02:14:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020074003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 228.308253] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 228.308253] program syz-executor.1 not setting count and/or reply_len properly 02:14:06 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) syz_open_pts(r0, 0x0) r2 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:14:06 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xc0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=0x6, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000500)={0x5, 0x0, 0xdf, 0x7a53}, &(0x7f0000000540)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0xffffffffffffff9f) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x42) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) 02:14:06 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x30000, 0x0) ioctl$VIDIOC_S_TUNER(r1, 0x4054561e, &(0x7f0000000040)={0x1, "5bdd1dc42af6118c52c0858d9d7f204648a6a8e01308d5cad05e797fc9b14c47", 0x5, 0x603dca15690718d6, 0x1, 0x4, 0x10, 0x4, 0x6, 0x6}) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:06 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0xc, @sdr={0xe7}}) 02:14:06 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@ipv4, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x4, 0x0, 0x401}}, 0xe8) connect$inet6(r0, &(0x7f0000000140), 0x1c) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000002200), 0x1000) 02:14:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d02007a003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 228.724218] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 228.724218] program syz-executor.1 not setting count and/or reply_len properly 02:14:06 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0xd, @sdr={0xe7}}) 02:14:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020002003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:06 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000000)=0x81, 0x4) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:06 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f0000000080)={0x5, 0x0, [{}, {}, {}, {}, {}]}) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) socket$inet(0x2, 0x6, 0x7f) ioctl$TIOCGISO7816(r1, 0x80285442, &(0x7f0000000040)) syz_mount_image$nfs4(&(0x7f0000001200)='nfs4\x00', &(0x7f0000001240)='./file0\x00', 0x80, 0x2, &(0x7f0000001440)=[{&(0x7f0000001280)="2f9fb27056a568215a573abb09ec9f396ab2e94967a2311e10cf4077aa7e9432cc240b429310dff0624db6dfde6559dab014c302892d7b69726680474f1cf5d65d93ea93a1eaba6899d89b01ca282cb1a4579d5adda502993c69ac40aaa7b486822d4b68dd0ada0fb215eca0a6483e1dce5eb76469c24f82797fbef5487c537047020419f98984", 0x87, 0x2}, {&(0x7f0000001340)="d9959739bf67cf1734e3d3e0800a06e7c9f8116112d58022a0559201782af112e2f4deade50d61638208d577895b12432d8b52ba72eb7becb72920ae55144cfda0aa3fa4c4fa58e11d0983032603cedad8007ae91a888d22d2eb74ed20eb2d3818f05759c78f5aeaf4bec564746dd1584bf3bbc5560cd58fdd6e4ef2d6f1c021f000d43a521f2c9799db8a5295282f9bd4576d0887a05fa33043123b8a0453a1088368714ced552057ba9af2fe3d8ab647b3f03bfd1f3b045890dccfeb2499f9e6734e714d4d8b10da", 0xc9, 0xfff}], 0x50, &(0x7f0000001480)='cpusetcgroup\x00') 02:14:06 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:06 executing program 0: [ 228.988580] audit: type=1400 audit(1556676846.763:46): avc: denied { setopt } for pid=10648 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 229.032716] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 229.032716] program syz-executor.1 not setting count and/or reply_len properly 02:14:07 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) syz_open_pts(r0, 0x0) r2 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:14:07 executing program 0: syz_execute_func(&(0x7f00000000c0)="3666440f50f564ff0941c366440f56c9660f3a16649c6700c4617b12e5c441dfd04b00c442019dcc0f11d46f") syz_execute_func(&(0x7f0000000100)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abc421b8c25cb100008d3581810000262f7946d9f96646da4e32c4c2b9b6b90000000000d2dec461dc55b166440f56a82c7bd9172525000e818f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace2d56c4613fc21d9099c7ab86c4213e5377000043d9497dbf82595943f30fbca90010000242d17f0066073a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c481faf06b00f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee4b6c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e4d61d260fe88c4200000000ca30cac46190546104f3450f2c6b0009912af3430fc4c17829c8c463ad0b5890ca6c0f84500000006466420f3a0b0100d8008fe978cce16a85856d6d81759d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c1002470fae52c3b2aa246681380010c4026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fad7fbfbc9ec1b1b0fadd5663ef0430fabb90800000064660f01de880c000000c4627925b7a91f6037") 02:14:07 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:07 executing program 2: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x105000, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(r0, 0xc0285628, &(0x7f0000000080)={0x0, 0x7, 0x81, [], &(0x7f0000000040)=0x10000}) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpid() prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000004, 0x11, r0, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000001c40)={0x0, @loopback, @initdev}, &(0x7f0000001c80)=0xc) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001cc0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@remote}}, &(0x7f0000001dc0)=0xe8) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000001e00)={{{@in6=@empty, @in6=@loopback, 0x4e21, 0x3, 0x4e24, 0xff, 0x2, 0xa0, 0x80, 0x29, r2, r3}, {0x15, 0x18754db7, 0x7, 0x20, 0x20, 0x6, 0x5, 0x7}, {0x1, 0x81, 0xffff, 0x80}, 0x2, 0x6e6bbb, 0x0, 0x1, 0x3, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x24}, 0x4d2, 0x33}, 0x2, @in=@local, 0x3503, 0x4, 0x3, 0x7, 0x100000000, 0x0, 0x3ff}}, 0xe8) 02:14:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020003003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:07 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2) setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000040)=0x2, 0x1) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:07 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x9) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x200, 0x40000) r1 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x2398, 0x440000) write$apparmor_current(r1, &(0x7f0000000280)=ANY=[@ANYRES16=r0], 0x1) openat$hwrng(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/hwrng\x00', 0x0, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x0, 0x2) readv(0xffffffffffffffff, 0x0, 0x0) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) [ 229.652010] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 229.652010] program syz-executor.1 not setting count and/or reply_len properly 02:14:07 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020004003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:07 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f00000000c0)="9d29c22be5b800c2858ebf911b4075c880ba2bceb9a1c301a6de7771f5c2b4e947426b2e6cd5ed0904e42a5e9b1d333738a770a5c688ca619a30a410c808ba74e85f866d92043ace9a6aaf47a1f0586a391344155ab26949e48fc08f3ead9b8ed007271a854735f4748fa514cd9da7b4d9cf746c3b5c0717629f30f83c0b3ccafde9600142236fee075582122bd5c9a3b8706837b2d30d807bb291b4d5705411794e227f33745e0dd509fd7fb9b996a2", 0xb0, 0xfffffffffffffff8) keyctl$KEYCTL_PKEY_QUERY(0x18, r1, 0x0, &(0x7f0000001200)='/dev/swradio#\x00', &(0x7f0000001240)) 02:14:07 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 229.908409] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 229.908409] program syz-executor.1 not setting count and/or reply_len properly 02:14:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020005003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 230.075418] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 230.075418] program syz-executor.1 not setting count and/or reply_len properly 02:14:08 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) syz_open_pts(r0, 0x0) r2 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 02:14:08 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:08 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0xb62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setsockopt$rose(r0, 0x104, 0x2, &(0x7f0000000000)=0x3, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001300)='/dev/vga_arbiter\x00', 0x301200, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) r2 = shmget(0x3, 0x3000, 0x108, &(0x7f0000ffd000/0x3000)=nil) shmctl$SHM_STAT(r2, 0xd, &(0x7f0000001200)=""/254) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r1, 0x80dc5521, &(0x7f0000000040)=""/49) ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, &(0x7f0000000080)={0xf, @output={0x1000, 0x1, {0x100d14b7, 0x6}, 0x6, 0x10000}}) read$FUSE(r1, &(0x7f0000000200), 0x1000) 02:14:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020006003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:08 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e23, @broadcast}, {0x2, 0x4e20, @multicast2}, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x8, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x200, 0x9}) rt_tgsigqueueinfo(r0, r0, 0x33, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x36b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f00000000c0), 0x1c) sendmmsg(r0, &(0x7f0000000440), 0x400000000000211, 0x0) syz_genetlink_get_family_id$fou(0x0) syz_execute_func(&(0x7f0000000140)="4a2be91c39980f05f7a6aae28920aec4a37bf0c50141e2e922ebc4a2fd1ceb262f43ca070064d11bc421fa6f3d136c000000f2d2dec461dc57b1e67d0b25c4837916d2befa0040dbe1491e2f160f41fe4cbec5c54d0f2c718f56c4627d793bf20fc257ab839d7bf8c483057f6e3e5340b2672641afc4a31149a00700000024fa846c76ed1fc402fd34ad010000001feda827c4a2a9095351c48255973b0f3a16288836670fe0a9f27f00009ad691eedcf4fc0f383ca3300a0000ef8b8b27c4a2798f092802cee126463307383baa32d467460f3300028f6a78106f6503000000c4e1782ff466413a010fc442fd21b19b0b0000f2f1a1c9000000001adddd411171f200594f01dcdc62c9ae4918f1f19ad08181942400092ddd8f0b00c4a17ae64295007bf208f522ba22baa9a73000c481fc2eae2500000036338d8d83b9520800000dc4e27d0ed280003685aad9c7d26c1b014c593e40d9f50f001e570000a858ed43fbc42119da3cb01100430fd1a2d08212d4e51cc40521f95a1717cc474cf9f240150f9e8b79000021f15a0cdac421fd29fa002d08000000009b5d8ea7a728285675444157653e460f19690dd5c4c1cdc28a0000000000fcc4c36d4b7b0ead32ad32750831c44109f89700008020") [ 230.541945] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 230.541945] program syz-executor.1 not setting count and/or reply_len properly 02:14:08 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:08 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0xd9, 0x30}, &(0x7f0000000080)=0xc) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000000c0)={r1, @in6={{0xa, 0x4e24, 0x7, @remote, 0x3}}, 0x9, 0x9}, &(0x7f0000001200)=0x90) read$FUSE(r0, &(0x7f0000000200), 0x1000) socket$rds(0x15, 0x5, 0x0) 02:14:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020007003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:08 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x80, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x0, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000140)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x1, r1, 0x30, 0x1, @ib={0x1b, 0x4, 0x3, {"4f71a8df1688267efc87e1012de93d6d"}, 0x3, 0x3742, 0x401}}}, 0xa0) r2 = getpid() tkill(r2, 0x1) rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) [ 230.773270] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 230.773270] program syz-executor.1 not setting count and/or reply_len properly 02:14:08 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:08 executing program 2: clone(0x2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) ioprio_set$pid(0x3, r0, 0x6) r1 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000040)={0x1c, 0xd, 0x4, 0x4000, {0x77359400}, {0x5, 0x3, 0x2, 0x1, 0x8, 0x8, "42c180c3"}, 0xca, 0x0, @planes=&(0x7f0000000000)={0x5, 0x80000001, @fd, 0x8}, 0x4}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) getpriority(0x3, r0) 02:14:09 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020048003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:09 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:09 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) unlinkat(r0, &(0x7f0000000040)='./file0\x00', 0x200) 02:14:09 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x1) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x40, 0x100) write$UHID_GET_REPORT_REPLY(r1, &(0x7f0000000040)={0xa, 0x0, 0x1, 0x3}, 0xa) 02:14:09 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x400000000000004}, 0x1c) syz_execute_func(&(0x7f0000000280)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09c462f10cbc5d66450f38007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d962150386c6cb336410fc1f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c646dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af90000004805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc4a2dd910cb11010217cedf9c403816ee3bd39058b97619236725bf4f1e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") [ 231.490605] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 231.490605] program syz-executor.1 not setting count and/or reply_len properly 02:14:09 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d02004c003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:09 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x4, r1) r2 = syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x3, 0x2) ioctl$VIDIOC_SUBDEV_G_CROP(r2, 0xc038563b, &(0x7f0000000040)={0x1, 0x0, {0x5c, 0x80000000, 0xf6, 0x2}}) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:09 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020068003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:09 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000040)={0xff, 0xffffffff, 0xda0, 0x0, 0x0, [], [], [], 0x83}) 02:14:10 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:10 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d02006c003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:10 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$net_dm(&(0x7f0000000040)='NET_DM\x00') r0 = getpid() ptrace$pokeuser(0x6, r0, 0x7, 0x5) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xc) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) r5 = getegid() setgroups(0x4, &(0x7f0000000240)=[r2, r3, r4, r5]) mkdirat$cgroup(r1, &(0x7f0000000000)='syz0\x00', 0x1ff) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:10 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) accept4$bt_l2cap(r0, &(0x7f0000000040), &(0x7f0000000080)=0xe, 0x80800) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:10 executing program 0: syz_execute_func(&(0x7f0000000180)="3666440f50f564ff0941c3dbc4d9a5f97300006269f7a41d000000003a8e16649c6700617b12cc64660f2ef4c442019dccd2111db8d36f") syz_genetlink_get_family_id$nbd(0x0) syz_execute_func(&(0x7f0000001240)="c4e3f9614832f04a2be9c4c1117df6980f053ef3aec4a37bf0c50441e2e926b5c9c482052b1aa30000262ff342906646da4e32c4c3d17f90550000009100d23bde36cdffe617c4a2f932b70d0000000f94c98fa860a394dc00000000b0abe285d39e1d9e1de9defe0f49e0ebf3f336f3f3470fb4950000002056c4229d97a800000000697480140b00006576c166470ff9646e7fc48209b63d4f7f0000c4a2712e85b7000000c46171f31bc4c2092e79966f65da8000000000564105ba16f2ae66410ffe3a16c42de26d3b22c481fb2d079a000800008372e4a25600b12bc309c8218f48609a567be289e28974ce76660f7f24ae77dee4b67f43f01a1aeded186e0fc4617a2c9f0d0000007feff242dd5b0b6566400f54cf3b7d0f12e400f4260fe88c4200000000ca30ca410f38038144000000bb3cbb3c02f3a5f345d15e5392262600456c0f8450000000d0b62f8181943e66420f3a0da281709cd99ad800dd4805e0c4f3460faec32b6e0b0ba17ac64295c4c311691d09000000ca2ef20f38f05300c364f32e8f490001cf2ec4a17c1002973606b2aa260f38c9ba0f007300000080708f72450f0d26f247acec9636660f38058b976192361d09f4f5e597dc7b8e47910002466fc4c145f8436cf20f2d9b0c000000c4e1f95a3b66400f1be92ef246e16df3440f5fa2279b0000c4614d63338f690801900fac00000b31660f6b2f0000383803fbf010cff30fbd950d000000") 02:14:10 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:10 executing program 2: clone(0x80020000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020074003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:10 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:10 executing program 3: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000) ioctl$CAPI_INSTALLED(r0, 0x80024322) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000040)={0x9, 0x1f, 0x8, 0xc4, 0x100000000, "ec5fccc01447d31503cebdc1813fda022b1a1a", 0xffffffff, 0x1f}) 02:14:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d02007a003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 232.510745] warning: process `syz-executor.0' used the deprecated sysctl system call with 02:14:10 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:14:10 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:10 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)={0x0, 0x2}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000033b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:10 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x100000000, @null, @rose={'rose', 0x0}, 0x5, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @null]}) read$FUSE(r0, &(0x7f0000000200), 0x1000) [ 233.195000] sg_write: 7 callbacks suppressed [ 233.195015] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 233.195015] program syz-executor.1 not setting count and/or reply_len properly 02:14:11 executing program 0: pause() syz_execute_func(&(0x7f0000000080)="3666440f50f564ff0941c366440f56c9660f3a16649c6700c4617b12e58f697882c8c442019dcc0f11d46f") syz_execute_func(&(0x7f0000000300)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abc421b8c25cb100008d3581810000262f7946d9f96646da4e32c4c2b9b6b90000000000d2dec461dc55b166440f56a82c7bd9172525000e818f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace2d56c4613fc21d9099c7ab86c4213e5377000043d9497dbf82595943f30fbca90010000242d17f0066073a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c481faf06b00f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee4b6c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e400f4260fe88c4200000000ca30cac46190546104f3450f2c6b0009912af3430fc4c17829c8c463ad0b5890ca6c0f84500000006466420f3a0b0100d8008fe978cce16a9d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c1002470fae52c3b2aa246681380010c4026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fad7fbfbc9ec1b1b0fadd5663ef0430fabb90800000064660f01de880c000000c4627925b7a91f6037") 02:14:11 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000053b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:11 executing program 2: clone(0x200041fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffff9c, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r2, 0x1}, 0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000100)={r2, @in={{0x2, 0x4e22, @multicast2}}, 0x6, 0x6b, 0x5, 0xfff}, &(0x7f00000001c0)=0x98) write$P9_RSETATTR(r1, &(0x7f0000000200)={0x7, 0x1b, 0x1}, 0x7) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:11 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000002200), 0xfffffffffffffcbf) getsockopt$sock_buf(r1, 0x1, 0x1c, &(0x7f0000000140)=""/27, &(0x7f00000007c0)=0x1b) write$FUSE_IOCTL(r1, &(0x7f0000000100)={0x20, 0xffffffffffffffff, 0x8, {0x9, 0x0, 0x3, 0x7ff}}, 0x20) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000200)=ANY=[@ANYBLOB="090000000000000002004e24e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000064ba000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000a00000002004e230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0ff00000000000000000000000002004e21ac14141100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e240000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e20e00000000000000000000000000000000000000000000000000000000000000000000000000000fb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e230000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e21ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e21ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e22ac14142700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e20ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e21ac1e000100"/1411], 0x590) prlimit64(r2, 0xf, &(0x7f0000000080)={0xd6, 0x4}, &(0x7f00000000c0)) 02:14:11 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 233.387855] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 233.387855] program syz-executor.1 not setting count and/or reply_len properly 02:14:11 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x7573, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f00000000c0)={0xa, &(0x7f0000000040)=[{}, {}, {0x0}, {}, {}, {}, {}, {}, {}, {}]}) ioctl$DRM_IOCTL_GET_CTX(r1, 0xc0086423, &(0x7f0000000100)={r2, 0x1}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:11 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) 02:14:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000063b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:11 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:11 executing program 3: r0 = socket$packet(0x11, 0x6, 0x300) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001200)='/dev/sequencer2\x00', 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0x20000000001, &(0x7f00000000c0)=0x3, 0x3a) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x2, 0x2) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000140)=0xd7f1, 0x4) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") setsockopt$ax25_int(r1, 0x101, 0xa, &(0x7f0000001240), 0x4) ioctl$sock_ifreq(r2, 0x89f8, &(0x7f00000000c0)={'sit0\x00', @ifru_addrs=@in={0x2, 0x4e20}}) r4 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$SIOCX25GSUBSCRIP(r4, 0x89e0, &(0x7f0000001280)={'veth1_to_hsr\x00', 0xa07f, 0x1}) read$FUSE(r4, &(0x7f0000000200), 0x1000) 02:14:11 executing program 2: clone(0x8000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/avc/hash_stats\x00', 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) sendto$inet(r1, &(0x7f0000000640)="9879122b43643407958216604153c6535bccc1aba7fab2db8627ab4afc47e50eb34aa286109a55e77d94f93309b0a725dfeff5ec2fcb9bb87e8c400ff57060044a6671f0cf294d20b8b5e3f768e2fcc59e21d408020e77f25d8a69d13980dbed69d3416ec4ada93a385e96d9c96a2b4c9633721d6e86d47173918c390b6fe0bcdbf5590b3ac46a10a6702de6990ca5b6bb6857fac9dcdbd89b3b51aada4dd4d81f3c85a7e2f20eb45e335a564de7086f63bb77556fcf945995a248fe5eacde8d92b04f0c", 0xc4, 0x0, &(0x7f0000000740)={0x2, 0x4e24, @loopback}, 0x10) syz_mount_image$ceph(&(0x7f0000000000)='ceph\x00', &(0x7f0000000040)='./file0\x00', 0x2, 0x7, &(0x7f0000000540)=[{&(0x7f0000000080)="3073f9e88f", 0x5, 0x42e6}, {&(0x7f00000000c0)="4dc08a57ac89ee3710f20155cdbf3af84a3d90f1b51303cb9a3e1d8a83599f1bff705a0f9dd04e9a8de245934acc96d43cce9339ef86a47f29f6e017fda107579b85d2030c7c411f169490ba8aad7915f0cd350ab68422c0e3c029b3d56621fec9446818e865bca433d18fec9f704466a191cb8741733983eb2f6a66124ca9b1e0bc9e1dd26b52b64660effc8a031d0d326323f64bdcb60eec1d8e3ef6d036d641da80accabdb01557daba0d68781466794d5a244894bf04abb7d8c0e0b388bb82842d797cffb3ffaea66458e23cc9523c4f7c34c027cb150f20", 0xda, 0x2}, {&(0x7f00000001c0)="4a3721c0453979a38a5c6f26b6cd9438dc4b9238189a294f2aa6f501a2ce6b26f5bffffb8078ea06d7c579c044ce465e712117df9a2e514406fe8589f4fec5ece68c7c8ef5ab9a8b50c4aaf00e8ce5b1746a3b4533d7cc0454ea539f233a911322205d3284268395f5702549b5f17a39090a58b382c3a6b862025703e067ae05ab97a695b0aa7f4fe6af6d4086e7f02b56d652983ba55b11168e3fbd26545cb2199ced2dd25e2ef3d2561d25943a5eca36a08bb3df05", 0xb6, 0xfffffffffffeffff}, {&(0x7f0000000340)="5067faab11ef454c040d94e99c7e061957de035f3c132b992773bb3bd4aea488b9b0da42c27bd80e4e22e322d07fd6484cbc158c63dca7410497bdc119582a3a69ddf86eb5b5450abd06bd68c622b0d3edc30cff291cecdb619c271ae9ec3e5040d8e275a164589d739bb3a96b947a344e8ff43918e16426e46317ea00ec84d96820b4413e9d3d09e3ca11dcefbad87a7a222d386f", 0x95, 0x3}, {&(0x7f0000000280), 0x0, 0x7}, {&(0x7f0000000400)="3c678cfe5a47051c2c1e296b050c0baf7242e17bfebfacb279958f3f3ac361b6e2a1b9d498b9b7d0173ed8b2ec959c4db9997c45bd6c7032c6e0a2e76186667323e6d6323d57aad80c53fa902a45538b73d2528824d4e953be2cecd5e49d39ac07f5ff1c89e80b1409b1ff9fcfcb5a1e7fcdd1d20575b7e2fb0b9a484b8270c6681ce046fc2914132b7f3b4f365341f24e7b46660778b4352fcc816093e66a8f80df19220730", 0xa6, 0x53}, {&(0x7f00000004c0)="29d524c4a26398fcfc8d9f9c648a549a8dc9b03e74c7966e059f2f4f658baa64207735a5101076347c67312717ff62c80cf3ed17900b8a3d4553b45228d3569de1db0d54ac5d575fd1828bec7023b19be37372e8994d51d1649912cde6f94c", 0x5f, 0x8}], 0x800000, &(0x7f0000000600)='#*]system/\x00') [ 234.065263] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 234.065263] program syz-executor.1 not setting count and/or reply_len properly [ 234.134744] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 234.134744] program syz-executor.1 not setting count and/or reply_len properly 02:14:12 executing program 0: syz_execute_func(&(0x7f0000000040)="640f2c6d35afaf2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d9621506640f79c78d5822dbf36410fc1f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c67777dce7440f704eee9864f2ff4ed000f4c4617be6d209912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af9006666430f5ef04805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc467a2dd990cb1b110217cedf9c403816ee3bd39058b97619236725bf4e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") 02:14:12 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000073b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:12 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = socket$isdn(0x22, 0x3, 0x27) fgetxattr(r1, &(0x7f0000000000)=@known='system.advise\x00', &(0x7f0000000340)=""/4096, 0x1000) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000001540)='/selinux/policy\x00', 0x0, 0x0) connect$llc(r2, &(0x7f0000001580)={0x1a, 0x30f, 0x6, 0x3, 0x1f, 0x6, @remote}, 0x10) 02:14:12 executing program 3: r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x20881) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000001300)={{0x580, 0x1, 0x7fff, 0x9, 0x9, 0x8000}, 0x4, 0xc334, 0x0, 0x2000000000, 0x2794, "a2f130e257790f6f3023937643d800d21b937a19342fb1270f997ef38b4af7c99a35cdb4f0f15fdcb6cc9a2f062724067059f8885fc0044558aa9ec4269554a6cf01876dd017a5f3bb3acaffb69311ac8cc918fdabede335e5034528d06a168d4784fb129b254a355071b89ae0430f9b852cc30cf451b5a99a95646a3d952f68"}) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80002000}, 0xc, &(0x7f0000000100)={&(0x7f0000001200)={0xf8, r1, 0x0, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x200}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x6}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x45}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xe000000000000000}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x200}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x6f25}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x80}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1, 0x28}}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2c}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x1}, 0xc1) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r2, &(0x7f0000000200), 0x1000) 02:14:12 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 234.329339] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 234.329339] program syz-executor.1 not setting count and/or reply_len properly 02:14:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000483b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 234.488819] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 234.488819] program syz-executor.1 not setting count and/or reply_len properly 02:14:12 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) 02:14:12 executing program 2: r0 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$update(0x2, r0, &(0x7f0000000100)="1736ce0f22b25406b53f0fe9cfe079136da25d5a7fa696ea0b0eb0873614d8d80b9770855d5228f23354f0382b2fc016a922d701af4f7d29159d0b2b602ed42229", 0x41) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f0000000000)) r2 = accept4(0xffffffffffffffff, &(0x7f0000000180)=@hci, &(0x7f0000000200)=0x80, 0x80000) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000240)={0x9, {{0x2, 0x4e28, @empty}}}, 0xfffffffffffffff3) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0x4, 0x2, 0xf16) 02:14:12 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x10000, 0x0) getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x6) 02:14:12 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d0200004c3b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 234.936996] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 234.936996] program syz-executor.1 not setting count and/or reply_len properly 02:14:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000003060501ff008dfffdffff2e0a1000000c000100ffff00007d0a00010c000200000022ff02f10000"], 0x2c}}, 0x0) 02:14:12 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000683b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:12 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:12 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f0000000040)) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:13 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) [ 235.207843] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 235.207843] program syz-executor.1 not setting count and/or reply_len properly [ 235.240134] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 02:14:13 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) 02:14:13 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) 02:14:13 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000002060501ff008dfffdffff2e0a1000000c000100ffff00007d0a00010c000200000022ff02f10000"], 0x2c}}, 0x0) 02:14:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d0200006c3b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:13 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:13 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) read$FUSE(r0, &(0x7f0000000200), 0x1000) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x8000}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000000c0)={r1, 0xd3b}, &(0x7f0000000100)=0x8) 02:14:13 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40080, 0x8) getsockname$netrom(r1, &(0x7f0000000040)={{0x3, @bcast}, [@netrom, @rose, @netrom, @bcast, @rose, @rose, @netrom, @null]}, &(0x7f00000000c0)=0x48) [ 235.813793] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 235.813793] program syz-executor.1 not setting count and/or reply_len properly [ 235.849020] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 02:14:13 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:13 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000002060501ff008dfffdffff2e0a1000000c000100ffff00007d0a00010c000200000022ff02f10000"], 0x2c}}, 0x0) 02:14:13 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:13 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f0000001200)=@v2={0x0, 0x0, 0xa, 0x22, 0x1000, "ffb09077deb7d3e36a9e75c82360adc88fb4c5d2e960ac07a6981ba47fd0270ea12cb1afdc28a6cb1107e5883ccc32b3722eaf9095a20dad0ca428cb8c4913d31693a77191748c155abe1907d1a0a1226d6ced98aa0910fec3cf795171301675766fe637057e1a8262494aa7ca1305acb519635347177e70fb5cd5d2291b4b0d90970f72f4e18266fe4f7469d3b7e2e9a30598dc02770a7d61a0f9f27752b3168c2051bf782c654ce72866ebf09a0eac1cf69ab796be277d9d009ccd47995dd8251a36e323db612ed16832f370b855ca9dca6b4689fa7d8e65323ad79554515e6e2ca00b048643422398b1e5bfafb98dd4fb27b2acf9f1d821abebd26f9f076e7592bb64509b03cbaf7dd8326630be474b2bc41672bbea86294574690e12a9acf0d90929978f7abba6ce3ea20d0b7f8d5591dc9545f8cdb136c1f7d075454e16bf2c37741fb6e1db7e972da7492f3b43b56d0cb7e0c1981f8b9d961ad9ec331b3ba29c9fc0b9a28ff14e1a711a0c65e32967604514bc4ab4b169716fad3b6dfd3514d967999fc11c3422f12979f91cd37a61afb565af1b4c66b4e386156080fae74ef27b12e77b4fa5310b0f7fbfd7af2828469cf4c99e1ee7c76c768775c6d2b91148506130548be8db96cb351e8511f80dbe4dd63a2a11105a5864458b89e3d109fbd0d86f8a79b05164e1e78f5b1d2783799107e7dbe14fd8826b19f989f3c7afd3f11befe449c88997e6df1ec97901f541c07b58f187a489962a7eebaf3317c34aa5f3b261ba8e8b1494ba7db4d876ae15ceab8fef9e84f266c0efe5fb3f8a3fc06567f138878965063bef6a13f2ac44717b3c115a0fdbd3c3ef3380233af445e4eb6fb3a502bd0066ba7a86b4c3d0007485006cc149280df39a41411a0710db163d6eba875cbc97f2ad3ce0efe02ce4a56f0aa74dcdc15dee7e728dcc326621d2402af1c4750a80bcb426b682ee67d5e69c8522e53e1f1f827c4095344d1f0f5f4c1a0f4b0167316e378a8c227ceb1d659067dfa050e8bdadc0e6812b15a90880b22e58a1296085c42b1b27752ce869e6fd47e3edec19a944db339ba6e83e7842f1be6c34c20ab6c4720527a6a5e9626769b0436d824a6457df803cf6ef9438d8649cdd86c2f0d77d06e3d3b54dfd820ad4a07040c7ecc962a9e80cdb220517ba1955efd2133636d7256fa973cf3ab1f26c5e58ca5933753876dbf6d9888568a9c21640dc098db3052920f1c86e66b95c56a7593ace47326a74cc2433a59cd92a0b147a27671766b001a5c1cf6f99ed715b353b6bbe1db46767f38af7ae0c6359c426ec83cb65ef0537adaed082a072d9b302c2104f12a09a95a15ad2be900374a65628b1d78d3a919c88a6795eb57f55730864c4fd6ad8a11c72f78a5790c584fe3029fcd572dae727b90254a67658bde5624aa508dd440bda8b9c225d7bdbe5f8e5c333931d24b9c39b0b4bce10841537bb5c8a1c89762c4ce8ccfa5fb632b2c99905ce555de02f8cfd054eeefd5285af9fc7ee971d483cc2916cb68757f952e3432be9f11950aa4a38432a02a67fa8c10130d022ecb9a1f01ff89c3a7f0da30e5c43a292e3ca5c1794a470da7ec629241a07c7819323de8314d025e032b15e4f090813c8595bc625f180fda954b2a8d59b0418ac5a7d279fe7a0005aaf5952d94d6ec3f52324ef56d2067da3f37dde95d680fb5e9e28de39b8d0e8c5c8855e4867a7c4ce50785a151c561da2bf058874131771d9e580d4d2dea3ae893acbbdc32e8fc081945c86ddfc61d7b63b36348fa67df7be3261585ab48635bbc84998e8d627bfaf889af831900e8b8a3262776a1acb0152b29fa1f959cf586ade6fd02f46065ef24ef8adb6d90a49e57c1bc31aa83a55b6130ba1160e291bf7f67d05b40841f04e1ce17458e907989ff03df69ac63017039a5d2cdee6df2b687be871662e36f2dad8b12ca718c59e869ce6765451c9c6ecf73aa9dc548a940412572bc501a1cab8591029c156ca1d23623c85ffc04ad00091bc05ae32cca302c10eccfdc46d174fe231a396495a703a0ba1c5b13217c7f66a5b9aca4dab8f030b9c40f5d5b28a8912a451ff2a813f4f7f24db05a1a1760c01bbed27394ffbb97ce9109dee3b7f884095817993ae124776ab27f3ff9a4dde35fbc47968f310e31a95fb5b7c29495cad389905088508d62da1fc9baae677d250232f9a8b63cc1c8ea609ce92cca28e8d433c2aa0d22e0eea34e3d8940a03c8cbef1420ad6362d9aa011af343a50fc890fa325b1962cf914fb46267fead49ce9228bbfff50c64137ad636dc5df9c434285320c7e931ae3cec901f2cc3b9527c5104fd1474122554b94faf10591f1f23cd27c7a7e2a27891579806cb8def39e70095d2bb2d0d52741cb41fc92aaa3be9513c063ef25ccf498269d0cd2e958f03098422c28ee594ef47aeb022f4d4aaabc1c6732e6fbd850dca34c15bfd9d341dacf02766cf50617100de74e50eb56ad068c7e1dfa837f94f6c25beaca107e7da066734681a9408c2a0c9857561c38f710325529680e5970461f92ad1dc7887e8848c7151d6f14bd15b8ce963436fb5c84bab384cf0a8068b21171b1ce603a5870f61161bcd4e5c68daa7f71268558b982552cd1182841a9e10df91c1703a634229e954e7e24f1d97dae89c398fbe5dd1688b594c0d80969675f14051a75f4c76d4c94d7997429c8cacbcbf663221aba074ffbad71fbdf8a1707c6a584aaed6322e6f3dd5d0fe996f0f5c4c0f0d7d3e56c875eebcc2c6ac42b2134fe6fa41add5467d1aec1d1ec44a32f3d0fe04216f67b4352b3b882c6b31d6be0201ecbac1a1e56ba3c7b904c29865f6f9c2fdc7558d2ed5b27e30ec73c4ae86dd342fdeb6fc8c6d7613ac4b39ba5e38238319b957c90ba9fd7dc28ace1364667ab78c29baf9cd9df09f420fe9a2a0a1ee008467019a8cd58c9cd31540caf537918b05b97bb68338d2729beb62827432b40957658ce51d91dbaac9e095d314019af7acb533c194eacc3504926734330b3b0deaba97117ac2ee5d6cea254b39d78447200690adf59825e5b0da9c243d7ebfd31d49eed9ba10f3ed4cc55086c09095537136ea7790891f683a8297a3a38a6faefe5976672d61ca5638a08fe92371c44bbc564cd17e8475e3c827da2618e8eface0be76d5296745031ecb5bb0db521f93b8569dc16cb24aa04dae81258186cf5c210bde8ec8ad13866a319519306cc186b136ae56230191e08b82618f78ce4f07df6ac7073893ab69707b95bc242e065118a9bc604d2e6c8c63577a16c214886f8b36d47bc041cc605dc71db3d662fcec9db885ad8ab43b5bec358640a86a1c9f41708ae37e65177aa9953bcea833de56113f3f924d51faf63ed1a2369c9976fcba3c2736e7e6804c1b9b96c82d5edd178572a21b9dec14c44eb7bb80d8233bc7b6d5cedb582de4168eb665be3b589ba6d6c3d1fd3bd12bc13ca82d2a2eb8a2fda8fdce10c95d9aa1ec5520a782344ce0e8619c9f518248aca556386ad2c0aa53091a28b45dd7d183635fbe50175939960c2c354a9f76e0dc46ba57076d9ab851b563f712c027896a5d454ff1a1ebde190af73d0dfe0682e38404a1a4767d7bce04f08c77cb11bd53a637c513a2c8b44a498c3f0e855380c88734c6c7aff42d0a72881171957969f5b9cf8950d4c515742a4cd8b9e763088564206082a9d024f9b3f245b3833d326c4860f935c7869f4b7df76c1751f478c3c6e34f9a07cbb6f70f68084b3c4acfbd810ce5069c165003257436f5d4d786c35c053e376a1c5e617f870c2ef02988e8da8f82b1b869ae4081328c52142ba08001f139daf0f062f30b63a8ee8f167bf5a1d27b422cc9af4fb3dcbf62fa95939f34548a54b3be42369a7f7316623fdfb597cba271415607cb5a9ac71d4d82bd815d0083fbcfd72c56e0fa06ef5b93632da29641189702ee2a889fdb879bdf8fc4ecf4e8f37c1099dd73805f6a6fc95dbb8413edc4163bc9382550c10afc40f4867b815edefb92749409bf626975ca579e94e2e5a119ce88e56110497d24df19b7a33af40bd6a321367f08dba066fae973b7fa3a90ee6b57d630624868b4141dbeefa9ef7203178e7eb645fea5aafd5ee83f5b9f73c90d1ccfa1ccc8567aa9d63314fb22a71b2585dc3af9f0f636a138e38a79b815996608fb19043497e32b85751d60d02b1cd509f0b10b160ab72ca64a153dbfe10dce4673324bf5f540890dbac6430818dba3c56a8cda13a6487be2af3bcb1db8b290d6c8a93d9b110277042e6d534c7a957c1dbea02876204b31994b37c2bfbf536a7e0319b1f842c18754a0d6d0c16fd03a00972756afa4e536817c1a0d9c6b28c8f0823f0f20b0edb8750211bc7ebf85c18ed3524d051ee2cdc358e539d17638352880c13f0902df56a79d59ecea523cd2203d49582209a4ad4a76fdf32c95f6b5bd2c2ebd16daa7e9de6d77589fb00e6a3a5cc6bcda147a7168c4f6b4bd923ab761d70bf65384f92bc5e61d05234f68f6178f58b23e5ecfe39e90029e4bf76d3099af2912b3d85a3f279c04ebfb62e5be60bcee5fb7b8d41597cdd5169697b1bb2087e71d2267ff2ff06c2e65d8c7acc4c655dc3a97324010468ec7ab4aa42e2ca6eadfc2cfe87ecf3e3eb4790387d410f2554fb56c8b3a8b5fdebdef0504e443bd9ef02c7a8b4cecb19a3c709dafb0b65d8a66c2a087593c7cf5725212ed388089b374e6b8aa3a78d5b5d0a461502a6aff8b02b22683f0cc6d0dceb42ec0158c8ce86d1a6b52a19f4e21596934a04d658c087bc82e6595438349349a0481552bfda8dd24e0bee93372366be6e6a9a6909230ac8d2885a304a46381651db5ebd7a25fac87c7d6546ef8e3455493b925af4c6b966d5fc84e50c95ac802a63d1df0dc789fa12f623de89b42caf7a9229b8e6719b805b319d343b2de963e7ceace3d94901f37c86bccf2d38777c58899ae3f39d7cce6c3cd645d182fc8ced8a1d4c9936722a49012db17435b89ea5365cab308e1e3d0b90589b6b2c9b76d8e9ceedd0c0c59834d4fb7c0017d3f8d1b21d9ed346eaa073631b7f236c7d8fc52aa7ef62a8fd55cb8e01166f743387a6aed90feeb158e878d01251c281180ee5c13e10032a8c89dc329faf5fadb611a2ec33c334b2d11e43ab6843aeb86e41929880acc68a6ba730af0ece9e35a19f50ad5bc56c225fe8dc9c5f46aaf8c4308510e729712d140cd3e153d1907b61fff24a2777aabf4adb2a6a9a418c7dd1c17cacbee4d2f0daaa06f3e1ef5ee2346b355e3103d2e25d1c1abd410885f9835f78ca0d858ba95d7cedf5a03b1b1293735ee8a5409995b4cf94b42dd34b7ca3b3558c351101745cd1f6abcf82a433535ec1d4198eb58ec1a600260f579a746fad5e1c196646331f396a81345b052b6b4b3d0745b4e9afa6b103b21644f8ed794d524ccdcfa741b8ccc6f3561a75f642cb0c3fe6e454c06ca6d8ff9f057f4beef831f981937e8cad85e6f0bd0635add8a83763124d355825e3429feb45ad3b8ca661f1207fad13b598b6f86a235d527f781c9d93f6856cf695afb632c68df55ac2be243554509370cb737043dca208030a5587c797122158366512ee2ab26d56a4ebf3a2f0362190f18044849f339214751b718307a56abd5d9050581a23f22bd4a35ab0e0de60c4ab180940882becb7e1ba033306a8967230053825ea814338e55ebda62f76945e314d0a0b1d618fc1ecfee7d729d7caeb22ce8b80dc2840c38dc2a3a317464f78d49c2404990bb723da4f87d"}, 0x100a, 0x2) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000003240), 0x2e2) openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x0, 0x0) 02:14:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000743b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 235.981713] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 02:14:13 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x200040, 0x0) epoll_wait(r1, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}], 0x6, 0x176e000000000000) statx(r1, &(0x7f00000000c0)='./file0\x00', 0x1400, 0x7ff, &(0x7f0000000100)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 236.105940] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 236.105940] program syz-executor.1 not setting count and/or reply_len properly 02:14:14 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x100000000, 0x49c241) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:14 executing program 5: socket$alg(0x26, 0x5, 0x0) 02:14:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d0200007a3b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:14 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:14 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000080)=0x1c) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$ax25_int(r1, 0x101, 0x5, &(0x7f00000000c0)=0x3f, 0x4) 02:14:14 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x1f, 0x10000) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000040)=0x5, 0x4) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:14 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000002500003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:14 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) 02:14:14 executing program 3: r0 = socket$inet(0x2, 0x2, 0x3) write$binfmt_misc(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="73797a3199b95c2066dba16e8db8397cab1aebb2478f4c24dd8688ef9911fc6d7a3074fd49cf898234791d3a70dac2e49921101fe0c9f1ef65fc5817c81ff101d132e499137675ffb70f02d3d02a12ca433cc9f76204000000f80700000000000000e89bddcba2ab264f226b07aefbe6cbf80cbf3a78609935b9391ed2c8a829f169ca44d0d50a9355ea1501b32d0820c61fe3bbf2a84a4a2cb27c76473dcb02123bf5e0c0e4245b9f606c0d93fed6b00c145046ea8320ee000000000000000000000e5ee7177c1191ef0506a02ab8504b07537ccbcc8ab213befca038fd2f1164ba3e6c92615c7f3c4ae12107522a88583ec07ac5b55947e3855999a600712eb17f0f9d3a8b1b1e19262c60163c8bdd650ded8e8d7f4649cc0ded813324a4bd03fa7e0bdb377507ab5561bcf91bbc94494bbc0680b9ca4b1a822366270d1a06e68ac19d6d4cb692a2c7d8552e391a1cc1a6c0d3b5d6c24a2a6394ef5ca1962b2444fe86543be110d36b608de56579326c61c9461752a646366c35e5399f7a4306f75daf000000000000000000000000b7fef8d59fe48adc0a7c063ef4098622313750d4163c4ea176a87903d8f71dd0b62f64b8ad2f919383951cdd5e0f21b7a0b4c7ec05c1fe1d12cc576289b7bf14d9f59787ad24198d1f691922e4d66516c65476843049b315c1749b022f8c015ac9da8f0ae4dbc39015e10326ada9cf58e96a03d17a48ce54a80dc2fc7538384175f18ded5088eaf446eadafb20ac5705ab"], 0xc2) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/cache_bypass\x00', 0x2, 0x0) connect$can_bcm(r1, &(0x7f0000001340), 0x10) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000001280)=0x7) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000001300)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VIDIOC_G_TUNER(r2, 0xc054561d, &(0x7f0000001200)={0x6, "a5a9a9143ae1c61b8d7cb3a82b4bc041cde8304c8d6be96ab364f37457f649b2", 0x3, 0x100, 0x401, 0x0, 0x6, 0x3, 0x6}) r3 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000012c0)='/selinux/status\x00', 0x0, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000000)={0x2, 0x30, "8791f83cc23ac983f2ee2766b726fb2ffdd10768f299fb86cb01cb58214d81ff5528eda9ed1ea415f438cd485e6ce3e6"}) read$FUSE(r2, &(0x7f0000000200), 0x1000) 02:14:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:14 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:14 executing program 2: r0 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0xffff, 0x200000) r1 = mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000001, 0x20810, 0xffffffffffffff9c, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x1c, 0x0, &(0x7f0000000240)=[@release={0x40046306, 0x2}, @increfs_done={0x40106308, r1, 0x3}], 0x2b, 0x0, &(0x7f0000000280)="7f31a4b1332a6c700c6f43d9a9f2476c76c1f6ad44a038500b4423719b4f862de703da894576e427e15e9e"}) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='trusted.overlay.origin\x00', &(0x7f0000000080)=""/253, 0xfd) rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000180)={0xffffffffffffffff}, 0x800) ioctl$FS_IOC_SETFSLABEL(r3, 0x41009432, &(0x7f0000000340)="af0cebc42e6cf33d6426239f62ab13ca65f0750b194f31d49801af9274ffda8d032108cf3097bc6d7cc68f37fd26085bdcb74c9c515b00497d7d33050f69080ed0e3de4ef8ee76aaaa1d46ce60f3288685be86fb3b410fdf5505d15fe6c446055749af1306686ce33c504aa51ff3030420875add714fe102e5367dc82073cea79f5cd0d2766df8ae30b8e8bdd8f3fe24176d6568fd9b0bc26fecafd65322cdb98670f55d834bea0d6065eba4dea97b1f55f48fc35fa4b64af8e4e2975745f2dc6a2a97aa40cb23b02f7130b7790d132dc6d54b44f7a605230a0e44e487c5e0a7bd0e0b35c43c22100ab89a72b52617f3e7335d05acb042fe27206653e5d4acba") ioctl$IOC_PR_RESERVE(r3, 0x401070c9, &(0x7f00000001c0)={0x9, 0x1000}) 02:14:14 executing program 5: 02:14:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000023b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:14 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:15 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000000)=0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0xc3a) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:15 executing program 5: 02:14:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000033b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:15 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0xffffff37) 02:14:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:15 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) 02:14:15 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:14:15 executing program 5: 02:14:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000043b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:15 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0x280}}) 02:14:15 executing program 5: 02:14:15 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x252) 02:14:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000053b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:15 executing program 2: prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:15 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x2}}) 02:14:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) dup3(0xffffffffffffffff, r0, 0x0) 02:14:15 executing program 5: 02:14:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000063b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:15 executing program 5: 02:14:15 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xe7}}) 02:14:15 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0xfffffffffffffffc, 0x4) syz_mount_image$ceph(&(0x7f00000000c0)='ceph\x00', &(0x7f0000000100)='./file0\x00', 0x9, 0x1, &(0x7f0000001200)=[{&(0x7f0000000140)="60c839df10", 0x5, 0xc7}], 0x1000080, &(0x7f0000001240)='\\\x00') setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000080)={0x3f, 0xe3, 0xffffffff}, 0xc) 02:14:15 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x0, 0x4000) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000040)={@broadcast, @loopback, @empty}, 0xc) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000073b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) dup3(0xffffffffffffffff, r0, 0x0) 02:14:15 executing program 5: 02:14:15 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x1f00}}) [ 238.121907] ceph: device name is missing path (no : separator in /dev/loop3) 02:14:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000483b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:16 executing program 2: r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$inet_dccp_int(r0, 0x21, 0x6, &(0x7f0000000040), &(0x7f0000000080)=0x4) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) [ 238.241728] ceph: device name is missing path (no : separator in /dev/loop3) 02:14:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) dup3(0xffffffffffffffff, r0, 0x0) 02:14:16 executing program 5: 02:14:16 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xe7ff}}) [ 238.316745] sg_write: 9 callbacks suppressed [ 238.318266] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 238.318266] program syz-executor.1 not setting count and/or reply_len properly 02:14:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d0200004c3b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) epoll_create1(0x0) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:16 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/sequencer2\x00', 0x101000, 0x0) ioctl$SIOCAX25GETINFOOLD(r0, 0x89e9, &(0x7f0000001400)) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000001300)='/dev/vfio/vfio\x00', 0x2400, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505331, &(0x7f0000001340)={{0x100, 0xfffffffffffffff8}, {0x4, 0x8}, 0xc169, 0x7, 0x2}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x101000, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000080)={0x0, 0x2, 0x30, 0x7}, &(0x7f00000000c0)=0x18) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000017c0)={0xffffffffffffffff, @sliced={0xff, [0xff, 0x2, 0x1, 0x9, 0x0, 0xe8, 0x1, 0x0, 0x100, 0x4, 0x1, 0x1, 0x7, 0x1, 0x5d17, 0x4, 0x7, 0x5, 0xfffffffffffffffa, 0x7ff, 0x8001, 0x7, 0x2, 0x6, 0xbee6, 0x1, 0x1, 0x4ac1, 0x101, 0x1ff, 0x0, 0x4, 0x9, 0x8933, 0x1, 0x40, 0x1, 0xff, 0x40, 0x2, 0x7, 0x0, 0x8d86, 0x65, 0x40000000000000, 0x6, 0x8, 0x100000000], 0x6}}) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000100)={r3, 0x5}, &(0x7f0000000140)=0x8) r4 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r4, &(0x7f0000000200), 0x1000) 02:14:16 executing program 5: 02:14:16 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xfdfd}}) [ 238.530719] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 238.530719] program syz-executor.1 not setting count and/or reply_len properly 02:14:16 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340)='/dev/hwrng\x00', 0x800, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000380)={0x2, 0x4, {0x57, 0x2, 0x0, {0xfffffffffffffff7, 0x3}, {0xfffffffffffffffe}, @rumble={0x8, 0x6}}, {0x56, 0x9, 0x4, {0xfff, 0x2}, {0x7, 0x2}, @rumble={0x3fc00000, 0x3f3}}}) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) r3 = semget$private(0x0, 0x5, 0x28) semctl$SETVAL(r3, 0x7, 0x10, &(0x7f0000000280)=0xd0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0x40045542, &(0x7f0000000040)=0x401) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="b36afbe1", @ANYRES16=r4, @ANYBLOB="000428bd7000fedbdf250800000034000200080006001f36000008000900e0ffffff0800080005000000080009003306000008000300020000000800030007000000"], 0x48}, 0x1, 0x0, 0x0, 0x4040}, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'veth0_to_bond\x00', r5}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) 02:14:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) epoll_create1(0x0) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:16 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, &(0x7f0000000040)=0x8, 0x4) 02:14:16 executing program 5: 02:14:16 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xffe7}}) 02:14:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000683b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:16 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x7, &(0x7f0000000000)=0x7) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x204102, 0x0) write$P9_RREAD(r1, &(0x7f0000000040)={0xbd, 0x75, 0x2, {0xb2, "b886f8b2a97dd53e69875b2e5f43ba64dd586d2f12ed71fd9b615ee7d801c3d49cf998c079538e358b469061e53e9c597489fa74313aeafcc20cff711d66c19800bc12303d062f69f7276601c8c3e46b7e9e5813b74856a34002126abc35f2614881e948029626d466e4b6e019190bde6166baeac6626e3fa1cd42ab2bacc31d64da8a41a82b8a9022904691e677900a1a633e32e5848b295975bc02b71cb217c18d3c962bfe7c71540833f899ba385ea4c4"}}, 0xbd) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:16 executing program 5: 02:14:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) epoll_create1(0x0) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:16 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x1000000}}) 02:14:16 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) connect$netrom(r0, &(0x7f0000000040)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x7}, [@default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @bcast]}, 0x48) [ 238.884912] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 238.884912] program syz-executor.1 not setting count and/or reply_len properly 02:14:16 executing program 5: 02:14:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:16 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x2000000}}) 02:14:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d0200006c3b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:16 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2040, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000100000050000000000000001000000ff0f0000030000000000000004000000000000000400000000000000010400000000000000000000000000000000000000000000002000000000000000000000000000000400000000000000980f000000000000e2070000000000000000000000000000000073000000000002040000000000000000000000000000090000000000000004000000000000003b0d000000000000000000000000000000000000000000000200"/200]) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x2000, 0x0) ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000240)={0x17, 0x82, &(0x7f0000000180)="fd26427c3b3dc5e2e2a8cf22f61784abcb04fd18e7daf5617e40cccf2dc06457f8d39b53677b01264021d2ccc6e62282d3495a31d39693c101b4f6efa78fc6488219f64ffa5d465d9712fec788a858c4bd30e6df7492eea03187ddabcb281159f51cefc623666512e9002306b0e9b648fde73299b81f58d4cccf1c6827948dba3c96"}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) 02:14:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:17 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:17 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x1f000000}}) [ 239.258303] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 239.258303] program syz-executor.1 not setting count and/or reply_len properly 02:14:17 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getpgrp(0x0) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) getpid() write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:17 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x52424752}}) 02:14:17 executing program 2: clone(0x40000000004205, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ptrace(0x4217, r0) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000743b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:17 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:17 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x52474252}}) 02:14:17 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getpgrp(0x0) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) getpid() write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) [ 239.552655] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 239.552655] program syz-executor.1 not setting count and/or reply_len properly 02:14:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d0200007a3b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:17 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x56595559}}) 02:14:17 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getpgrp(0x0) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) getpid() write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) [ 239.812775] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 239.812775] program syz-executor.1 not setting count and/or reply_len properly 02:14:17 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000040)={0x51, 0x100, 0x20, {0x7fffffff, 0x7ff}, {0x5da9, 0x3}, @rumble={0x4, 0x1d3}}) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) socket$inet_udplite(0x2, 0x2, 0x88) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:17 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getpgrp(0x0) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) getpid() write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:17 executing program 2: clone(0x24800000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = syz_open_procfs(r0, &(0x7f0000000080)='net/netstat\x00') r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r2, 0x400, 0x70bd29, 0xffffffffffff68ee, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40044}, 0x20000000) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000040)=0x200000, 0x4) 02:14:17 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x59555956}}) 02:14:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000002500003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:17 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getpgrp(0x0) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:17 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xe7ffffff}}) 02:14:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) socket$inet_udplite(0x2, 0x2, 0x88) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:17 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$EVIOCGPROP(r0, 0x80404509, &(0x7f0000000080)=""/134) read$FUSE(r0, &(0x7f0000000200), 0x1000) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000040)) [ 240.132051] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 240.132051] program syz-executor.1 not setting count and/or reply_len properly 02:14:17 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getpgrp(0x0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:18 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xfdfdffff}}) 02:14:18 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40040, 0x0) write$P9_RLCREATE(r0, &(0x7f0000000040)={0x18, 0xf, 0x1, {{0x23, 0x4, 0x7}, 0x1}}, 0x18) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b02003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) socket$inet_udplite(0x2, 0x2, 0x88) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:18 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) [ 240.349557] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 240.349557] program syz-executor.1 not setting count and/or reply_len properly 02:14:18 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x9) r0 = syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000140)=0x4) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x101001, 0x0) 02:14:18 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xfecaedfe}}) 02:14:18 executing program 2: fstat(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x7, 0x5, &(0x7f0000000500)=[{&(0x7f00000001c0)="5b36b7", 0x3}, {&(0x7f0000000200)="30cabf926138c466ec188e921da0eb48b2800bf514cb247cffef29d506882209f6dc39ae73adcfc8d9d678b02a61a289993adc27a14770d26164ba9d8f09be8b18a60ff96c2a5767eb5d32e42f2fcb72d18126d5a443bf60c46bfce49450b796b7292dfe465c036e3129b8e628b2f87235d6f5da647db9fc705803b12f5a010892a50121c014cac32ed7b76c89ecfea96f3fb92152bafc0ebb68c3c2a22556cac7b4dd", 0xa3, 0x2}, {&(0x7f00000002c0)="0a8ddf7dd86cf26a02199362d258cf770fcb4117703fb6aae91386606db03777c8c7c4473e94736400544451782b51bb1e1e03347b37aa12bfc385444fd76d8f0640c20188a67afea357ad6ae6df351c3317b699efc9a303cee8bf795d9cedbf655fc0e2392eae74dd3e40d032b497d4ad91736a2a974afc4a18fb366b50233eab243595459c00601a203b41c9c518fb51eb2def4bd8baf6f9b7c7d2f878016bfbf996c28a571cd677ea64c27fc01426be7626c0d7ef2cbda1cb3a69ba2ad6d4eba5f43601c560d1020e", 0xca, 0x4}, {&(0x7f00000003c0)="eb27bca22bfbb4f934c0de14f1ff70e3ec19e51ab5948deae8fcecc26214305e161506a6fa2479dfffc8cba372a921bd47aa0a1c1ba0cd279d5a642018b55dd1eab88acd8cdff98526a1bc3c979b7ef374dda21a4ff85551068f4f31ff0a0ceeb7fee50e2589d786d371dd7af24fe2d666c902d31ebb5e533aec8595b4d0116e60127e0a3d6196a9d3904e1a051a348d2e1fceba0df77af34348a105b7ec3a649cd3120a3ee822b5313bc60327923ed0dc245fbfa0a198bc93ae2281fb3b6216972bee0401585e166833c21792de41e16f54fa7dee5e31e88cbb2308b0e16e73816e3765ba22db69d92229286b", 0xed, 0x2}, {&(0x7f00000004c0)="896f37b2b6965ee5b9", 0x9, 0x9}], 0x2, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',defcontext=root,audit,mask=MAY_APPEND,dont_appraise,func=BPRM_CHECK,\x00']) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='sessionid\x00') bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x3, 0x1, 0xa, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], 0x4000000000000333}, 0xffffffffffffff10) fchmodat(r1, &(0x7f00000006c0)='./file0\x00', 0x128) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x19, &(0x7f0000000000)) ioctl$KVM_DEASSIGN_PCI_DEVICE(r1, 0x4040ae72, &(0x7f0000000700)={0x5, 0x0, 0x8001, 0xbfb1fefd38ab4c43, 0xfff}) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000680)='/selinux/policy\x00', 0x0, 0x0) 02:14:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:18 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0xb) 02:14:18 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1000) 02:14:18 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xfeedcafe}}) 02:14:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b03003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @local}, 0xc) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f00000004c0)={0x1000002, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @dev}}}, 0x108) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x6) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x40000, 0x0) ioctl$BLKRAGET(r3, 0x1263, &(0x7f0000000040)) 02:14:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:18 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0xb) 02:14:18 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xfffffdfd}}) [ 240.719751] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 240.719751] program syz-executor.1 not setting count and/or reply_len properly 02:14:18 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xffffffe7}}) 02:14:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b04003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:18 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsetxattr$security_smack_transmute(r0, &(0x7f0000000140)='security.SMACK64TRANSMUTE\x00', &(0x7f0000001200)='TRUE', 0x4, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x9, 0x0) ioctl$VIDIOC_S_JPEGCOMP(r1, 0x408c563e, &(0x7f0000000080)={0x3ff, 0x9, 0x12, "8c5005c57c13ff40c543c26a3b6ec371954da6f9a220ce7bf257e809426de8c29a0166b2faa344ca53d9bbed8f6c0defe7acbc527ad3242591cfb6f4", 0x2c, "c59f5b73ce40e1b6197ce83b94d2a145e8ac6503f48f29e70848f3636289d82df5bc96b7bee64ca5376a9ed858ff6c22e5072cfffbce50c7b49c7f68", 0x80}) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r2, &(0x7f0000000200), 0x1000) 02:14:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:18 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0xb) [ 240.921002] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 240.921002] program syz-executor.1 not setting count and/or reply_len properly 02:14:18 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x100000000000000}}) 02:14:18 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b05003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:18 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x200000000000000}}) 02:14:18 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:18 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x80000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) socket$bt_bnep(0x1f, 0x3, 0x4) perf_event_open(&(0x7f0000000080)={0x7, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_CROP(r1, 0xc038563c, &(0x7f00000001c0)={0x1, 0x0, {0x7, 0x100, 0x9, 0x1}}) ioctl$SG_GET_ACCESS_COUNT(r0, 0x2289, &(0x7f0000000200)) read$FUSE(r0, &(0x7f0000002200), 0x295dc27d268e0ac2) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40485404, &(0x7f0000000100)={{0x1, 0x3, 0x4, 0x3, 0x20000000}, 0x15, 0xff}) ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000180)=0x2) 02:14:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b06003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:19 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0xfd, 0x800010) r2 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/create\x00', 0x2, 0x0) preadv(r2, &(0x7f00000004c0)=[{&(0x7f0000000040)=""/163, 0xa3}, {&(0x7f0000000340)=""/162, 0xa2}, {&(0x7f00000001c0)=""/20, 0x14}, {&(0x7f0000000400)=""/70, 0x46}, {&(0x7f0000000480)=""/30, 0x1e}], 0x5, 0x0) openat$cgroup_ro(r1, &(0x7f0000000140)='cpuacct.usage_user\x00', 0x0, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x400, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x5, 0xd6ff, 0x81, 0x401, 0x101, 0x5, 0x82, 0x5, 0xffffffffffffffff, 0x8, 0x2, 0x0, 0xffffffffffffff7e, 0xa, 0xce, 0x9], 0x2, 0x200040204}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:19 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x2, 0x0) 02:14:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:19 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x1f00000000000000}}) 02:14:19 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:19 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x5247425200000000}}) 02:14:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b07003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:19 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x9, 0x900) ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000040)=0x1) rt_tgsigqueueinfo(r0, r0, 0xd, &(0x7f00000002c0)={0xfffffffffffffffe, 0x36c2}) move_pages(r0, 0xbe3a3ebc873044fd, 0x0, 0x0, 0x0, 0xffffffffffffffff) 02:14:19 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:19 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:19 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x5955595600000000}}) 02:14:19 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b48003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:19 executing program 0: ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) r2 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(r2, 0xffffffffffffffff, 0x0) 02:14:19 executing program 2: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video2\x00', 0x2, 0x0) r1 = fcntl$getown(0xffffffffffffffff, 0x9) fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x2, 0x8, 0x0, r1}) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) modify_ldt$write2(0x11, &(0x7f0000000000)={0x0, 0x20001000, 0x6000, 0xffffffffffff0000, 0x0, 0x10000, 0xffffffffffff8001, 0x2, 0x1}, 0x10) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x713000) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=0x0, &(0x7f00000000c0)=0x4) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000000340)=ANY=[@ANYRES32=r4, @ANYBLOB="07000200ffff0100071f1cc576097733bc45a6782c4cc2c8e415e176a3fd3e0b865ef163866d95d2ee8837c940af6953831c5705f2013d7441b8a016f7ac2cfb2e96c2af96ddb09326c743ebc509ea8556df741d05c12410efde4e3ed6fdaea2603666fa702a11f326cd7d01520625c371ad5085ddbc60fa2be9143b419cf79114cfb782fad3d6898659f38cda2721c717f36453af7c1464255a01a0e5ce6538a960dee6f66c3bc06ee09a57505b48b5e0b21ae13402c6c1f6521359f35267e028e9cef6901dce330db9ea1c42b2f394b6b2b0a339183880bb5ac43e98f5591e1cd79b46e426db9d02b781ddf70c00425d9daf0bfc33339e6ab68fcfa6af8fe54e84d98c048262ff4fd89a43a6f842986e482d6731ad8149bef17595cf5fd1a859aa455d43356a72043a6761d4c4d62fc98eaafddc1ffb4a66c648a8183ba56f977021c19283cac9ed5400"/343], 0x2) 02:14:19 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xe7ffffffffffffff}}) 02:14:19 executing program 5: fcntl$addseals(0xffffffffffffffff, 0x409, 0x5) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write$P9_RWRITE(r0, &(0x7f0000000040)={0xb}, 0xb) 02:14:19 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f0000000040)=0x1) 02:14:19 executing program 5: fcntl$addseals(0xffffffffffffffff, 0x409, 0x5) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write$P9_RWRITE(r0, &(0x7f0000000040)={0xb}, 0xb) 02:14:19 executing program 0: ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) r2 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(r2, 0xffffffffffffffff, 0x0) 02:14:19 executing program 2: clone(0xfffffffffffffffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b4c003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:19 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xfdfdffff00000000}}) 02:14:19 executing program 5: fcntl$addseals(0xffffffffffffffff, 0x409, 0x5) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write$P9_RWRITE(r0, &(0x7f0000000040)={0xb}, 0xb) 02:14:19 executing program 5: r0 = memfd_create(0x0, 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:19 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xfdfdffffffffffff}}) 02:14:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b68003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:19 executing program 0: ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) r2 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(r2, 0xffffffffffffffff, 0x0) 02:14:20 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x210000, 0x0) ioctl$EVIOCGID(r0, 0x80084502, &(0x7f00000012c0)=""/76) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={r0, r0, 0xc, 0x2}, 0x10) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000001400)={r0, &(0x7f0000001340)="84f275a1a7656f9ced4afab4b516a832868202babf5b776bdb5df979bfb99dd091b1ad1046b0489f00", &(0x7f0000001380)=""/98}, 0x18) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000080)={0x0, 0x0, 0x2, [0x9, 0x20]}, &(0x7f00000000c0)=0xc) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000001200)={r1, @in={{0x2, 0x4e22, @multicast1}}, 0x7}, &(0x7f0000000100)=0x90) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000001440)=@req={0x4, 0x5, 0x4, 0x6}, 0x10) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x1) read$FUSE(r2, &(0x7f0000000200), 0x1000) 02:14:20 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000240)={0x8001, 0x80bf53bb96213bf6, 0x6, 0x9, 0xfffffffffffffffd}, 0xc) r3 = socket$xdp(0x2c, 0x3, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000180)={r3, r4, 0x800, 0x84, &(0x7f00000000c0)="89ea30c609291a26f8cd77799e17374af90a65fccdcbfe2e97299681268c063385f154199804afb73e5b572bceaa9a4d9a5004a711f8657c62bc524ceb7f1944792dbb03e9c7631158a7a43333b1c1aecf6fe7c2402e53c2bef9b701d04f4fb6384c6af33e7459ec4969f105e61d0aa5c73723fe906742a05cb921d272cea5440227466e", 0xffffffffcaca69f5, 0x9f2, 0x3, 0x1ff, 0x9, 0x2, 0x9, 'syz1\x00'}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) rt_tgsigqueueinfo(r0, r0, 0x26, &(0x7f0000000880)={0x0, 0x2, 0x4911b800}) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x501102, 0x0) setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f0000000340)=ANY=[@ANYBLOB="080000000000000002004e2300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000900000002004e23ac1e010100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e23ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e210000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e21e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e200000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000df0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e23fffffff900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e237f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e21ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e20ac1414aa00"/1296], 0x510) 02:14:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:20 executing program 5: r0 = memfd_create(0x0, 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:20 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x4253cf088c711f81, 0x0, 0x0, 0x0, 0x6) 02:14:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b6c003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:20 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xfecaedfe00000000}}) 02:14:20 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) ioctl$LOOP_SET_FD(r0, 0x4c00, r0) 02:14:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:20 executing program 5: r0 = memfd_create(0x0, 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b74003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:20 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xfffffffffffffdfd}}) 02:14:20 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x400000, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000040)={0x0, 0x7}, &(0x7f0000000080)=0xc) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000000c0)={r2, @in6={{0xa, 0x4e20, 0x8000, @mcast2, 0x7fffffff}}, 0x9, 0x4, 0x400, 0x0, 0x20}, &(0x7f0000000180)=0x98) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:20 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x0) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:20 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000040)={{0xa, 0x4e22, 0x3ff, @dev={0xfe, 0x80, [], 0x28}, 0x8}, {0xa, 0x4e22, 0x101, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x7763}, 0x3, [0x100, 0x4, 0x2, 0x101, 0x136, 0x3f, 0x3, 0x2]}, 0x5c) 02:14:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:20 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffffffffffff}, 0x106, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f00000000c0)={0xa, 0x4, 0xfa00, {r1}}, 0xc) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20000, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @broadcast}}, 0x100000001, 0x0, 0xaf, 0x411, 0x42}, &(0x7f0000000200)=0x98) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000240)=@assoc_value={r3, 0x8}, &(0x7f0000000280)=0x8) r4 = getpid() rt_tgsigqueueinfo(r4, r4, 0x37, &(0x7f00000002c0)) move_pages(r4, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:20 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x0) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b7a003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:20 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0xffffffffffffffe7}}) 02:14:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:20 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) bind$isdn_base(r0, &(0x7f0000000040)={0x22, 0x2, 0x3, 0x0, 0x9bb}, 0x6) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:20 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x2]}}) 02:14:20 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x204000, 0x0) accept4$nfc_llcp(r1, &(0x7f0000000040), &(0x7f00000000c0)=0x60, 0x0) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:20 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x0) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00033ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:21 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xe7]}}) 02:14:21 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x80000000, 0xd0541) r1 = getpid() ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000040)={0x4, 0x1, @start={0x5b6cf5ef}}) rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:21 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(0xffffffffffffffff, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00053ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:21 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000040)=0xffffffffffffff81) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:21 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x1f00]}}) 02:14:21 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(0xffffffffffffffff, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) [ 243.462986] sg_write: 12 callbacks suppressed [ 243.463000] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 243.463000] program syz-executor.1 not setting count and/or reply_len properly 02:14:21 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x34, &(0x7f0000000000)={0x1d}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x12000, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f00000000c0)=@bpq0='bpq0\x00', 0x10) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:21 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xe7ff]}}) 02:14:21 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(0xffffffffffffffff, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00063ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:21 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x10f4) ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f0000000040)={0x2}) 02:14:21 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:21 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xfdfd]}}) [ 243.758162] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 243.758162] program syz-executor.1 not setting count and/or reply_len properly 02:14:21 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000080)={0x6, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}]}) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) r2 = openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x420200, 0x4) ioctl$INOTIFY_IOC_SETNEXTWD(r2, 0x40044900, 0x3ff) r3 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet_opts(r3, 0x0, 0xa999bc8d836c3f88, &(0x7f00000000c0)=""/175, &(0x7f0000000180)=0xaf) syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x5, 0x80) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:21 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:21 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000080)=@sha1={0x1, "9998aac7023ca1635278ea1191986a69061fdb9f"}, 0x15, 0x2) 02:14:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00073ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:21 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xffe7]}}) 02:14:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) [ 244.029316] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 244.029316] program syz-executor.1 not setting count and/or reply_len properly 02:14:21 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x100, 0xa000) ioctl$SIOCX25CALLACCPTAPPRV(r0, 0x89e8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:21 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00483ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:21 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x1000000]}}) 02:14:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:22 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000001200)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000b8000000eb358d8dd489f33a46118fe3c4872f82e57c2711b7369eff01f78a189adf72a2efbc37f02fa4b9e60e56064883f049eb06e779c945854956072dce4c29adbc22fe9e3dbf9a3a6a2154df1168f3047b9a6af0070b954485a9dbce63409a9f85ac9db9895840bebf6de6693cb4177bf878b7036de46910b9f6b3a90e74d46275102f64c4e7c852da6051ab94ca8fcf9c193e38bf9a335f321cda085b94eac8277b029a68bb7e522522c11589c64935c53a2ad13af734bbc14910e237ab35299ee14a0d0fe09df55079916fd15e64d64ca6f5b07607d46d9f05e729ffa72f14196acb6f020756a223bc92e12b610497e4f5eb3137810387324dd9f2ab1d57dec5dd33dfa3a7263cee6647663552381f853bd34b7099aca76985480f6aae4ae717481d38bf0e5dae5e65ead759bb5a26ff7412699430a13eced8f211175ebcd6718781055e5800000000000000"], &(0x7f0000000140)=0xdc) [ 244.217149] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 244.217149] program syz-executor.1 not setting count and/or reply_len properly 02:14:22 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:22 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x2000000]}}) 02:14:22 executing program 2: socket$bt_cmtp(0x1f, 0x3, 0x5) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b004c3ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:22 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:22 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x1f000000]}}) [ 244.494829] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 244.494829] program syz-executor.1 not setting count and/or reply_len properly 02:14:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:22 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/member\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f0000000200), 0x1000) ioctl$TCSBRK(r0, 0x5409, 0x1f) 02:14:22 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00683ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:22 executing program 2: r0 = getpid() r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x400, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000}) r3 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r2, 0x80000, r3}) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$netrom_NETROM_T2(r3, 0x103, 0x2, &(0x7f00000000c0)=0x7, 0x4) mq_unlink(&(0x7f0000000100)='/dev/mixer\x00') 02:14:22 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x52424752]}}) [ 244.733849] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 244.733849] program syz-executor.1 not setting count and/or reply_len properly 02:14:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:22 executing program 2: clone(0x20000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0xffffffffffffff86, 0x0, 0x0, 0x0, 0x0) 02:14:22 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b006c3ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:22 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x1f, 0x9, &(0x7f00000034c0)=[{&(0x7f00000000c0)="c260", 0x2, 0x4}, {&(0x7f0000000100)="729da0a7ace51c303cc7575be3c396cd6c523991531123b2f4ab6e14ec85feab904b6f8ed1bd", 0x26, 0x2}, {&(0x7f0000001200)="059f617e4680c02ca8bdec9f4888fe5e374db089d90bf8ce6e4f780b86d5f92b041f2bceb0c21e0eefef6ade76dd9c7dd0742c46c698d1fd83218a4f0ccbe05fe10cc41e787e5b7e09175e51b4453207e6cce684b9ad59f84117551ef0343f90a5f4852305a6", 0x66, 0x1}, {&(0x7f0000001280)="d68fb9377e4b77bf756d236fa1302d8990300f8217512065e690e31a3abb23f978f4286e50bd6f392816f3757089798f77f32a315ce0c560ff063efd537f5d5bf35648566df75457ea2c849d81864dc97b3b0873d059adb0ab25122da47a500acb5792031ee55ce0928a288820de91c32b4bd45f36fadffbf5e0656b520399797b6fd7db3b4dd1da36a2a20c07d65c03204376bbd27b799361ae03e2edc68eb0356663c7574bf54821ee4ffb45d62bd8072331bd6a698b9235a0e29695cb7aa5fd91777d2a41ede339896743b4b1584b30bad3ce99b9f092ad2bb18208d2dc5a2c9873287a6e38856ccaceb834e99849e801f450f6ae1e2fefd7f8d98c2564ff8d2a8f09376456826a7dc6c9d596449509442ebe1fa74b1eef89868e3b103334e03254cc15f87c82697e74d9066bf2a5fdff27764742698d9006dbd0a8502c20b5b3e19179c31618991e8c79d19ef0f6079bc0ce9e7d6202a2d144cdbbba465b26299a6e5ea7b3680bd12586400e0f80ac0a256af62ffdba9c68fcb00a253de90fea05c5695f09b6953a4cd672a6af6dd188f1c8481a6eb8d98ace222c02056f881cf1d0ca4567046b25322953e629f23dbdeade3330d1ea2b256652bea5c2dc0ce0ad8ee4dd072b39e185fec6d292d201e0540e4a969426758c9b8bf6a85dc6601c40d279290560207fe9124dd13ef1e2939e1389f9b5b94598738ca5d3312147473941017f882a27bd45485197ab3af8b82fae35051419a0796cb534b40d22328714a3eb656ee3f0ed0ca8188b1dfe143f1460913371fbdde7878c37582038d804e5f45cccfc16e68948f326c64061604559d5169dc9bd92bcff724760d4c686c1d23e1a163dd770c641e6fee843d68c36acb1bf7f0c9af8efec5f4264088775d4787628656825d08fdd6d3983b5b4dc391c62a62fbf09bcd4389f55cf01a3c41ade5ec09c7259e55e2850a87acb80ab918fc12a77f612297d52d7a3a4f1f54ad0c008c39010647554ad86314f69ee27e140e388c3d9fd0b9e4cd702604b0e41d8bc905c1c71cac91899a36252ac7d0ad6d7124df3bd660f2461d7d9dc827458455af65e7e42d6a89594b963d1ab38447805a4ab8d12bdca0954da13cc3da9cb703559f022e94ea308bc21678c003ddc0656ae5ddcf81c0fa16f157af5e5499787688ecfcab8ddc6aca0bb75d0a10939cc55dca37afbeceedf62d5188bc6ce8cef4f90396d1f333a5986d5088cf6de0bb580f2e665342c61f7547df6311d2409e002c1aa3c0176186dc8f3cb340905879d4ac0b991f2f92cac6086bd66a46a67bdca9525bd475928494e093e46c5093e84e97ddc239e152a2a2ce30aefd5f2aa45ffee69dedf01e44f0493e6b3259dff703ab637c14badcd7204b7ac6e3978d92ca7a943917a6f375875bf7eb1ce1c9633a104abcbd44b55973ac5a568c1349afba7a157b4f8288b414db5bd02cfc03142238e2630696efc0ee8525f25adb819f206e981b3b84b9e4f081bada69f3e8a207f80f084495fdb3e93b3c9c55360591cd8d0d8633d189bf9b4bde7b9e7c8dc359af1888483fe763a38468fa6f2e950730e565c2ba523aa3327b46cc4c5be86bb9e85964e87c0aca70fba8916af28661f596b575449241a6e9f6d08133031631d4194f41b37df5ea0f9004beb6de20a6d91a78cb6a8d982749f864dfdc704b0c093e132ee7ada1527bb956a120c4cca11c303931afa0fdb6b102bcc4ec5622857f7bf6d7678d8f1d0ae46f7ee3b9a7178e7631ca0e61b3cabdf3d3b612316b2f58f4ed8039b36436ff8cb8e7f549237759262a01d24baaa7ee7e33f71e96cc62abdd2194ec621a6de19f159aef81990f24ae71f3794dec2a99519a2c813d49a59d58fad5bb0c4eaeb270a7bf8b4e11746b0db9c614f127874e1f50676435e37312f25c395ca4c3dfdd08d99692d3f0e372cf86fca5b2c940af39b173bdf36625617b9e46ee86f2cfe0e3b81aa6e912fbc148fa7809c2ac969c876478a538b2ebccdb6484f7059c589831a63ee5dc8b9cbac115eadf9fe8bfe5c6ed0edf5a7ae5f49342287a297b8e54ab81113cb53f40051cc4f5221b5339bfcc42260f017014a03a969c7465c0630e8075de972cf432b19a1fb6fec9145b9c3797b01f4c238bc38a0f50e9a13c89c319ca3dfcc8bd37d8ab40c205cc380917936115488931720f26e853f324ee5d661f1d3156393b2c61826b0f94faa70aa72ffa57f4cf889cba882a86ae46150c6614188db41ec014202192127cae71d5faaa5bc49154a14b94b5ba771ada5aab33a875ec8aadd59ded387d9bbbe568e8bb38d8f68295e8132c65228d938573a7c5d52c0c4f4f828693f996c9db987bf3519bbe220e9f8b2ae3d0513f1df77695d1d923c9bebada8078ca51a85680c5279476ad34ab63afe54bd3495e2ac6f38c345ec15c2d6461abcb6a55fc7ab4dcae09ab67dd7d2520f9285e71ad613ce5c425686dad18957375bb55bfeb3ec60caa69ef11a8d1ad6ed85c00ebd334e4a323eb90f65e8e4fe2fc963c4579ee81c8868237f996be37c4c675fbda286fa71eb3b27e3491ea052a5da248688804f0ebaf5022e4098788ceba985869d28d1417b1ff06aeee019bd70712ec5238f85200c30039ca3acf1f4e29090da1cbc5e0d57152b382511dc4cc0a61cec79cb2c572391977af84735710717b0ecd5a0dd6434a77c0d3c8782ba50cc19e58abdb8fb00d096ff1bd4998f51fef8ecf41d62a472e64095b39601003f628ada67630358eb4b5223087ff922dfd72c503be4d2a50a2206e0d30189c4712a4c2dfff00e407a2c5e5d27f4f9389c32769a144836d84cd81c1b61eb69010f24222d67b701dc3825b99e112e5db8130512feab6e0db1ea4dc002df7856d4a299961ebcb731da498ead8afd5a8f925e79fe854cf935a002d220359265bfd77d9d33ae0fc43c2e0de70049443a36a29da9848e4dcfdd563ea3fc5f17b268bcb7044b80f58ab917fa3f996b6be2a2527aa91123d3bda34dbd3ecca77b6f37c5716d459cfb7880de9ed14b3d8caea4f36db215a22cac1a112d85836a905cdae737203e60e5254b4e0fa7a6218c88800c85f94fc24f6e1e09c162121fdb5dc19bd154171914bf057f041d8cfcdfc8e116ba8bbe314b1409ad0b26d2b1ebb35d5301b25e060cfa3a6030bdb09649fd600bf6387d7506384749bdd77f1f211cec22a1dbcbe337cecff60d6593fe3c4ae41bb04c29361e472e6a3955b7f639fcdc05bfa0ab2c84137b5f2b32b8944c96b254285fce2b006826699d8f7bc34dd3a1aa4f141f5e4df747ff819c899e0d65b7cf6a02854e8522939871636edb1bcd916efd520482423a30a7fcdd9517ed32895541771308b443d5eb56b44ffe544fe1d21bde6e68c1bbda2bb6e1bd65135fec832cd12ae723f5ea6b1ac5b4945b2d0049ce91389d227bbad5072fb3c40309e8c691bda6db89b766c66d00119502a646f07db3bf7252d58f2b39c5feb5cbcd51a32c622f33d673cc5c952f55b10dbb15a1bcd67738fc786b2c3fa3a0cbf82024656bb19f34a6ea5e6f08adcbed1eccb7b1d8101d0733be33481954d79af3bbab3e219ac8c000997242dd4dfb47953e4b237e3a269099219f1ab58c78bf75331ebbddebf1e61056b9868231128b95d65a237e758dce1c0fa8a096fceca3b7470c3ddcc5af33a684cf93d89eb7ea897767c6f38d2fec0586ffcbbd2b027f0a7885a4730f51b0f14feb1bf5bddf749043062befd896cfc0e51d1f7a033f4c59e4e2404c1964bb62f75cdcfdd6164fcad3376920607f3aac6024f7531b0ff8cf92cf9df25320866dffd1f979038fcb766bc5a0cadc3e9b6543ce6006066b7c77a5f8c19a8fd79230f5234d69056c79240393c31071ff2aac56526b2de06ce25fb2af8254d278a4e4178999b2c30d3127d2085c85a9128559f2386e16afcf58759ed83dab27d36c7551c8f4aa2b73b2f7b4577c9239b3dd7f0519765f694ada0f765406ae3d6b72a5a3cfab40883d6473d387206e3cf1fde04bb7ea4333c85c89f6e2515bfbeb930664586678151b0ebfa46aae19a8a8e601767addf96b9df4356e9217131cc34d3434f1382075213b7ce67d44451e3bd5c36cae164dad522c0a42972f8bbd049737e64fbbaef5c68c1ffa8e31546b78b1b3a9f6de78877524b582a2a26ba5af055d3ff8955bc1f62ac66000cdf0f7d562c09da7ced60e1b7cfdffc10718dee5f2df3a2e24155505c0cc5977149f08f7994e0a21d92e266a80d91186c0943b59221f96c26c31e275c80f60fc7e148d6f9b1f9eed90c96687103a1099991a2b849c3dbfb8a66e2744d1febc8f56f16a9a2642047d01b9a9e13f80495883dec16d8a504c62aea6b51b5896251811dc267568ea10cf0f4ee15335849838f2d20e7098e73fbabf980f20e62841a7ba6279021e523aad72ba4fb00fca6ae28b48e169a98074b9572bf4b232328091115239ad5d6fd44ea6c49935976f9ba15a2f36054c2b7df231486039e803656616a4188c20a6e087e5b79b987ed42c386af7039f1f35833dce7d3071ff9b1c49952f9a92b58b5c0ab6c05d4100a24b0473dc41a7c6b1acb89c8cb682abbf042bb0dfaeada5d7fd5aa92854a15fa4af99c32e03c35a90abe61fb045763554107aa62014750683448d158740db445adffeefd13514dd9bf19866945831fe7cffb1647558c7eadf0b20bfaddaa4bc77f77d29e5c8fdca1c6551e60626220642130c69f5deeb19e0a2b78f8f12977b0a45a86ce355ca598073a982d25c127b088cf4bd9ce493c98a20add06e68679684017e52e135e678701a2e579d2e02a7c421e775c4fcbfe9ae9aea18c176cfc2a98786404ebeac52003e808f2e02fda86af6bb0f972133e597e268366410bcc2dee6b6c2128fab9285fe46fffad3a958223eda5113a0eaa095af60363a1a24a66d2e345cb2f2e8c7e97c942b2ce199bde6208f499218176b3360c3064adee38dee5733b66ee346e48c27b8089fefe1c15a32e0ee2fa6b47604878a5fa625692bb7f6b2e64cd019d2457bd9e9d77e6ba1a55bacefe6a697d57a43c06f74afd42ffd3d06c9425a4aa6250e303514b39a7115ee0b1c31dc624bd43d3e800c71a7fb17c9d3a1a44e010bafa20fe97205dba7dc07c3bdf953f1eaf86d0473e8596c4d8ba1250ee92080d18943c71cf8b33a665214576fbc7c5c287ced1be8017f6e82f11ca5c63632860f35104890cdddce65e7c1996366c3279663d04ecf7182378140a3e98d1d07ba1b2552a2004685f7e50485a0193b15adfecd3270004faae273c205ca23327c496b154e078b2bec4d5727fe3f8696604f579b382359c461790859887bbf7f976442e926920c6683c6e6f2546ed7cefa04ecc4130c70a3376db5ed929dd8f2cec5eaf94155078f17240548018ce181df86a42f50329a47187f0eeda9cf88318e6d498133e04c26f75b943429ede578ef0022a47fb7598ab5123f20afb23a1ff537f2f7bb5ceec583a7fb0c916ff4b51954844f3db8972a4e4a3687dbf695f20d308ddc91d398cb1a57e84c3d059b67b00b60dca90275f69c6fb15dcf3d3c38b946788dced3220e2385b095fe859aa4224b67b2eda0d8a36558d9ab902e7cb9301da70a0c52202b83fd3f0e35618572b1d1453cd3221168ad1b7ce682d7824e218d1d19fb8a0e2e5152a695aa7a8f1ff165f806ff67c901fbaff6dead3e8e4442b250961cc8525bc10ae3ff149812e1b37dfc25515df71d2346a5cda91681677a8d89eb0b1307444d8f90f4c8e3b1", 0x1000, 0x8}, {&(0x7f0000002280)="9022b4be91337c5d3fd469a67021c47b5e7ce0d6662f7cf361a148faa1aa45392a2b098549ec68df5bc9bed48c495c8856486b766d71019de1e0d46b3b7a821b02142faf5ff1be77bcc4ceec9aff29278f1595efef9133cadc3b8ae2abd09c004848a04a5525530647f6b157316e0ddf1629910e859f69ec", 0x78, 0x1}, {&(0x7f0000002300)="4ee094b51f9c79699f29e9a52dfb09c1d613dd7e0d35e06e4d27d0aa1b15150f7f3b7a97d089e134444aa6f3825a8804ef1bc4a3136e903df294feab4a0a0b35e48b8d9dd444c33a70b0c1a6019b084e9035a6d06097b87711a5526bd91520e4eb39d493434a86e9a1b61a9bcfa24ec852a37c14084a2a6dc2529615795abb5c0b63b226c05295beeb162dc14884aaa1e5a47c6f0ce68f7303f39f24c042a8451d3fc0f5e92feeab3c73f9068be3c73d51a0adf2f0789d5a40ae56cdab99a056cd2c8eb62164ff0fd990afa6", 0xcc, 0xa3}, {&(0x7f0000000140)="f7607e9ff89b4a721bea32c46ea894a4dd9960bcfc6ba9d364deb0e9263fa3347f7f13397f37f6d4fbb125666acc3cd02e3452a3", 0x34, 0xfffffffffffffc01}, {&(0x7f0000002400)="3bb12b2ee95d54433e297d39c158016127b59410d6033f350038f7a6e8a74b56d2801dc6e6cfabfbb2535f048b7ae6b83354703ece7a2b4d4523d7d9de57f3af124d6a4249d414d30d0db389a927349affa90c27e6f4cad66f13e422730516bcd2d25180e76f1367ebe00b7671d9bb509891efcc02f0117424339256456a3ab404cd55fc104d0a0893b94e84116ae79f2c66ea94ce0247365274575e70977901cad9e94486bd1d277602b13524346ec3f397bd22b4dba729e35696a4b45d11791e46162ce3c0516d1f0258bff55fac60d9c96874bdbd746242bb94e06691414f7ffbd3598dc25d44654a7ea918da142fc5ed20e75e6e023e0b821d58397caed543a94230d23484e1d08c077ff215cf44139aa3eaa6a6222230d829a760516e97511646c7dbb33fc918ab0894a731f0eba128a670cd2ec65d53e3c16ce3a2a377c6b8f4d92a3e93c55360d9a428bfeba9ceafc7d3e173beba010917755fbd04b3a8348a7a740ec475f18528f3a2ae7fae8d5bb386c5321507ea456910658c9d5e6306212dbf96efbcbe2f3ec73ad1f8d7894991906dc10fb0092fc29d144610b700c31e62a57354b31067943b49a96b0c441560d2e53cd8b9f619507988c7b183cc3dc22be40672bda23e12f2b0170f383a70dcd517f9ee13b6a3acf9a59adc1c6cbf59dc77b15d98238463d9fda6523738afe97f9600bc63d04912bbfab98807203d8b7b270dc5d0e9a5237326650a65f7a7a9510962e42a9f360ad7099d2f07790afa21899e426d954cc35c6ccff9033b2eafa784d71fe99d7c8ab97dcd71941f20a7b9a94c65bc314e94e7d34d6edf47f5ed467d37a2e4535037eb5f3d23265afaddb13035b7fce37f42d9ce611e2b683c45617eb443c5ade82c119bee05522fab219a56702ec85a4949f58a4b44d1b2d444f0a7eae434e096091d1f2d800b25f38bdb6481941cbebdb86cc449e10f610ceb05577049c3c6f48a074160663edf96954841f9a4c39a028fc25343184a14bc0ac51bf67b96f03594585deacc14068f6ded23220182cc0527be648c390982565328debee7af0c7ae3d47077a71c1021f3703cb4283266817f36f0697c7b9edd5f3f56cf36a8267f49d7d138de29ac0ed38c125bd0032cf8f50037b5fe08d1e17fb7dffe018428292c29eeae1e78fe0f883d6ae21c85341c26a39492fd368140080628ac8a713f4fa7ce648223b2898925c07a011873705bcf2a002e8136c1fde483585358e7d50d27a32a3cf87042ae042015be7e5c71b67cd3428bd9a67ad51cefc81cce81ab1cb62d972dc30b8aa7ae6f2e3bb03795b93a31dc0bd74fbaedc66c4e233c9525d5331829c9fc8a44ec8760131be53b49efe72db6c10ef499921c5a7b57018f090412f54ef1a27c5035e9ca5c0bb339c62efccf2955c2555d9820daae32d30bb18fa23c05744439cca1b9f89c3272f717a1b62d7edc83eb3271f4d9ad156d1e4cb7fb07fea2ec49b961084446c98cd8e63971f9eee070189a89e3eb85016e86a6d9f29a9a14d16ac82bbef6693c9624098c032acf40e55727e78e1f3d2646edcf46d7215c1c991e730dbc3013ed7c741662c2cd336fe71b5932db2f235f2bb8a97a32d8c83036fa41bb1f6e229ac0ed33996993732440349ff25688f834a81bd9fb6ffaa1b31ff9c7228fc53b2ed8ffd040048a7b060d0a0077ed2ca7d11f0388cca49a6e00313149989ef7a2051f201468ae017948f564c68a4e061457e193247500821bbb133d9fbb2d72cba91f5bd852f99d4193c25550952691b4403f93d0cf4c1cfdaa61e849e973845c424f91c869fb6785e684a645b8a71068e6f639eca1a9f78de51a6281c7b936d352d80721dc794e4b16ec0005c326243ac1607d0d7b91cee4bbf577a80876060d86843b8bce975627d31d54c11b549cb551eca29fed6174a1775cf6791b58cbd36659ac6e4e7cc88ad89737fbd34c13004996a3f3603993051298932a2dbeee8af36258b19f7b698dc63908dbc073fe6c231fe8175fc35741919d3e43282fc06a14badc38ff9e038c9feaa13ad028b872c69f174e770e680c9fb996942637682dbf44905e57f7a5c8ef36f32f2e1bf74afaecf52d3b0bd93e71b83713cbaa63c492b45249a149420df4628e13bbaaf58e992bcb788f8091ca049e4cfcff0554cc6478d44c0a002927d4f91cd51055c1a899d87466fc8124308270c993cc18bb2c4e213f28d4cf5fb89bdab4f59e22348dd4e1e10c34d1c83fee923c36ef8d822feefb26ab0a4abb24a6105310c8e22439e09135ca2e0b9ccb6c0deaf57a13f0cf27490344551adf5124628f676df406e04085a5636a567b6a76225098041793dc8c227ddc65592874762b321c0d1843f0f9790931a33a157e5f3001339ab6dc3b034829751a8a929827e9c426d2476de6b10189220f20fa1f25bd5daef6003ba6ef3ab679114542d7f4ba12c870555ac75978ee0b9130bfd6ffe978ae4e9d3e910be7208e97cf7efd7ea6582a6954a3986cae8d4db99bebf62dee2ab0a281e6246799fb0c7c19fb98d80f9fc4ea2bac25eb6801a1f1a56f29590643b47407f8c7c7b9eddc15fdfb6d26e63753e1d22d120de145b52856ea1bccd9796f2211eedead30ba3405d1135c0243e3d25c8042c36f81cbf5f8264765868e5a3c834d3f6788715a9fc69691834f1353a29c8b7cd6c56035a4ed4da7c56b87e45620a3c758b948a682ddb8a19156772814bf2852553c0930f86e343de36aeed33a931425ca743405d8c8f961e89bb3f11c87366b2d27a6e716d68e2b0af51d62e07e9e1ad33f5d70d79fd8aad3b75db931fb0900853c922e16b3a54b546f87e440875ee04e2ab1298e86fbbe850f07c538224d0961b0f3ff8051ef11109abcea805a2abfb85249e68cecbd278be0ce28fad85bf4adc47fe8731be4269a516ea3c5fc53596c6a7cc75898976d5f604c3571d06b52f2b3bde729e8ee3c6d265ef902fe4497c0c7602be7fe6b64df7e5aec351a189f880979a84ab5979b17fb4f40e2d7b04ca73c43ced6f6214d1b5ea2646a9245f5d840fdd85621ebc713f419a61fbb57b8cbf8058809744c06439f207d837955319b399b54da53a6f8902493ad17a24157405062b53b422959e4f4bdfe9c1db84e065caaff33e365c4cef685a96c30780693762bea3c31b5df506c8484d0d4847f5b59e5c1db2e1a4221f608f6bd488ee58da7b96f9370db1ac17fa2a4f258cb4fd9c833e3cdc89b791db6103a60efff890caada68190ae48738fa5fe2bcc8c71070badb6bf6ace7dd4d493e7c1efa1401e3e77af9fab95dbc1a556437131b571bb2e559875889586d6d49d8fa830e0efd5ddad34b7ef867ebbb137e886357a1dd046f54ade482ea6292cda80b8fb7003d072204852564b12f74269a132b0e84d6380f3de5bf7b664aa721a257d8718a0cbd912ddaed541c58edf92b6c87f2e86ac6ac3ebab1605e68d21c1990a0946833decbf4cf5aac6702fad407650a97e405c7c11c58ad61898fdf734efa81ea5d1fd778b749c6ca75e814e1492845f8ad4fcbf3acd0d78ad87b4bd751daa5749bdd38a4ff679f94d0ac99981e1cb5e69ae42296d8b1dec7adbe84b053dd38077e95c30ecd0cacc6298414d1a82dc2965b2cb1b391f13ea835ee7c555d3f615ae39b50cd2ab30acf57ba94aa026f7728fb993e761591ac9f04b22ca23aa4be72fba545640ee70e5447dd7c740f111cd11870ae51d9549d6e09788578fdfee28d16592f4d55e09aa2aa754260f6a2e4eaabad01860a78a0098a4c81e2ca600f7e67f040b5d7967e57e9c5abf356142844c47dc07a7856c3db91897e4bf32e6bcc8aa83126d725b91cc53ee62d094eabb834f03d58743e85f2487efd4914ea3dbae48b410b90f24fcfafa5ee82d7b88cc7e0355fd4500e6ab19188dc2d8769e39db07847d17cb54424901b1a6c55d554fba63716d3f9dabb458c60d02c4635bef73dda34844c13f4082092b342aef0fbf05684f26d0e01f0118bf87a9a7a145e3a9defa3dc9dce22f488855b00da2d13e6da3ff4368f06e1251179b09da1c0b8060d8841f7e6a90188b9c632ce472dfc89c1d56d7947dcafaacd64948daf6f011c5a251a88baf35e81f64272e55ab9c7aa9e86130bb94c8d817ff7be81dd149cf8ec8f957c7f0531fec6a5a1e51add7b67991ad59a3d2f1fd6c4560e84edda233741225794c6f74f2ac64c9dfdd357850caa8f1785d4bca8a37e570b8e389806abf53b1242dd99a23621bca5985d3ff8c2911d9b7ef04f6db51a56c690dab02a17d39dc78dae3d63870a7e82079a0f5bcb087624868b2d16a28c623833fcf569bc2f85030ba3548622488734d79250cda3fc059c50ddfa747d970005013c30da58102dfca9b7d4cb65f99fd9c3c2bf0d0b8a69e250ac7458fa70d45daddb7fa2afc312e3f49d2e9ab1d1ab12cfb956a652ea2f1e19a9c471af463e7685ac7f357a1f84e43b86f4a2d92ee2353cbb71065d480cd8ac79f99c93707398cf24bc14aa46ef543ebec41be53c14a2c1f1543d98922a06ab0d2ca435b0f247dc8ad94f760cdf7ee4814b8366b441ca1e950aac3ba8ef7331e8636659a34cc49afcb6e49b66d9dd6d666e5e5218c1b802301d83b259f7c21dba7da32c82a39f6ff86dbe60b2d2d272146ea6577bc5491da402f4ee94931840e37119f41189c9763605dce674399dfcab444adbe173904182a7ad9dad6cdd77492846cfa146d048c1d00bb12e3d102c432cc924228582dcb9c9f7bb8e6f014cb722865cedd5cd602ca55dbd83d13a5f06f099e8168a40b382307a48e6dae6ddcf59732611a2d75804784ee42d1fb46b2c9dcc9141fa802476a7708bff11f2f33c76052dd1a97cb05119aca34cece8767a9bed2419cb7372fd38a2efe93b25e344a0e92d5eedb14381a95b4a20d322ec550eb45efce2c18f098663114c7a59c6c130f551cb48cf7a8d97260761c3772d2446e55c9b15311f54c36183227ae596baf4efdd49d7439517cd157042ef734222ec7b69d22489b94d74d4587a886c0fa133456bad8a4937f8c7393511ec27de38329ce040ae869dcdbb1286768bbf71b953e8c832ec01c9da8953a3d9c0aeba11eb5e688b47de2e88ba929ccec9bc007cb1e2e37be9165c8ce4e0ca5956fdb08a1aa990da70dd677088716534a858c58c1c93264b4fbe3da8ebedaacdeae58a31567bbcad46796aa9d11c4ae9c9709265a11b649246fbbd55500080b8fbbba9c808dbfecdaa6d3f6f5f24360c2f3d95ebd2965df977794ff19fe76601cd30c311de52bbd870bc6b9a27fc457a3feccbb1c6bdfb9c72686d0f3f01829630b5dfba630a243301858aec93f46f133a6ff126c0da55cf33e556db696da77276b8a45ad5d92bf2ec9834e95465a79a489b806ec7222c5b190013929deae037f86ded5a259af9ac78a8df42a403e224841d0f429e8b3f2d05488253b257786053f926df18a6008aeaee32e65e3bad9a9bdd6938b418e10b2ab6d79b471a456fa03cd16f23085da8c507ba5e80d3755e7197e022a30fba1aa4e6136c4c6fe59fd2a5030ad6f77499dc9140e556899a16aa612eb377251d027e8f3b3ab4834b88f9f6b3be2ec63dea1422b5864c0b8ff0b94873cb4e65c8d49a0b9ae5cd1ca808478e438684bbade83a2bfb806ce8ce40e8aaff1c8505645db0c9c0e4e80b29652faa18697e58fef51d97de157fca00948824f255bf91dccdb0b1d6a39837415cfcb0e98c14e5f42143a5e38e7e5857e29759fd4444033719a32f19dd45", 0x1000}, {&(0x7f0000003400)="23251e0e1ca90a99f5ae375a91bf2f1e507765417cf3357669ab64a59cb2415627fb27555e249c45b43579f245eab31acff6efd7cd7f0500fbce7d9d0ede0055b41eea0594e4044b6f9f95cedbb0de05b48eb6e7f1fdff8298b6e4618550cf13bf845069a041b3cf7fd2e5715f435e57f29f2a619ba56bca39fa625ac565731a12dfb064e1ad17f5cd51511545fa73", 0x8f, 0x2}], 0x26808, &(0x7f0000003640)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d1609a02c841072920033f46e616d653d6c6f7765722c726f6469722c6e6e6f6e756d0400000041595f455845432c00"/79]) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:22 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x52474252]}}) 02:14:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:22 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) [ 245.043362] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 245.043362] program syz-executor.1 not setting count and/or reply_len properly 02:14:22 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x56595559]}}) 02:14:22 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) write$P9_RWRITE(r1, &(0x7f0000000040)={0xb}, 0xb) 02:14:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00743ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:23 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x59555956]}}) 02:14:23 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = accept4$inet6(0xffffffffffffff9c, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000000c0)=0x1c, 0x800) getsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000100), &(0x7f0000000140)=0x4) r2 = syz_open_dev$swradio(&(0x7f0000001300)='/dev/swradio#\x00', 0x1, 0x2) read$FUSE(r2, &(0x7f0000000200), 0x1000) r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/video2\x00', 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000001280)={0x0}, &(0x7f00000012c0)=0xc) r5 = gettid() kcmp(r4, r5, 0x4, r1, r0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000840)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000180)="1c0ab5b598cd801b69e4f56962f5696200d9d9d017795b69f9f9680c0000008fe9589b26c7e4c753fbc4f1ede1fed4f47d82663ed107c4c2b90a23f216657051c422b18cb6070000005151ccc4a27d181e1eea01eff265dc5f003e460fc37d105b5b45e145af35af353541000f9a9999030faee42c240f54635bde3ef3407104a1e1e0ef26400f0d18c401fe5ff6e30fad6736660fd2938c000000c4c1f913376666450f17720d2e440fc7bf0d00008066660f3a0b0865") ioctl$VIDIOC_QUERYCTRL(r3, 0xc0445624, &(0x7f0000001200)={0x0, 0x10b, "b8499b7844680f7079922974aa66c706dfc96bd9be9e148dd901307dcb5a3bb5", 0xa, 0x7, 0x2, 0x7, 0x88}) 02:14:23 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0xb) 02:14:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) [ 245.345912] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 245.345912] program syz-executor.1 not setting count and/or reply_len properly 02:14:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b007a3ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:23 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xe7ffffff]}}) 02:14:23 executing program 2: clone(0x20500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) syz_open_dev$cec(&(0x7f00000001c0)='/dev/cec#\x00', 0x1, 0x2) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)={0x1, 0x1, 0x3, 0x1}) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000240)={@rand_addr="ed9f5f49f039df174537e8a307863c96", @initdev={0xfe, 0x88, [], 0x1, 0x0}, @empty, 0x57, 0x5, 0x200, 0x100, 0x7fffffff, 0x80000000, r2}) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x78, 0x8, 0x2, 0x100, 0x70bd29, 0x25dfdbfb, {0x5, 0x0, 0x8}, [@generic="a9ead8b42b1e7c55e827f857dd2ddbe7f4dddc9a3c5c626a2ffea152ce05d011d9f37c5adb68bcd7a7d5ecd91ce1a0db83d214e66c721d9e150fc1432af373683f7f980ae032fb6b6f62aca6d60842d4c23d5cbd6ae5f666bb6a7071b70fda628fab9a"]}, 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$CAPI_INSTALLED(r1, 0x80024322) 02:14:23 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0xb) 02:14:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:23 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0xffffffffffffffef) [ 245.567438] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 245.567438] program syz-executor.1 not setting count and/or reply_len properly 02:14:23 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0xb) 02:14:23 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xfdfdffff]}}) 02:14:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00023ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:23 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/hash_stats\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f00000000c0)={0x200, 0x40, 0x200, 0xa04, 0x0, 0x1000, 0x2, 0x2, 0x0}, &(0x7f0000000280)=0x20) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000340)={r2, @in={{0x2, 0x4e23, @empty}}}, 0x84) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x9, 0x20080) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000140)={0x0, 0x72, "cf65bbaad21259357a74bb47f5f96cb4956c4ee8d0b7bb770cca1dc640a5c007fe4d22c2c0999bf3d654e6116acd28c8381ff64e32c5548a039e74738fc1036bcb68a97107aecc7c9d74fd55452d83de1c1dc0550fee9a20af3aee97b5834802dc008dae339b3caf963aa8e3ae8e96c7918f"}, &(0x7f00000001c0)=0x7a) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000200)={r4, 0x2, 0x30}, &(0x7f0000000240)=0xc) socket(0x0, 0x0, 0x101) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x56d0}, &(0x7f0000000040)=0x8) 02:14:23 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x4fd2) fsetxattr$security_ima(r0, &(0x7f0000000080)='security.ima\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="0403ee5070d78bffdc171f00005be22405425b179ea997961304"], 0x13, 0x3) 02:14:23 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, 0x0, 0x0) [ 245.834107] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 245.834107] program syz-executor.1 not setting count and/or reply_len properly 02:14:23 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xfecaedfe]}}) 02:14:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:23 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x2, 0x0) r1 = dup(r0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) r3 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) r4 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x7000000000000, 0x80) r5 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/load\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r4, 0x84, 0x7, &(0x7f0000000100)={0x5}, 0x4) kcmp$KCMP_EPOLL_TFD(r2, r2, 0x7, r3, &(0x7f00000000c0)={r4, r5, 0x2}) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) fremovexattr(r1, &(0x7f0000000180)=@random={'system.', '!\x00'}) 02:14:23 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, 0x0, 0x0) 02:14:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00033ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:23 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xfeedcafe]}}) 02:14:23 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000040)={0xbb0, 0x0, {0x0, 0x3, 0x4, 0x2}}) read$FUSE(r0, &(0x7f0000000200), 0x1000) mount(&(0x7f00000000c0)=@md0='/dev/md0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='nfs\x00', 0x0, &(0x7f0000001200)='/dev/swradio#\x00') 02:14:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:24 executing program 5: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, 0x0, 0x0) 02:14:24 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xfffffdfd]}}) 02:14:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00043ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:24 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x2, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000fea000/0x14000)=nil, 0x14000}, &(0x7f0000000080)=0x10) 02:14:24 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xffffffe7]}}) 02:14:24 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000040)) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4, 0x50, r0, 0x0) read$FUSE(r0, &(0x7f0000000200), 0x978) 02:14:24 executing program 5: socket$inet(0x2, 0x80001, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x80, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x7, 0x80) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x20003, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 02:14:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:24 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x100000000000000]}}) 02:14:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00053ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 246.510763] audit: type=1400 audit(1556676864.297:47): avc: denied { map } for pid=15811 comm="syz-executor.3" path="/dev/swradio6" dev="devtmpfs" ino=15938 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 02:14:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:24 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x3}) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:24 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x200000000000000]}}) 02:14:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00063ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:24 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) r1 = getpid() perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x73, 0x101, 0x6, 0x2, 0x0, 0x9, 0x4000, 0x9aa2280e04674e25, 0x400, 0xdb6f, 0x1, 0x10000000000, 0x20, 0x200, 0x1, 0x1f, 0xb4800000, 0x8, 0x2, 0x28ce, 0x40, 0x9, 0x42fa, 0x2, 0x3, 0x9, 0x0, 0x8000000000000, 0x3, 0x5, 0xd61d, 0x4, 0xffff, 0x3, 0x6, 0x5, 0x0, 0x20, 0x0, @perf_config_ext={0x4, 0x7f}, 0x1c100, 0x7fffffff, 0x5, 0x6, 0x6000, 0x433, 0x6}, r1, 0xa, 0xffffffffffffffff, 0x9) accept4$llc(r0, &(0x7f0000000040), &(0x7f0000000080)=0x10, 0x80000) 02:14:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00073ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:24 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x1f00000000000000]}}) 02:14:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:24 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) syz_init_net_socket$ax25(0x3, 0x3, 0xce) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:24 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x7, 0x0) setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) 02:14:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:24 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x5247425200000000]}}) 02:14:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00483ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319b") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b004c3ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:25 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x501, 0x0) fsetxattr$security_capability(r1, &(0x7f0000000040)='security.capability\x00', &(0x7f0000000080)=@v2={0x2000000, [{0x1, 0x6}, {0x112}]}, 0x14, 0x2) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x5c1800, 0x0) finit_module(r2, &(0x7f0000000140)='\x00h\xea\x00\xcd9\xd8\xdf9\a\xd0_\xe9\x06<-\x7f5\xf5i\xd7\x81', 0x2) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:25 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:25 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x5955595600000000]}}) 02:14:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00683ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319b") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:25 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xe7ffffffffffffff]}}) 02:14:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:25 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$VIDIOC_ENCODER_CMD(r0, 0xc028564d, &(0x7f0000000040)={0x3, 0x1, [0x4fba, 0xffff, 0x6, 0x7ff, 0x9, 0x7, 0xe000, 0x800]}) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b006c3ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:25 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000040)={0x0, 0x19, "9fdbfee4c476c6df46fd0b3d3ea22fe04f8abeba3713f8f8ab"}, &(0x7f0000000080)=0x21) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000000c0)={r1, 0x5a, "27d3dc1efdb35cf0897d1e521f2627e21fd01dac6309310ebbde28d0b49c0c0089fbfd6410a566c0e6f6457f8c8818bd2a5b2206a043eeb7a38f50bcc19d6d78f26162bc9eff22171180825568799061b9c9d73220e1a941d643"}, &(0x7f0000000140)=0x62) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319b") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:25 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xfdfdffff00000000]}}) 02:14:25 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1f, 0x100) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r2, 0x0, 0x0, @ib={0x1b, 0x2, 0x3, {"69feef5af22124b3084cdcdc1a9935cd"}, 0x1, 0x0, 0x8000}}}, 0x90) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:25 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) prctl$PR_SET_ENDIAN(0x14, 0x1) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00743ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:25 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x1b, &(0x7f00000002c0)={0x0, 0x0, 0x20}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd0") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:25 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xfdfdffffffffffff]}}) 02:14:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b007a3ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:25 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x2000, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in6={0xa, 0x4e20, 0x2, @rand_addr="25479fbcbd9a2404d35cd146d636577e", 0x7}, @in6={0xa, 0x4e21, 0x800, @empty, 0x6}, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x48) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) 02:14:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd0") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:25 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xfecaedfe00000000]}}) 02:14:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0021dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:26 executing program 2: clone(0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x32, &(0x7f0000000000)={0x3e, 0x7, 0x475e}) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0xffffffff00000001, 0x200000) ioctl$CAPI_GET_MANUFACTURER(r1, 0xc0044306, &(0x7f0000000100)) ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f00000000c0)) 02:14:26 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xfffffffffffffdfd]}}) 02:14:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd0") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef00a1dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:26 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000040)=""/36, &(0x7f0000000080)=0x24) 02:14:26 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0xffffffffffffffe7]}}) 02:14:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:26 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$PPPIOCSMRU(r1, 0x40047452, &(0x7f0000000200)=0x1) r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x81, 0x200000) getpeername$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) ioctl$TUNSETIFINDEX(r2, 0x400454da, &(0x7f0000000180)=r3) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000040)={0x7fffffff, {{0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x10000}}}, 0x88) 02:14:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) [ 248.536450] sg_write: 13 callbacks suppressed [ 248.536465] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 248.536465] program syz-executor.1 not setting count and/or reply_len properly 02:14:26 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x2]}}) 02:14:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0251dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:26 executing program 2: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x2, 0x2) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = getpid() ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000040)) rt_tgsigqueueinfo(r1, r1, 0x37, &(0x7f00000002c0)) move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x0) write$FUSE_INTERRUPT(r0, &(0x7f0000000080)={0x10, 0x0, 0xde}, 0x10) 02:14:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:26 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) 02:14:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) [ 248.770572] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 248.770572] program syz-executor.1 not setting count and/or reply_len properly 02:14:26 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xe7]}}) 02:14:26 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x1f00]}}) 02:14:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed25d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000140)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) 02:14:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:26 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e20, 0x2, @dev={0xfe, 0x80, [], 0x15}, 0x1f}}, 0x80000001, 0xb9, 0x9, 0xff, 0x3052}, &(0x7f0000000000)=0x98) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000001200)={r1, @in={{0x2, 0x4e24, @local}}, 0xfffffffffffffffe, 0x1, 0x100000001, 0x5, 0x8}, 0x98) 02:14:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) [ 249.085555] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 249.085555] program syz-executor.1 not setting count and/or reply_len properly 02:14:26 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xe7ff]}}) 02:14:27 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:27 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x73de, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0xb68) r1 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) 02:14:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc2537cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:27 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xfdfd]}}) 02:14:27 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:27 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000001200)={'rose0\x00', 0x200}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001240)={0x0}, &(0x7f0000001280)=0xc) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000001340)={{0x8, 0x5, 0x7b, 0xffffffff, 'syz0\x00', 0xde}, 0x1, 0x3, 0x0, r2, 0x4, 0x5, 'syz1\x00', &(0x7f00000012c0)=['/dev/swradio#\x00', '/\x00', '\x00', '.nodevvmnet0securitytrusted,/_vboxnet1wlan0em1nodev\x00'], 0x45, [], [0x5, 0x8f8c, 0x8, 0x9]}) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80020000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x28, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x8084) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:27 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xffe7]}}) [ 249.453776] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 249.453776] program syz-executor.1 not setting count and/or reply_len properly 02:14:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fe0e000000ffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:27 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:27 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x1000000]}}) 02:14:27 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) setsockopt$sock_void(r0, 0x1, 0x3f, 0x0, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000001200)={0x7, r0, 0x1}) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x32c, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x100000000}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x17b}]}, 0x30}, 0x1, 0x0, 0x0, 0x84}, 0x4) [ 249.742009] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 249.742009] program syz-executor.1 not setting count and/or reply_len properly 02:14:27 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, 0x0) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:27 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x2000000]}}) 02:14:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fe0000000effffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:27 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x5, 0x2, 0x7fffffff}}, 0x28) ioctl$TIOCGICOUNT(r0, 0x545d, 0x0) read$FUSE(r0, &(0x7f0000000200), 0x1000) [ 249.967532] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 249.967532] program syz-executor.1 not setting count and/or reply_len properly 02:14:27 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x1f000000]}}) 02:14:27 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, 0x0) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffbfffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:27 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x52424752]}}) 02:14:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:28 executing program 3: r0 = syz_open_dev$mice(&(0x7f0000001200)='/dev/input/mice\x00', 0x0, 0x80000) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffff9c, 0x84, 0x72, &(0x7f0000001240)={0x0, 0x0, 0x20}, &(0x7f0000001280)=0xc) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000012c0)={r1, @in={{0x2, 0x4e20, @multicast1}}, 0x401}, 0x90) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r2, &(0x7f0000000200), 0x13e7) getsockopt$ARPT_SO_GET_INFO(r2, 0x0, 0x60, &(0x7f0000000040)={'filter\x00'}, &(0x7f00000000c0)=0x44) [ 250.247327] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 250.247327] program syz-executor.1 not setting count and/or reply_len properly 02:14:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, 0x0) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 02:14:28 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x52474252]}}) 02:14:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fefffffffeffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:28 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000001200), 0xfffffffffffffeee) 02:14:28 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x56595559]}}) 02:14:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(r3, r0, 0x0) [ 250.512080] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 250.512080] program syz-executor.1 not setting count and/or reply_len properly 02:14:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fe10ffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:28 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x59555956]}}) 02:14:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:28 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000016c0)={0x0, 0x9, 0x30, 0x100000001, 0x8}, &(0x7f0000001700)=0x18) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000001740)={0x55, 0x20d, 0x6, 0x200, r1}, &(0x7f0000001780)=0x10) read$FUSE(r0, &(0x7f0000000200), 0x1000) getresuid(&(0x7f00000014c0), &(0x7f0000001500)=0x0, &(0x7f0000001540)) r3 = geteuid() syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f0000000080)='./file0\x00', 0x7fff, 0x4, &(0x7f0000001440)=[{&(0x7f00000000c0)="b7df827a921416a1d3a446e016c4f245092599bdde724d147dcd5048fa3d57d9fd92f7cd7ab290f63a80465f8a3d39f371f8a394e750973295a71b33dd2cded965315617127986ad720b0319668bbdaae8f2a6d9dab836a3ae02613ae33f951e237ff102e864b1be2c26189a6282dc7d611bb76d8c0c3bdd32a4a01c2f5ae5c0dfce", 0x82, 0x1c9}, {&(0x7f0000001200)="8e7cfccade228785a3b2bc36c849fad0bd74dd5a0b4a44d793d4f7ed889b7329eaa5ab721c9b8b1779760a62de8a96a610431accef220568d2c3a2b8da551d0a6a89fadfcfb66c33a4d626318c00ef6377ec8536acb6d252a0648034c9004848fc2d497afd47b435a4df6c1f69fd55cc181270513ed8bda7705ddc6a3592f2d85f2efdb2e780aa402cd6895f5f57098f0f593ef60527d3f66e9cda344f9b859d662d34fb8dfc288489381d5b6dba5a190c4b0f798e911923ed1cdd8e970c74a13e1dc044c2dde73c7e107fdf64e54d35335ed02a1943296f4ce1abe4e932", 0xde, 0x6}, {&(0x7f0000001300)="bb65dcb1c2772979f8fb296555d709a3fe976f3646359cb6437ae0f2444a368f8af3829f672e6bc00a698c4f0bc54c0b2c75e73ca3059d1297a50e7a0b10cc8641736138cbe2cb0c963a3f70a5633aa2eba916dc378f04cc2895bb238e761de174c3086dd5403bd16a46b9c5e0006967835e47026c3fe115d73e407ff10ced29c76900ad5774518a86eda0f78fb18fa84fd8c3ee6a91c38b", 0x98, 0x6}, {&(0x7f00000013c0)="ad5699695251becad4cd2f4fc8f8c0e1495caa798533ae42a44ce4a0687cc503707b9b3e6738052f93bb15155c019f480d5d1170280167e89f8d61fe4393040f465ff0ed36b375fcbf3a5c8befc1d59fc73c6ffc5320e3242545fb12277967f5", 0x60, 0x8}], 0x40, &(0x7f0000001580)={[{@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@sbsector={'sbsector', 0x3d, 0x7}}, {@map_normal='map=normal'}, {@map_off='map=off'}, {@iocharset={'iocharset', 0x3d, 'cp862'}}, {@mode={'mode', 0x3d, 0x7}}, {@uid={'uid', 0x3d, r2}}, {@dmode={'dmode', 0x3d, 0xfffffffffffffffe}}], [{@seclabel='seclabel'}, {@dont_hash='dont_hash'}, {@measure='measure'}, {@euid_eq={'euid', 0x3d, r3}}, {@obj_user={'obj_user', 0x3d, '%eth1em1self]'}}, {@smackfshat={'smackfshat', 0x3d, '/dev/swradio#\x00'}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}]}) 02:14:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(r3, r0, 0x0) [ 250.737600] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 250.737600] program syz-executor.1 not setting count and/or reply_len properly 02:14:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:28 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xe7ffffff]}}) 02:14:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:28 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r0) 02:14:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2febfffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:28 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xfdfdffff]}}) 02:14:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(r3, r0, 0x0) 02:14:28 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)) [ 251.065274] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 251.065274] program syz-executor.1 not setting count and/or reply_len properly 02:14:28 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xef2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000000)) 02:14:28 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xfecaedfe]}}) 02:14:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:29 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)) 02:14:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fefeffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) syz_open_pts(r0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) 02:14:29 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xfeedcafe]}}) 02:14:29 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)) 02:14:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feff0e000000ffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:29 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xfffffdfd]}}) 02:14:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) syz_open_pts(r0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) 02:14:29 executing program 3: timerfd_create(0x4, 0x80000) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@local, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@empty}}, &(0x7f0000001200)=0xe8) fstat(0xffffffffffffff9c, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_ATTR(r0, &(0x7f00000012c0)={0x78, 0x0, 0x5, {0x10000, 0x7, 0x0, {0x4, 0x1, 0x40, 0x3, 0x7fffffff, 0x20, 0x100000001, 0x5, 0x80000000, 0x3f, 0x5fb575b9, r2, r3, 0xfffffffffffffff8, 0x4580}}}, 0x78) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r4, &(0x7f0000000200), 0x1000) 02:14:29 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000000)) 02:14:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feff0000000effffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:29 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xffffffe7]}}) 02:14:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:29 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000000)) 02:14:29 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$CAPI_GET_ERRCODE(r0, 0x80024321, &(0x7f0000000040)) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) syz_open_pts(r0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) 02:14:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffbfffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:29 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x100000000000000]}}) 02:14:29 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000000)) 02:14:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, 0xffffffffffffffff, 0x0) 02:14:29 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x200000000000000]}}) 02:14:29 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1255, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x8001, 0x80001) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000080)={0x0, @aes256, 0x0, "f713c83523898119"}) read$FUSE(r0, &(0x7f0000000200), 0x1000) lsetxattr$security_evm(&(0x7f0000001240)='./file0\x00', &(0x7f0000001280)='security.evm\x00', &(0x7f00000012c0)=@v1={0x2, '\f'}, 0x2, 0x2) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x101000, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000001300)={0x0, 0x9c, "0217bb5032581c65c24c3ae05f25b9b82e1cf8f7505e98b889ba7e888b98b21349d721181ed81426f506f4c19da4c25f5953bcc07bee50a5cd6b4c428e37f8964558ec9a4ebda1fde55058db9e8c096574a8183bad33ba62b83fbb5b2a38a32422b5f4791e350ef6046c3d14d21111d8d84b1a98a7e08a5797518edae907cb691ebbb2fea6a4257068c200716694563e4925644313bba4278057253b"}, &(0x7f0000000140)=0xa4) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000013c0)={r3, 0x1000}, &(0x7f0000001400)=0x8) syz_open_dev$video4linux(&(0x7f0000001200)='/dev/v4l-subdev#\x00', 0x8, 0x88000) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001440)={{{@in6=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@initdev}}, &(0x7f0000001540)=0x36f) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000001580)='trusted.overlay.nlink\x00', &(0x7f00000015c0)={'L+', 0x101}, 0x28, 0x3) ioprio_set$uid(0x0, r4, 0xf503) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000001680)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000001640)={0xffffffffffffffff}, 0x13f, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f00000016c0)={0x16, 0x98, 0xfa00, {&(0x7f0000001600), 0x4, r5, 0x3c, 0x0, @in6={0xa, 0x4e20, 0x9, @mcast1, 0x9}}}, 0xa0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="3a000000060000000000000000000000050000000000000000000000000000001100000000000000287472756463626f786e6574307b00000000"], 0x3a) 02:14:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fefffffffffeffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, 0xffffffffffffffff, 0x0) 02:14:30 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x1f00000000000000]}}) 02:14:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feff10ffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:30 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r0, 0x111, 0x4, 0x0, 0x4) 02:14:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:30 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = syz_open_pts(r0, 0x0) dup3(r3, 0xffffffffffffffff, 0x0) 02:14:30 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x5247425200000000]}}) 02:14:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffbfffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:30 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000000)) 02:14:30 executing program 0: clone(0x200813fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x2800, 0x0) ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) syz_execute_func(&(0x7f0000000bc0)="c4e379614832074a2be92c3a980f0544dbeac4a37bf0c59f41e2e9c4e251b74c6e0f0f6e6232480f6ee736f344a738463da16379637902000000cc876112dc3ae00000c48253a3c4c40f5bc90f01570a02c48f8970915fbac4028d8ebf0500000041d09d54b00000491e2f163e83933a7f0000324cbec5a44d0f2c718f56c4e14dee1a6565400f0f34208e660f38dce844c3b45959410f8bbbb6a718dda4304a0000006a0f7a3134f08351595966410f38000843ad80807b4733ad0a000066450f3825a89d2424a4c423c96cb83d000000fe66410fd1e46bd104f0e14340d9e56a660f6eb45b000880417cd8f30f38f6d22636120ff360313143fd6cc80a00d8000f18c340406666413ac330c435cc5ac7d5000000000fdca0ef000000266573896f893f898900000100f199400f17976a5000000f092ddd8f0b00c4a17ae64295c4a174149b5e000000650fae59e1fb2e36646466264681b908000024000dc4c2d3f50b33c46645020fdf5f7777e12172e200c9c412b1bf70b47804000000c422a5ae9aad6974d8db90bb00000044ff7eaf79c15438c0c0c078470f0d8478038dacc60f01deb3dd676566f20f1a25ea656fc9edf2085621660f73e7da00008f8920016afcd0d0008fc93001aee15973d40c0b5765672d000000002f0fadb50000000065002d08000000439ba7452d00000000a9bb000042c4414974ecc4622d2d2551430000ffb2214e214e083143e200") add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) getpeername$netlink(r0, &(0x7f0000000040), &(0x7f0000000080)=0xc) add_key(&(0x7f0000000280)='id_legacy\x00', &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000300)="3775f0e87a84809b8a1cab52fb96df4a5739c4d92dddfc143d0d94715193c4e1665c245f7fbcb08e7e43919e690585ffa826d3e3", 0x34, 0xfffffffffffffff8) r1 = add_key(&(0x7f0000000400)='ceph\x00', &(0x7f0000000440)={'syz', 0x2}, &(0x7f0000000480)="6678379705f38d34b7", 0x9, 0xfffffffffffffff9) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f00000003c0)={'syz', 0x2}, 0x0, 0x0, r1) request_key(&(0x7f00000000c0)='cifs.spnego\x00', &(0x7f0000000100)={'syz'}, &(0x7f0000000140)='posix_acl_accesseth1\x8a/em1}proccpuset(*=posix_acl_access*&}!cgroup,\x00', 0x0) 02:14:30 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) chmod(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000080)={{0x2, 0x4e20, @multicast1}, {}, 0x28, {0x2, 0x4e22, @rand_addr=0x4}, 'veth1_to_bond\x00'}) 02:14:30 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x5955595600000000]}}) 02:14:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fefffeffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:30 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000000)) 02:14:30 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) eventfd(0x80000002) creat(&(0x7f0000000100)='./file0\x00', 0x48) mknod(&(0x7f0000000200)='./file0\x00', 0x420, 0x3) 02:14:30 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xe7ffffffffffffff]}}) 02:14:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r1, r1, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:30 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x880c0, 0x0) read$FUSE(r0, &(0x7f0000001200), 0x10000007d) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000080)={0x77359400}, 0x10) 02:14:30 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xfdfdffff00000000]}}) 02:14:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffff0e000000ffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:30 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000000)) 02:14:30 executing program 0: connect$inet6(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) 02:14:30 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xfdfdffffffffffff]}}) 02:14:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffff0000000effe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:30 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$sock_linger(r0, 0x1, 0xd, 0x0, &(0x7f0000001440)) 02:14:31 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:31 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) r2 = accept(r0, &(0x7f0000000580)=@generic, &(0x7f0000000400)=0x80) sched_setscheduler(r1, 0x7, &(0x7f00000001c0)=0xffffffff) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci\x00', 0x200000, 0x0) ioctl$CAPI_GET_PROFILE(0xffffffffffffffff, 0xc0404309, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000280)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x200c1, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, 0x0) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$sock_x25_SIOCDELRT(r3, 0x890c, &(0x7f0000000480)={@null=' \x00', 0x2, 'bcsf0\x00'}) renameat(r5, &(0x7f0000000180)='.//ile0\x00', r5, &(0x7f00000007c0)='./file0/f.le.\x00') recvfrom$inet(r5, 0x0, 0x0, 0x0, 0x0, 0x0) write$selinux_create(r2, &(0x7f0000000600)=@objname={'system_u:object_r:public_content_t:s0', 0x20, '/usr/sbin/cupsd', 0x20, 0x9d6, 0x20, './file0/f.le.\x00'}, 0x59) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r6, &(0x7f0000000200), 0x1000) 02:14:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffbfffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:31 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000140)={0x77, 0x0, [0xc0010015, 0x1]}) 02:14:31 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xfecaedfe00000000]}}) 02:14:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:31 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xfffffffffffffdfd]}}) 02:14:31 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fefffffffffffeffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:31 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0xffffffffffffffe7]}}) 02:14:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:31 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 253.705095] sg_write: 13 callbacks suppressed [ 253.705110] sg_write: data in/out 167162/24 bytes for SCSI command 0xfe-- guessing data in; [ 253.705110] program syz-executor.1 not setting count and/or reply_len properly 02:14:31 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x2]}}) [ 253.851410] sg_write: data in/out 167162/24 bytes for SCSI command 0xfe-- guessing data in; [ 253.851410] program syz-executor.1 not setting count and/or reply_len properly [ 254.103784] overlayfs: filesystem on './file0' not supported as upperdir 02:14:31 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000040)={0x7fc, 0x3, 0x8001}) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:31 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffff10ffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:31 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xe7]}}) 02:14:32 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) [ 254.250675] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 254.250675] program syz-executor.1 not setting count and/or reply_len properly 02:14:32 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x1f00]}}) 02:14:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:32 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffbfffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 254.544084] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 254.544084] program syz-executor.1 not setting count and/or reply_len properly 02:14:32 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xe7ff]}}) 02:14:32 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:32 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x94b, &(0x7f0000000040)=0x0) io_pgetevents(r0, 0xfffffffffffff43c, 0x4, &(0x7f0000000080)=[{}, {}, {}, {}], &(0x7f0000000100), &(0x7f0000001200)={&(0x7f0000000140)={0x100}, 0x8}) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000012c0), &(0x7f0000001300)=0xffffffffffffff86) read$FUSE(r1, &(0x7f0000000200), 0x1000) getsockopt$inet6_int(r1, 0x29, 0x7a, &(0x7f0000001240), &(0x7f0000001280)=0x4) 02:14:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:32 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, 0x0) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fefffffeffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:32 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xfdfd]}}) 02:14:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) [ 254.772257] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 254.772257] program syz-executor.1 not setting count and/or reply_len properly 02:14:32 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, 0x0) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffff0e000000e22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:32 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xffe7]}}) 02:14:32 executing program 3: openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x40, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) [ 254.921698] sg_write: data in/out 167162/30 bytes for SCSI command 0x0-- guessing data in; [ 254.921698] program syz-executor.1 not setting count and/or reply_len properly 02:14:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:33 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:33 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, 0x0) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:33 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x1000000]}}) 02:14:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffff0000000ee22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:33 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x1000, 0x1}) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000400)={0x0, 0x70, 0xfffffffffffffbff, 0x0, 0x2, 0x7fff, 0x0, 0xd6, 0x40010, 0x4, 0x3, 0x7, 0xe64, 0x101, 0x100000001, 0xfffffffffffffffd, 0x3, 0xbd, 0x9a3a, 0x0, 0x7, 0x6, 0x3, 0x7ff, 0x77c, 0x9, 0x6, 0x2, 0x7c, 0x5, 0xfffffffffffffff7, 0x9, 0x5, 0x2, 0x76e, 0xffffffff, 0x7, 0xbc, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000080), 0x9}, 0x738c03f2a6181904, 0x2, 0x800, 0x1, 0x9, 0x2, 0xffffffff}) write$uinput_user_dev(r1, &(0x7f0000001200)={'syz1\x00', {0x4, 0x9, 0x6, 0x5}, 0x55, [0xfffffffffffffff8, 0x5, 0x6, 0x1000, 0x5, 0x7ff, 0xfffffffffffffff8, 0x62, 0x6f2, 0x9, 0x2023ac72, 0x5, 0x80, 0xffff, 0x4000, 0x9, 0x1, 0x8, 0xffffffffffffffff, 0x1, 0x6, 0x638500000000000, 0xffff0000000000, 0x1, 0x2, 0x1, 0xb3, 0x0, 0x96, 0x9, 0x800, 0x4, 0x0, 0xfffffffffffffff9, 0x1, 0x27, 0xffffffff, 0xb404, 0x3, 0x9, 0x2, 0x0, 0x9, 0x0, 0x6, 0x8, 0x7, 0x7, 0x8, 0x3, 0xffffffff, 0x6, 0x4, 0x18a4, 0x10000, 0xffffffff80000000, 0x3, 0x4, 0x8, 0x0, 0x2, 0xc251, 0x6, 0x6], [0x5e21, 0x5, 0x2, 0xffffffffffff0292, 0x2, 0x7, 0x101, 0x2, 0x9ac, 0x8000, 0x8, 0xb28, 0x0, 0x8, 0x2d, 0x7fffffff, 0x9, 0x4, 0xffff, 0x5, 0x5, 0x6, 0x5, 0x5c3, 0x8c, 0x70, 0x1, 0x0, 0xff, 0x19e, 0x1, 0x1, 0x6, 0x4f222f06, 0x40, 0x9, 0x5, 0x3, 0x2, 0x7fffffff, 0x533, 0x2, 0x0, 0x7e80000000, 0x8001, 0x1000, 0x200, 0x10001, 0x8, 0x10001, 0x40, 0x20, 0x9, 0xffffffff, 0x101, 0x4c9, 0x0, 0xff, 0x6, 0x3, 0x101, 0x7f, 0xfffffffffffffffd], [0x9, 0xffffffffffffffe1, 0x866a, 0x7fff, 0x8, 0x6, 0x1, 0x7986, 0x9, 0x75, 0x1, 0xdb00, 0x3, 0x3ff, 0x1000, 0x7, 0x6, 0x0, 0x8, 0x975, 0x81, 0xb705, 0x8, 0x80000000, 0x0, 0x2, 0x8, 0x401, 0x1, 0x1, 0x80000000, 0xffffffff80000000, 0x400000000000000, 0xf2, 0x2d7842f7, 0x101, 0x401, 0x0, 0x1, 0x4, 0x3, 0x5, 0x5, 0x8, 0x20, 0x9, 0x400, 0x4, 0x3, 0xff, 0x6, 0x8c5, 0x1, 0x80, 0x81, 0x401, 0x9, 0x8, 0x80000000, 0x5, 0xfff, 0xe8, 0x1000, 0xc00000000], [0x6, 0x2, 0x5, 0x6, 0x2, 0xcc, 0x5, 0x9, 0x19, 0x6, 0x9, 0x8, 0x1000, 0x6, 0x5, 0x80000000, 0x606a452d, 0x1, 0x6, 0x2, 0x17, 0xe92, 0x10000, 0x73, 0x8, 0x937e, 0x7, 0x1, 0x3ff, 0x800, 0x1, 0x0, 0x0, 0x6, 0x10001, 0x5, 0x0, 0x0, 0x2, 0x8, 0xfffffffffffffff7, 0xff, 0x6, 0x3, 0x1, 0x48, 0x6f3e, 0xfa8, 0x2, 0x3, 0x500000000, 0x7ff, 0x8000, 0x4, 0xffff, 0x1f, 0x3ff, 0x3, 0x6c88, 0xc1, 0x7e4fca3b, 0x0, 0x2fb, 0x200]}, 0x45c) r2 = msgget$private(0x0, 0x8) msgrcv(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000000000000040000000000000000000000000000000250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ee4e0a3dd609898ee337fe96e37ac2aea9fac78931b71204ff3e2bcfc22670bc00ca1134635b6678dbc6f2f7f9f7ab11d7dbad826ea510543b0aa432f790e6a6f7a44093b306b6a63634d693d48430ed631816b6262fb76f77c58fc6285080663b4d565489bdffdb8509f3cfc9e99343781478dbc08d91da4a763f88f511e300b05eed52ec972b7ebe4acb7183a9f75cf965e053b2979e536fe1fe87ae59d00974a4b18ede978b7f0e94e72be97b981e911085c85048a28237d638c6fbfdedeb8a63fa3465c58317fa3eb30961528178aca9714d8ec32166eb2608c16d5ad47f8426fe7fde35279726df411617c26789f1c4df38f5dcaeb5c155fd0e17b58ef2016b66c06df1f4399a6ab904cdb9c76d58765d3cb38515284d1f12cf6029833d46235cb49594ed2482ef1eede1250a688171"], 0x59, 0x3, 0x0) r3 = getpid() ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000100)=0x0) kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r1, &(0x7f0000000140)={r1, r1, 0x120000}) 02:14:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:33 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x2000000]}}) 02:14:33 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) [ 255.551601] sg_write: data in/out 167162/30 bytes for SCSI command 0x0-- guessing data in; [ 255.551601] program syz-executor.1 not setting count and/or reply_len properly 02:14:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffbfe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:33 executing program 3: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x100, 0x0) ioctl$VIDIOC_DBG_G_CHIP_INFO(r0, 0xc0c85666, &(0x7f0000000080)={{0x4, @addr=0x6}, "070a04496fd9d31d38a9ce792c663cf99dd4c32e655ee7c7bc6b86724ec97f4d", 0x2}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) 02:14:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:33 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x1f000000]}}) [ 255.785011] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 255.785011] program syz-executor.1 not setting count and/or reply_len properly 02:14:34 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:34 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:34 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x52424752]}}) 02:14:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fefffffffffffffee22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:34 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000200)=""/133, &(0x7f00000002c0)=0x85) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0xfffffffffffffcfb, 0x4, 0x6, 0x0, 0x0, 0x8, 0x3080, 0x6, 0x9, 0x7, 0x0, 0x5, 0x9, 0x9, 0x3, 0x40, 0xe3e, 0x0, 0x81, 0x193a0c68, 0x9, 0x6, 0xd, 0x7, 0x2ef, 0x8, 0x5, 0x6, 0x0, 0x6, 0x1, 0x1ff, 0xff, 0x1000, 0x8, 0x4, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x8000, 0x7, 0xffffffff, 0x6, 0xff, 0x2, 0x7ff}, r2, 0x2, r1, 0x2) read$FUSE(r1, &(0x7f0000001200), 0xfffffffffffffdac) [ 256.405760] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 256.405760] program syz-executor.1 not setting count and/or reply_len properly 02:14:34 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x52474252]}}) 02:14:34 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x840, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) 02:14:34 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffff10ffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:34 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x56595559]}}) [ 256.690586] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 256.690586] program syz-executor.1 not setting count and/or reply_len properly 02:14:34 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:34 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:34 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x59555956]}}) 02:14:34 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000001200), 0x1000) ioctl$KDADDIO(r0, 0x4b34, 0xfffffffffffffffa) 02:14:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffbfffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:35 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xe7ffffff]}}) 02:14:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2fefffffffeffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:35 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:35 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11a2, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffff10ffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:35 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:35 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xfdfdffff]}}) 02:14:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:35 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffff10ffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:35 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f00000012c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80020}, 0xc, &(0x7f0000001280)={&(0x7f0000001200)={0x50, r1, 0xb08, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x100000001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x77}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xce}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x101}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x4000) lsetxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x1) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:35 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xfecaedfe]}}) 02:14:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffff10e22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:35 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:36 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000)=0xf0, 0x4) read$FUSE(r0, &(0x7f0000000200), 0x1000) r1 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, r1) 02:14:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160296aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:36 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xfeedcafe]}}) 02:14:36 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160396aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:36 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_adjtime(0x3, &(0x7f0000000040)={0x1, 0x9, 0x4, 0x4, 0x80000001, 0xad, 0x14000000000, 0x4, 0x7, 0x3c8c, 0x1, 0x8, 0x1, 0x5, 0x6, 0x2, 0x2, 0x1, 0x7, 0x6, 0x18000000, 0x3, 0x7fffffff, 0x5, 0x3, 0x5}) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1000) 02:14:36 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:14:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:36 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f0000b58000)=0x40206c00, 0x10024) [ 258.958773] sg_write: 7 callbacks suppressed [ 258.958788] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 258.958788] program syz-executor.1 not setting count and/or reply_len properly 02:14:36 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xfffffdfd]}}) 02:14:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160496aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:14:36 executing program 3: pselect6(0x40, &(0x7f0000001200)={0x8001, 0x3f, 0x100000000, 0x7f, 0xdf0, 0x0, 0x7, 0x3f}, &(0x7f0000001240)={0x100000000, 0x0, 0x7fff, 0x2, 0x7, 0x400, 0x6, 0x7fff}, &(0x7f0000001280)={0xfffffffffffffe01, 0x5, 0x2, 0x8, 0x10001, 0x7fffffff, 0x1, 0xfffffffffffffff7}, &(0x7f00000012c0)={0x77359400}, &(0x7f0000001340)={&(0x7f0000001300)={0x1014}, 0x8}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$int_in(r0, 0x5421, &(0x7f0000001380)=0x2) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x400000, 0x0) ioctl$PIO_FONT(r1, 0x4b61, &(0x7f0000000100)="b91bfa6ea5506d2f295ecea3d0b363c457442f969afbb26324e68a21a232dc595b6b5145459fb9c4ddb2b3e8bb3d3e887c69bee0599ee67f194a11bafbadf2f9dbac066e72cc2d4b54a6b938f241241c2ba5bcaf066f021bb55521b40d4a8ae0cb632ee77f670e761bb612380f750c28a3") seccomp(0x0, 0x1, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x80000001, 0x800, 0x8001, 0x9}, {0xe0de, 0x9, 0x1, 0x460}, {0x0, 0x4559, 0x0, 0xb74}]}) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$RTC_AIE_OFF(r1, 0x7002) read$FUSE(r2, &(0x7f0000000200), 0x1000) ioctl$BLKFLSBUF(r2, 0x1261, &(0x7f0000001440)=0xfffffffffffffff9) 02:14:37 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xffffffe7]}}) [ 259.151580] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 259.151580] program syz-executor.1 not setting count and/or reply_len properly 02:14:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160596aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:37 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, 0x0, 0x10024) [ 259.311925] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 259.311925] program syz-executor.1 not setting count and/or reply_len properly 02:14:37 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)) 02:14:37 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x100000000000000]}}) 02:14:37 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, 0x0, 0x10024) 02:14:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160696aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000001200), 0x1000) 02:14:37 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:37 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x200000000000000]}}) [ 259.837787] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 259.837787] program syz-executor.1 not setting count and/or reply_len properly 02:14:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)) 02:14:37 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, 0x0, 0x10024) 02:14:37 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160796aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) 02:14:37 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x1f00000000000000]}}) 02:14:37 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f00000002c0)) ptrace(0x10, 0x0) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 02:14:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)) [ 260.123495] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 260.123495] program syz-executor.1 not setting count and/or reply_len properly 02:14:37 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f00000002c0)) ptrace(0x10, 0x0) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 02:14:37 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x5247425200000000]}}) 02:14:37 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000), 0x10024) 02:14:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b164896aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:38 executing program 3: 02:14:38 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x5955595600000000]}}) 02:14:38 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f00000002c0)) ptrace(0x10, 0x0) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 02:14:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0) 02:14:38 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xe7ffffffffffffff]}}) 02:14:38 executing program 0: r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 260.406131] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 260.406131] program syz-executor.1 not setting count and/or reply_len properly 02:14:38 executing program 3: 02:14:38 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000), 0x10024) 02:14:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b164c96aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0) 02:14:38 executing program 0: r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:38 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xfdfdffff00000000]}}) 02:14:38 executing program 3: [ 260.663860] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 260.663860] program syz-executor.1 not setting count and/or reply_len properly 02:14:38 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000), 0x10024) 02:14:38 executing program 0: r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)={[{0x9}]}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0) 02:14:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b166896aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:38 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xfdfdffffffffffff]}}) 02:14:38 executing program 3: 02:14:38 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x0) 02:14:38 executing program 3: 02:14:38 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 260.988607] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 260.988607] program syz-executor.1 not setting count and/or reply_len properly 02:14:38 executing program 5: 02:14:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b166c96aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:39 executing program 3: 02:14:39 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x0) 02:14:39 executing program 5: 02:14:39 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xfecaedfe00000000]}}) 02:14:39 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 261.264862] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 261.264862] program syz-executor.1 not setting count and/or reply_len properly 02:14:39 executing program 3: 02:14:39 executing program 5: 02:14:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b167496aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:39 executing program 5: 02:14:39 executing program 3: 02:14:39 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x0) [ 261.486605] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 261.486605] program syz-executor.1 not setting count and/or reply_len properly 02:14:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b167a96aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:39 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xfffffffffffffdfd]}}) 02:14:39 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:39 executing program 2: 02:14:39 executing program 5: 02:14:39 executing program 3: 02:14:39 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0xffffffffffffffe7]}}) 02:14:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af225d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:39 executing program 2: 02:14:39 executing program 5: 02:14:39 executing program 3: 02:14:39 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:39 executing program 5: 02:14:39 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x2]}}) 02:14:39 executing program 2: 02:14:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b020d5b01dea2ebe1b89f8051e6", 0x48) 02:14:39 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:39 executing program 2: 02:14:39 executing program 3: 02:14:39 executing program 5: 02:14:39 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xe7]}}) 02:14:40 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:40 executing program 2: 02:14:40 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:40 executing program 5: 02:14:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b030d5b01dea2ebe1b89f8051e6", 0x48) 02:14:40 executing program 3: 02:14:40 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x1f00]}}) 02:14:40 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:40 executing program 2: 02:14:40 executing program 3: 02:14:40 executing program 5: 02:14:40 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b050d5b01dea2ebe1b89f8051e6", 0x48) 02:14:40 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xe7ff]}}) 02:14:40 executing program 2: 02:14:40 executing program 3: 02:14:40 executing program 5: 02:14:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b060d5b01dea2ebe1b89f8051e6", 0x48) 02:14:40 executing program 2: 02:14:40 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xfdfd]}}) 02:14:40 executing program 5: 02:14:40 executing program 2: 02:14:40 executing program 3: 02:14:43 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b070d5b01dea2ebe1b89f8051e6", 0x48) 02:14:43 executing program 5: 02:14:43 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xffe7]}}) 02:14:43 executing program 2: 02:14:43 executing program 3: 02:14:43 executing program 5: 02:14:43 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x1000000]}}) 02:14:43 executing program 2: 02:14:43 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 265.669751] sg_write: 6 callbacks suppressed [ 265.669765] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 265.669765] program syz-executor.1 not setting count and/or reply_len properly 02:14:43 executing program 3: 02:14:43 executing program 5: pause() syz_execute_func(&(0x7f0000000d00)="660f3a60af00000000954a2be94535e7000000980f053ef3aec4a37bf0c50341e2e906b5c94598282142dc33660f1158469249f7dec461dc55b1e6172525000e81c402fdbade80d78890c5c083497c34c402cccc8c3ac462b99e3d1ce647ed69e1e0ff2dc40095009532f6c4613fc21d9053c7ab8636331f6543c2d9d97dbf3f7a595d438f34b267f36ab40f688030000000564105ba16f2aed3a69a62b16616286c6c0ff2f0458733c402795912c40195dda70000002038e4a2b300b1500909660fdf53098f49609a567be4a1ec823bb8e7d6d68282aa0f362ec7c100000000e490b0b0660f38de8e85e1f326c4617810b274ce38237d12e4260fe88c4200000000c230ca0ff4fcbdbd3cbb3c02c421a9fda2e50000000000456c070faf34963e660fc20500d0000003263666440f5530d800d800c4a1025deef243a5660fd9d277cb0c0ce42ec4a17c1002970606260f38c9bb0f0000008374fb0a07c40155f64e06f247acc0d53323d533239500fa21b66bd182ebf062e3204be32043910002660f71e00147cc47cc66430f38f6de389f9f060f0f2ef246e16d4363d0d8fbc9c4a1fc5a6e86663e41a5df") 02:14:43 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b02dea2ebe1b89f8051e6", 0x48) 02:14:43 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:43 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) set_mempolicy(0x8002, &(0x7f0000000040)=0x1000401, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) 02:14:43 executing program 2: set_mempolicy(0x8002, &(0x7f0000000040)=0x1000401, 0x7) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='tmpfs\x00', 0x0, 0x0) 02:14:43 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x2000000]}}) 02:14:43 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:43 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x1f000000]}}) [ 266.027159] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 266.027159] program syz-executor.1 not setting count and/or reply_len properly 02:14:43 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:43 executing program 2: set_mempolicy(0x8002, &(0x7f0000000040)=0x1000401, 0x7) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='tmpfs\x00', 0x0, 0x0) 02:14:43 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0xffffffffffffffff, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 266.246275] cgroup: fork rejected by pids controller in /syz0 02:14:44 executing program 5: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(0x0, 0x0) 02:14:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000240)=0xf65, 0x4) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) 02:14:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b0adea2ebe1b89f8051e6", 0x48) 02:14:44 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x52424752]}}) 02:14:44 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0xffffffffffffffff, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:44 executing program 2: set_mempolicy(0x8002, &(0x7f0000000040)=0x1000401, 0x7) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='tmpfs\x00', 0x0, 0x0) 02:14:44 executing program 3: r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000700)) [ 266.774194] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 266.774194] program syz-executor.1 not setting count and/or reply_len properly 02:14:44 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x52474252]}}) 02:14:44 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0xffffffffffffffff, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000000000000086dd6002290f00300000fe80000000"], 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}}, 0x0) 02:14:44 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x56595559]}}) 02:14:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b25dea2ebe1b89f8051e6", 0x48) 02:14:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x0, 0x2, r2}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r4 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r2}) 02:14:44 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x59555956]}}) [ 267.038758] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 267.038758] program syz-executor.1 not setting count and/or reply_len properly 02:14:44 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1309f8051e6", 0x48) 02:14:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0xae64, &(0x7f0000000000)) 02:14:45 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 267.288663] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 267.288663] program syz-executor.1 not setting count and/or reply_len properly 02:14:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r4 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r2}) 02:14:45 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xe7ffffff]}}) 02:14:45 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000080)="b1dc91cd80c4c1fae62d3cd3d8c56969ef69dc00d9440f0df0d0d0c44139fd5bf9c4e18d72e00dc7c7e4c653fb0fc4014c5868f4a95ff965be3c3bc4e17950ea01efc48192558dc3c36645d1d9730f5726400f0d18a9c14600000a8ab1b182010804f40f667e440f000066400fc730") 02:14:45 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:14:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1a49f8051e6", 0x48) 02:14:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x7b2) ioctl$TIOCSETD(r0, 0x5423, 0x0) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r0, r1) execve(&(0x7f0000000240)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) [ 267.700537] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 267.700537] program syz-executor.1 not setting count and/or reply_len properly 02:14:45 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xfdfdffff]}}) 02:14:45 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 02:14:45 executing program 5: pause() syz_read_part_table(0x0, 0x0, 0x0) syz_execute_func(&(0x7f0000000180)="3666440f50f564ff0941c3dbc4d9a5f97300006269f7a41d000000003a8e16649c6700617b12cc64660f2ef4c442019dccd2111db8d36f") syz_execute_func(&(0x7f0000001240)="c4e3f9614832f04a2be9c4c1117df6980f053ef3aec4a37bf0c50441e2e926b5c9c482052b1aa30000262ff342906646da4e32c4c3d17f90550000009100d23bde36cdffe617c4a2f932b70d0000000f94c98fa860a394dc00000000b0abe285d39e1d9e1de9defe0f49e0ebf3f336f3f3470fb4950000002056c4229d97a800000000697480140b00006576c166470ff9646e7fc48209b63d4f7f0000c4a2712e85b7000000c46171f31bc4c2092e79966f65da8000000000564105ba16f2ae66410ffe3a16c42de26d3b22c481fb2d079a000800008372e4a25600b12bc309c8218f48609a567be289e28974ce76660f7f24ae77dee4b67f43f01a1aeded186e0fc4617a2c9f0d0000007feff242dd5b0b6566400f54cf3b7d0f12e400f4260fe88c4200000000ca30ca410f38038144000000bb3cbb3c02f3a5f345d15e5392262600456c0f8450000000d0b62f8181943e66420f3a0da281709cd99ad800dd4805e0c4f3460faec32b6e0b0ba17ac64295c4c311691d09000000ca2ef20f38f05300c364f32e8f490001cf2ec4a17c1002973606b2aa260f38c9ba0f007300000080708f72450f0d26f247acec9636660f38058b976192361d09f4f5e597dc7b8e47910002466fc4c145f8436cf20f2d9b0c000000c4e1f95a3b66400f1be92ef246e16df3440f5fa2279b0000c4614d63338f690801900fac00000b31660f6b2f0000383803fbf010cff30fbd950d000000") 02:14:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x9) 02:14:45 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xfecaedfe]}}) 02:14:45 executing program 3: pause() syz_execute_func(&(0x7f0000000040)="b0820ad164ff0941c366440f56c94325a08093763d01000000db6c3990dfd14b00c442019dcc0f11d46f") syz_execute_func(&(0x7f0000000d00)="660f3a60af00000000954a2be94535e7000000980f053ef3aec4a37bf0c50341e2e906b5c94598282142dc33660f1158469249f7dec461dc55b1e6172525000e81c402fdbade80d78890c5c083497c34c402cccc8c3ac462b99e3d1ce647ed69e1e0ff2dc40095009532f6c4613fc21d9053c7ab8636331f6543c2d9d97dbf3f7a595d438f34b267f36ab40f688030000000564105ba16f2aed3a69a62b16616286c6c0ff2f0458733c402795912c40195dda70000002038e4a2b300b1500909660fdf53098f49609a567be4a1ec823bb8e7d6d68282aa0f362ec7c100000000e490b0b0660f38de8e85e1f326c4617810b274ce38237d12e4260fe88c4200000000c230ca0ff4fcbdbd3cbb3c02c421a9fda2e50000000000456c070faf34963e660fc20500d0000003263666440f5530d800d800c4a1025deef243a5660fd9d277cb0c0ce42ec4a17c1002970606260f38c9bb0f0000008374fb0a07c40155f64e06f247acc0d53323d533239500fa21b66bd182ebf062e3204be32043910002660f71e00147cc47cc66430f38f6de389f9f060f0f2ef246e16d4363d0d8fbc9c4a1fc5a6e86663e41a5df") 02:14:45 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 02:14:45 executing program 2: syz_execute_func(&(0x7f0000000000)="c441f055ce64ff0941c34b09e1c4a195673d740a8fff26640f580b69f7a41d000000005181617b12e564660f2ef4c442019dccd2111db8d3f5") syz_execute_func(&(0x7f0000000700)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09c462f10cbc5d66450f38007e1d9066440f6595010000003495c6441846002200262ff3909200d25c6645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac343497f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d962150386c6cb336410fc1f1c4817d28efeefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c646dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af90000004805c462a52b6e0b8fa810ecd6091a1af20fa576ac9fc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc4a2dd910cb11010217cedf9c403816ee3bd39058b97619236295bf4f1e588472c0002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec5765410f0fa35f2a373e9a6c660f71d40c3422") 02:14:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x23) 02:14:45 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) [ 268.037056] __loop_clr_fd: partition scan of loop5 failed (rc=0) 02:14:45 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xfeedcafe]}}) 02:14:45 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 02:14:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x29) 02:14:46 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 02:14:46 executing program 5: syz_execute_func(&(0x7f0000001000)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d9621506640f79c78d5822dbf36410fc1f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c67777dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af9006666430f5ef04805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc467a2dd990cb1b110217cedf9c403816ee3bd39058b97619236725bf4e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") 02:14:46 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xfffffdfd]}}) 02:14:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x200002c8) [ 268.749882] sg_write: data in/out 167162/536871576 bytes for SCSI command 0xff-- guessing data in; [ 268.749882] program syz-executor.1 not setting count and/or reply_len properly 02:14:46 executing program 3: pause() syz_execute_func(&(0x7f0000000000)="3666440f50f564ff0941c366440f56c9660f3a16649c6700c4617b12e5c441dfd04b00c442019dcc0f11d46f") syz_genetlink_get_family_id$tipc2(&(0x7f00000011c0)='TIPCv2\x00') syz_execute_func(&(0x7f00000016c0)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abc421b8c25cb100008d3581810000262f7946d9f96646da4e32c4c2b9b6b90000000000d2dec461dc55b166440f56a82c7bd9172525000e818f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace2d56c4613fc21d9099c7ab86c4213e5377000043d9497dbf82595943f30fbca90010000242d17f0066073a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c481faf06b00f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee4b6c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e400f4260fe88c4200000000ca30cac46190546104f3450f2c6b0009912af3430fc4c17829c8c463ad0b5890ca6c0f84500000006466420f3a0b0100d8008fe978cce16a85856d6d81759d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c1002470fae52c3b2aa246681380010c4026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fad7fbfbc9ec1b1b0fadd5663ef0430fabb90800000064660f01de880c000000c4627925b7a91f6037") 02:14:46 executing program 2: syz_execute_func(&(0x7f0000000000)="c441f055ce64ff0941c34b09e1c4a195673d740a8fff26640f580b69f7a41d000000005181617b12e564660f2ef4c442019dccd2111db8d3f5") syz_execute_func(&(0x7f0000001000)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09007e1d9066440f6595010000003447c6441846002200262ff3909200d25c6645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac5197f9b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c29d9621506640f79c78d5822dbf36410fc1f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1535366f6b6e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c67777dce7440f704eee9864f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af9006666430f5ef04805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cb040ec4e2f92a5382c4c10de5e240681b1400007c1002970606b2aa263e0fafd6c422e6912cb1030474f30a0748eb27c4027502b0f3fe550dc467a2dd990cb1b110217cedf9c403816ee3bd39058b97619236725bf4e58847910002c1045c0b47cc5c0f1ea5322333332ef217640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") 02:14:46 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000002c0)) ptrace(0x10, r0) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 02:14:46 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xffffffe7]}}) 02:14:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x41, &(0x7f00000000c0)={'filter\x00', 0x54, "da3a37b23465d8e1b1bb0ca219379d43526c848ce7dd751d4ef14672e7bcaf9a57ea1de056c5f2fa3b69fb143300ce2c470841a463d8c71af2f1696ffc418a3a9187ce78a8146da879841be90a0003404f27951e"}, &(0x7f0000000140)=0x78) ioctl$BLKGETSIZE64(r2, 0x80081272, &(0x7f0000000080)) 02:14:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") close(r2) close(r1) pipe(&(0x7f0000000000)) splice(r0, 0x0, r2, 0x0, 0x6d5d, 0x0) [ 268.984243] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 268.984243] program syz-executor.1 not setting count and/or reply_len properly 02:14:46 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x100000000000000]}}) 02:14:46 executing program 0: pause() syz_execute_func(&(0x7f0000000000)="984a2ae92cb8b64c0f05bf2e007300c4a37bf0c50241e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fdee51bc421045f4607c421dd589fc4e10bf8c426f2f045f61964620f38fd52262e2e66450f7d64c608c4a3bd4877f88a0383397fd3ff3a0065f20f7cd8efa1a12ad764d3cf53afaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000f2d8f0b000000c2a0c10b00cca27a0e0f414e53d2c40f0f9f3c6436b2aa66450fc4650000c4e39978c104c441c05983f9070bb3ddcdcda2660f38346800c4e3295e4c3dc8a3c4c1045ccc7d7526802d08000000fa0f5fd25c450f91f3f30f5ea5a9a50000ffffbedc4e61c9553131b83a00a2f1fbfb3b62") syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') syz_execute_func(&(0x7f0000000000)="3666440f50f564ff0941c3c4e1a5f97300660f3a8e16649c675100617b12e5c441dfd04b00c442019dcc0510d46f") syz_execute_func(&(0x7f00000001c0)="c4e379614832074a2be91cb9980f053ef3aec4a37bf0c50141e2e922ebc4a2fd1ceb262f664f0f3a601d0b0000000064d11bc421fa6f3d136c0000d2dec461dc57b1e67d0b25c4837916d2befa0040dbe149c4621d07acf6bb266ea70f41fe4cbec5c54d0f2c718f56676beeee8f2870b63b30319ebb517034fe6dfe6d430f2740b267f34cb4b46681f999436c436c99a8271ec46471681966410f3a16288836670fe0a9f27f0000536bd104c7cbcbefef430fae27c4a27921f97cd825d8a1a12ad76464313ac441782b364066bd0ffe383b2bd6dd8867460f330002c4c1cf589e322333334064d266413a010f0f30ca30cac442fd21b19b0b0000f267a1c900000000ddc4411171f200650f01dcc462c9ae49f1a79ad0818194d800092ddd8f0b00c4a17ae64295007b1cbcff6c7ed222ba22baa9a700002e3664644626cc4683b9080000000d0df698b900800036b2aad9c741af4484b71010470f73dc024c593e40d9f50f001e57ce027a7a58edc4037d09210126460fc6008e10000000e5c5c421fb5a1747cc474cf92fc4216f5a0cda65c43e67f20f12d3009b5d8ea7a728285601a9bb00004264650f1b880000008141574974ecd5c4c1cdc28a0000000000fbc4a2750831c44109f89700008020") 02:14:46 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[]}, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) [ 269.115115] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 269.115115] program syz-executor.1 not setting count and/or reply_len properly 02:14:47 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x200000000000000]}}) 02:14:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x20200, 0x0) 02:14:47 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x1f00000000000000]}}) [ 269.326834] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 269.326834] program syz-executor.1 not setting count and/or reply_len properly 02:14:47 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x5247425200000000]}}) 02:14:47 executing program 0: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x91f47d) link(0x0, &(0x7f0000000300)='./file0\x00') r1 = getpid() getsockopt$sock_linger(r0, 0x1, 0xd, 0x0, &(0x7f0000000200)) sched_setattr(r1, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) rename(0x0, &(0x7f0000000040)='./file0\x00') ftruncate(r0, 0x0) memfd_create(&(0x7f0000000400)='}eth0\x00', 0x1) connect$vsock_dgram(r0, &(0x7f0000000000)={0x28, 0x0, 0x2711, @hyper}, 0x10) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) creat(0x0, 0x10) 02:14:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) r1 = dup(r0) write$FUSE_INIT(r1, &(0x7f00000000c0)={0x50}, 0x50) read$FUSE(r1, 0x0, 0x4a6f2c68) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000040)) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r3 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r3, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:47 executing program 3: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000080)='threaded\x00', 0x91f274) r1 = getpid() sched_setattr(r1, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) rename(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300)='./file1\x00') 02:14:47 executing program 2: syz_execute_func(&(0x7f0000000000)="c441f055ce64ff0941c34b09e1c4a195673d740a8fff26640f580b69f7a41d000000005181617b12e564660f2ef4c442019dccd2111db8d3f5") syz_execute_func(&(0x7f0000001900)="640f2c6d004a2be9c4627d0ff9980f053ef3aec4a37bf0c50241e2e9450fe36a09c462f10cbc5d66450f38007e1d9066440f6595010000006464668d8fb0c50000c6441846002200262ff3909200d25c6645dad809132525000e818f470f67450f289369000000b100673e66470f0fa219000000904df30f2cf18282dde97081d7697069704cbec536ac5197f67591b3b301d4dfc5497d3b30470f866f2a37adc37959b427fdffffff67f36ab40f67a2d73b00004cacbc9999ba16f2ae664e0f3a611b04c4c28b9d962121386c6c2e660f38223c6e36360fc1f1c4817d28ef491feefe8f08e4a25600b1500909660fdf53a60909410f5ed1c72701d8862701d886e4d10000eae243a9a1fa16a4d800000000dd7cb800660f19c646dce7440f084cee1364f2ff4ed000f4c4617be6d2f00fb0a8c100000009912af3430f410f1800000045126d6d8d8d00c44299660f2b560e3ef2440fd6dfb9c463d90d2408433e65660f5cb54c0af90000004805c462a52b6e0b8fa810ecd6091a1af20fa576ac8fc978014bc365d085431fe7204577cb11040606e2f92a5382c4c10de519e2e2681b1400007c1002970606b2aa263e0fafd666440f3a17312c030474f30a0748eb2766660f3a0e89c7000000d4c4a2dd910cb11010217cedf9c403816ee3bd39058b97619236725bf4f1e58847910002c1045c0b47cc5c0f1ea532233333640f286400002e3665f3450fc21051000042d8fb4974ec570b9d9d61c9e86c2e8a3d11be00003422") 02:14:47 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x5955595600000000]}}) 02:14:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x9, 0x101202) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000080)=@generic={0x1, 0x80000001, 0x3}) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x402) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:47 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xe7ffffffffffffff]}}) 02:14:48 executing program 5: 02:14:48 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xfdfdffff00000000]}}) 02:14:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000040)={0x4, @multicast1, 0x4e20, 0x3, 'wrr\x00', 0x2, 0x1800000000000000, 0x58}, 0x2c) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = shmget$private(0x0, 0x3000, 0x141, &(0x7f0000ffb000/0x3000)=nil) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x400, 0x0) read$alg(r3, &(0x7f0000000180)=""/208, 0x227) accept$unix(r3, &(0x7f0000000380)=@abs, &(0x7f0000000300)=0x6e) shmctl$IPC_STAT(r2, 0x2, &(0x7f0000000080)=""/137) 02:14:48 executing program 0: 02:14:48 executing program 3: 02:14:48 executing program 2: [ 270.928376] IPVS: set_ctl: invalid protocol: 4 224.0.0.1:20000 [ 270.961091] sg_write: 5 callbacks suppressed [ 270.961106] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; 02:14:48 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x80000101005, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vcan0\x00'}) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000000c0)=""/246) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000240)="80fd02090040", 0x6}], 0x1, 0x0) 02:14:48 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') sendfile(r0, r0, &(0x7f0000b58000)=0xa48, 0xffff) 02:14:48 executing program 3: [ 270.961106] program syz-executor.1 not setting count and/or reply_len properly 02:14:48 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xfdfdffffffffffff]}}) 02:14:48 executing program 5: 02:14:48 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xfecaedfe00000000]}}) [ 271.117717] IPVS: set_ctl: invalid protocol: 4 224.0.0.1:20000 [ 271.156386] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; 02:14:48 executing program 0: 02:14:48 executing program 3: [ 271.156386] program syz-executor.1 not setting count and/or reply_len properly 02:14:49 executing program 0: 02:14:49 executing program 5: 02:14:49 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xfffffffffffffdfd]}}) 02:14:49 executing program 2: 02:14:49 executing program 3: 02:14:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) recvmsg(r0, &(0x7f0000000300)={&(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/104, 0x68}], 0x1, &(0x7f0000000180)=""/200, 0xc8}, 0x40002000) sendto$netrom(r2, &(0x7f0000000380)="d3d7779926575f683ae302a002718082ebe35c262d4dac2efd149c900cf2ed5dba36451f576560888795ac3d5fabf3f39f267234dfddababf6911dedc3da65a990fcab27269e57aa53158d60a02773401e85460df5cfccd58f7b9ab45aeb7ad8510d60c1101a3df107ca4930213c958fe7fd79923f8e967d9c69e9717e9067e83dffaf55441757677013c67c495ee52b14a709b49d5160084b7739b08548cda8a0c8270d6c2516762d01ccc1e2063f0c139013ed52fe0bc669d609a5ffe05404da0d05f30e3cf0159da4e7ea97a85eefca829e2d75060e", 0xd7, 0x40, &(0x7f0000000480)={{0x3, @null, 0x7}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @null]}, 0x48) 02:14:49 executing program 0: 02:14:49 executing program 5: 02:14:49 executing program 3: 02:14:49 executing program 2: [ 271.458758] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 271.458758] program syz-executor.1 not setting count and/or reply_len properly 02:14:49 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0xffffffffffffffe7]}}) 02:14:49 executing program 5: 02:14:49 executing program 0: 02:14:49 executing program 3: 02:14:49 executing program 2: 02:14:49 executing program 5: 02:14:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x6, &(0x7f00000000c0)="0adcba123c123f319bd070") syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000040)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) syz_init_net_socket$netrom(0x6, 0x5, 0x0) 02:14:49 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2]}}) 02:14:49 executing program 0: 02:14:49 executing program 3: 02:14:49 executing program 2: 02:14:49 executing program 5: 02:14:49 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe7]}}) 02:14:49 executing program 3: 02:14:49 executing program 0: 02:14:49 executing program 1: r0 = semget(0x1, 0x4, 0x21) semctl$GETZCNT(r0, 0x0, 0xf, &(0x7f00000000c0)=""/146) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000480)='/selinux/commit_pending_bools\x00', 0x1, 0x0) readlinkat(r2, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)=""/191, 0xbf) r3 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x12040000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r4, 0x10, 0x70bd2c, 0x25dfdbff, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x4800) ioctl$DRM_IOCTL_AUTH_MAGIC(r3, 0x40046411, &(0x7f0000000080)=0x6) recvfrom$ax25(r3, &(0x7f0000000380)=""/74, 0x4a, 0x1, &(0x7f0000000400)={{0x3, @null}, [@null, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r5 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r5, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:49 executing program 2: 02:14:49 executing program 0: [ 272.013240] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 272.013240] program syz-executor.1 not setting count and/or reply_len properly 02:14:49 executing program 5: 02:14:49 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1f00]}}) 02:14:49 executing program 3: 02:14:49 executing program 2: [ 272.136855] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 272.136855] program syz-executor.1 not setting count and/or reply_len properly 02:14:50 executing program 0: 02:14:50 executing program 5: 02:14:50 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe7ff]}}) 02:14:50 executing program 3: 02:14:50 executing program 0: 02:14:50 executing program 1: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-monitor\x00', 0x80, 0x0) ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000140)=0x6) r1 = socket$inet_udplite(0x2, 0x2, 0x88) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x20000, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r2 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x7a, 0x406) openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/mls\x00', 0x0, 0x0) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:50 executing program 2: 02:14:50 executing program 5: 02:14:50 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfdfd]}}) 02:14:50 executing program 3: 02:14:50 executing program 2: 02:14:50 executing program 5: 02:14:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000080)={0x3a8ed165, 0x5, 0x8000, 0x4, 0x7fff, 0x10000, 0x7fff, 0x6, 0x0}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000100)={r2, 0x7ff}, &(0x7f0000000140)=0x8) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r3 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r3, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:50 executing program 0: 02:14:50 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffe7]}}) 02:14:50 executing program 2: 02:14:50 executing program 3: 02:14:50 executing program 5: 02:14:50 executing program 0: 02:14:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8a02, &(0x7f00000000c0)="1acb5ad3e7c92240111bbd37a91862c6e8612e3082a900f9d26da3a2f848759664139b96a6e89fe4353364cda2ccbbaec81be9a1be5d8e4df480a87971e3bd02ecb22f80eb8c490b35246a24d67e7b") ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000040)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:50 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1000000]}}) 02:14:50 executing program 2: 02:14:50 executing program 3: 02:14:50 executing program 0: 02:14:50 executing program 5: 02:14:50 executing program 2: 02:14:50 executing program 0: 02:14:50 executing program 3: 02:14:50 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}}) 02:14:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x1f, 0x2) write$P9_RMKDIR(r1, &(0x7f0000000080)={0x14, 0x49, 0x2, {0x1, 0x0, 0x6}}, 0x14) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000100)) fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f00000000c0)) r2 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:50 executing program 5: 02:14:50 executing program 2: 02:14:50 executing program 0: 02:14:50 executing program 3: [ 273.154048] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 273.154048] program syz-executor.1 not setting count and/or reply_len properly 02:14:51 executing program 5: 02:14:51 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1f000000]}}) 02:14:51 executing program 3: 02:14:51 executing program 2: 02:14:51 executing program 0: 02:14:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x8000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000300)={0x0, 0x15, 0xfa00, {0x0, &(0x7f0000000240)={0xffffffffffffffff}, 0x13f, 0x8}}, 0x72) write$RDMA_USER_CM_CMD_REJECT(r1, &(0x7f0000000100)={0x9, 0x108, 0xfa00, {r2, 0x76, "78fed8", "a0e4f50b7a35b4e879ded40d248c95caf2223bc37a5657437ba403f7e07e79b6058e2bb58622b231b5010645f1084e2308ca649f41e4143b10b03ee0a56edfde7c0dd18dc2ec6e915633c61519e0cfd13a230f62e0916180efb32a6c1b4c7ff09c886a2bb2a87a50bf7aa0871c69b0433492074810b7cc3ee30c876f7c2084e120ddb0c908dbb568c3ff20dbd2d75f76c88452c71e04f061ece860841819a7712864ed315139ac1e70599af6a8671366a4d7dac512114b623b25720044fb981f80afdbea7841a69dcdc54d9c68114c5408def203a58160024df9db1af2e7f9f7843b04c54bb184f3d17d6209de2cb1ad529a9678a76e6a964f05711d89afe466"}}, 0x110) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r3 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r3, &(0x7f0000000080)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:51 executing program 5: 02:14:51 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x52424752]}}) 02:14:51 executing program 3: 02:14:51 executing program 0: 02:14:51 executing program 2: 02:14:51 executing program 5: 02:14:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x100, 0x0) ioctl$TCSETA(r2, 0x5406, &(0x7f0000000080)={0x2, 0x5, 0xff, 0x0, 0x18, 0x7, 0x3, 0x20, 0x3ff, 0x2}) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:51 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x52474252]}}) 02:14:51 executing program 3: 02:14:51 executing program 0: [ 273.634139] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 273.634139] program syz-executor.1 not setting count and/or reply_len properly 02:14:51 executing program 5: 02:14:51 executing program 2: 02:14:51 executing program 3: 02:14:51 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x56595559]}}) 02:14:51 executing program 0: 02:14:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = dup2(r0, r0) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f00000000c0)={0x80000, 0x0, [0x7, 0xbab, 0x4, 0x3, 0xbbcf, 0x7f, 0x1, 0x7]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000040)={0xe3b, 0x2, 0x1}) r2 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:51 executing program 5: 02:14:51 executing program 2: 02:14:51 executing program 3: [ 273.907749] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 273.907749] program syz-executor.1 not setting count and/or reply_len properly 02:14:51 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x59555956]}}) 02:14:51 executing program 2: 02:14:51 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000500)="994a2ae92cc3964c0f05bf00000020c4a37bf0c5bf41e2e92e0f01481064f3460f1b2800000f383a9e02000000110ec1c15bc4a265aa104b2636a00f38091e2fa2631bc421045f4607c421dd589fc4e10bf842c80000c9a426a42645f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ffc4012dfa1165f20f7cd8efc4c3194198ac77000007459d6766f2ab440fec3f66460f51df6c6c62b1f72ec3000fc6004148f70000c2a0c10b00448a0aa27a0e0fc402712f358f0045d9f90f9f3c6436b266450fc4650000c4e39978c104ddcdcda269420f3834680000e3295d2cbdc8a3c4c1045ccc7d75c4426507af0f0000000f5fd243caca460f2ad0f30f5ea5a9a50000ffff660f79ca5536f347aab03a00a2f1fbfb7662cf") 02:14:51 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000000)={0x0, r2}) 02:14:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) [ 274.049999] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 274.049999] program syz-executor.1 not setting count and/or reply_len properly 02:14:51 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(r0, 0x0, 0x0) [ 274.094269] audit: type=1400 audit(1556676891.877:48): avc: denied { module_load } for pid=19300 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=system permissive=1 02:14:51 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe7ffffff]}}) 02:14:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x9b7, 0x3, 0x8, 0x2}, {0x4, 0x800, 0x3f, 0x7}]}) write(0xffffffffffffffff, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:52 executing program 5: unshare(0x20020000) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) poll(0x0, 0x0, 0x400007f) mkdir(&(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(r0, &(0x7f00000002c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000080)='./file0\x00', 0x0) 02:14:52 executing program 3: shutdown(0xffffffffffffffff, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000240)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r1, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0xc700000e) 02:14:52 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}}) 02:14:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400100) getpeername$netlink(r2, &(0x7f0000000100), &(0x7f00000000c0)=0xc) 02:14:52 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfecaedfe]}}) 02:14:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) [ 274.522986] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 274.522986] program syz-executor.1 not setting count and/or reply_len properly [ 274.540236] audit: type=1800 audit(1556676892.297:49): pid=19535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16961 res=0 02:14:52 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfeedcafe]}}) [ 274.595491] audit: type=1804 audit(1556676892.327:50): pid=19487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir843705550/syzkaller.MggQME/240/file0/file0" dev="sda1" ino=16961 res=1 02:14:52 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:52 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}}) [ 274.673857] audit: type=1800 audit(1556676892.327:51): pid=19487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16961 res=0 02:14:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000300)) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @multicast2}, 0x4}}, 0x12) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x40000020000, 0x0) getsockname$tipc(r4, &(0x7f0000000080), &(0x7f0000000100)=0x10) getsockopt$packet_buf(r3, 0x111, 0x1, 0x0, &(0x7f00000000c0)=0x301) write(0xffffffffffffffff, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:52 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffe7]}}) 02:14:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:14:53 executing program 5: unshare(0x20020000) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) poll(0x0, 0x0, 0x400007f) mkdir(&(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(r0, &(0x7f00000002c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000080)='./file0\x00', 0x0) [ 275.249643] audit: type=1804 audit(1556676893.037:52): pid=19666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir843705550/syzkaller.MggQME/240/file0/file0" dev="sda1" ino=16961 res=1 02:14:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:53 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x10000, 0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000180)={0x8, 0x8006, 0x9, 0x3, 0x0}, &(0x7f00000001c0)=0x10) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000200)={r1, 0x5}, 0x8) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000080)) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r3 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000140)={'syz_tun\x00', 0x400}) write(r3, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) rseq(&(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0xffff, 0xff}}, 0x20, 0x1, 0x0) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x8) 02:14:53 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x100000000000000]}}) 02:14:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:14:53 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, [], [], [], 0x0, 0x0, 0x0, 0x0, "c8d989727578bda7d81210d1cc3198c3"}) [ 275.290380] audit: type=1804 audit(1556676893.067:53): pid=19668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir843705550/syzkaller.MggQME/240/file0/file0" dev="sda1" ino=16961 res=1 02:14:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:53 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x200000000000000]}}) 02:14:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000180)="b63db85e8000020000003b00003ef0011dcc606aed69d2bc7037e35a9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e66c6a", 0x4a) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x2, 0x0) connect$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x42, 0x3}, 0x3}}, 0x10) 02:14:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r1, 0x0) 02:14:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:53 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, [], [], [], 0x0, 0x0, 0x0, 0x0, "c8d989727578bda7d81210d1cc3198c3"}) 02:14:53 executing program 5: unshare(0x20020000) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) poll(0x0, 0x0, 0x400007f) mkdir(&(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(r0, &(0x7f00000002c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000080)='./file0\x00', 0x0) 02:14:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x40, 0x0) sendto$netrom(r1, &(0x7f0000000080)="de290e280b098ba1448c631c1da229183cecdfa890833051690a5ec0e41c26c9692c07069dad682c6865eb27c246c4c83adcddd35a8cf7746608a8f1377ee2f20932f5b24e8c356b6e8e65f8c86e1d3c31f196a6ab4b80ffee0b9c0582f8052233742da99c158bef5e6e7d39d0dd", 0x6e, 0x800, &(0x7f0000000100)={{0x3, @default, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) r2 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:53 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1f00000000000000]}}) 02:14:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r1, 0x0) 02:14:53 executing program 3: syz_open_procfs(0x0, &(0x7f00000003c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000400)=0x14) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000440)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @mcast1, @local, 0xb549, 0x10001, 0x10001, 0x100, 0x4, 0x0, r2}) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f00000000c0)={0x800100f, 0x7ff, 0x3}) ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000040)) 02:14:55 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:55 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfdfdffffffffffff]}}) 02:14:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:14:55 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:55 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfecaedfe00000000]}}) 02:14:55 executing program 1: r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x80) ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r2 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) [ 277.676896] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 277.676896] program syz-executor.1 not setting count and/or reply_len properly [ 277.780424] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 277.780424] program syz-executor.1 not setting count and/or reply_len properly 02:14:55 executing program 5: pause() syz_execute_func(&(0x7f00000005c0)="c4e379614832074a2be91cb9980f053ef3aec4a37bf0c50141e2e922ebc4a2fd1ceb262f664f0f3a601d0b0000000064d11bc421fa6f3d136c0000d2dec461dc57b1e67d0b25c4837916d2befa0040dbe149c4621d07acf6bb266ea70f41fe4cbec5c54d0f2c718f56676beeee8f2870b63b30319ebb517034fe6dfe6d430f2740b267f34cb4b46681f999436c436c991ec46471681966410f3a16288836670fe0a9f27f0000536bd104c7cbcbefef430fae27c4a27921f97cd825d8a1a12ad76464313ac441782b364066bd0ffe383b2bd6dd8867460f330002c4c1cf589e322333334064d266413a01351e0a0f30ca30cac442fd21b19b0b0000f267a1c900000000ddc4411171f200650f01dcc462c9ae49f1a7f6efd0818194d800092ddd8f0b00c4a17ae64295007b1cbcff6c7ed222ba22baa9a700002e3664644626cc4683b9080000000d0df698b900800036b2aad9c741af4484b71010470f73dc024c593e40d9f50f001e57ce027a7a58edc4037d09210126460fc6008e10000000e5c5c421fb5a1747cc474cf92fc4216f5a0cda65c43e67f20f12d3009b5d8ea7a728285601a9bb00004264650f1b880000008141574974ecd5c4c1cdc28a0000000000fbc4a2750831c44109f89700008020") 02:14:55 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:55 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = eventfd(0x0) dup3(r0, 0xffffffffffffffff, 0x0) 02:14:55 executing program 3: ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pause() syz_execute_func(&(0x7f00000001c0)="3666440f50f564ff0941c366440f7ac9c4e179fe18c4617b12e5c4027d416599c442019dcc410f0fbfd82400009a") syz_execute_func(&(0x7f0000001f80)="c4e3f9614832074a2be93693980f053ef3aec4a37bf0c50141e2e9c4224d47e8459838218d00a30000262ff3429066c4821102ee9214859d6e515196d2c4660f73db00dc55b1e6172525000e818280008080e2859ecf491e2f16f0410f117b0969e08f4cbec5c54de90d47e82c718f56c4213e537700c443d9497dbf59f0438f34b267f36ab40f6880300000005666410f3a162888c423a46c53b885000000fefe41ff50c463910b430a0b8fc938974f1a8f69609b5687e8e17474d8d8a1de2ad764c4213a5fc0660f38de8e85e1f326470f5f103b7d0f12e400f4e39b3830ca30ca8fc94094136abbc4a295921402592a2af3420f2c0f2665e94612c8000f8450000000d0818194d800420fe165dbae88f4d7d72d92f9f928c4018912830867e0c4c4c3bd7c6d830045770c64e42e440bdd9747f4ff068bffc91801a200800000d9c7485c485e2e2ea97812c041c4e1f9c21e048374fb0a07c401f1eb27f247d2acaced36660f38058b976192361d09f5e5978047910002c1045c0b47cc47cc2f5cc4a24505dd4205ab0000009f407765060f0f8153000000aec4017b2c6b7ea9bb000042c46245b788000000810b31c4617ddd880c0000003523") 02:14:55 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdfd]}}) 02:14:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) connect(r0, &(0x7f0000000080)=@ethernet={0x6, @remote}, 0x80) tee(r0, r0, 0x2, 0x8) ioctl(r0, 0x7, &(0x7f0000000000)="07d0ba056b950000000000") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x44000) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:56 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe7]}}) 02:14:56 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = eventfd(0x0) dup3(r0, 0xffffffffffffffff, 0x0) 02:14:56 executing program 5: syz_execute_func(&(0x7f0000000000)="3666440f50f564ff0941c3c4e1a5f97300660f3a8e16649c675100617b12e5c441dfd04b00c442019dcc0510d46f") syz_execute_func(&(0x7f00000003c0)="6541d9e54a2be91cb9980f053ef3aec4a37bf0c50141e2e922ebc4a2fd1ceb262f664f0f3a601d0b0000000064d11bc421fa6f3d136c0000d2dec461dc57b1e67d0b25c4837916d2befa0040dbe149c4621d07acf6bb266ea70f41fe4cbec5c54d0f2c718f56676beeee8f2870b63b30319ebb517034fe6dfe6d430f2740b267f34cb4b46681f999436c436c99a8271ec46471681966410f3a16288836670fe0a9f27f0000536bd104c7cbcbefef430fae27c4a27921f97cd825d8a1a12ad76464313ac441782b364066bd0ffe383b2bd6dd8867460f330002c4c1cf589e322333334064d266413a010f0f30ca30cac442fd21b19b0b0000f267a1c900000000ddc4411171f200650f01dcc462c9ae49f1a79ad0818194d800092ddd8f0b00c4a17ae64295007b1cbcff6c7ed222ba2265baa9a794a7942e3664644626cc4683b9080000000d0df698b900800036b2aad9c741af4484b71010470f73dc024c593e40d9f50f001e57ce027a7a58edc4037d09210126460fc6008e10000000e5c5c421fb5a1747cc474cf92fc4216f5a0cda65c43e67f20f12d3009b5d8ea7a728285601a9bb00004264650f1b880000008141574974ecd5c4c1cdc28a0000000000fbc4a2750831c44109f89700008020") 02:14:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snapshot\x00', 0x40400, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000380)={0x0, {0x4, 0x9}}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r4 = openat$cgroup_ro(r3, &(0x7f0000000080)='memory.stat\x00', 0x0, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) sendto$rose(r4, &(0x7f0000000100)="e0c1e78f918d1210417ecc0238cd6431b8be348e123d410cd526588e2f5dbd2b39c7d795f7ce3a8a431461774f05168f061d14dc4e1212cf00f5db22550874cf8543f347fd8d64977c6b3cb11ba082d94c490b0220b15326f8960ec6eaf70de58d7cad8457ac41911d27482acfe11c718c7ce5f6b21988efa2806314c1e8891fedefb53d12cc205a2be02847c09bec665d6898f821190d13", 0x98, 0x10, &(0x7f0000000240)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast]}, 0x40) ioctl(r0, 0x1000008914, &(0x7f00000001c0)="0adcba12fa0d6a2e9009af5029a5eb97cd81da6f366534d216c636e075010bc050fe24bc30eceb3cf9cee02fa62ffb1070ca1de7efe653f787362978f97dd6fa4d7f58f1a52a6d6af52420d6d32e8e81f023907ddcf9c59b11") syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x80000001, 0x410102) r5 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r5, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) setsockopt$rose(r2, 0x104, 0x5, &(0x7f00000000c0)=0x1, 0x4) 02:14:56 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}) 02:14:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:56 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = eventfd(0x0) dup3(r0, 0xffffffffffffffff, 0x0) 02:14:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x30100, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000080)={0x2, 0x0, @ioapic={0x3000, 0x800, 0x800, 0x3, 0x0, [{0xb0d9, 0x8, 0x800, [], 0xffffffffffffffff}, {0xffffffffffffffff, 0x5, 0x1585, [], 0xf80}, {0x0, 0x7ff, 0x9, [], 0x39}, {0x8, 0x3, 0x7, [], 0x4}, {0x100000000, 0x8000, 0x6}, {0x0, 0x42718299, 0x15, [], 0x2}, {0xdf, 0x1, 0x5, [], 0xb204}, {0x8107, 0x0, 0x2, [], 0x100000000}, {0x3, 0xfb, 0x0, [], 0x6ddf}, {0x10000, 0x2, 0xaa, [], 0x2}, {0x0, 0x9, 0x8001, [], 0x800}, {0x401, 0x1, 0xffffffff, [], 0x7fd4}, {0x8001, 0x0, 0x800, [], 0x1000}, {0x4, 0x1ff, 0x7, [], 0xffffffffffffd009}, {0x2, 0x4}, {0x5e4, 0x9, 0x0, [], 0x2}, {0x99b4, 0x4, 0xf136, [], 0x1}, {0x6, 0x0, 0x414f, [], 0x7fffffff}, {0x81, 0x2, 0x1f, [], 0x9}, {0x100000001, 0x1f, 0x100000000, [], 0x3}, {0x78, 0x8001, 0x105, [], 0x7}, {0x0, 0x3ad5, 0x0, [], 0x4}, {0x3, 0x2, 0x5, [], 0x7}, {0x1ff, 0x10001, 0x1f, [], 0x9}]}}) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000180)=0x80, 0x4) [ 278.568888] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 278.568888] program syz-executor.1 not setting count and/or reply_len properly [ 278.616344] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 278.616344] program syz-executor.1 not setting count and/or reply_len properly 02:14:56 executing program 3: syz_execute_func(&(0x7f0000000b40)="4a2be91c39980f05f7a6aae28920aec4a37bf0c50141e2e922ebc4a2fd1ceb262f43ca070064d11bc421fa6f3d136c000090f2ababdec461dc57b1e67d0b25c4837916d2befa0040dbe1491e2f160f41fe4cbec5c54d0f2c718f56c4627d793bf20fc257ab83957bf8c483057f6e3e5340b2672641afc4a31149a00700000024fa846c76ed1fc402fd34ad010000001feda827490f7e6caae1c48255973b0f3a16288836670fe0a9f27f00009ad691c2c2dcf4fc0f383ca3300a00008b8b27c4a2798f092802cee126463307383baa32d467460f3300028f6a78106f6503000000c4e1782ff466413a010fc442fd21b19b0b0000f2f1a1c9000000001adddd411171f200594f01dcdc62c9ae4918f1f19ad08181942400092ddd8f0b00c4a17ae64295007bf208f522ba22baa9a73000c481fc2eae2500000036338d8d83b9520800000dc4e27d0ed280002c85aad9c7d26c1b014c593e40d9f50f001e5764807c7bfde2a858ed43fbc42119da3cb01100430fd1a2d08212d4e51cc40521f95a1717cc474cf9f240150f9e8b7921f15a42802345c421fd29fa002d08000000009b5d8ea7a728285675444157653e460f19690dd5c4c1cdc28a0000000000fcc4c36d4b7b0ead32ad32750831c44109f89700008020") 02:14:56 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = eventfd(0x0) dup3(r1, r0, 0x0) 02:14:56 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe7]}}) 02:14:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) 02:14:56 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00]}}) 02:14:57 executing program 5: mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$PIO_FONT(0xffffffffffffffff, 0x4b61, &(0x7f0000000440)) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x7, 0x80) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x20003, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 02:14:57 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:57 executing program 1: r0 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x2, 0x2) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000140)={0x5, &(0x7f0000000080)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @local}, {0x0, 0x0, 0x0, @broadcast}]}) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r2 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:14:57 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = eventfd(0x0) dup3(r1, r0, 0x0) 02:14:57 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe7ff]}}) [ 279.284817] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 279.284817] program syz-executor.1 not setting count and/or reply_len properly 02:14:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in, 0x0, 0x8, 0x0, "5e752537c5b37831627d32017a8d07b80148d1eeb9667225cb26a2ae3e86f4474aa710ee616cc8a2b62cfb7deec1b9b83be3003f8e2a24bfe2593fc6e8ee136f698385e44ad6ea6ab7be3a360c129679"}, 0xd8) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000400)={@in, 0x0, 0x0, 0x0, "b25fa38c569235e8182e1a1185d69b72f1f61a2a1fb91319e0187fee019262622af3d47f1f61ba974dc1542bb55d0db5c733703fb82239de55f350754bf478133dcc30b3adc39c9d228dc02d5c15c48f"}, 0xd8) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in, 0x0, 0x9, 0x0, "e834a0db7a3c7446395bc4b6fd21059b9d10fab0c3b18071b0cf3aa9417df7fb2d6c0229fe116715534c49cabff21ed98f2cee0d4b276fc8e2dc4b59849a620c4da2b8faf28e08caee7c354318cbff61"}, 0xd8) 02:14:57 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:57 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfd]}}) 02:14:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x40, &(0x7f0000000040)="2780853b17db3815997a07038542f3f87fb54fb181d4397bb3590d0824a20c7387d03f5c2837443acc403df2ed64195b599b8cae9beb040f20f5f82d02db5dfe7468defe41994eaedc7c178a7fb40baad84a0723fb8891bea69943f7c5a9bf668c5f1a439d43007a8a06a321267450f772f0cba5eda589dba52262f3129eba13e71d5182e259694231092122574f12fd6f3a57ab84fb644a72756ca688c498d86e601f9251156761e73f8854225d6d6d65a15a2cbafe8e56f6d5d66ee352dc0dceec43cc0be999b300167bec7cc67dce8e9d027b485e7407e5796a6c63b43d02832d2040") ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$adsp(&(0x7f0000000300)='/dev/adsp#\x00', 0x6, 0x220000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000240)={0x0, 0xa8, &(0x7f00000006c0)=[@in6={0xa, 0x4e24, 0x3, @mcast1, 0x9}, @in6={0xa, 0x4e24, 0x4, @remote, 0x1ff}, @in6={0xa, 0x4e23, 0xfffffffffffffffb, @rand_addr="c809b973ee0b85eb56ada2698d8aef9f", 0x100000000}, @in6={0xa, 0x4e20, 0xaa, @dev={0xfe, 0x80, [], 0x13}, 0x9}, @in6={0xa, 0x4e22, 0x9, @local, 0x4}, @in6={0xa, 0x4e21, 0x3f, @loopback, 0xfffffffffffff4e1}]}, &(0x7f00000004c0)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000380)={r2, @in={{0x2, 0x4e21, @empty}}, [0x49a8, 0x200, 0x7, 0x4, 0x5, 0xc1a6, 0x8000, 0x7, 0x8, 0x6, 0x1, 0x20, 0x4, 0x8, 0x6]}, &(0x7f0000000480)=0x100) r3 = syz_open_dev$sg(&(0x7f0000000500)='/dev/sg#\x00', 0x0, 0x402) write(r3, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) write$binfmt_aout(r3, &(0x7f0000000780)=ANY=[@ANYBLOB="0000030093010000730100000100000014030000060000000000000000000000b668a33ec9f8f37b47a9b6c65c8bd3b0f62f581a1015c5382a55d21c1aab18ab7b6e878575f3d0eaaa2d884627fa0359725aa4f3d87a73d502b03d0ce34f64ad87a38698f534ffefa7a41c4a75721d7a77e32f383af5901f61031e5770b180286e9e70196e8d4ebfabacf6ed4d875de1d46422b2d59164958000af87c24ab7773e528abe5636d95e55710bf8ef50893355fcab926723a1821c1523b626147a1536ddd93b25bb5f0b8d3f957b2f96665106981725d0bc40a3f90600e49f8ebea5030111b17032010da7d52c362154ccc88ea6eb31e678573c42dd39ff8d8b2f34fb71ab070d1c36aed4faec81993ed9a5ee7f6400f9723ddb266b32e9352fcd82cffbde20921e0d680ebbad4b9c67603c9d783596719e890ba628707e5e3ab6e372612ec9c3c177e63235daa5677ef140043c5bd573e5186ef7cdd92ee3ec1a5fb3f1cf1352ca5976658a22bd19d02b90ef20aaffb6c367e315a386afc52233dc732783f0b29f6cef4e9077af828b449859d3ddc88f617647f159265f9c6a8f20647b5c8d240fe7c4a7886cf245712d9b8246de23558a1f4d03c4ba97a2bb24cec2c42450bdee64f8fa417727ac99c95e83879b0faeda02bd69ad8d87a20aaac9bc61bb42cbd499ead1aba487a4fb79c3a9f643ba410940704e91e60ed82dd398f11095e2a9bb02b55e3459256bcbf69bfcc0e1665e47ecfb5756a7e92ef8fa8df7fdc394b49f66242daafea518edd43b44668185804874b014c9a659560255a572453ee7675f0d65843bdd9193f6f68682347f018f3d14ca98c61528558ece8f947396ba2ad415d0b8c1479e907662805f7b12348490494b9e463689e24e34e1f9935e74f8aa3eaf8dcb69e23b98d32a0ccc41930678d8964520ad925a9b36c007e15853bc5f4b21757a9f4e59a0c3017b096e340798e4e975e4944f41a91eb53f09dfd4575479c7f1200f3009bf369bb1f1fc5f454d0ec5fb1899e7d92cc137fcf3a0099cfd99ae695f9bdb0f00eb7e2dde1490d4306a1aeb813267d25b72b81633b599f11a6895e15a89d65f616028949da3fd064b3e1fca82ea7f3ae6e12d78d5fb0722be537a3bedd2d780954900260e239351f5435f2a2e8e9e34d693d83d5617f1b782561b864000c7ad22cae34c5e77255fbe9c4f42bd3b6a1dc32bf1f72e3c8c1dc6ebe8c58448ae672e34bc0ff873902c68af3c3beaab7cce5df9327b3e9ca55392f957064b91d2f0428ad15a2ec725646c07fa70440e70591129cf1382b5e4d7fd4ac81df17c468b3a9605557d5f0acc1fc515114bdc3bfd62b6cc39d4ce42ee4ea8833a73ff77f24a1dc0ff610f4a7497a2ae1f6d3a0ed6e9099597be388f6a78d0d4533c9ca9c334e2affeb23c5c5673c71b721ec51b0bdabc306a12458b0790be37459e2050f98a6b389fbbf512a2577478d800f7f5fff4560a2410686c599cf12c91832f22edb8ed60eb6b43386042aa9619034464b413e4aae1247bbc28c87574e22a5e0562e150ef68ebdf150acfb63399ad9a3ccf801158fbf7f2a4ad6c4fd8f580babcf4e24120e16274fa839ce3a636135e27b2d9949ad409c1433f6d6d77a662bc2bbad28d272f928cdce63a90c36aa3993e98fcc31ceec7420d21ada4e7d545e8fc179915902f20e7391fb58fddbf1478fe7b0a3b25426948f7d1e1481ba4dfdb70ae931de1a04fa4860436ed38f99cf45ef2057fa15148acad90aa2084fc544f33a1345e013fd66dc55ad35b0c6d2667a87604c8e828d749827d040521b6a9dfcdfc642e7890b633ba05a7de17d7099f9b5968be73d084a46af637a7b521f7b536ffdec9ae5e9dd85a8c68ccfaebc71ee114ea1733aef9303f51f92983c3db3b4058551d81a87bd2e41bc3a30000008000000000251fd206cb973d36888f0c66b070841a0273638cd4ff3742ae3a55a94e5a97df486b1f813e7d6d1b1d8c1740d7fcaee0b7582884fc301145ed0cf063e239dd66df1c73f2b70b75d8c49afd7cd694afee7a9f44e3c94e22755109a029355a8ebe754fcb6f2af75b1faca1ea05702cb79759ec2e520e7c198fb04ad89bea68212349494f8be071afb3bb96f2cf6f9d8faad2334aa0b3f8227c11c78725a962ca047184f5bb45c3a59c78feea6df2e20c091d6587e115a14319166d92e4dc30b330674d5ef92209ae2a188bd78192e67628bdd4dfce180299e5c7235c058b200874616d962d42d25d3d1f378771e216f69916e5ea5687b218149ca289f7471b14858893ed07da75dafbe922961ea21650af33e014e4a8220bb50f88860265a5c78f3e13dbcfe670f063d4316a78960748f8cab3ae57e28027043521d07cf4ebe159c2dcd4e5acc5a68627186bf6c5c48acdcecafc88fd87c1a87272343a4b57a507ea7291e990359dfb6ad2c45d1d179bae9fd8c3c6f3c6db0156c0ff12b849c1526b63ad72917cea913612070455bdf64953dcd62c721a01721e5e3030676c60ac98997658c2609d0a5257b0833d42785b33916b2fdbfa53835b8d76e8e8fd1e324c87ae7fb2f6ea5ebdf5490292704d94d1b7f2e4fd59f6e724b57f35739765187906818d5fc2231ee21b728fa6c07e0ab437da5c88162d69ab469e2fe7e6dedec2ed2e6dd38bb73acb468156f3ab498d153fc7a80d8153f1d2f3c232780ad5c38096857fdbe0c9c1d7063ebc01436e75eddceb355c4f3deb4f9b504b8d811e7ba6c4e3eda8dbaaabc8105d10d4490962013eaeb8016f692afbf5c1f8da3c37afeca0d0c71f3abd49377ed8e4abd071a87b4efe66e8c8784b35c07c12b7b5f6e319be59024360e2f88d6d00d70e662978ab93e7aaa3a2c1d89d2676e93d3323d566c6ce8e37e7f3c60c1bdb07c5165ada4bdd7d3fa6e4d5ef14f281e5decb01edabfe019526361a00244593e615a094771e7bd9bcfccc869aa99691346bb49496de2143d255ac0cb27e1784eed30242384bc4a63485813f34e66a411bf271c4f08ea9f2201f2db2a66895b49112f3f0fc444acf430e16a4cda85d2a5d86a7dcb0da7338e9b1bbab6c7ca9745418ef33929860659d8175c690e4330bcadd09b8cfe284092d08ba8c5c23d60c3261831b3561911a6b9fc1f0474d5108a42ce9cf91f6ef45892edb6a524d9113640e2bec4990018579ea2af0cdd2bd803d897260afbb561ee4d6d82b4c7da038121900aec197c8163b836a65171a5de9f5c3f0bfec547f78936f4928e9f0081d3caec800f19f624fcb15f98f65384056275e6a1e454cddc60e7543df40c1d84f9ffd7a7aa0c56fc4f45c023770c023574b30d6f3ffdacced6a38e65dbcadb09ae7f161fee772b44db5ed571e2a11ae47ec5a33afdbd2c11c6995238b928c97ed7e5e6accf781fad8cd1a73b00d33de7e9d8e30263d83f2ca813af87462c3f160bdcdd33cad68cd573542a7a2cf22fbdfe8ec7e07ad9819edc460a493a8ac56c3b28a5c146c07bde09144362438a3c206f4194062dd228ffeedf657fbbb8dcea8fb507576e4d1bd97520a81cc3d460fc38c6fe3ee6de015816059b4ebc8d3107a8281f8e84d8ba68c7a3413c37ae8cdebc693387b54857bb5bf172e152d28776ebd3fcc52c12a03387903d87323dfb100f878e578ed92702a6e06d343c7e4112502f8d01299934b43aed6ed8f15003dea0655f45e935f1f7207553efac4ddc1fb66b25a4f9e93c176910cfabefbe32399d81a143664ae4142859de11d2b46ecb60d02b50efab84f01c34e6b12a0840d7ccc495f5778f5828ffe033473d453c7c5933d22a744b95caec64ec0931df95425cb72616a1acfaba0ade24f5920e6a7eab2eb2fb652713f4e7346a0d97a12ed72b5234e4ca315f9dd00bef6dd8ccd575318e80a3ca727f1d30d049b25a319b82c2ea32d26515709a7480db6ee49e7ba64dc7ba27687ce45b303d51f45d0fbdedb588c39c8cbd295d49535c070e651f4ff4d4aaf6ddde6a0e655810875627f301c9aa60e5e49b06f8c66556d2bc0b5f3150f23652e08ef17e91499f6a01585654eaf745880cef0b1301a86023a0cb53850040703b5f55c765bf571ba561522c7b6be577246a41d0c54e6da35e3af03005f48a11b06d6c7fd0c577f2d46566b9d13157820fa5bd77e5d76072eabd478d3ac7a47c3001de7ba76eb003aa534f8ab12f56a30228211a7c6e7adab7c41ce933b172c7049ddce1c608e0400796acf2e9345e69a0a89148ea8e496d2326611006bd11ff046cd9dedc6f8746f03116b4cf4e1480e47c099f2730d0679fee8957975fa02dfdb8e1eaf3feaf0b0861145c6a3515b824f0fa1bb0a13a869c8f126bf9065b4a0a6cf89b32618cb59f914a857e9198ead8c906ce48eddad7dc30231272c6d101df22f0647c197e822ab71d0787f85f312d30f1d707843c885bf732600e7d0a85da60c757c2c642d4a7d22daa1ffe43c83583b711235722487e87f8d9184f68baa3370a7558657bf4e59c26104f9d82d19089946f16c132bc2f42a67919f0be58bb98ea61b2d34649743ab1262da016ea6575f3c59c1cb2afbff82f5f312c450b9cfb5438838d3e16ca66064676c562c63d4f81f11a2fe6f222bc057853c96faf494c3d81552f74fa972b7738ecdb53177683c502cecca2de74357d830df3204f053001c48b9c1cd9997f73cbb45e85c6df9aa39be5c21394ad16cb92f798e8012d5c14ef02f51b481e3dbde9975b4b40043bbc967b3e50fa9e6c76bfc70d123cb54b4823ff19278d221ddba5d56d09a366e4a39ae90cf4dd76b922c3555fa276a99a155d0734d630d55ba520158730a702978a14a1262259e31ce17d9ef4993aa603edc5768b77b99e967b0a92b2b04eaf3e4e034bcdbc5ea0f0eb577141c3e5c22f8b02f06050acbd8798fb64014636659aa40d735b4379ea3f9e46266e105249cb3d5984f33868011214aacb26937965eecc2986e1309c41caa60c4af0d7133399bf52b69212bb578975d6a9bb4b6f54f6c42368b5925fb7dea8a20081579319550f6c718ed04d21c3b03eb264a63267264a8e32f676d4ada658b78d27158a54bc8c79a4c6121b3b5a19b4d745f298b9bea50f7d4c623e7e7f4dc496a95a4fbcee0a9905f285413ba511360deb8df6a8beea6f64df80b77bab656305759af76c48df978988180d3e8b058d086b07d77793b5c5fe41bb72bff7c7ae2670c14b040b32bc863debb1eb2da2600f37df6203acc236a3415343f9c1a8fdc173c48f71af92ca2cca4fd705cdf8735fc072e116b3f692872ce8bc93ffe797786e8710972cf276c3b63ffb4c17d9ae347a3645d5f0dc50b0b73ba6e009eb2cea23e136a07054248f02d6162877daf5a9ddd277acc7f8d623f94e31fe0e028fc75803f7084f6886f6beff068a68f4d652277bbd090d2a9b89343e90455112e15af760332dcb6ece0b711d314aa3fccf7ceffd52d9d6ad96998bb844d740c27d7e36f53be4e73ffa2ee246f969e5b82aafe9b0d0d371f0d955a8c0f986a9382f293e2a9336ba83760b81a91a26ef7729c18b3c6a920fe4b5699d2cb5140a2dfd25e07c25339c82b8cb0999d9a07dd16ef971c0c576c091adfae7287a1e51ed796d116494ad4bd0c14fdade7551c5778e6adb172b74153a8bc72197b69038915dc302471c8b2c010dc76d6dce1849100d1ea91599b82141939cf61013083d8578a2cdb4dc49b3b642dc2860da4d6b048defaa629064ee83afe24b61870703df4c376dc3949727caf9368495fbb9970966910d9e6991bc4cdbd23a28e94628bf2b447279b5784666af9ec19c4fa259fbde17fe60d611e9e4e5bf3c0d5f0be0b047c05403271fce5d176c28c9a65a32b90aa8bfc141fed80297b8bbf77cda25d2de626824cf9f7e0ac6acd585588088b9639c43f1a64e975ef0d83a48558016150b02873b0868eb14afa1a3295a423c3d0f0446d1349ff938bead75f8401b58fbf102d02dedd62bb2cc2230ac50140d2aca48c9a1a87a9032d1c15168b0c52fc816b39ff09215f4b5231d4e48faa91c861a883cf68df6f92470f5993dcc1a9da814998371837546d781bf2420aa96b5f683d26abf8668052ab24397480bd81e76249d91815fb9af01e0d7812c22472924314400b2cb9d7"], 0x1020) [ 279.419453] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 279.419453] program syz-executor.1 not setting count and/or reply_len properly 02:14:57 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = eventfd(0x0) dup3(r1, r0, 0x0) 02:14:57 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x100010, 0xffffffffffffffff, 0x0) ioctl$PIO_FONT(0xffffffffffffffff, 0x4b61, &(0x7f0000000440)="0a721b49cfb455f06405cef0920eacd4baa026cc1c52e00d0bb7d5e664e09d") mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz0\x00', 0x1ff) syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x7, 0x80) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 02:14:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x0, 0x699c7e1db1017ae3) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000240)={0x39, 0x7f734f5e, 0x7, 0x4, 0x2, @discrete={0x10001, 0x401}}) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x400, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)={0x0, 0xaecc, 0x0, &(0x7f0000000040)=0x1b7}) r3 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r3, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) getsockopt$bt_hci(r0, 0x0, 0x1, &(0x7f0000000100)=""/156, &(0x7f00000001c0)=0x9c) 02:14:57 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:57 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffe7]}}) 02:14:57 executing program 5: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000080)='threaded\x00', 0x91f274) rename(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300)='./file1\x00') utime(&(0x7f0000000100)='./file0\x00', 0x0) 02:14:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) [ 279.761359] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 279.761359] program syz-executor.1 not setting count and/or reply_len properly 02:14:57 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}}) 02:14:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x28) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e21, @loopback}, @in6={0xa, 0x4e21, 0x1000, @remote, 0x2}, @in6={0xa, 0x4e22, 0x7fffffff, @dev={0xfe, 0x80, [], 0xb}, 0x3}, @in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @multicast2}, @in6={0xa, 0x4e21, 0xfffffffffffffff8, @mcast1, 0x5}, @in={0x2, 0x4e24, @rand_addr=0x40}], 0x94) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000380)={0x80000001, 0xe85, 0x9, 0x0, 0x0, [{r0, 0x0, 0x7}, {r2, 0x0, 0x7fffffff}, {r2, 0x0, 0xd454}, {r2, 0x0, 0x5}, {r1, 0x0, 0x81}, {r2, 0x0, 0x2}, {r0, 0x0, 0x400}, {r0, 0x0, 0xfffffffffffeffff}, {r0, 0x0, 0x10000}]}) r3 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x80000) ioctl$SIOCX25GCALLUSERDATA(r3, 0x89e4, &(0x7f0000000080)={0x45, "7f0df052e4e0dab59aea81fd635dbf7ff269cf00906c51e6c47a66e0192a624d2e0640ac0977540a02ba455a975ccf409a67efbda6e006987356dc897279b648739fc02995964a4d951f5d9c3cadbe3d9cb40c88ae34ed05003e6f7c54e3966c0c780d07e0dd4e9ecac30368d976c87cf21560a44d5df744bf17611a2bff353a"}) fsetxattr$security_evm(r2, &(0x7f0000000240)='security.evm\x00', &(0x7f0000000300)=@md5={0x1, "fcaf16227966491a7549c32983ba859a"}, 0x11, 0x1) 02:14:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:14:57 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:57 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}}) 02:14:57 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:58 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x100010, 0xffffffffffffffff, 0x0) ioctl$PIO_FONT(0xffffffffffffffff, 0x4b61, &(0x7f0000000440)="0a721b49cfb455f06405cef0920eacd4baa026cc1c52e00d0bb7d5e664e09d") mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz0\x00', 0x1ff) syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x7, 0x80) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 02:14:58 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/commit_pending_bools\x00', 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000240), 0x4) socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x100, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x1, 0x9, 0x0, 0x7}]}) ioctl$LOOP_CLR_FD(r2, 0x4c01) r3 = semget(0x0, 0x3, 0x410) semctl$SEM_INFO(r3, 0x3, 0x13, &(0x7f0000000100)=""/248) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) openat$cgroup_subtree(r0, &(0x7f0000000300)='cgroup.subtree_control\x00', 0x2, 0x0) 02:14:58 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:14:58 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1f000000]}}) [ 280.363838] audit: type=1326 audit(1556676898.147:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=20161 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45bc0a code=0x0 02:14:58 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000000c0)=""/246) ioctl$PPPIOCATTCHAN(r0, 0x40047438, 0x0) 02:14:58 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:58 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = eventfd(0x0) dup3(r1, r0, 0x0) 02:14:58 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x100010, 0xffffffffffffffff, 0x0) ioctl$PIO_FONT(0xffffffffffffffff, 0x4b61, &(0x7f0000000440)="0a721b49cfb455f06405cef0920eacd4baa026cc1c52e00d0bb7d5e664e09d") mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz0\x00', 0x1ff) syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x7, 0x80) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 02:14:58 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x52424752]}}) 02:14:58 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x52474252]}}) 02:14:58 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 02:14:58 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = eventfd(0x0) dup3(r1, r0, 0x0) [ 281.144297] audit: type=1326 audit(1556676898.927:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=20161 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45bc0a code=0x0 02:14:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") modify_ldt$read_default(0x2, &(0x7f0000000040)=""/186, 0xba) r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000140)=@assoc_value={0x0, 0x6}, &(0x7f0000000180)=0x8) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dlm-monitor\x00', 0x4000, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000440)={{{@in6=@ipv4={[], [], @remote}, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@loopback}}, &(0x7f0000000540)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000580)={'vcan0\x00', r4}) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f00000001c0)=r2, 0x4) setsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f00000005c0)=0x20, 0x4) ioctl$int_in(r0, 0x5421, &(0x7f0000000100)=0x1b0) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r5 = accept4$inet(r0, &(0x7f0000000200), &(0x7f0000000240)=0x10, 0x80000) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000000380)={r2, @in={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x80000000, 0x400}, 0x90) 02:14:58 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = eventfd(0x0) dup3(r1, r0, 0x0) 02:14:58 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x56595559]}}) 02:14:58 executing program 3: 02:14:58 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @ipv4={[], [], @remote}}, 0x1c) accept4(r0, 0x0, 0x0, 0x0) 02:14:58 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 281.248578] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 02:14:59 executing program 3: 02:14:59 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x59555956]}}) 02:14:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) recvfrom(r0, &(0x7f0000000040)=""/227, 0xe3, 0x2, &(0x7f0000000140)=@l2={0x1f, 0x6, {0x6, 0x7, 0x5b13, 0x8, 0xfffffffffffffff8, 0x5}, 0x1, 0xffffffffffffff9a}, 0x80) 02:14:59 executing program 2: 02:14:59 executing program 3: 02:14:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) [ 281.445730] sg_write: 4 callbacks suppressed [ 281.445758] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 281.445758] program syz-executor.1 not setting count and/or reply_len properly [ 281.473643] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 02:14:59 executing program 5: 02:14:59 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe7ffffff]}}) 02:14:59 executing program 2: 02:14:59 executing program 5: 02:14:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:14:59 executing program 3: 02:14:59 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}}) 02:14:59 executing program 5: 02:15:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000100)=0x800) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x8000, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x80000000}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYBLOB="f8ffb4005f1cba93518b66468ef7e764eb376971b4abda5299d54216b85337a947410c40c4c7ffa533417f7023b71838942c733674e2ca56bec63eced9f04d6bf4c9b7730ec079c150205fc454ad94da6e317c85412471082a17b8050b9249acadf11934170dc5b5ff1d8d0eff39e1f2e6bdb92797aeb467f019850de9d0826dd23b96190f408b442e122a85dcec725fdae57f6cddbe22077fd0e9e71ea067d2ec9f0f63462c2f5e11486b3903c05c461b2b8777e220a4b7e776a5ada0a0769f4b875ed968414ae1b728ba52ee6cc75ef4e490a6eba7f0ec01063386cf7ad9b7e846dbd6e591b9001622dcfe6c8865ba931f6c7d88800b345b339fdf3105890fae3620e40a8f1b72d9627f660903b3031e34d652c76f390ebba05f721b9cb44275277ac65b05095007270f0e4c9fadeadaa325e38661acb28143dd58f93a52176b71f0b1cd7d7c96033767f1e2a7cb197913d16aff5ba620fdc164d2ae3adbe9b6b57095f1b54eeeed1a4a44ff1b56be536ec60106c1937693d89e0435b041c57008b01e16620228368b"], 0xbc) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000040)={'HL\x00'}, &(0x7f0000000080)=0x1e) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f00000000c0)) r3 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r3, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:00 executing program 2: 02:15:00 executing program 3: 02:15:00 executing program 5: 02:15:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:00 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfecaedfe]}}) [ 282.223630] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 282.223630] program syz-executor.1 not setting count and/or reply_len properly 02:15:00 executing program 5: 02:15:00 executing program 2: 02:15:00 executing program 3: 02:15:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = getpgrp(0xffffffffffffffff) syz_open_procfs$namespace(r1, &(0x7f0000000040)='ns/pid_for_children\x00') r2 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:00 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfeedcafe]}}) 02:15:00 executing program 2: 02:15:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:00 executing program 5: 02:15:00 executing program 3: [ 282.552594] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 282.552594] program syz-executor.1 not setting count and/or reply_len properly 02:15:00 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}}) 02:15:00 executing program 2: 02:15:00 executing program 3: 02:15:00 executing program 5: 02:15:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:00 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x101000, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f0000000100)=0xf000) socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x9, 0x105000) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x1, 0x0) fanotify_mark(r1, 0x5, 0x8, r2, &(0x7f00000000c0)='./file0\x00') r3 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r3, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:00 executing program 2: 02:15:00 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffe7]}}) 02:15:00 executing program 3: 02:15:00 executing program 5: [ 282.937965] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 282.937965] program syz-executor.1 not setting count and/or reply_len properly 02:15:00 executing program 2: 02:15:00 executing program 5: 02:15:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:00 executing program 3: 02:15:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="f00000123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:00 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}}) 02:15:00 executing program 5: 02:15:00 executing program 2: [ 283.232483] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 283.232483] program syz-executor.1 not setting count and/or reply_len properly 02:15:01 executing program 3: 02:15:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:01 executing program 5: 02:15:01 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}}) 02:15:01 executing program 2: 02:15:01 executing program 3: 02:15:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x10000, 0x80) ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000080)={0xf9, 0x0, [0xe365, 0x7, 0x2, 0x8000]}) 02:15:01 executing program 5: 02:15:01 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00000000000000]}}) 02:15:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:01 executing program 2: [ 283.601509] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 283.601509] program syz-executor.1 not setting count and/or reply_len properly 02:15:01 executing program 3: 02:15:01 executing program 5: 02:15:01 executing program 2: 02:15:01 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5247425200000000]}}) [ 283.740623] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 283.740623] program syz-executor.1 not setting count and/or reply_len properly 02:15:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:01 executing program 3: 02:15:01 executing program 5: 02:15:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x109000) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffff9c, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x9, 0x8}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000100)={r3, 0x2, 0x7ff}, 0x8) 02:15:01 executing program 2: 02:15:01 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5955595600000000]}}) 02:15:01 executing program 3: 02:15:01 executing program 2: 02:15:01 executing program 5: [ 284.088420] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 284.088420] program syz-executor.1 not setting count and/or reply_len properly 02:15:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:02 executing program 2: 02:15:02 executing program 3: 02:15:02 executing program 5: 02:15:02 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe7ffffffffffffff]}}) 02:15:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x4, 0x0) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000080)={0x1000, 0x4000}) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f00000000c0)={0x7, 0x0, 0x10002, 0x20}) ioctl$DRM_IOCTL_SG_FREE(r2, 0x40106439, &(0x7f0000000100)={0x8000, r3}) pipe(&(0x7f0000000040)) 02:15:02 executing program 5: 02:15:02 executing program 3: 02:15:02 executing program 2: 02:15:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:02 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}}) 02:15:02 executing program 5: 02:15:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats\x00', 0x0, 0x0) r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x10000, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000000c0)="2e3e406d66baf80cb844e93f86ef66bafc0c66b847f966ef66440f388234a62e260fc75c3600b9080900000f3266450f544c76092ea80066b83e000f00d8440f013f0f20c035000000400f22c0", 0x4d}], 0x1, 0x4, &(0x7f0000000180)=[@efer, @cstype3={0x5, 0x8}], 0x2) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:02 executing program 3: 02:15:02 executing program 2: 02:15:02 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffffffffffff]}}) 02:15:02 executing program 5: [ 284.688080] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 284.688080] program syz-executor.1 not setting count and/or reply_len properly 02:15:02 executing program 3: 02:15:02 executing program 2: 02:15:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) eventfd(0x0) dup3(0xffffffffffffffff, r1, 0x0) [ 284.792339] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 284.792339] program syz-executor.1 not setting count and/or reply_len properly 02:15:02 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfecaedfe00000000]}}) 02:15:02 executing program 3: 02:15:02 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x5, 0x0) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f0000000080)=""/248) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r2 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) socket$inet_udplite(0x2, 0x2, 0x88) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:02 executing program 5: 02:15:02 executing program 2: 02:15:02 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdfd]}}) 02:15:02 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x56595559]}}) 02:15:02 executing program 5: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000), 0x10024) 02:15:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) eventfd(0x0) dup3(0xffffffffffffffff, r1, 0x0) 02:15:03 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, 0x0, 0x10024) 02:15:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe7]}}) 02:15:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x22000, 0x0) ioctl$VIDIOC_CROPCAP(r1, 0xc02c563a, &(0x7f0000000080)={0xa, {0x90, 0x401, 0x4, 0x4}, {0x6, 0x650b, 0x1, 0x8}, {0x9, 0xfda7}}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r2 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xe) 02:15:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000023c0)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)) 02:15:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}) 02:15:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="ab7f60212d446afd1bf63d1c9f9af0f8025341fa6d17c40e74860f8b000871068a7f264cd048a382b5943584309a92c88c3b8e16203930ea3210b8b51c5d0a615a00f3c663055e48ab7c3b4102229ebaf7626740a1d8e17b8334b3aa88bd425932ee1cceedd050f4b289b451b20923fb9a703d3af7f52bf1ae930648945ce12fe7553c76730131ccbebd0a2caa8b70ccf1469f25a909d746c5242a3ae79d645b0f5b18bb61dd78bd7b4c77faf9a53de4b72d7bafcb8dd1954365a3abe6240c271793d984d10b5b00e439e81c1770faa497d101b4f56bcd648315c1d6") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) eventfd(0x0) dup3(0xffffffffffffffff, r1, 0x0) 02:15:03 executing program 5: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:15:03 executing program 3: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x32a, 0x0}, 0xffffffffffffff1d) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x40206c00, 0x10024) 02:15:03 executing program 2: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x3) fcntl$addseals(r0, 0x409, 0x5) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RWRITE(r1, 0x0, 0x0) 02:15:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7]}}) 02:15:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x0, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) r2 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r2, 0x100000000000006, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2, 0x0) ioctl$VIDIOC_S_JPEGCOMP(r4, 0x408c563e, &(0x7f0000000080)={0x800, 0xe, 0x2d, "eb089df187605056dd5c95782be65b45934ac42afc41f2825123249b841ae5b27cd6822cdb0d6edb9d64f7aa6fc87b952ed377fa11cd4d7fdf17cd47", 0x1d, "a67680608c05cc4e9a38069bf8327793bc57523f2afda5a8cbd8aae83c6b5d68b14011b81f4e25b28e107e07e85f459d75b93e46ae8db44da34acf06", 0x40}) r5 = socket$inet_udplite(0x2, 0x2, 0x88) fsetxattr$trusted_overlay_opaque(r4, &(0x7f0000000180)='trusted.overlay.opaque\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x2) ioctl(r5, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f00000000c0), 0x4) getsockopt$packet_buf(r6, 0x107, 0x12, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0xf0) write(r3, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = eventfd(0x0) dup3(r1, 0xffffffffffffffff, 0x0) 02:15:03 executing program 2: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40080, 0x8) getsockname$netrom(r1, &(0x7f0000000040)={{0x3, @bcast}, [@netrom, @rose, @netrom, @bcast, @rose, @rose, @netrom, @null]}, &(0x7f00000000c0)=0x48) 02:15:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00]}}) [ 285.804565] Unknown ioctl 19456 02:15:03 executing program 3: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7}}) 02:15:03 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x9) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x200, 0x40000) r1 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x2398, 0x440000) write$apparmor_current(r1, &(0x7f0000000280)=ANY=[@ANYRES16=r0], 0x1) openat$hwrng(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/hwrng\x00', 0x0, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x0, 0x2) readv(0xffffffffffffffff, 0x0, 0x0) clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) 02:15:03 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f0000000080)={0x5, 0x0, [{}, {}, {}, {}, {}]}) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) socket$inet(0x2, 0x6, 0x7f) ioctl$TIOCGISO7816(r1, 0x80285442, &(0x7f0000000040)) syz_mount_image$nfs4(&(0x7f0000001200)='nfs4\x00', &(0x7f0000001240)='./file0\x00', 0x80, 0x2, &(0x7f0000001440)=[{&(0x7f0000001280)="2f9fb27056a568215a573abb09ec9f396ab2e94967a2311e10cf4077aa7e9432cc240b429310dff0624db6dfde6559dab014c302892d7b69726680474f1cf5d65d93ea93a1eaba6899d89b01ca282cb1a4579d5adda502993c69ac40aaa7b486822d4b68dd0ada0fb215eca0a6483e1dce5eb76469c24f82797fbef5487c537047020419f98984", 0x87, 0x2}, {&(0x7f0000001340)="d9959739bf67cf1734e3d3e0800a06e7c9f8116112d58022a0559201782af112e2f4deade50d61638208d577895b12432d8b52ba72eb7becb72920ae55144cfda0aa3fa4c4fa58e11d0983032603cedad8007ae91a888d22d2eb74ed20eb2d3818f05759c78f5aeaf4bec564746dd1584bf3bbc5560cd58fdd6e4ef2d6f1c021f000d43a521f2c9799db8a5295282f9bd4576d0887a05fa33043123b8a0453a1088368714ced552057ba9af2fe3d8ab647b3f03bfd1f3b045890dccfeb2499f9e6734e714d4d8b10da", 0xc9, 0xfff}], 0x50, &(0x7f0000001480)='cpusetcgroup\x00') [ 285.902318] Unknown ioctl 19456 02:15:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = eventfd(0x0) dup3(r1, 0xffffffffffffffff, 0x0) 02:15:03 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7ff]}}) 02:15:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x3, 0x2000) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:03 executing program 3: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x30000, 0x0) ioctl$VIDIOC_S_TUNER(r1, 0x4054561e, &(0x7f0000000040)={0x1, "5bdd1dc42af6118c52c0858d9d7f204648a6a8e01308d5cad05e797fc9b14c47", 0x5, 0x603dca15690718d6, 0x1, 0x4, 0x10, 0x4, 0x6, 0x6}) rt_tgsigqueueinfo(r0, r0, 0x37, &(0x7f00000002c0)) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:15:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = eventfd(0x0) dup3(r1, 0xffffffffffffffff, 0x0) 02:15:04 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x9000) 02:15:04 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/btrfs-control\x00', 0x2800, 0x0) ioctl$void(r0, 0x5450) accept(0xffffffffffffffff, &(0x7f0000000140)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000001c0)=0x80) openat(r0, &(0x7f0000000080)='./file0\x00', 0x80, 0x102) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000200)={r1, 0x1, 0x6, @random="e1ed3af0050e"}, 0x10) r2 = syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x6, 0x100) write(r2, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:04 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfd]}}) 02:15:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1005) 02:15:04 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f0000000080)={0x5, 0x0, [{}, {}, {}, {}, {}]}) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) socket$inet(0x2, 0x6, 0x7f) ioctl$TIOCGISO7816(r1, 0x80285442, &(0x7f0000000040)) syz_mount_image$nfs4(&(0x7f0000001200)='nfs4\x00', &(0x7f0000001240)='./file0\x00', 0x80, 0x2, &(0x7f0000001440)=[{&(0x7f0000001280)="2f9fb27056a568215a573abb09ec9f396ab2e94967a2311e10cf4077aa7e9432cc240b429310dff0624db6dfde6559dab014c302892d7b69726680474f1cf5d65d93ea93a1eaba6899d89b01ca282cb1a4579d5adda502993c69ac40aaa7b486822d4b68dd0ada0fb215eca0a6483e1dce5eb76469c24f82797fbef5487c537047020419f98984", 0x87, 0x2}, {&(0x7f0000001340)="d9959739bf67cf1734e3d3e0800a06e7c9f8116112d58022a0559201782af112e2f4deade50d61638208d577895b12432d8b52ba72eb7becb72920ae55144cfda0aa3fa4c4fa58e11d0983032603cedad8007ae91a888d22d2eb74ed20eb2d3818f05759c78f5aeaf4bec564746dd1584bf3bbc5560cd58fdd6e4ef2d6f1c021f000d43a521f2c9799db8a5295282f9bd4576d0887a05fa33043123b8a0453a1088368714ced552057ba9af2fe3d8ab647b3f03bfd1f3b045890dccfeb2499f9e6734e714d4d8b10da", 0xc9, 0xfff}], 0x50, &(0x7f0000001480)='cpusetcgroup\x00') 02:15:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319b") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:15:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0x40405515, &(0x7f0000000080)={0x6, 0x6, 0x4, 0x2, 'syz0\x00', 0x7}) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:04 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffe7]}}) 02:15:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1005) 02:15:04 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x9000) [ 286.666425] sg_write: 8 callbacks suppressed [ 286.666439] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 286.666439] program syz-executor.1 not setting count and/or reply_len properly 02:15:04 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}}) 02:15:04 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f0000000080)={0x5, 0x0, [{}, {}, {}, {}, {}]}) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r1, &(0x7f0000000200), 0x1000) socket$inet(0x2, 0x6, 0x7f) ioctl$TIOCGISO7816(r1, 0x80285442, &(0x7f0000000040)) syz_mount_image$nfs4(&(0x7f0000001200)='nfs4\x00', &(0x7f0000001240)='./file0\x00', 0x80, 0x2, &(0x7f0000001440)=[{&(0x7f0000001280)="2f9fb27056a568215a573abb09ec9f396ab2e94967a2311e10cf4077aa7e9432cc240b429310dff0624db6dfde6559dab014c302892d7b69726680474f1cf5d65d93ea93a1eaba6899d89b01ca282cb1a4579d5adda502993c69ac40aaa7b486822d4b68dd0ada0fb215eca0a6483e1dce5eb76469c24f82797fbef5487c537047020419f98984", 0x87, 0x2}, {&(0x7f0000001340)="d9959739bf67cf1734e3d3e0800a06e7c9f8116112d58022a0559201782af112e2f4deade50d61638208d577895b12432d8b52ba72eb7becb72920ae55144cfda0aa3fa4c4fa58e11d0983032603cedad8007ae91a888d22d2eb74ed20eb2d3818f05759c78f5aeaf4bec564746dd1584bf3bbc5560cd58fdd6e4ef2d6f1c021f000d43a521f2c9799db8a5295282f9bd4576d0887a05fa33043123b8a0453a1088368714ced552057ba9af2fe3d8ab647b3f03bfd1f3b045890dccfeb2499f9e6734e714d4d8b10da", 0xc9, 0xfff}], 0x50, &(0x7f0000001480)='cpusetcgroup\x00') 02:15:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x480, 0x0) bind$netlink(r2, &(0x7f00000000c0)={0x10, 0x0, 0x25dfdbfb, 0x800000}, 0xc) fallocate(r1, 0x8, 0x80000000, 0x200) read$rfkill(r2, &(0x7f0000000080), 0x8) 02:15:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1005) 02:15:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319b") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:15:04 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x9000) 02:15:04 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}}) [ 286.953054] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 286.953054] program syz-executor.1 not setting count and/or reply_len properly 02:15:04 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f000000]}}) [ 287.055431] dlm: non-version read from control device 8 02:15:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1005) 02:15:04 executing program 5: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffe7]}}) [ 287.128192] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 287.128192] program syz-executor.1 not setting count and/or reply_len properly 02:15:04 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x9000) 02:15:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319b") read(r0, &(0x7f0000000280)=""/11, 0xfe17) r2 = syz_open_pts(r0, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 02:15:05 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52424752]}}) 02:15:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x3, &(0x7f0000000680)="0adcba123c123f319bd070364000bb19069ff16beb7a274e597a06b94c5d287960192f9908dea2dbc6730b25d8c98412d0ed493bd53ff710073818916c37ec9728445294a66c0d0500000000000000572f5e2caa82b755317224c3078a00d2ba3f688d9b9a8fd469fa7aa00e83e8e13997b1a817f6d096ce0d02c87f3f9b2b1b522f5fde1c26eb2c3e4bd2712e16ef8b7015cb9cbe6bb0830c93857877260e4aeacb24653685bbf3e67c6273a6771badf60c812ddab3660524260e127e7222c8c110b4e375e4a35875d0bae6c9bda8f86a751b6dae84041303a6525a695b925fd02a798ca48aaf5c3802c94e4858a2111b89d97d97217c1bc7c77a8e5c2059a20d3b0b7bd9786827c807cf478bb91b13941bfa6d39120e046ad4041e36953045fcbe0c5b91a0a0c92a2621bbe6c21dcfbece5a5ad6182af948b9f2b35595cccfdb6dc88b8eb0673082532eaaa3b3318c3519175e0f23bb255988") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:05 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x9000) 02:15:05 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1005) 02:15:05 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x5, 0x80) ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000040)) [ 287.427131] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 287.427131] program syz-executor.1 not setting count and/or reply_len properly 02:15:05 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52474252]}}) 02:15:05 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x5, 0x80) ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000040)) 02:15:05 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x9000) 02:15:05 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200), 0x1005) 02:15:05 executing program 0 (fault-call:4 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:05 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x50a00, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0xa}}, 0x20) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000140)=0x100, 0x4) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000100)={0xf, 0x8, 0xfa00, {r1, 0xf}}, 0x10) r2 = socket$inet_udplite(0x2, 0x2, 0x88) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/status\x00', 0x0, 0x0) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r3 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) openat$rtc(0xffffffffffffff9c, &(0x7f0000000300)='/dev/rtc0\x00', 0x0, 0x0) write(r3, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000180)) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f00000001c0)=0x1, r1, 0x0, 0x2, 0x4}}, 0x20) 02:15:05 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56595559]}}) 02:15:05 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x5, 0x80) ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000040)) 02:15:05 executing program 3: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1005) 02:15:05 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x59555956]}}) [ 287.794605] FAULT_INJECTION: forcing a failure. [ 287.794605] name failslab, interval 1, probability 0, space 0, times 0 02:15:05 executing program 2: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x9000) [ 287.905776] CPU: 1 PID: 21272 Comm: syz-executor.0 Not tainted 4.19.37 #5 [ 287.912930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.922427] Call Trace: [ 287.925198] dump_stack+0x172/0x1f0 [ 287.928923] should_fail.cold+0xa/0x1b [ 287.933012] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 287.938164] ? lock_downgrade+0x810/0x810 [ 287.942350] ? ___might_sleep+0x163/0x280 [ 287.946560] __should_failslab+0x121/0x190 [ 287.950825] should_failslab+0x9/0x14 02:15:05 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7ffffff]}}) [ 287.954670] kmem_cache_alloc_trace+0x2cf/0x760 [ 287.959368] ? kasan_check_read+0x11/0x20 [ 287.963543] ? do_raw_spin_unlock+0x57/0x270 [ 287.968026] kvm_uevent_notify_change.part.0+0x350/0x440 [ 287.973524] ? kvm_put_kvm+0xc70/0xc70 [ 287.977820] kvm_put_kvm+0xae/0xc70 [ 287.981775] ? kvm_irqfd_release+0xe2/0x120 [ 287.986133] ? kvm_irqfd_release+0xe2/0x120 [ 287.990495] ? kvm_put_kvm+0xc70/0xc70 [ 287.994588] kvm_vm_release+0x44/0x60 [ 287.998410] __fput+0x2df/0x8b0 [ 288.001721] ____fput+0x16/0x20 02:15:05 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x5, 0x80) [ 288.005039] task_work_run+0x14a/0x1c0 [ 288.008966] exit_to_usermode_loop+0x273/0x2c0 [ 288.013592] do_syscall_64+0x52d/0x610 [ 288.017539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 288.022765] RIP: 0033:0x458da9 [ 288.025998] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 288.044950] RSP: 002b:00007fecc18d2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000124 02:15:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x411d, &(0x7f0000000140)="0acef7dfc9177076a72e6a76da3ba82cf8c6b5843e00000057551f2af43eebf51ef3221f9ddd98387d1806489a572447a9545353c9961d12fa7ac8e979cd86b5e59c036181abb359333c0a7611fda4c0be85208eb67ee30e38beb2b15f0f9a958b994ba924a02e9ac1fbbb85404dbf451b72c30088099f58632c9be7e8b70c6447a4a961b79169808e1e3815655a53ec8cb7ab8a0737d07d892d1632d24dc9b5ea90a1ca1a0d892c7089a28d594cbe49d1c36e9c91aa8d895f084b1c") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x2000000000, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xffff, 0x10000) getsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x4) [ 288.052692] RAX: 0000000000000004 RBX: 00007fecc18d2c90 RCX: 0000000000458da9 [ 288.060079] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 288.067377] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 288.074677] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fecc18d36d4 [ 288.081973] R13: 00000000004bf321 R14: 00000000004d04e8 R15: 0000000000000007 02:15:05 executing program 3: r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1005) 02:15:06 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}}) 02:15:06 executing program 0 (fault-call:4 fault-nth:1): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000100)={0x0, 0xee1}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000180)={r3, @in={{0x2, 0x4e21, @rand_addr=0xffffffff}}}, 0x84) getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000040), &(0x7f0000000080)=0x10) 02:15:06 executing program 2: r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x9000) 02:15:06 executing program 3: r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1005) 02:15:06 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x5, 0x80) 02:15:06 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfecaedfe]}}) [ 288.543832] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 288.543832] program syz-executor.1 not setting count and/or reply_len properly [ 288.611920] FAULT_INJECTION: forcing a failure. [ 288.611920] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 288.623812] CPU: 1 PID: 21327 Comm: syz-executor.0 Not tainted 4.19.37 #5 [ 288.630770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.640252] Call Trace: [ 288.640285] dump_stack+0x172/0x1f0 [ 288.646497] should_fail.cold+0xa/0x1b [ 288.646517] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 288.646540] ? mark_held_locks+0x100/0x100 [ 288.659774] __alloc_pages_nodemask+0x1ee/0x760 [ 288.664475] ? __alloc_pages_slowpath+0x2870/0x2870 [ 288.669524] ? find_held_lock+0x35/0x130 [ 288.673715] cache_grow_begin+0x9c/0x8c0 [ 288.677817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 288.683389] ? check_preemption_disabled+0x48/0x290 [ 288.688439] kmem_cache_alloc_trace+0x688/0x760 [ 288.693153] kvm_uevent_notify_change.part.0+0x350/0x440 [ 288.698648] ? kvm_put_kvm+0xc70/0xc70 [ 288.702555] kvm_put_kvm+0xae/0xc70 [ 288.706201] ? kvm_irqfd_release+0xe2/0x120 [ 288.714305] ? kvm_irqfd_release+0xe2/0x120 [ 288.722940] ? kvm_put_kvm+0xc70/0xc70 [ 288.726854] kvm_vm_release+0x44/0x60 [ 288.730668] __fput+0x2df/0x8b0 [ 288.730691] ____fput+0x16/0x20 [ 288.730708] task_work_run+0x14a/0x1c0 [ 288.730733] exit_to_usermode_loop+0x273/0x2c0 [ 288.730764] do_syscall_64+0x52d/0x610 [ 288.730785] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 288.730797] RIP: 0033:0x458da9 02:15:06 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x5, 0x80) 02:15:06 executing program 3: r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1005) 02:15:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) [ 288.730813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 288.730822] RSP: 002b:00007fecc18d2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000124 [ 288.730839] RAX: 0000000000000004 RBX: 00007fecc18d2c90 RCX: 0000000000458da9 [ 288.730847] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 288.730856] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 02:15:06 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeedcafe]}}) 02:15:06 executing program 2: r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x9000) [ 288.730870] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fecc18d36d4 [ 288.792598] R13: 00000000004bf321 R14: 00000000004d04e8 R15: 0000000000000007 [ 288.903343] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 288.903343] program syz-executor.1 not setting count and/or reply_len properly [ 288.942112] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; 02:15:06 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}}) [ 288.942112] program syz-executor.1 not setting count and/or reply_len properly 02:15:06 executing program 0 (fault-call:4 fault-nth:2): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:06 executing program 3: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1005) 02:15:06 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x37, &(0x7f00000002c0)) move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000040)) 02:15:06 executing program 2: r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x9000) 02:15:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adcba123c123f319bd070") syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) write(r0, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0xfffffffffffffe39) 02:15:06 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffe7]}}) 02:15:06 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000040)) 02:15:07 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}}) 02:15:07 executing program 2: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x9000) 02:15:07 executing program 3: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) read$FUSE(r0, &(0x7f0000000200), 0x1005) 02:15:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adcba123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x402) fcntl$getown(r1, 0x9) lsetxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x3) write(r1, &(0x7f0000000280)="b63db85e1e8d020000003b00003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1af277d8de94e8e8f4e1596b040d5b01dea2ebe1b89f8051e6", 0x48) 02:15:07 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000040)) 02:15:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = eventfd(0x0) dup3(r2, r1, 0x0) 02:15:07 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x2, @sdr={0xe7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}}) 02:15:07 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) r2 = getpid() move_pages(r2, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000040)) [ 289.462825] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 289.462825] program syz-executor.1 not setting count and/or reply_len properly [ 289.487581] WARNING: CPU: 1 PID: 21479 at drivers/media/common/videobuf2/videobuf2-core.c:1670 __vb2_queue_cancel+0x635/0x970 [ 289.499068] Kernel panic - not syncing: panic_on_warn set ... [ 289.499068] [ 289.506467] CPU: 1 PID: 21479 Comm: syz-executor.3 Not tainted 4.19.37 #5 [ 289.513411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 289.522782] Call Trace: [ 289.525392] dump_stack+0x172/0x1f0 [ 289.529057] panic+0x263/0x51d [ 289.532309] ? __warn_printk+0xf3/0xf3 [ 289.536224] ? __vb2_queue_cancel+0x635/0x970 [ 289.540750] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.544726] kobject: 'kvm' (0000000025f15a27): kobject_uevent_env [ 289.546318] ? __warn.cold+0x5/0x54 [ 289.546334] ? __warn+0xe8/0x1d0 02:15:07 executing program 5: clone(0x41fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0x36f, &(0x7f00000003c0)=""/251, 0x400000000000000, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000080)}, 0x1be) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0x10) rt_tgsigqueueinfo(0x0, 0x0, 0x37, &(0x7f00000002c0)) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000040)) [ 289.546354] ? __vb2_queue_cancel+0x635/0x970 [ 289.546372] __warn.cold+0x20/0x54 [ 289.560826] kobject: 'kvm' (0000000025f15a27): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 289.564187] ? __vb2_queue_cancel+0x635/0x970 [ 289.564205] report_bug+0x263/0x2b0 [ 289.564224] do_error_trap+0x204/0x360 [ 289.564241] ? math_error+0x340/0x340 [ 289.592984] ? mutex_trylock+0x1e0/0x1e0 [ 289.597074] ? error_entry+0x76/0xd0 [ 289.600820] ? trace_hardirqs_off_caller+0x65/0x220 [ 289.605866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.611429] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 289.616305] do_invalid_op+0x1b/0x20 [ 289.620039] invalid_op+0x14/0x20 [ 289.623509] RIP: 0010:__vb2_queue_cancel+0x635/0x970 [ 289.628648] Code: 03 0f 8e ce 02 00 00 41 8b 5c 24 20 e9 c1 fc ff ff e8 0f e7 c7 fc 48 83 c4 48 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 fb e6 c7 fc <0f> 0b 49 8d 85 28 02 00 00 48 89 c2 48 89 45 a0 48 b8 00 00 00 00 [ 289.647566] RSP: 0018:ffff888055c17c40 EFLAGS: 00010293 [ 289.652958] RAX: ffff88807adca100 RBX: 0000000000000001 RCX: ffffffff84a35b57 [ 289.660505] RDX: 0000000000000000 RSI: ffffffff84a36085 RDI: 0000000000000005 [ 289.667807] RBP: ffff888055c17cb0 R08: ffff88807adca100 R09: ffffed10430c0d67 [ 289.675198] R10: ffffed10430c0d66 R11: ffff888218606b37 R12: ffff888218606b34 [ 289.682484] R13: ffff8882186068f0 R14: ffff888218606bd0 R15: ffff888218606bc8 [ 289.689810] ? __vb2_queue_cancel+0x107/0x970 [ 289.694333] ? __vb2_queue_cancel+0x635/0x970 [ 289.698861] ? lock_downgrade+0x810/0x810 [ 289.703030] ? v4l2_fh_is_singular+0xff/0x160 [ 289.707559] vb2_core_streamoff+0x60/0x140 [ 289.711819] __vb2_cleanup_fileio+0x78/0x170 [ 289.716256] vb2_core_queue_release+0x20/0x80 [ 289.720966] _vb2_fop_release+0x1cf/0x2a0 [ 289.725320] vb2_fop_release+0x75/0xc0 [ 289.729317] vivid_fop_release+0x18e/0x430 [ 289.733581] ? vivid_remove+0x460/0x460 [ 289.737688] ? dev_debug_store+0x110/0x110 [ 289.741939] v4l2_release+0xfb/0x1a0 [ 289.745671] __fput+0x2df/0x8b0 [ 289.748977] ____fput+0x16/0x20 [ 289.752294] task_work_run+0x14a/0x1c0 [ 289.756229] exit_to_usermode_loop+0x273/0x2c0 [ 289.760835] do_syscall_64+0x52d/0x610 [ 289.764844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 289.770134] RIP: 0033:0x412b61 [ 289.773356] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 289.792364] RSP: 002b:00007ffe13a805b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 289.800095] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000412b61 [ 289.807390] RDX: 0000001b2c620000 RSI: 0000000000000000 RDI: 0000000000000003 [ 289.814682] RBP: 0000000000000001 R08: 000000006bf79866 R09: 000000006bf7986a [ 289.823278] R10: 00007ffe13a80690 R11: 0000000000000293 R12: 000000000073c900 [ 289.830658] R13: 000000000073c900 R14: 0000000000046aaa R15: 000000000073bf0c [ 289.839648] Kernel Offset: disabled [ 289.843303] Rebooting in 86400 seconds..