[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 [ 74.060046][ T8429] sshd (8429) used greatest stack depth: 3816 bytes left Warning: Permanently added '10.128.0.143' (ECDSA) to the list of known hosts. 2020/07/20 16:58:54 fuzzer started 2020/07/20 16:58:55 dialing manager at 10.128.0.26:40905 2020/07/20 16:58:55 syscalls: 2970 2020/07/20 16:58:55 code coverage: enabled 2020/07/20 16:58:55 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/20 16:58:55 extra coverage: enabled 2020/07/20 16:58:55 setuid sandbox: enabled 2020/07/20 16:58:55 namespace sandbox: enabled 2020/07/20 16:58:55 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/20 16:58:55 fault injection: enabled 2020/07/20 16:58:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/20 16:58:55 net packet injection: enabled 2020/07/20 16:58:55 net device setup: enabled 2020/07/20 16:58:55 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/20 16:58:55 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/20 16:58:55 USB emulation: /dev/raw-gadget does not exist 17:02:07 executing program 0: prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) clone(0xe52caf03, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syzkaller login: [ 278.220571][ T8481] IPVS: ftp: loaded support on port[0] = 21 [ 278.487242][ T8481] chnl_net:caif_netlink_parms(): no params data found [ 278.713165][ T8481] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.721524][ T8481] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.730815][ T8481] device bridge_slave_0 entered promiscuous mode [ 278.751360][ T8481] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.759095][ T8481] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.768452][ T8481] device bridge_slave_1 entered promiscuous mode [ 278.819547][ T8481] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 278.849359][ T8481] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 278.898263][ T8481] team0: Port device team_slave_0 added [ 278.912216][ T8481] team0: Port device team_slave_1 added [ 278.959730][ T8481] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 278.967012][ T8481] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.993243][ T8481] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 279.013343][ T8481] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 279.020689][ T8481] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.047215][ T8481] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 279.233027][ T8481] device hsr_slave_0 entered promiscuous mode [ 279.386647][ T8481] device hsr_slave_1 entered promiscuous mode [ 279.847296][ T8481] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 280.001331][ T8481] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 280.172323][ T8481] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 280.341577][ T8481] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 280.652519][ T8481] 8021q: adding VLAN 0 to HW filter on device bond0 [ 280.676766][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 280.686269][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 280.702496][ T8481] 8021q: adding VLAN 0 to HW filter on device team0 [ 280.723825][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 280.734212][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 280.743889][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.751325][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 280.812775][ T8481] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 280.823858][ T8481] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 280.839192][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 280.848730][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 280.858532][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 280.867942][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.875412][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.884517][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 280.895475][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 280.906317][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 280.916491][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 280.926940][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 280.937489][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 280.947865][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 280.957693][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 280.967893][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 280.977618][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 280.995013][ T3080] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 281.004684][ T3080] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 281.036909][ T3080] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 281.049890][ T3080] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 281.075447][ T8481] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 281.117699][ T3080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 281.127775][ T3080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 281.175362][ T3080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 281.186682][ T3080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 281.197090][ T8481] device veth0_vlan entered promiscuous mode [ 281.205078][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 281.214031][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 281.237476][ T8481] device veth1_vlan entered promiscuous mode [ 281.286544][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 281.296201][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 281.305634][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 281.316038][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 281.349351][ T8481] device veth0_macvtap entered promiscuous mode [ 281.366112][ T8481] device veth1_macvtap entered promiscuous mode [ 281.405437][ T8481] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 281.413170][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 281.423396][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 281.432863][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 281.442921][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 281.472842][ T8481] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 281.515444][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 281.525467][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 281.603596][ T8685] IPVS: ftp: loaded support on port[0] = 21 17:02:11 executing program 0: prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) clone(0xe52caf03, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 281.799474][ T8709] IPVS: ftp: loaded support on port[0] = 21 [ 281.898596][ T970] tipc: TX() has been purged, node left! 17:02:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="360b6cfa68606e12703e481400000000000000000000000007f479de2a01d9c8f3963eab5a97c6dc330b11035114ab94fb0062e53bf1746da2a10565d3a53b21c9fe40778ca24c3dfafec7cf6fbffa3d8fe33fc6c4553e11200ea4f0e2b68676e16f6464d656ff77ea96a78c18bda8ecec64d186ec0cc609837c82c72835d3f41154104656f2c67fbc219633b254d7c3eacbe38d"], &(0x7f0000003ff6)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x74) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x1914, 0x4) socketpair$unix(0x1, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x3d, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) sendto$inet6(r0, 0x0, 0x1cd, 0x200408d4, &(0x7f0000000380)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) ioperm(0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) close(0xffffffffffffffff) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendto$inet6(r0, &(0x7f0000000000)="cc", 0x1, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000100)={&(0x7f0000001240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000001100)=[{&(0x7f0000002340)=""/4097, 0x1001}], 0x1, &(0x7f0000001140)=""/138, 0x8a}, 0x40002040) 17:02:12 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000340)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_CLR_FD(r0, 0x80041270) 17:02:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0x4008ae89, &(0x7f00000000c0)={0x3, 0x0, [0x48, 0x0, 0x3, 0x8, 0x1b]}) [ 282.427189][ T8743] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 17:02:12 executing program 0: syz_open_dev$usbmon(&(0x7f0000000300)='/dev/usbmon#\x00', 0x1, 0x0) 17:02:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0x4008ae89, &(0x7f00000000c0)={0x3, 0x0, [0x571, 0x0, 0x3, 0x8, 0x1b]}) 17:02:12 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r2], 0x20}}, 0x0) r3 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmmsg(r0, &(0x7f0000000400), 0x40000000000017a, 0x0) 17:02:13 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r2], 0x20}}, 0x0) r3 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmmsg(r0, &(0x7f0000000400), 0x40000000000017a, 0x0) 17:02:13 executing program 0: getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27ec9a480e2d15a1c3d286e0a801d4ce46175dd106736d173f0fc7ec4e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653972ecb4f63acdfe80812d2740ca6414ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb064e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e67764c94fefef000000000000000000000000000000f390d71cc6fe2cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e90f05156aa5bbb53a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f1961b94d878d0d9c2a5c74633a687a135308e49ce81517ac7bb29acccc7e054d3f18cb770e4908dc3deaafaab51144c1e1b8681291f5f73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b59100008b8a38b7ee57afa01aea88fb413e1ee8eb"], 0x1a3) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x80000001, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1}]}, &(0x7f0000000180)=0x10) sendmsg$L2TP_CMD_SESSION_CREATE(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000500)='/dev/sg#\x00', 0x0, 0x4000) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x5) openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000040)=0x2, 0x4) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x3, 0x0, &(0x7f0000000080)) [ 283.638175][ C1] sd 0:0:1:0: [sg0] tag#3111 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 283.648879][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB: Test Unit Ready [ 283.655834][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.665645][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.675492][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.685425][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.695293][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.705237][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.715096][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.724971][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.734824][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.744717][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.754600][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.764457][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.774183][ C1] sd 0:0:1:0: [sg0] tag#3111 CDB[c0]: 00 00 00 00 00 00 00 00 [ 283.824416][ C0] hrtimer: interrupt took 92810 ns 17:02:14 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x109000, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x5, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x1}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x8080) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000140)='/dev/udmabuf\x00', 0x2) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x4) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x78, r2, 0x300, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'wg1\x00'}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'geneve0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'veth0_to_bond\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040080) fcntl$setflags(r0, 0x2, 0x0) ioctl$mixer_OSS_ALSAEMULVER(0xffffffffffffffff, 0x80044df9, &(0x7f00000003c0)) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000400)) r4 = dup2(0xffffffffffffffff, r1) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000440)={0x0, 0x2, 0x2, "2946c08135a3579097f99fdc76005c45e42db3e8bf4443feb6d59f8ade5c63d0", 0x41414770}) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_ABSBIT(r5, 0x40045567, 0x4) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r5, 0x84, 0x20, &(0x7f00000004c0), &(0x7f0000000500)=0x4) r7 = socket$bt_cmtp(0x1f, 0x3, 0x5) recvfrom(r7, &(0x7f0000000540)=""/10, 0xa, 0x40002000, 0x0, 0x0) r8 = openat$mice(0xffffffffffffff9c, &(0x7f0000000580)='/dev/input/mice\x00', 0x28400) getsockopt$IP_VS_SO_GET_DAEMON(r8, 0x0, 0x487, &(0x7f00000005c0), &(0x7f0000000600)=0x30) ioctl$BLKRRPART(r6, 0x125f, 0x0) [ 284.389052][ C0] sd 0:0:1:0: [sg0] tag#3112 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 284.399902][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB: Test Unit Ready [ 284.406716][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.416597][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.426509][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.436424][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.446337][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.456141][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.466022][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.476047][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.485928][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.495852][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.505878][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.515743][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.526462][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[c0]: 00 00 00 00 00 00 00 00 17:02:14 executing program 0: getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27ec9a480e2d15a1c3d286e0a801d4ce46175dd106736d173f0fc7ec4e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653972ecb4f63acdfe80812d2740ca6414ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb064e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e67764c94fefef000000000000000000000000000000f390d71cc6fe2cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e90f05156aa5bbb53a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f1961b94d878d0d9c2a5c74633a687a135308e49ce81517ac7bb29acccc7e054d3f18cb770e4908dc3deaafaab51144c1e1b8681291f5f73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b59100008b8a38b7ee57afa01aea88fb413e1ee8eb"], 0x1a3) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x80000001, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1}]}, &(0x7f0000000180)=0x10) sendmsg$L2TP_CMD_SESSION_CREATE(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000500)='/dev/sg#\x00', 0x0, 0x4000) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x5) openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000040)=0x2, 0x4) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x3, 0x0, &(0x7f0000000080)) [ 284.728634][ T970] tipc: TX() has been purged, node left! [ 284.878947][ C1] sd 0:0:1:0: [sg0] tag#3113 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 284.889803][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB: Test Unit Ready [ 284.896605][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.906543][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.916449][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.926355][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.936266][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.946171][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.956208][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.966042][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.975929][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.978935][ T8792] IPVS: ftp: loaded support on port[0] = 21 [ 284.985768][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.985877][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.985991][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 284.986081][ C1] sd 0:0:1:0: [sg0] tag#3113 CDB[c0]: 00 00 00 00 00 00 00 00 17:02:15 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) setns(r1, 0x2000000) 17:02:15 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) setns(r1, 0x2000000) [ 285.585282][ T8792] chnl_net:caif_netlink_parms(): no params data found 17:02:15 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) setns(r1, 0x2000000) 17:02:15 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) setns(r1, 0x2000000) [ 285.939166][ T8792] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.947427][ T8792] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.956645][ T8792] device bridge_slave_0 entered promiscuous mode [ 286.036406][ T8792] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.043727][ T8792] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.053256][ T8792] device bridge_slave_1 entered promiscuous mode [ 286.191201][ T8792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.223330][ T8792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 17:02:16 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 286.338770][ T8792] team0: Port device team_slave_0 added [ 286.376714][ T8792] team0: Port device team_slave_1 added [ 286.483857][ T8792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 286.491069][ T8792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.518129][ T8792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 286.536885][ T8792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 286.543953][ T8792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.570751][ T8792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 17:02:16 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 286.684113][ T8792] device hsr_slave_0 entered promiscuous mode [ 286.727537][ T8792] device hsr_slave_1 entered promiscuous mode [ 286.785245][ T8792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 286.792999][ T8792] Cannot create hsr debugfs directory 17:02:16 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 287.172247][ T8792] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 287.215454][ T8792] netdevsim netdevsim1 netdevsim1: renamed from eth1 17:02:17 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 287.262020][ T8792] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 287.327265][ T8792] netdevsim netdevsim1 netdevsim3: renamed from eth3 17:02:17 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:17 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 287.669183][ T8792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.720383][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 287.729634][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 287.766362][ T8792] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.790794][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 287.800680][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 287.810115][ T8753] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.817491][ T8753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.898144][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 287.907318][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 287.917126][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 287.926873][ T8753] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.934081][ T8753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.943175][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 287.954121][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 287.964860][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 287.975333][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 287.985577][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 287.996001][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 288.030354][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 288.042200][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 288.051890][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 288.061562][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 288.071304][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 288.083817][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 288.137170][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 288.144963][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 288.168295][ T8792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.215582][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 288.226197][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 288.268593][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 288.278708][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 288.297437][ T8792] device veth0_vlan entered promiscuous mode [ 288.316791][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 288.325928][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 288.339392][ T8792] device veth1_vlan entered promiscuous mode [ 288.393364][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 288.403849][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 288.413299][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 288.423273][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 288.447941][ T8792] device veth0_macvtap entered promiscuous mode [ 288.473971][ T8792] device veth1_macvtap entered promiscuous mode [ 288.485233][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 288.494710][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 288.547463][ T8792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 288.558135][ T8792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 288.571712][ T8792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 288.585394][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 288.595522][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 288.616642][ T8792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 288.628759][ T8792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 288.642878][ T8792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 288.655349][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 288.665401][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 17:02:19 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001e0012800b00010067656e657665000008000280040006001400fbff66656e65766531000000000000000000"], 0x4c}}, 0x0) 17:02:19 executing program 0: unshare(0x20060100) r0 = socket$inet6(0xa, 0xa, 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x7, @private0={0xfc, 0x0, [], 0x1}, 0x80000000}}}, 0x84) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 289.488079][ T9078] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 289.497643][ T9078] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. 17:02:19 executing program 0: unshare(0x20060100) socket$inet6(0xa, 0xa, 0x4) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:19 executing program 0: unshare(0x20060100) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:20 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:20 executing program 0: syz_open_procfs$namespace(0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:20 executing program 0: syz_open_procfs$namespace(0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:20 executing program 0: syz_open_procfs$namespace(0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:20 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, 0x0) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:21 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, 0x0) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:21 executing program 1: ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000d00)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000002ed7ed6ae36b0000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e453473c9297322e30933e97ebc93981b20e03b86d4e99923e6000000000000e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2d4845421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000000000000000000000000000009a583b79ab00f783b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fb4579e27cf148248155b7da4a67280d4b6b4eeed958d53b1c488d9dc4a2eb3a40194b9a7c186f9ae102000000b32049874f7962b3eb48ee45c6f3c756a57de500eadd498c9277070980897ccd058ca9006bc77d6c3945800101bc8efcbbbf0fb28392c5730fef0f6a3daa39ee394adc13e75edd163898a9925a972cb361bc1a5e49dfd07418d1d5093b881948a8ab945692d5ee0f726d36a81d8bb82ba889b74efd00d8f5f8b0fd9474a5a8e9136192c1fb0ba6863456fd43bc0a70a2c50bfc697d6275c04af6c2e3f3ea5c67c4927942c74c6a998fa588dc921f1a941635e43f21"], 0x1a3) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000400)={0x0, 0x1, 0x6, @random="e180bae0ed0d"}, 0x10) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) sendmsg$FOU_CMD_GET(r1, 0x0, 0x404c884) readv(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000180)=""/139, 0x8b}], 0x1) ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f00000002c0)={0x0, 0x0, [], @bt={0x5, 0x400, 0x5, 0x4, 0x0, 0x5, 0x2, 0x1}}) shmat(0x0, &(0x7f0000a00000/0x600000)=nil, 0x4000) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0xb, 0x800, 0x8, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001180)={r2, &(0x7f0000000040), &(0x7f00000021c0)=""/4096}, 0x18) ioctl$SIOCPNGETOBJECT(0xffffffffffffffff, 0x89e0, &(0x7f0000000100)=0x4) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) dup2(r3, r2) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000140)={0x1}, 0x8) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r3, 0x80045530, &(0x7f0000000040)=""/149) clone(0x4412c500, 0x0, 0x0, 0x0, 0x0) 17:02:21 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, 0x0) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:21 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 291.437511][ T9116] IPVS: ftp: loaded support on port[0] = 21 17:02:21 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:21 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 291.852717][ T9118] IPVS: ftp: loaded support on port[0] = 21 17:02:21 executing program 1: ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000d00)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000002ed7ed6ae36b0000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e453473c9297322e30933e97ebc93981b20e03b86d4e99923e6000000000000e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2d4845421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000000000000000000000000000009a583b79ab00f783b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fb4579e27cf148248155b7da4a67280d4b6b4eeed958d53b1c488d9dc4a2eb3a40194b9a7c186f9ae102000000b32049874f7962b3eb48ee45c6f3c756a57de500eadd498c9277070980897ccd058ca9006bc77d6c3945800101bc8efcbbbf0fb28392c5730fef0f6a3daa39ee394adc13e75edd163898a9925a972cb361bc1a5e49dfd07418d1d5093b881948a8ab945692d5ee0f726d36a81d8bb82ba889b74efd00d8f5f8b0fd9474a5a8e9136192c1fb0ba6863456fd43bc0a70a2c50bfc697d6275c04af6c2e3f3ea5c67c4927942c74c6a998fa588dc921f1a941635e43f21"], 0x1a3) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000400)={0x0, 0x1, 0x6, @random="e180bae0ed0d"}, 0x10) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) sendmsg$FOU_CMD_GET(r1, 0x0, 0x404c884) readv(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000180)=""/139, 0x8b}], 0x1) ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f00000002c0)={0x0, 0x0, [], @bt={0x5, 0x400, 0x5, 0x4, 0x0, 0x5, 0x2, 0x1}}) shmat(0x0, &(0x7f0000a00000/0x600000)=nil, 0x4000) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0xb, 0x800, 0x8, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001180)={r2, &(0x7f0000000040), &(0x7f00000021c0)=""/4096}, 0x18) ioctl$SIOCPNGETOBJECT(0xffffffffffffffff, 0x89e0, &(0x7f0000000100)=0x4) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) dup2(r3, r2) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000140)={0x1}, 0x8) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r3, 0x80045530, &(0x7f0000000040)=""/149) clone(0x4412c500, 0x0, 0x0, 0x0, 0x0) 17:02:22 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, 0x0, 0x0) [ 292.134074][ T9174] IPVS: ftp: loaded support on port[0] = 21 17:02:22 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, 0x0, 0x0) [ 292.295368][ T970] tipc: TX() has been purged, node left! 17:02:22 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, 0x0, 0x0) 17:02:22 executing program 1: syz_open_procfs$namespace(0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:22 executing program 0 (fault-call:2 fault-nth:0): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 292.898881][ T9211] FAULT_INJECTION: forcing a failure. [ 292.898881][ T9211] name failslab, interval 1, probability 0, space 0, times 1 [ 292.913702][ T9211] CPU: 0 PID: 9211 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 292.922372][ T9211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.932526][ T9211] Call Trace: [ 292.935929][ T9211] dump_stack+0x1df/0x240 [ 292.940359][ T9211] should_fail+0x8b7/0x9e0 17:02:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000000000000000000000000000000000004df1d18d41ac6fc09bd3a143053e144cd7d9af31", @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001000200000000000000040002803f66ea1969ecdbf0556bfd88b4600ae07e270985211f32b9cb7b360d35f31d8c853183028589b32bedf58c6b262854ef8a77f909c9a8bf3ea0c0c8c34d59d992ed3a536209f11825f478296c103c0b7b94085a0cd692846196ee533ed900"], 0x34}}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$IMCTRLREQ(r2, 0x80044945, &(0x7f0000000080)={0x4001, 0x2, 0x7ff, 0x3}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00') r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r7 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x1f, 0x400) mmap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0, 0x10010, r7, 0x76bba000) sendmsg$NFNL_MSG_ACCT_DEL(r6, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x3, 0x7, 0x201, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x9010}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x6}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x9736}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x1) [ 292.944909][ T9211] __should_failslab+0x1f6/0x290 [ 292.950031][ T9211] should_failslab+0x29/0x70 [ 292.954854][ T9211] kmem_cache_alloc+0xd0/0xd70 [ 292.959769][ T9211] ? stack_trace_save+0x123/0x1a0 [ 292.964940][ T9211] ? __d_alloc+0x8e/0xc30 [ 292.969384][ T9211] ? kmsan_get_metadata+0x11d/0x180 [ 292.974687][ T9211] ? kmsan_get_metadata+0x11d/0x180 [ 292.980072][ T9211] __d_alloc+0x8e/0xc30 [ 292.984344][ T9211] ? kmsan_set_origin_checked+0x95/0xf0 [ 292.989998][ T9211] ? kmsan_get_metadata+0x11d/0x180 [ 292.995389][ T9211] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 293.001288][ T9211] d_alloc_parallel+0x135/0x1f40 [ 293.006275][ T9211] ? __d_lookup+0x71e/0x850 [ 293.010829][ T9211] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 293.016691][ T9211] ? kmsan_get_metadata+0x11d/0x180 [ 293.022059][ T9211] ? kmsan_get_metadata+0x4f/0x180 [ 293.027215][ T9211] ? kmsan_internal_set_origin+0x75/0xb0 [ 293.032895][ T9211] ? kmsan_get_metadata+0x4f/0x180 [ 293.038144][ T9211] proc_fill_cache+0x48b/0x7c0 [ 293.043199][ T9211] ? ksys_getdents64+0x500/0x500 [ 293.048232][ T9211] ? dir_emit_dots+0x450/0x450 [ 293.053085][ T9211] proc_pident_readdir+0x306/0x510 [ 293.058273][ T9211] proc_tgid_base_readdir+0x82/0xa0 [ 293.063534][ T9211] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 293.069134][ T9211] iterate_dir+0x3d8/0x890 [ 293.073698][ T9211] ksys_getdents64+0x1bb/0x500 [ 293.078519][ T9211] ? ksys_getdents64+0x500/0x500 [ 293.083622][ T9211] __se_sys_getdents64+0x8d/0xb0 [ 293.088969][ T9211] __x64_sys_getdents64+0x4a/0x70 [ 293.094076][ T9211] do_syscall_64+0xb0/0x150 [ 293.098646][ T9211] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 293.104691][ T9211] RIP: 0033:0x45c1d9 [ 293.108699][ T9211] Code: Bad RIP value. [ 293.112789][ T9211] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 293.121678][ T9211] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 293.129776][ T9211] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 293.137865][ T9211] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 293.145954][ T9211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 293.153957][ T9211] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:23 executing program 0 (fault-call:2 fault-nth:1): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 293.476674][ T9219] FAULT_INJECTION: forcing a failure. [ 293.476674][ T9219] name failslab, interval 1, probability 0, space 0, times 0 [ 293.490045][ T9219] CPU: 1 PID: 9219 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 293.498756][ T9219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.508876][ T9219] Call Trace: [ 293.512268][ T9219] dump_stack+0x1df/0x240 [ 293.516702][ T9219] should_fail+0x8b7/0x9e0 [ 293.521252][ T9219] __should_failslab+0x1f6/0x290 [ 293.526280][ T9219] should_failslab+0x29/0x70 [ 293.530980][ T9219] kmem_cache_alloc+0xd0/0xd70 [ 293.535840][ T9219] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 293.542006][ T9219] ? proc_alloc_inode+0x5c/0x160 [ 293.547068][ T9219] ? kmsan_get_metadata+0x4f/0x180 [ 293.552286][ T9219] ? kmsan_get_metadata+0x11d/0x180 [ 293.557601][ T9219] proc_alloc_inode+0x5c/0x160 [ 293.562664][ T9219] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 293.569093][ T9219] new_inode_pseudo+0xb1/0x590 [ 293.573956][ T9219] new_inode+0x5a/0x3d0 [ 293.578221][ T9219] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 293.584150][ T9219] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 293.590415][ T9219] ? d_alloc_parallel+0x1c3b/0x1f40 [ 293.595742][ T9219] proc_pid_make_inode+0x77/0xb10 [ 293.600886][ T9219] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 293.606804][ T9219] proc_pident_instantiate+0xf8/0x4e0 [ 293.612301][ T9219] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 293.618250][ T9219] proc_fill_cache+0x62e/0x7c0 [ 293.623124][ T9219] ? dir_emit_dots+0x450/0x450 [ 293.627994][ T9219] proc_pident_readdir+0x306/0x510 [ 293.633222][ T9219] proc_tgid_base_readdir+0x82/0xa0 [ 293.638535][ T9219] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 293.644178][ T9219] iterate_dir+0x3d8/0x890 [ 293.648722][ T9219] ksys_getdents64+0x1bb/0x500 [ 293.653589][ T9219] ? ksys_getdents64+0x500/0x500 [ 293.658645][ T9219] __se_sys_getdents64+0x8d/0xb0 [ 293.663856][ T9219] __x64_sys_getdents64+0x4a/0x70 [ 293.668980][ T9219] do_syscall_64+0xb0/0x150 [ 293.673587][ T9219] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 293.679536][ T9219] RIP: 0033:0x45c1d9 [ 293.683464][ T9219] Code: Bad RIP value. [ 293.687580][ T9219] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 293.696073][ T9219] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 293.704115][ T9219] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 293.712152][ T9219] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 293.720195][ T9219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 293.728231][ T9219] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:23 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f00000009c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000001a000000b700000000000000950000000000000063e165cd844a954b26c933db8e175e925b20bd7596035eca4ffb097efb3f55bb2007ee5105051294b42128aa090a79507df79f2d8129cf487130d5f24bf901115e17392ac66ad029d1c08a2c6146101e04aea0ea799a22a2fa798b5adc436b27d53337e5003e4be7f8000000000000dbc2777df150b70639e25b7496cb8dcd536c85b94109a314fd085f028f2ed1a4535550614e09d6378198a60978670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9cb6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc54fa737c28b994a8512c816fdcceaede3faedc59edb3807cb7e48ef00f4c7a53ac271d6d6f4ea6bf97f2f33e2ea2e5302000000001000001004eefbda7f54f82a804dc5fa77ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a7c2211fe4fd21a18986252a70fdf92eb6f0e8c7db3503680e5e5971ff452d1b72183aacf4a84fad791fa99dac06b57479321a0574fb304bc2a168aa43328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20faf791ec85821d0c48fb657c29b302b0d2277b44af326f36f3e1725a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de0588bdf1d41a2d8bd444170e95783bf027c5f040f44a74d66f47cc180f82c5f573c6d294d3665016a97eac59de637b30824d822133a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da3239acad4aff2066bb5d4045c9585638c21540b97a20c24e10dda5028f1fb003d13a2eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd383d5612ff0230dc6eb55e9d46de56ef907b059b90bc0289afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb69edb8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb770154334354ec2697a03aff14a9aa4bd908a99494a65044dd539f5096412b926b2e095b84c20243ff98df3347f0e399d1b9db7e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c3630eeaebde922320178b00cc6ed7966130b547dbf8b497af0a77fbcf2cd1d0000000000000001c80000000000000000000000091bee53595a779d243a48cea769b10424d28804c026ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee8f8a836804ed3a1079b0282a12043408cd60b687dcff91af19f2f8df175d090000000000000042bd76652f6e74f20675eb781925441578e93046aaddea8ec4ca0100010000000000e0dc214e1cc275b26adfac92e6de9200000000000000000000000000009ec7eee50e5bafec7fdc5e2c0a84a233d6883eca5c9c58c9e93311ab5009d9c209644bb1cb603cd60a9e241435fe82d5a96b09c68c73de2f04f15d0053875732f2258aea65559eb00e76e9d0ada2a60ca770663da451790cc36000906d5a9fad98c308e89bd5ffb6151d79c1cee1cdfba05e3633becd937d7a15762e4f5a3a0bc33fdbe28a5ffc83f2f085185cc98f8a005f2bbf96c89739f5d81e750d50515a59a3ad09e8802e8f4fb26180617fc6676bbdba85897780535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a2aa31771cd374542f316cea5e6539db7384e1f53c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6820b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000000000000000000091e12aacf2ed9ee91cc82777c6a0da37e0219260f2944eb77cb7a20ab7ebcc2fbe2a986be27eacc454147267b05cba055cda2a57efefcb9a9c61bc052bbb7f513b8c4167245753d31e7c1120a886bdf37ace255ca3c20000000080000001d6d874d542abecd9cfd2127c7aa3a55e860c8c916c8f232c70ef86385df46684c6e15bb85fa1cfd08d6b8647da7c1ac6404a63998142dfa5a6cfac7e93d46257240e2344eadbea28ea03c1587d9d70c80b62ad6b1620d2f4cb10865b73010a2e4a1a3968f66de85563131869e7b4a62136ec65000000000072972676f456ef4bcdf66c5aab35c14988b0199460328d5fbf8f39bc3b43244eb995c19410e4f825403c770f047dce3a89bb5b83ac6ccb3f7c53f8f07e4b4c7178e8738d80cef2f21b2e953576af290aa9910d5c8a13f44dfd52ce66b7490c0a6a9e41f2eb6944c11364caf9d645e08b3bd3ffbf6279061310d25ad449ee9e5d69282d4b3a2f8bb45a0e663de103b0bab6763bc407d9813de67edb38bbbf8d2dbc2521bb0c1db00650a1624e029b5430817a4d963787cc0a855a3a531f9853a5ee5d776aa3efbadbe6a008a2163d1ce9a8c6aa172f5807191b4c0e1583b03fadf60da66e63653a08866386ea"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffff4d}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0xcc0, 0x0, &(0x7f0000000180)="fe6a143008968b6fb418503e9337", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x6, 0x60, 0x2, 0x40, 0x3, 0xfffffffffffffffb, 0x0, 0x0, 0x401}, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) 17:02:23 executing program 0 (fault-call:2 fault-nth:2): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 294.127221][ T9228] FAULT_INJECTION: forcing a failure. [ 294.127221][ T9228] name failslab, interval 1, probability 0, space 0, times 0 [ 294.140118][ T9228] CPU: 0 PID: 9228 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 294.148803][ T9228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 294.158922][ T9228] Call Trace: [ 294.162325][ T9228] dump_stack+0x1df/0x240 [ 294.166847][ T9228] should_fail+0x8b7/0x9e0 [ 294.171343][ T9228] __should_failslab+0x1f6/0x290 [ 294.176324][ T9228] should_failslab+0x29/0x70 [ 294.180971][ T9228] kmem_cache_alloc+0xd0/0xd70 [ 294.185795][ T9228] ? __d_alloc+0x8e/0xc30 [ 294.190182][ T9228] ? kmsan_get_metadata+0x4f/0x180 [ 294.195366][ T9228] ? kmsan_get_metadata+0x11d/0x180 [ 294.200623][ T9228] __d_alloc+0x8e/0xc30 [ 294.204844][ T9228] ? kmsan_get_metadata+0x11d/0x180 [ 294.210103][ T9228] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 294.216081][ T9228] d_alloc_parallel+0x135/0x1f40 [ 294.221079][ T9228] ? __d_lookup+0x71e/0x850 [ 294.225635][ T9228] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 294.231507][ T9228] ? kmsan_get_metadata+0x11d/0x180 [ 294.237016][ T9228] ? kmsan_get_metadata+0x4f/0x180 [ 294.242313][ T9228] ? kmsan_internal_set_origin+0x75/0xb0 [ 294.248283][ T9228] ? kmsan_get_metadata+0x4f/0x180 [ 294.254705][ T9228] proc_fill_cache+0x48b/0x7c0 [ 294.259553][ T9228] ? ksys_getdents64+0x500/0x500 [ 294.264549][ T9228] ? dir_emit_dots+0x450/0x450 [ 294.269459][ T9228] proc_pident_readdir+0x306/0x510 [ 294.274636][ T9228] proc_tgid_base_readdir+0x82/0xa0 [ 294.279894][ T9228] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 294.285490][ T9228] iterate_dir+0x3d8/0x890 [ 294.289967][ T9228] ksys_getdents64+0x1bb/0x500 [ 294.294789][ T9228] ? ksys_getdents64+0x500/0x500 [ 294.299778][ T9228] __se_sys_getdents64+0x8d/0xb0 [ 294.304776][ T9228] __x64_sys_getdents64+0x4a/0x70 [ 294.309850][ T9228] do_syscall_64+0xb0/0x150 [ 294.314408][ T9228] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 294.320327][ T9228] RIP: 0033:0x45c1d9 [ 294.324232][ T9228] Code: Bad RIP value. 17:02:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81) ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b75fb3488fd8015bba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377aba09e7b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = dup3(r0, r1, 0x0) r6 = dup2(r4, r5) setsockopt$CAN_RAW_LOOPBACK(r6, 0x65, 0x3, &(0x7f0000000100)=0x1, 0x4) ioctl$KVM_SET_CPUID(r4, 0x4188aea7, &(0x7f0000000180)={0x4, 0x0, [{0xd, 0x6, 0x1, 0x80, 0xfffffff8}, {0xc0000000, 0x3, 0x1, 0x1, 0x1ff}, {0x80000019, 0x9, 0x3, 0x7fffffff, 0x2}, {0xc0000000, 0xfffffffe, 0x9, 0x10000, 0x3}]}) dup2(r5, r4) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x8202, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'vxcan1\x00', 0x1}) [ 294.328320][ T9228] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 294.336795][ T9228] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 294.344844][ T9228] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 294.353016][ T9228] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 294.361024][ T9228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 294.369047][ T9228] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:24 executing program 0 (fault-call:2 fault-nth:3): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 294.859417][ T9236] kvm: vcpu 129: requested lapic timer restore with starting count register 0x390=4241646265 (4241646265 ns) > initial count (296265111 ns). Using initial count to start timer. [ 294.862605][ T9241] FAULT_INJECTION: forcing a failure. [ 294.862605][ T9241] name failslab, interval 1, probability 0, space 0, times 0 [ 294.890197][ T9241] CPU: 1 PID: 9241 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 294.898846][ T9241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 294.909044][ T9241] Call Trace: [ 294.912465][ T9241] dump_stack+0x1df/0x240 [ 294.916892][ T9241] should_fail+0x8b7/0x9e0 [ 294.921409][ T9241] __should_failslab+0x1f6/0x290 [ 294.926510][ T9241] should_failslab+0x29/0x70 [ 294.931189][ T9241] kmem_cache_alloc+0xd0/0xd70 [ 294.936035][ T9241] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 294.942195][ T9241] ? proc_alloc_inode+0x5c/0x160 [ 294.947215][ T9241] ? kmsan_get_metadata+0x4f/0x180 [ 294.952421][ T9241] ? kmsan_get_metadata+0x11d/0x180 [ 294.957713][ T9241] proc_alloc_inode+0x5c/0x160 [ 294.962567][ T9241] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 294.969230][ T9241] new_inode_pseudo+0xb1/0x590 [ 294.974079][ T9241] new_inode+0x5a/0x3d0 [ 294.978312][ T9241] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 294.984216][ T9241] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 294.990458][ T9241] ? d_alloc_parallel+0x1c3b/0x1f40 [ 294.995782][ T9241] proc_pid_make_inode+0x77/0xb10 [ 295.000889][ T9241] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 295.006769][ T9241] proc_pident_instantiate+0xf8/0x4e0 [ 295.012198][ T9241] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 295.018054][ T9241] proc_fill_cache+0x62e/0x7c0 [ 295.023403][ T9241] ? dir_emit_dots+0x450/0x450 [ 295.028399][ T9241] proc_pident_readdir+0x306/0x510 [ 295.033574][ T9241] proc_tgid_base_readdir+0x82/0xa0 [ 295.038827][ T9241] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 295.044418][ T9241] iterate_dir+0x3d8/0x890 [ 295.048894][ T9241] ksys_getdents64+0x1bb/0x500 [ 295.053972][ T9241] ? ksys_getdents64+0x500/0x500 [ 295.058981][ T9241] __se_sys_getdents64+0x8d/0xb0 [ 295.063971][ T9241] __x64_sys_getdents64+0x4a/0x70 [ 295.069050][ T9241] do_syscall_64+0xb0/0x150 [ 295.073615][ T9241] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 295.079545][ T9241] RIP: 0033:0x45c1d9 [ 295.083456][ T9241] Code: Bad RIP value. [ 295.087542][ T9241] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 295.096106][ T9241] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 295.104198][ T9241] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 295.112211][ T9241] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 295.120208][ T9241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 295.128208][ T9241] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:25 executing program 0 (fault-call:2 fault-nth:4): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:25 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x3, &(0x7f0000000080)=0x3600, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00') [ 295.513737][ T9251] FAULT_INJECTION: forcing a failure. [ 295.513737][ T9251] name failslab, interval 1, probability 0, space 0, times 0 [ 295.526733][ T9251] CPU: 0 PID: 9251 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 295.535399][ T9251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 295.545517][ T9251] Call Trace: [ 295.548919][ T9251] dump_stack+0x1df/0x240 [ 295.553370][ T9251] should_fail+0x8b7/0x9e0 [ 295.557910][ T9251] __should_failslab+0x1f6/0x290 [ 295.562951][ T9251] should_failslab+0x29/0x70 [ 295.567661][ T9251] kmem_cache_alloc+0xd0/0xd70 [ 295.572535][ T9251] ? __d_alloc+0x8e/0xc30 [ 295.576973][ T9251] ? kmsan_get_metadata+0x4f/0x180 [ 295.582200][ T9251] ? kmsan_get_metadata+0x11d/0x180 [ 295.587509][ T9251] __d_alloc+0x8e/0xc30 [ 295.591789][ T9251] ? kmsan_get_metadata+0x11d/0x180 [ 295.597373][ T9251] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 295.603299][ T9251] d_alloc_parallel+0x135/0x1f40 [ 295.608343][ T9251] ? __d_lookup+0x71e/0x850 [ 295.612963][ T9251] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 295.619142][ T9251] ? kmsan_get_metadata+0x11d/0x180 [ 295.624476][ T9251] ? kmsan_get_metadata+0x4f/0x180 [ 295.629698][ T9251] ? kmsan_internal_set_origin+0x75/0xb0 [ 295.635710][ T9251] ? kmsan_get_metadata+0x4f/0x180 [ 295.640939][ T9251] proc_fill_cache+0x48b/0x7c0 [ 295.645835][ T9251] ? ksys_getdents64+0x500/0x500 [ 295.651022][ T9251] ? dir_emit_dots+0x450/0x450 [ 295.655900][ T9251] proc_pident_readdir+0x306/0x510 [ 295.661142][ T9251] proc_tgid_base_readdir+0x82/0xa0 [ 295.666451][ T9251] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 295.672108][ T9251] iterate_dir+0x3d8/0x890 [ 295.676672][ T9251] ksys_getdents64+0x1bb/0x500 [ 295.681511][ T9251] ? ksys_getdents64+0x500/0x500 [ 295.686522][ T9251] __se_sys_getdents64+0x8d/0xb0 [ 295.691645][ T9251] __x64_sys_getdents64+0x4a/0x70 [ 295.696739][ T9251] do_syscall_64+0xb0/0x150 [ 295.701295][ T9251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 295.707205][ T9251] RIP: 0033:0x45c1d9 [ 295.711102][ T9251] Code: Bad RIP value. [ 295.715205][ T9251] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 295.723679][ T9251] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 295.731690][ T9251] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 295.739771][ T9251] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 295.747761][ T9251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 295.755777][ T9251] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:25 executing program 0 (fault-call:2 fault-nth:5): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 295.924509][ T9259] FAULT_INJECTION: forcing a failure. [ 295.924509][ T9259] name failslab, interval 1, probability 0, space 0, times 0 [ 295.937497][ T9259] CPU: 0 PID: 9259 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 295.946151][ T9259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 295.956271][ T9259] Call Trace: [ 295.959668][ T9259] dump_stack+0x1df/0x240 [ 295.964111][ T9259] should_fail+0x8b7/0x9e0 [ 295.968648][ T9259] __should_failslab+0x1f6/0x290 [ 295.973677][ T9259] should_failslab+0x29/0x70 [ 295.979329][ T9259] kmem_cache_alloc+0xd0/0xd70 [ 295.984196][ T9259] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 295.990370][ T9259] ? proc_alloc_inode+0x5c/0x160 [ 295.995397][ T9259] ? kmsan_get_metadata+0x4f/0x180 [ 296.000610][ T9259] ? kmsan_get_metadata+0x11d/0x180 [ 296.005911][ T9259] proc_alloc_inode+0x5c/0x160 [ 296.010781][ T9259] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 296.017264][ T9259] new_inode_pseudo+0xb1/0x590 [ 296.022126][ T9259] new_inode+0x5a/0x3d0 [ 296.026375][ T9259] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 296.032351][ T9259] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 296.038612][ T9259] ? d_alloc_parallel+0x1c3b/0x1f40 [ 296.043930][ T9259] proc_pid_make_inode+0x77/0xb10 [ 296.049076][ T9259] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 296.054986][ T9259] proc_pident_instantiate+0xf8/0x4e0 [ 296.060451][ T9259] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 296.066348][ T9259] proc_fill_cache+0x62e/0x7c0 [ 296.071290][ T9259] ? dir_emit_dots+0x450/0x450 [ 296.078426][ T9259] proc_pident_readdir+0x306/0x510 [ 296.083642][ T9259] proc_tgid_base_readdir+0x82/0xa0 [ 296.088934][ T9259] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 296.094570][ T9259] iterate_dir+0x3d8/0x890 [ 296.099088][ T9259] ksys_getdents64+0x1bb/0x500 [ 296.103990][ T9259] ? ksys_getdents64+0x500/0x500 [ 296.109044][ T9259] __se_sys_getdents64+0x8d/0xb0 [ 296.114183][ T9259] __x64_sys_getdents64+0x4a/0x70 [ 296.119323][ T9259] do_syscall_64+0xb0/0x150 [ 296.123938][ T9259] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 296.129900][ T9259] RIP: 0033:0x45c1d9 [ 296.133852][ T9259] Code: Bad RIP value. [ 296.137975][ T9259] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 296.146480][ T9259] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 296.156344][ T9259] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 296.164386][ T9259] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 296.172430][ T9259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 296.180484][ T9259] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:26 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040), 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r3, r2) io_setup(0x6, &(0x7f0000000140)=0x0) io_submit(r4, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r2, 0x0}]) 17:02:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x2, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000280)=0xc) keyctl$get_persistent(0x10, r3, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in=@local, @in6=@empty, 0x4e23, 0x0, 0x4e20, 0x0, 0x2, 0x80, 0xa0, 0x29, 0x0, r3}, {0x8, 0x8, 0x3, 0x9, 0xb73, 0xffff, 0x574, 0x2}, {0xffffffffffffffff, 0x8000}, 0x9, 0x6e6bb6, 0x2, 0x0, 0x3, 0x3}, {{@in6=@remote, 0x4d6, 0x33}, 0x2, @in6=@ipv4={[], [], @empty}, 0x34ff, 0x1, 0x3, 0x6, 0x6, 0x2, 0x7fff}}, 0xe8) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0x9, {0x81000000}}]}]}]}, 0x3c}}, 0x0) 17:02:26 executing program 0 (fault-call:2 fault-nth:6): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 296.769976][ T9272] FAULT_INJECTION: forcing a failure. [ 296.769976][ T9272] name failslab, interval 1, probability 0, space 0, times 0 [ 296.783261][ T9272] CPU: 0 PID: 9272 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 296.791914][ T9272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.802130][ T9272] Call Trace: [ 296.805486][ T9272] dump_stack+0x1df/0x240 [ 296.809866][ T9272] should_fail+0x8b7/0x9e0 [ 296.814341][ T9272] __should_failslab+0x1f6/0x290 [ 296.819325][ T9272] should_failslab+0x29/0x70 [ 296.823967][ T9272] kmem_cache_alloc+0xd0/0xd70 [ 296.828771][ T9272] ? __d_alloc+0x8e/0xc30 [ 296.833232][ T9272] ? kmsan_get_metadata+0x4f/0x180 [ 296.838393][ T9272] ? kmsan_get_metadata+0x11d/0x180 [ 296.843635][ T9272] __d_alloc+0x8e/0xc30 [ 296.847835][ T9272] ? kmsan_set_origin_checked+0x95/0xf0 [ 296.853422][ T9272] ? kmsan_get_metadata+0x11d/0x180 [ 296.858665][ T9272] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 296.864507][ T9272] d_alloc_parallel+0x135/0x1f40 [ 296.869476][ T9272] ? __d_lookup+0x71e/0x850 [ 296.874020][ T9272] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 296.879887][ T9272] ? kmsan_get_metadata+0x11d/0x180 [ 296.885696][ T9272] ? kmsan_get_metadata+0x4f/0x180 [ 296.890855][ T9272] ? kmsan_internal_set_origin+0x75/0xb0 [ 296.896556][ T9272] ? kmsan_get_metadata+0x4f/0x180 [ 296.901718][ T9272] proc_fill_cache+0x48b/0x7c0 [ 296.906573][ T9272] ? ksys_getdents64+0x500/0x500 [ 296.911574][ T9272] ? dir_emit_dots+0x450/0x450 [ 296.916402][ T9272] proc_pident_readdir+0x306/0x510 [ 296.921579][ T9272] proc_tgid_base_readdir+0x82/0xa0 [ 296.926835][ T9272] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 296.932432][ T9272] iterate_dir+0x3d8/0x890 [ 296.936922][ T9272] ksys_getdents64+0x1bb/0x500 [ 296.941735][ T9272] ? ksys_getdents64+0x500/0x500 [ 296.946725][ T9272] __se_sys_getdents64+0x8d/0xb0 [ 296.951720][ T9272] __x64_sys_getdents64+0x4a/0x70 [ 296.956793][ T9272] do_syscall_64+0xb0/0x150 [ 296.961349][ T9272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 296.967266][ T9272] RIP: 0033:0x45c1d9 [ 296.971169][ T9272] Code: Bad RIP value. [ 296.975265][ T9272] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 296.983712][ T9272] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 296.991711][ T9272] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 296.999892][ T9272] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 297.007981][ T9272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 297.015982][ T9272] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:27 executing program 1: io_setup(0x104, &(0x7f0000000000)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0xf2fd6000) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 17:02:27 executing program 0 (fault-call:2 fault-nth:7): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 297.257809][ T9280] FAULT_INJECTION: forcing a failure. [ 297.257809][ T9280] name failslab, interval 1, probability 0, space 0, times 0 [ 297.270710][ T9280] CPU: 0 PID: 9280 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 297.279372][ T9280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.289495][ T9280] Call Trace: [ 297.292907][ T9280] dump_stack+0x1df/0x240 [ 297.297351][ T9280] should_fail+0x8b7/0x9e0 [ 297.301975][ T9280] __should_failslab+0x1f6/0x290 [ 297.307001][ T9280] should_failslab+0x29/0x70 [ 297.311688][ T9280] kmem_cache_alloc+0xd0/0xd70 [ 297.316543][ T9280] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 297.322701][ T9280] ? proc_alloc_inode+0x5c/0x160 [ 297.327811][ T9280] ? kmsan_get_metadata+0x4f/0x180 [ 297.333014][ T9280] ? kmsan_get_metadata+0x11d/0x180 [ 297.338399][ T9280] proc_alloc_inode+0x5c/0x160 [ 297.343273][ T9280] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 297.349703][ T9280] new_inode_pseudo+0xb1/0x590 [ 297.354569][ T9280] new_inode+0x5a/0x3d0 [ 297.358823][ T9280] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 297.364842][ T9280] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 297.371183][ T9280] ? d_alloc_parallel+0x1c3b/0x1f40 [ 297.376682][ T9280] proc_pid_make_inode+0x77/0xb10 [ 297.381937][ T9280] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 297.387870][ T9280] proc_pident_instantiate+0xf8/0x4e0 [ 297.393454][ T9280] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 297.399401][ T9280] proc_fill_cache+0x62e/0x7c0 [ 297.404389][ T9280] ? dir_emit_dots+0x450/0x450 [ 297.409286][ T9280] proc_pident_readdir+0x306/0x510 [ 297.414549][ T9280] proc_tgid_base_readdir+0x82/0xa0 [ 297.419860][ T9280] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 297.425704][ T9280] iterate_dir+0x3d8/0x890 [ 297.430247][ T9280] ksys_getdents64+0x1bb/0x500 [ 297.435140][ T9280] ? ksys_getdents64+0x500/0x500 [ 297.440364][ T9280] __se_sys_getdents64+0x8d/0xb0 [ 297.445427][ T9280] __x64_sys_getdents64+0x4a/0x70 [ 297.451007][ T9280] do_syscall_64+0xb0/0x150 [ 297.455630][ T9280] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 297.461588][ T9280] RIP: 0033:0x45c1d9 [ 297.465525][ T9280] Code: Bad RIP value. [ 297.469621][ T9280] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 297.478077][ T9280] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 297.486184][ T9280] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 297.494288][ T9280] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 297.502297][ T9280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 297.510327][ T9280] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:27 executing program 0 (fault-call:2 fault-nth:8): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:27 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 297.767112][ T9289] FAULT_INJECTION: forcing a failure. [ 297.767112][ T9289] name failslab, interval 1, probability 0, space 0, times 0 [ 297.780491][ T9289] CPU: 0 PID: 9289 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 297.789316][ T9289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.799437][ T9289] Call Trace: [ 297.802826][ T9289] dump_stack+0x1df/0x240 [ 297.807350][ T9289] should_fail+0x8b7/0x9e0 [ 297.811862][ T9289] __should_failslab+0x1f6/0x290 [ 297.816877][ T9289] should_failslab+0x29/0x70 [ 297.821551][ T9289] kmem_cache_alloc+0xd0/0xd70 [ 297.826370][ T9289] ? __d_alloc+0x8e/0xc30 [ 297.830769][ T9289] ? kmsan_get_metadata+0x4f/0x180 [ 297.835937][ T9289] ? kmsan_get_metadata+0x11d/0x180 [ 297.841194][ T9289] __d_alloc+0x8e/0xc30 [ 297.845430][ T9289] ? kmsan_get_metadata+0x11d/0x180 [ 297.850696][ T9289] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 297.856561][ T9289] d_alloc_parallel+0x135/0x1f40 [ 297.861567][ T9289] ? __d_lookup+0x71e/0x850 [ 297.866126][ T9289] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 297.871988][ T9289] ? kmsan_get_metadata+0x11d/0x180 [ 297.877264][ T9289] ? kmsan_get_metadata+0x4f/0x180 [ 297.882527][ T9289] ? kmsan_internal_set_origin+0x75/0xb0 [ 297.888236][ T9289] ? kmsan_get_metadata+0x4f/0x180 [ 297.893433][ T9289] proc_fill_cache+0x48b/0x7c0 [ 297.898305][ T9289] ? ksys_getdents64+0x500/0x500 [ 297.903310][ T9289] ? dir_emit_dots+0x450/0x450 [ 297.908145][ T9289] proc_pident_readdir+0x306/0x510 [ 297.913446][ T9289] proc_tgid_base_readdir+0x82/0xa0 [ 297.918714][ T9289] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 297.924414][ T9289] iterate_dir+0x3d8/0x890 [ 297.928915][ T9289] ksys_getdents64+0x1bb/0x500 [ 297.933747][ T9289] ? ksys_getdents64+0x500/0x500 [ 297.938752][ T9289] __se_sys_getdents64+0x8d/0xb0 [ 297.943771][ T9289] __x64_sys_getdents64+0x4a/0x70 [ 297.948883][ T9289] do_syscall_64+0xb0/0x150 [ 297.953465][ T9289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 297.959418][ T9289] RIP: 0033:0x45c1d9 [ 297.963337][ T9289] Code: Bad RIP value. [ 297.967446][ T9289] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 297.975909][ T9289] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 297.983928][ T9289] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 297.991960][ T9289] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 297.999979][ T9289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 298.008000][ T9289] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:28 executing program 0 (fault-call:2 fault-nth:9): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:28 executing program 2: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0xc00, 0x0) r1 = accept$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, &(0x7f0000000080)=0x10) connect$phonet_pipe(r0, &(0x7f00000000c0)={0x23, 0x7f, 0x81, 0x4}, 0x10) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000140)={0x9d0000, 0x7ff, 0x9, r1, 0x0, &(0x7f0000000100)={0xa30901, 0x237, [], @value64=0x5}}) setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000180)=0x1, 0x4) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_persist_mode\x00', 0x2, 0x0) setsockopt$bt_BT_FLUSHABLE(r3, 0x112, 0x8, &(0x7f0000000200)=0x81, 0x4) write(r1, &(0x7f0000000240)="64d961abd86d1df1f8a4b63eec5def903dfe0745bddfd083e7fd3a9675910b78004688687e06afe2cffaca7a7671febdb52cd0723a047fe6e2550110bbf4e4324785081a54a9b21eb9f3df6f1062c305e02451943a6402852386382acad0257f6e85837e2f35b65f66791c77905e77450e607433ab682bb5d3f3d5612ba4b78216f08ec9643a3fd24cdf0006cd97ee2ffb3d62bee938e064a473d152deffbd1389be846ff198b3d334cbd9cc0112f890fad03e45ffbecd2b9e1bfeccc24a879040f10618195d902dba2371b96dc81e82a74bb765aa31d665d92d721cda435f85c59ca4d8d577c1780c", 0xe9) accept4$inet(r1, &(0x7f0000000340)={0x2, 0x0, @dev}, &(0x7f0000000380)=0x10, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0x200540, 0x0) setsockopt$inet6_udp_encap(r4, 0x11, 0x64, &(0x7f0000000400)=0x3, 0x4) r5 = syz_open_dev$vcsn(&(0x7f0000000440)='/dev/vcs#\x00', 0xc20000000000, 0x400900) getpeername$inet(r5, &(0x7f0000000480)={0x2, 0x0, @private}, &(0x7f00000004c0)=0x10) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000500)='/dev/hwrng\x00', 0x101000, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r6, 0x7706, &(0x7f0000000540)) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f0000000580)=0x8) r7 = pidfd_getfd(0xffffffffffffffff, r2, 0x0) ioctl$ASHMEM_GET_SIZE(r7, 0x7704, 0x0) r8 = socket$bt_rfcomm(0x1f, 0x0, 0x3) getsockopt$bt_BT_VOICE(r8, 0x112, 0xb, &(0x7f00000005c0)=0xfff7, &(0x7f0000000600)=0x2) [ 298.244762][ T9297] FAULT_INJECTION: forcing a failure. [ 298.244762][ T9297] name failslab, interval 1, probability 0, space 0, times 0 [ 298.257905][ T9297] CPU: 1 PID: 9297 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 298.266562][ T9297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.276708][ T9297] Call Trace: [ 298.280102][ T9297] dump_stack+0x1df/0x240 [ 298.284544][ T9297] should_fail+0x8b7/0x9e0 [ 298.289079][ T9297] __should_failslab+0x1f6/0x290 [ 298.294090][ T9297] should_failslab+0x29/0x70 [ 298.298782][ T9297] kmem_cache_alloc+0xd0/0xd70 [ 298.303662][ T9297] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 298.309832][ T9297] ? proc_alloc_inode+0x5c/0x160 [ 298.314851][ T9297] ? kmsan_get_metadata+0x4f/0x180 [ 298.320014][ T9297] ? kmsan_get_metadata+0x11d/0x180 [ 298.325273][ T9297] proc_alloc_inode+0x5c/0x160 [ 298.330093][ T9297] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 298.336479][ T9297] new_inode_pseudo+0xb1/0x590 [ 298.341285][ T9297] new_inode+0x5a/0x3d0 [ 298.345482][ T9297] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 298.351333][ T9297] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 298.357554][ T9297] ? d_alloc_parallel+0x1c3b/0x1f40 [ 298.362824][ T9297] proc_pid_make_inode+0x77/0xb10 [ 298.368055][ T9297] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 298.373930][ T9297] proc_pident_instantiate+0xf8/0x4e0 [ 298.379680][ T9297] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 298.385623][ T9297] proc_fill_cache+0x62e/0x7c0 [ 298.390445][ T9297] ? dir_emit_dots+0x450/0x450 [ 298.395270][ T9297] proc_pident_readdir+0x306/0x510 [ 298.400529][ T9297] proc_tgid_base_readdir+0x82/0xa0 [ 298.405925][ T9297] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 298.411552][ T9297] iterate_dir+0x3d8/0x890 [ 298.416032][ T9297] ksys_getdents64+0x1bb/0x500 [ 298.420852][ T9297] ? ksys_getdents64+0x500/0x500 [ 298.425931][ T9297] __se_sys_getdents64+0x8d/0xb0 [ 298.430921][ T9297] __x64_sys_getdents64+0x4a/0x70 [ 298.436181][ T9297] do_syscall_64+0xb0/0x150 [ 298.440736][ T9297] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 298.446646][ T9297] RIP: 0033:0x45c1d9 [ 298.450544][ T9297] Code: Bad RIP value. [ 298.454631][ T9297] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 298.463085][ T9297] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 298.471270][ T9297] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 298.479273][ T9297] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 298.487272][ T9297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 298.495313][ T9297] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:28 executing program 0 (fault-call:2 fault-nth:10): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 299.094042][ T9301] IPVS: ftp: loaded support on port[0] = 21 [ 299.167542][ T9308] FAULT_INJECTION: forcing a failure. [ 299.167542][ T9308] name failslab, interval 1, probability 0, space 0, times 0 [ 299.180474][ T9308] CPU: 0 PID: 9308 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 299.189120][ T9308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.199347][ T9308] Call Trace: [ 299.202706][ T9308] dump_stack+0x1df/0x240 [ 299.207098][ T9308] should_fail+0x8b7/0x9e0 [ 299.211575][ T9308] __should_failslab+0x1f6/0x290 [ 299.216558][ T9308] should_failslab+0x29/0x70 [ 299.221289][ T9308] kmem_cache_alloc+0xd0/0xd70 [ 299.226102][ T9308] ? __d_alloc+0x8e/0xc30 [ 299.230473][ T9308] ? kmsan_get_metadata+0x4f/0x180 [ 299.235629][ T9308] ? kmsan_get_metadata+0x11d/0x180 [ 299.240868][ T9308] __d_alloc+0x8e/0xc30 [ 299.245085][ T9308] ? kmsan_get_metadata+0x11d/0x180 [ 299.250332][ T9308] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 299.256267][ T9308] d_alloc_parallel+0x135/0x1f40 [ 299.261242][ T9308] ? __d_lookup+0x71e/0x850 [ 299.265795][ T9308] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 299.271729][ T9308] ? kmsan_get_metadata+0x11d/0x180 [ 299.276974][ T9308] ? kmsan_get_metadata+0x4f/0x180 [ 299.282121][ T9308] ? kmsan_internal_set_origin+0x75/0xb0 [ 299.288068][ T9308] ? kmsan_get_metadata+0x4f/0x180 [ 299.293231][ T9308] proc_fill_cache+0x48b/0x7c0 [ 299.298055][ T9308] ? ksys_getdents64+0x500/0x500 [ 299.303038][ T9308] ? dir_emit_dots+0x450/0x450 [ 299.307856][ T9308] proc_pident_readdir+0x306/0x510 [ 299.313045][ T9308] proc_tgid_base_readdir+0x82/0xa0 [ 299.318296][ T9308] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 299.323906][ T9308] iterate_dir+0x3d8/0x890 [ 299.328398][ T9308] ksys_getdents64+0x1bb/0x500 [ 299.333219][ T9308] ? ksys_getdents64+0x500/0x500 [ 299.338213][ T9308] __se_sys_getdents64+0x8d/0xb0 [ 299.343224][ T9308] __x64_sys_getdents64+0x4a/0x70 [ 299.348332][ T9308] do_syscall_64+0xb0/0x150 [ 299.352896][ T9308] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 299.358988][ T9308] RIP: 0033:0x45c1d9 [ 299.362931][ T9308] Code: Bad RIP value. [ 299.367035][ T9308] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 299.375503][ T9308] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 299.383597][ T9308] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 299.391887][ T9308] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 299.399995][ T9308] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 299.408003][ T9308] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c [ 299.671489][ T9301] chnl_net:caif_netlink_parms(): no params data found [ 299.789393][ T9287] debugfs: Directory '9287-8' with parent 'kvm' already present! [ 299.887055][ T9301] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.894502][ T9301] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.903986][ T9301] device bridge_slave_0 entered promiscuous mode [ 299.932748][ T9301] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.940256][ T9301] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.951454][ T9301] device bridge_slave_1 entered promiscuous mode [ 300.007150][ T9301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 300.023347][ T9301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 17:02:29 executing program 0 (fault-call:2 fault-nth:11): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 300.107424][ T9453] FAULT_INJECTION: forcing a failure. [ 300.107424][ T9453] name failslab, interval 1, probability 0, space 0, times 0 [ 300.118226][ T9301] team0: Port device team_slave_0 added [ 300.120843][ T9453] CPU: 1 PID: 9453 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 300.134378][ T9453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.144529][ T9453] Call Trace: [ 300.148003][ T9453] dump_stack+0x1df/0x240 [ 300.152445][ T9453] should_fail+0x8b7/0x9e0 [ 300.156976][ T9453] __should_failslab+0x1f6/0x290 [ 300.157957][ T9301] team0: Port device team_slave_1 added [ 300.162235][ T9453] should_failslab+0x29/0x70 [ 300.172498][ T9453] kmem_cache_alloc+0xd0/0xd70 [ 300.177363][ T9453] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 300.183559][ T9453] ? proc_alloc_inode+0x5c/0x160 [ 300.188631][ T9453] ? kmsan_get_metadata+0x4f/0x180 [ 300.193846][ T9453] ? kmsan_get_metadata+0x11d/0x180 [ 300.199247][ T9453] proc_alloc_inode+0x5c/0x160 [ 300.204120][ T9453] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 300.210549][ T9453] new_inode_pseudo+0xb1/0x590 [ 300.215410][ T9453] new_inode+0x5a/0x3d0 [ 300.219681][ T9453] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 300.225554][ T9453] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 300.231755][ T9453] ? d_alloc_parallel+0x1c3b/0x1f40 [ 300.237023][ T9453] proc_pid_make_inode+0x77/0xb10 [ 300.242104][ T9453] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 300.247967][ T9453] proc_pident_instantiate+0xf8/0x4e0 [ 300.253393][ T9453] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 300.259356][ T9453] proc_fill_cache+0x62e/0x7c0 [ 300.264182][ T9453] ? dir_emit_dots+0x450/0x450 [ 300.269000][ T9453] proc_pident_readdir+0x306/0x510 [ 300.274360][ T9453] proc_tgid_base_readdir+0x82/0xa0 [ 300.279815][ T9453] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 300.285403][ T9453] iterate_dir+0x3d8/0x890 [ 300.290225][ T9453] ksys_getdents64+0x1bb/0x500 [ 300.295040][ T9453] ? ksys_getdents64+0x500/0x500 [ 300.300116][ T9453] __se_sys_getdents64+0x8d/0xb0 [ 300.305111][ T9453] __x64_sys_getdents64+0x4a/0x70 [ 300.310250][ T9453] do_syscall_64+0xb0/0x150 [ 300.314808][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 300.320749][ T9453] RIP: 0033:0x45c1d9 [ 300.324652][ T9453] Code: Bad RIP value. [ 300.328740][ T9453] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 300.337295][ T9453] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 300.345294][ T9453] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 300.353302][ T9453] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 300.361409][ T9453] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000b [ 300.369423][ T9453] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c [ 300.449991][ T9301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 300.457765][ T9301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 300.484133][ T9301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active 17:02:30 executing program 0 (fault-call:2 fault-nth:12): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 300.557207][ T9301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 300.564389][ T9301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 300.594891][ T9301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 300.688420][ T9466] FAULT_INJECTION: forcing a failure. [ 300.688420][ T9466] name failslab, interval 1, probability 0, space 0, times 0 [ 300.701422][ T9466] CPU: 0 PID: 9466 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 300.710075][ T9466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.720195][ T9466] Call Trace: [ 300.723590][ T9466] dump_stack+0x1df/0x240 [ 300.728029][ T9466] should_fail+0x8b7/0x9e0 [ 300.732536][ T9466] __should_failslab+0x1f6/0x290 [ 300.737528][ T9466] should_failslab+0x29/0x70 [ 300.742346][ T9466] kmem_cache_alloc+0xd0/0xd70 [ 300.747151][ T9466] ? __d_alloc+0x8e/0xc30 [ 300.751523][ T9466] ? kmsan_get_metadata+0x4f/0x180 [ 300.757476][ T9466] ? kmsan_get_metadata+0x11d/0x180 [ 300.762713][ T9466] __d_alloc+0x8e/0xc30 [ 300.766912][ T9466] ? kmsan_get_metadata+0x11d/0x180 [ 300.772153][ T9466] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 300.777999][ T9466] d_alloc_parallel+0x135/0x1f40 [ 300.782976][ T9466] ? __d_lookup+0x71e/0x850 [ 300.787662][ T9466] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 300.793530][ T9466] ? kmsan_get_metadata+0x11d/0x180 [ 300.798796][ T9466] ? kmsan_get_metadata+0x4f/0x180 [ 300.803972][ T9466] ? kmsan_internal_set_origin+0x75/0xb0 [ 300.809665][ T9466] ? kmsan_get_metadata+0x4f/0x180 [ 300.814825][ T9466] proc_fill_cache+0x48b/0x7c0 [ 300.819645][ T9466] ? ksys_getdents64+0x500/0x500 [ 300.824629][ T9466] ? dir_emit_dots+0x450/0x450 [ 300.829472][ T9466] proc_pident_readdir+0x306/0x510 [ 300.834743][ T9466] proc_tgid_base_readdir+0x82/0xa0 [ 300.840009][ T9466] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 300.845608][ T9466] iterate_dir+0x3d8/0x890 [ 300.850077][ T9466] ksys_getdents64+0x1bb/0x500 [ 300.854986][ T9466] ? ksys_getdents64+0x500/0x500 [ 300.859984][ T9466] __se_sys_getdents64+0x8d/0xb0 [ 300.864984][ T9466] __x64_sys_getdents64+0x4a/0x70 [ 300.870126][ T9466] do_syscall_64+0xb0/0x150 [ 300.874704][ T9466] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 300.880622][ T9466] RIP: 0033:0x45c1d9 [ 300.884537][ T9466] Code: Bad RIP value. [ 300.888648][ T9466] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 300.897113][ T9466] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 300.905116][ T9466] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 300.913223][ T9466] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 300.921231][ T9466] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c [ 300.929232][ T9466] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c [ 301.033461][ T9301] device hsr_slave_0 entered promiscuous mode [ 301.075045][ T9301] device hsr_slave_1 entered promiscuous mode [ 301.115753][ T9301] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 301.123481][ T9301] Cannot create hsr debugfs directory [ 301.382109][ T9301] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 301.432132][ T9301] netdevsim netdevsim2 netdevsim1: renamed from eth1 17:02:31 executing program 0 (fault-call:2 fault-nth:13): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 301.476919][ T9301] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 301.546797][ T9301] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 301.566591][ T9526] FAULT_INJECTION: forcing a failure. [ 301.566591][ T9526] name failslab, interval 1, probability 0, space 0, times 0 [ 301.579918][ T9526] CPU: 1 PID: 9526 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 301.588746][ T9526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.598997][ T9526] Call Trace: [ 301.602384][ T9526] dump_stack+0x1df/0x240 [ 301.606851][ T9526] should_fail+0x8b7/0x9e0 [ 301.611378][ T9526] __should_failslab+0x1f6/0x290 [ 301.616405][ T9526] should_failslab+0x29/0x70 [ 301.621176][ T9526] kmem_cache_alloc+0xd0/0xd70 [ 301.626024][ T9526] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 301.632175][ T9526] ? proc_alloc_inode+0x5c/0x160 [ 301.637200][ T9526] ? kmsan_get_metadata+0x4f/0x180 [ 301.642426][ T9526] ? kmsan_get_metadata+0x11d/0x180 [ 301.647748][ T9526] proc_alloc_inode+0x5c/0x160 [ 301.652720][ T9526] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 301.659137][ T9526] new_inode_pseudo+0xb1/0x590 [ 301.664072][ T9526] new_inode+0x5a/0x3d0 [ 301.668499][ T9526] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 301.674440][ T9526] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 301.680700][ T9526] ? d_alloc_parallel+0x1c3b/0x1f40 [ 301.686003][ T9526] proc_pid_make_inode+0x77/0xb10 [ 301.691238][ T9526] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 301.697136][ T9526] proc_pident_instantiate+0xf8/0x4e0 [ 301.702677][ T9526] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 301.708745][ T9526] proc_fill_cache+0x62e/0x7c0 [ 301.713615][ T9526] ? dir_emit_dots+0x450/0x450 [ 301.718481][ T9526] proc_pident_readdir+0x306/0x510 [ 301.723691][ T9526] proc_tgid_base_readdir+0x82/0xa0 [ 301.728971][ T9526] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 301.734595][ T9526] iterate_dir+0x3d8/0x890 [ 301.739104][ T9526] ksys_getdents64+0x1bb/0x500 [ 301.743949][ T9526] ? ksys_getdents64+0x500/0x500 [ 301.749004][ T9526] __se_sys_getdents64+0x8d/0xb0 [ 301.754035][ T9526] __x64_sys_getdents64+0x4a/0x70 [ 301.759179][ T9526] do_syscall_64+0xb0/0x150 [ 301.763765][ T9526] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 301.769702][ T9526] RIP: 0033:0x45c1d9 [ 301.773628][ T9526] Code: Bad RIP value. [ 301.777823][ T9526] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 301.786302][ T9526] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 301.794322][ T9526] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 301.802343][ T9526] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 301.810366][ T9526] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000d [ 301.818407][ T9526] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c [ 302.126370][ T9301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 302.156701][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 302.166904][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 302.186292][ T9301] 8021q: adding VLAN 0 to HW filter on device team0 [ 302.212428][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 302.222439][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 17:02:32 executing program 0 (fault-call:2 fault-nth:14): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 302.233760][ T4885] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.241048][ T4885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 302.306966][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 302.316445][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 302.326404][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 302.335836][ T4885] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.343112][ T4885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 302.352141][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 302.363143][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 302.374150][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 302.384737][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 302.395211][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 302.406005][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 302.416516][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 302.426217][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 302.435837][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 302.445502][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 302.462251][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 302.475194][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 302.537041][ T9533] FAULT_INJECTION: forcing a failure. [ 302.537041][ T9533] name failslab, interval 1, probability 0, space 0, times 0 [ 302.549995][ T9533] CPU: 1 PID: 9533 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 302.558651][ T9533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.568770][ T9533] Call Trace: [ 302.572149][ T9533] dump_stack+0x1df/0x240 [ 302.576574][ T9533] should_fail+0x8b7/0x9e0 [ 302.581187][ T9533] __should_failslab+0x1f6/0x290 [ 302.586303][ T9533] should_failslab+0x29/0x70 [ 302.590993][ T9533] kmem_cache_alloc+0xd0/0xd70 [ 302.594899][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 302.596080][ T9533] ? __d_alloc+0x8e/0xc30 [ 302.603938][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 302.607757][ T9533] ? kmsan_get_metadata+0x4f/0x180 [ 302.620165][ T9533] ? kmsan_get_metadata+0x11d/0x180 [ 302.625547][ T9533] __d_alloc+0x8e/0xc30 [ 302.629792][ T9533] ? kmsan_get_metadata+0x11d/0x180 [ 302.635180][ T9533] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 302.638158][ T9301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 302.641084][ T9533] d_alloc_parallel+0x135/0x1f40 [ 302.652940][ T9533] ? __d_lookup+0x71e/0x850 [ 302.657538][ T9533] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 302.663434][ T9533] ? kmsan_get_metadata+0x11d/0x180 [ 302.668817][ T9533] ? kmsan_get_metadata+0x4f/0x180 [ 302.674011][ T9533] ? kmsan_internal_set_origin+0x75/0xb0 [ 302.679725][ T9533] ? kmsan_get_metadata+0x4f/0x180 [ 302.684920][ T9533] proc_fill_cache+0x48b/0x7c0 [ 302.689754][ T9533] ? ksys_getdents64+0x500/0x500 [ 302.694837][ T9533] ? dir_emit_dots+0x450/0x450 [ 302.699656][ T9533] proc_pident_readdir+0x306/0x510 [ 302.704836][ T9533] proc_tgid_base_readdir+0x82/0xa0 [ 302.710105][ T9533] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 302.715705][ T9533] iterate_dir+0x3d8/0x890 [ 302.720176][ T9533] ksys_getdents64+0x1bb/0x500 [ 302.724995][ T9533] ? ksys_getdents64+0x500/0x500 [ 302.729989][ T9533] __se_sys_getdents64+0x8d/0xb0 [ 302.734980][ T9533] __x64_sys_getdents64+0x4a/0x70 [ 302.740046][ T9533] do_syscall_64+0xb0/0x150 [ 302.744604][ T9533] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 302.750523][ T9533] RIP: 0033:0x45c1d9 [ 302.754423][ T9533] Code: Bad RIP value. [ 302.758504][ T9533] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 302.766951][ T9533] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 302.774951][ T9533] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 302.782948][ T9533] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 302.791210][ T9533] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e [ 302.799209][ T9533] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:32 executing program 0 (fault-call:2 fault-nth:15): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 302.972476][ T9301] device veth0_vlan entered promiscuous mode [ 303.018819][ T9301] device veth1_vlan entered promiscuous mode [ 303.090371][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 303.100656][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 303.110749][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 303.120609][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 303.131160][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 303.140599][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 303.176383][ T9301] device veth0_macvtap entered promiscuous mode [ 303.191816][ T9301] device veth1_macvtap entered promiscuous mode [ 303.204397][ T9537] FAULT_INJECTION: forcing a failure. [ 303.204397][ T9537] name failslab, interval 1, probability 0, space 0, times 0 [ 303.217291][ T9537] CPU: 1 PID: 9537 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 303.224740][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 303.226050][ T9537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.235009][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 303.243356][ T9537] Call Trace: [ 303.252333][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 303.254062][ T9537] dump_stack+0x1df/0x240 [ 303.254157][ T9537] should_fail+0x8b7/0x9e0 [ 303.263596][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 303.266408][ T9537] __should_failslab+0x1f6/0x290 [ 303.272371][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 303.278699][ T9537] should_failslab+0x29/0x70 [ 303.278763][ T9537] kmem_cache_alloc+0xd0/0xd70 [ 303.278839][ T9537] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 303.295203][ T9301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 303.295779][ T9537] ? proc_alloc_inode+0x5c/0x160 [ 303.300512][ T9301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.306585][ T9537] ? kmsan_get_metadata+0x4f/0x180 [ 303.306645][ T9537] ? kmsan_get_metadata+0x11d/0x180 [ 303.306704][ T9537] proc_alloc_inode+0x5c/0x160 [ 303.306790][ T9537] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 303.317233][ T9301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 303.322137][ T9537] new_inode_pseudo+0xb1/0x590 [ 303.331947][ T9301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.337036][ T9537] new_inode+0x5a/0x3d0 [ 303.337113][ T9537] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.345899][ T9301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 303.347517][ T9537] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 303.393187][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 303.396715][ T9537] ? d_alloc_parallel+0x1c3b/0x1f40 [ 303.396780][ T9537] proc_pid_make_inode+0x77/0xb10 [ 303.396861][ T9537] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.404715][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 303.410653][ T9537] proc_pident_instantiate+0xf8/0x4e0 [ 303.417533][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 303.420905][ T9537] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.445252][ T9301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 303.448167][ T9537] proc_fill_cache+0x62e/0x7c0 [ 303.453994][ T9301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.464460][ T9537] ? dir_emit_dots+0x450/0x450 [ 303.464535][ T9537] proc_pident_readdir+0x306/0x510 [ 303.464622][ T9537] proc_tgid_base_readdir+0x82/0xa0 [ 303.469373][ T9301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 303.479245][ T9537] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 303.479328][ T9537] iterate_dir+0x3d8/0x890 [ 303.484086][ T9301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.489218][ T9537] ksys_getdents64+0x1bb/0x500 [ 303.497607][ T9301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 303.504826][ T9537] ? ksys_getdents64+0x500/0x500 [ 303.504918][ T9537] __se_sys_getdents64+0x8d/0xb0 [ 303.532977][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 303.536699][ T9537] __x64_sys_getdents64+0x4a/0x70 [ 303.536785][ T9537] do_syscall_64+0xb0/0x150 [ 303.543277][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 303.546666][ T9537] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 303.546698][ T9537] RIP: 0033:0x45c1d9 [ 303.546713][ T9537] Code: Bad RIP value. [ 303.546740][ T9537] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 303.546784][ T9537] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 303.546840][ T9537] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 303.611237][ T9537] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 303.619275][ T9537] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000f [ 303.627318][ T9537] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:33 executing program 0 (fault-call:2 fault-nth:16): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 303.818681][ T9542] FAULT_INJECTION: forcing a failure. [ 303.818681][ T9542] name failslab, interval 1, probability 0, space 0, times 0 [ 303.831570][ T9542] CPU: 1 PID: 9542 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 303.840225][ T9542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.850378][ T9542] Call Trace: [ 303.853774][ T9542] dump_stack+0x1df/0x240 [ 303.858219][ T9542] should_fail+0x8b7/0x9e0 [ 303.862755][ T9542] __should_failslab+0x1f6/0x290 [ 303.867809][ T9542] should_failslab+0x29/0x70 [ 303.872480][ T9542] kmem_cache_alloc+0xd0/0xd70 [ 303.877416][ T9542] ? __d_alloc+0x8e/0xc30 [ 303.881801][ T9542] ? kmsan_get_metadata+0x4f/0x180 [ 303.886963][ T9542] ? kmsan_get_metadata+0x11d/0x180 [ 303.892195][ T9542] __d_alloc+0x8e/0xc30 [ 303.896395][ T9542] ? kmsan_get_metadata+0x11d/0x180 [ 303.901646][ T9542] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.907492][ T9542] d_alloc_parallel+0x135/0x1f40 [ 303.912475][ T9542] ? __d_lookup+0x71e/0x850 [ 303.917018][ T9542] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.922863][ T9542] ? kmsan_get_metadata+0x11d/0x180 [ 303.928141][ T9542] ? kmsan_get_metadata+0x4f/0x180 [ 303.933292][ T9542] ? kmsan_internal_set_origin+0x75/0xb0 [ 303.938968][ T9542] ? kmsan_get_metadata+0x4f/0x180 [ 303.944130][ T9542] proc_fill_cache+0x48b/0x7c0 [ 303.948978][ T9542] ? ksys_getdents64+0x500/0x500 [ 303.954053][ T9542] ? dir_emit_dots+0x450/0x450 [ 303.958885][ T9542] proc_pident_readdir+0x306/0x510 [ 303.964500][ T9542] proc_tgid_base_readdir+0x82/0xa0 [ 303.969747][ T9542] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 303.975336][ T9542] iterate_dir+0x3d8/0x890 [ 303.979808][ T9542] ksys_getdents64+0x1bb/0x500 [ 303.984631][ T9542] ? ksys_getdents64+0x500/0x500 [ 303.989627][ T9542] __se_sys_getdents64+0x8d/0xb0 [ 303.994621][ T9542] __x64_sys_getdents64+0x4a/0x70 [ 303.999692][ T9542] do_syscall_64+0xb0/0x150 [ 304.004257][ T9542] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 304.010175][ T9542] RIP: 0033:0x45c1d9 [ 304.014077][ T9542] Code: Bad RIP value. 17:02:33 executing program 2: clone(0x802100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0xa, 0x6, 0x598, 0x3a8, 0x2b0, 0xd0, 0x1b8, 0xd0, 0x4c8, 0x4c8, 0x4c8, 0x4c8, 0x4c8, 0x6, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a], 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00'}}, {{@ipv6={@dev, @local, [], [], 'veth1\x00', 'team_slave_1\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00'}}, {{@ipv6={@ipv4={[], [], @multicast2}, @remote, [], [], '\x00', 'geneve1\x00'}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x8}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ipv6={@rand_addr=' \x01\x00', @ipv4={[], [], @broadcast}, [], [], 'macsec0\x00', 'veth1_macvtap\x00', {}, {}, 0x0, 0x3}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00'}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5f8) [ 304.018166][ T9542] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 304.026623][ T9542] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 304.034633][ T9542] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 304.042717][ T9542] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 304.050798][ T9542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010 [ 304.058814][ T9542] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:34 executing program 0 (fault-call:2 fault-nth:17): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 304.301393][ T9548] x_tables: duplicate underflow at hook 3 [ 304.389045][ T9555] FAULT_INJECTION: forcing a failure. [ 304.389045][ T9555] name failslab, interval 1, probability 0, space 0, times 0 [ 304.401923][ T9555] CPU: 0 PID: 9555 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 304.410565][ T9555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.420759][ T9555] Call Trace: [ 304.424111][ T9555] dump_stack+0x1df/0x240 [ 304.428584][ T9555] should_fail+0x8b7/0x9e0 [ 304.433076][ T9555] __should_failslab+0x1f6/0x290 [ 304.439009][ T9555] should_failslab+0x29/0x70 [ 304.443649][ T9555] kmem_cache_alloc+0xd0/0xd70 [ 304.448547][ T9555] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 304.454660][ T9555] ? proc_alloc_inode+0x5c/0x160 [ 304.459710][ T9555] ? kmsan_get_metadata+0x4f/0x180 [ 304.464879][ T9555] ? kmsan_get_metadata+0x11d/0x180 [ 304.470130][ T9555] proc_alloc_inode+0x5c/0x160 [ 304.474955][ T9555] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 304.481515][ T9555] new_inode_pseudo+0xb1/0x590 [ 304.486438][ T9555] new_inode+0x5a/0x3d0 [ 304.490641][ T9555] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 304.496513][ T9555] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 304.502711][ T9555] ? d_alloc_parallel+0x1c3b/0x1f40 [ 304.507975][ T9555] proc_pid_make_inode+0x77/0xb10 [ 304.513057][ T9555] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 304.518918][ T9555] proc_pident_instantiate+0xf8/0x4e0 [ 304.524352][ T9555] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 304.530223][ T9555] proc_fill_cache+0x62e/0x7c0 [ 304.535044][ T9555] ? dir_emit_dots+0x450/0x450 [ 304.539859][ T9555] proc_pident_readdir+0x306/0x510 [ 304.545042][ T9555] proc_tgid_base_readdir+0x82/0xa0 [ 304.550290][ T9555] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 304.555880][ T9555] iterate_dir+0x3d8/0x890 [ 304.560353][ T9555] ksys_getdents64+0x1bb/0x500 [ 304.565172][ T9555] ? ksys_getdents64+0x500/0x500 [ 304.570161][ T9555] __se_sys_getdents64+0x8d/0xb0 [ 304.575158][ T9555] __x64_sys_getdents64+0x4a/0x70 [ 304.580230][ T9555] do_syscall_64+0xb0/0x150 [ 304.584795][ T9555] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 304.590717][ T9555] RIP: 0033:0x45c1d9 [ 304.594617][ T9555] Code: Bad RIP value. [ 304.598701][ T9555] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 304.609321][ T9555] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 304.618364][ T9555] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 304.626364][ T9555] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 304.634360][ T9555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000011 [ 304.642443][ T9555] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:34 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:02:34 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$VIDIOC_G_TUNER(r1, 0xc054561d, &(0x7f0000000100)={0x2, "ab9bd0a1d8bf5d00697c68877a17183e997fce8f96b4bcad948d001b751aec10", 0x5, 0x2, 0x5, 0x8, 0x10, 0x1, 0x1}) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="b7050000008002a06110180000000000c50500000000000095000000000000007e870ddc3097b1416d415ef4d20b987a19eef2bd3d82f0bcd777c148a85fe13a5e8bd45813efc379800d3427dacc6f96af29b4d7111aab1f7f9fececd33cebe3ef5751609ca5d1ea8cb907f009"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a) 17:02:34 executing program 0 (fault-call:2 fault-nth:18): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 304.968350][ T9563] FAULT_INJECTION: forcing a failure. [ 304.968350][ T9563] name failslab, interval 1, probability 0, space 0, times 0 [ 304.981522][ T9563] CPU: 0 PID: 9563 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 304.990178][ T9563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.000291][ T9563] Call Trace: [ 305.003686][ T9563] dump_stack+0x1df/0x240 [ 305.008103][ T9563] should_fail+0x8b7/0x9e0 [ 305.012614][ T9563] __should_failslab+0x1f6/0x290 [ 305.017637][ T9563] should_failslab+0x29/0x70 [ 305.022323][ T9563] kmem_cache_alloc+0xd0/0xd70 [ 305.027202][ T9563] ? __d_alloc+0x8e/0xc30 [ 305.031613][ T9563] ? kmsan_get_metadata+0x4f/0x180 [ 305.036813][ T9563] ? kmsan_get_metadata+0x11d/0x180 [ 305.042185][ T9563] __d_alloc+0x8e/0xc30 [ 305.046431][ T9563] ? kmsan_get_metadata+0x11d/0x180 [ 305.051714][ T9563] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 305.057601][ T9563] d_alloc_parallel+0x135/0x1f40 [ 305.062683][ T9563] ? __d_lookup+0x71e/0x850 [ 305.067809][ T9563] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 305.073791][ T9563] ? kmsan_get_metadata+0x11d/0x180 [ 305.079085][ T9563] ? kmsan_get_metadata+0x4f/0x180 [ 305.084281][ T9563] ? kmsan_internal_set_origin+0x75/0xb0 [ 305.090001][ T9563] ? kmsan_get_metadata+0x4f/0x180 [ 305.095215][ T9563] proc_fill_cache+0x48b/0x7c0 [ 305.100097][ T9563] ? ksys_getdents64+0x500/0x500 [ 305.105208][ T9563] ? dir_emit_dots+0x450/0x450 [ 305.110072][ T9563] proc_pident_readdir+0x306/0x510 [ 305.115328][ T9563] proc_tgid_base_readdir+0x82/0xa0 [ 305.120631][ T9563] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 305.126263][ T9563] iterate_dir+0x3d8/0x890 [ 305.130792][ T9563] ksys_getdents64+0x1bb/0x500 [ 305.136017][ T9563] ? ksys_getdents64+0x500/0x500 [ 305.141051][ T9563] __se_sys_getdents64+0x8d/0xb0 [ 305.146084][ T9563] __x64_sys_getdents64+0x4a/0x70 [ 305.151277][ T9563] do_syscall_64+0xb0/0x150 [ 305.155943][ T9563] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 305.161884][ T9563] RIP: 0033:0x45c1d9 [ 305.165795][ T9563] Code: Bad RIP value. [ 305.169892][ T9563] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 305.178447][ T9563] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 305.186459][ T9563] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 305.194572][ T9563] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 305.202585][ T9563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012 [ 305.210605][ T9563] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_IP_TARGET={0x4}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x9}]}}}]}, 0x40}}, 0x0) socket$netlink(0x10, 0x3, 0x10) 17:02:35 executing program 0 (fault-call:2 fault-nth:19): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 305.327982][ T9567] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 305.509525][ T9601] FAULT_INJECTION: forcing a failure. [ 305.509525][ T9601] name failslab, interval 1, probability 0, space 0, times 0 [ 305.522398][ T9601] CPU: 0 PID: 9601 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 305.531055][ T9601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.541218][ T9601] Call Trace: [ 305.544614][ T9601] dump_stack+0x1df/0x240 [ 305.549056][ T9601] should_fail+0x8b7/0x9e0 [ 305.553673][ T9601] __should_failslab+0x1f6/0x290 [ 305.558695][ T9601] should_failslab+0x29/0x70 [ 305.563357][ T9601] kmem_cache_alloc+0xd0/0xd70 [ 305.568210][ T9601] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 305.574353][ T9601] ? proc_alloc_inode+0x5c/0x160 [ 305.579355][ T9601] ? kmsan_get_metadata+0x4f/0x180 [ 305.584561][ T9601] ? kmsan_get_metadata+0x11d/0x180 [ 305.589870][ T9601] proc_alloc_inode+0x5c/0x160 [ 305.594713][ T9601] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 305.601146][ T9601] new_inode_pseudo+0xb1/0x590 [ 305.605982][ T9601] new_inode+0x5a/0x3d0 [ 305.610204][ T9601] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 305.616087][ T9601] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 305.622298][ T9601] ? d_alloc_parallel+0x1c3b/0x1f40 [ 305.627579][ T9601] proc_pid_make_inode+0x77/0xb10 [ 305.632701][ T9601] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 305.638588][ T9601] proc_pident_instantiate+0xf8/0x4e0 [ 305.644056][ T9601] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 305.649930][ T9601] proc_fill_cache+0x62e/0x7c0 [ 305.654797][ T9601] ? dir_emit_dots+0x450/0x450 [ 305.659639][ T9601] proc_pident_readdir+0x306/0x510 [ 305.664830][ T9601] proc_tgid_base_readdir+0x82/0xa0 [ 305.670115][ T9601] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 305.675764][ T9601] iterate_dir+0x3d8/0x890 [ 305.680261][ T9601] ksys_getdents64+0x1bb/0x500 [ 305.685132][ T9601] ? ksys_getdents64+0x500/0x500 [ 305.690196][ T9601] __se_sys_getdents64+0x8d/0xb0 [ 305.695224][ T9601] __x64_sys_getdents64+0x4a/0x70 [ 305.700320][ T9601] do_syscall_64+0xb0/0x150 [ 305.704904][ T9601] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 305.710829][ T9601] RIP: 0033:0x45c1d9 [ 305.714748][ T9601] Code: Bad RIP value. [ 305.718929][ T9601] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 305.727397][ T9601] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 305.735414][ T9601] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 305.743444][ T9601] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 305.751478][ T9601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013 [ 305.759589][ T9601] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:35 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}, {{&(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000180)=""/178, 0xb2}, {&(0x7f0000000240)=""/73, 0x49}, {&(0x7f00000002c0)=""/165, 0xa5}, {&(0x7f0000000380)=""/169, 0xa9}, {&(0x7f0000000440)=""/230, 0xe6}, {&(0x7f0000000540)=""/161, 0xa1}, {&(0x7f0000000600)=""/250, 0xfa}, {&(0x7f0000000700)=""/180, 0xb4}, {&(0x7f0000000100)=""/39, 0x27}, {&(0x7f00000007c0)=""/49, 0x31}], 0xa, &(0x7f00000008c0)=""/84, 0x54}, 0x1}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000940)=""/219, 0xdb}, {&(0x7f0000000a40)=""/223, 0xdf}, {&(0x7f0000000b40)=""/204, 0xcc}, {&(0x7f0000000c40)=""/222, 0xde}, {&(0x7f0000000d40)=""/200, 0xc8}], 0x5, &(0x7f0000000ec0)=""/132, 0x84}, 0x8}], 0x3, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netlink\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x395) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001140)=ANY=[@ANYBLOB="8496a8280b65e3fe2efefe07000000dddf45f80ff7d800000000cda55517000017150aa2aead90ada877558340e84c3394a751bbc56ce9aa1b430fdbffb7", @ANYRES16=r2], 0x1c}, 0x1, 0x50000}, 0x0) sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000001100)={&(0x7f0000001040), 0xc, &(0x7f00000010c0)={&(0x7f0000001080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="00032abd7000fbdbdf250200000005002e000000000005002a00a8169775da71661020af62b6"], 0x2c}, 0x1, 0x0, 0x0, 0x2}, 0x0) 17:02:35 executing program 0 (fault-call:2 fault-nth:20): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:36 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000180)=0x2032, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x5, 0x0, 0x0, 0x2}, 0x1c) r2 = socket$packet(0x11, 0x3, 0x300) poll(&(0x7f0000000040)=[{r2}], 0x1, 0x100) dup2(r1, r2) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x3}, 0x4) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0) ioctl$CHAR_RAW_SECDISCARD(r3, 0x127d, &(0x7f0000000140)=0xffff) [ 306.165505][ T9615] FAULT_INJECTION: forcing a failure. [ 306.165505][ T9615] name failslab, interval 1, probability 0, space 0, times 0 [ 306.178419][ T9615] CPU: 0 PID: 9615 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 306.187100][ T9615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.197218][ T9615] Call Trace: [ 306.200827][ T9615] dump_stack+0x1df/0x240 [ 306.205445][ T9615] should_fail+0x8b7/0x9e0 [ 306.209970][ T9615] __should_failslab+0x1f6/0x290 [ 306.215156][ T9615] should_failslab+0x29/0x70 [ 306.219816][ T9615] kmem_cache_alloc+0xd0/0xd70 [ 306.224619][ T9615] ? __d_alloc+0x8e/0xc30 [ 306.228992][ T9615] ? kmsan_get_metadata+0x4f/0x180 [ 306.234160][ T9615] ? kmsan_get_metadata+0x11d/0x180 [ 306.239395][ T9615] __d_alloc+0x8e/0xc30 [ 306.243614][ T9615] ? kmsan_get_metadata+0x11d/0x180 [ 306.248859][ T9615] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 306.254707][ T9615] d_alloc_parallel+0x135/0x1f40 [ 306.259711][ T9615] ? __d_lookup+0x71e/0x850 [ 306.264275][ T9615] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 306.270153][ T9615] ? kmsan_get_metadata+0x11d/0x180 [ 306.275405][ T9615] ? kmsan_get_metadata+0x4f/0x180 [ 306.280559][ T9615] ? kmsan_internal_set_origin+0x75/0xb0 [ 306.286258][ T9615] ? kmsan_get_metadata+0x4f/0x180 [ 306.291428][ T9615] proc_fill_cache+0x48b/0x7c0 [ 306.296248][ T9615] ? ksys_getdents64+0x500/0x500 [ 306.301266][ T9615] ? dir_emit_dots+0x450/0x450 [ 306.306104][ T9615] proc_pident_readdir+0x306/0x510 [ 306.311372][ T9615] proc_tgid_base_readdir+0x82/0xa0 [ 306.316618][ T9615] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 306.322212][ T9615] iterate_dir+0x3d8/0x890 [ 306.326692][ T9615] ksys_getdents64+0x1bb/0x500 [ 306.331510][ T9615] ? ksys_getdents64+0x500/0x500 [ 306.336511][ T9615] __se_sys_getdents64+0x8d/0xb0 [ 306.341497][ T9615] __x64_sys_getdents64+0x4a/0x70 [ 306.346573][ T9615] do_syscall_64+0xb0/0x150 [ 306.351133][ T9615] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 306.357069][ T9615] RIP: 0033:0x45c1d9 [ 306.360992][ T9615] Code: Bad RIP value. [ 306.365089][ T9615] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 306.373553][ T9615] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 306.381742][ T9615] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 306.389844][ T9615] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 306.397962][ T9615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 306.405995][ T9615] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:36 executing program 0 (fault-call:2 fault-nth:21): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 306.762639][ T9624] FAULT_INJECTION: forcing a failure. [ 306.762639][ T9624] name failslab, interval 1, probability 0, space 0, times 0 [ 306.775545][ T9624] CPU: 0 PID: 9624 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 306.784204][ T9624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.794416][ T9624] Call Trace: [ 306.797810][ T9624] dump_stack+0x1df/0x240 [ 306.802252][ T9624] should_fail+0x8b7/0x9e0 [ 306.806827][ T9624] __should_failslab+0x1f6/0x290 [ 306.811861][ T9624] should_failslab+0x29/0x70 [ 306.816558][ T9624] kmem_cache_alloc+0xd0/0xd70 [ 306.821501][ T9624] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 306.827679][ T9624] ? proc_alloc_inode+0x5c/0x160 [ 306.832719][ T9624] ? kmsan_get_metadata+0x4f/0x180 [ 306.837933][ T9624] ? kmsan_get_metadata+0x11d/0x180 [ 306.843240][ T9624] proc_alloc_inode+0x5c/0x160 [ 306.848114][ T9624] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 306.854538][ T9624] new_inode_pseudo+0xb1/0x590 [ 306.859404][ T9624] new_inode+0x5a/0x3d0 [ 306.863676][ T9624] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 306.869581][ T9624] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 306.875837][ T9624] ? d_alloc_parallel+0x1c3b/0x1f40 [ 306.881147][ T9624] proc_pid_make_inode+0x77/0xb10 [ 306.886333][ T9624] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 306.892273][ T9624] proc_pident_instantiate+0xf8/0x4e0 [ 306.897754][ T9624] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 306.903671][ T9624] proc_fill_cache+0x62e/0x7c0 [ 306.908551][ T9624] ? dir_emit_dots+0x450/0x450 [ 306.913437][ T9624] proc_pident_readdir+0x306/0x510 [ 306.918747][ T9624] proc_tgid_base_readdir+0x82/0xa0 [ 306.924086][ T9624] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 306.929734][ T9624] iterate_dir+0x3d8/0x890 [ 306.934267][ T9624] ksys_getdents64+0x1bb/0x500 [ 306.939135][ T9624] ? ksys_getdents64+0x500/0x500 [ 306.944169][ T9624] __se_sys_getdents64+0x8d/0xb0 [ 306.949247][ T9624] __x64_sys_getdents64+0x4a/0x70 [ 306.954358][ T9624] do_syscall_64+0xb0/0x150 [ 306.958958][ T9624] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 306.964902][ T9624] RIP: 0033:0x45c1d9 [ 306.968829][ T9624] Code: Bad RIP value. [ 306.972938][ T9624] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 306.981435][ T9624] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 306.989480][ T9624] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 306.997534][ T9624] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 307.005570][ T9624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 307.013697][ T9624] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:37 executing program 0 (fault-call:2 fault-nth:22): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:37 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmmsg$inet6(r0, &(0x7f0000000700)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e24, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="24010080000000f4d5290000000200fcb70ef8001dc41600fe0000000000001e0001", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x28}}], 0x2, 0x0) [ 307.288062][ T9628] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 307.321706][ T9629] FAULT_INJECTION: forcing a failure. [ 307.321706][ T9629] name failslab, interval 1, probability 0, space 0, times 0 [ 307.334671][ T9629] CPU: 0 PID: 9629 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 307.343321][ T9629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.353457][ T9629] Call Trace: [ 307.356850][ T9629] dump_stack+0x1df/0x240 [ 307.361303][ T9629] should_fail+0x8b7/0x9e0 [ 307.365961][ T9629] __should_failslab+0x1f6/0x290 [ 307.370996][ T9629] should_failslab+0x29/0x70 [ 307.375702][ T9629] kmem_cache_alloc+0xd0/0xd70 [ 307.380567][ T9629] ? __d_alloc+0x8e/0xc30 [ 307.385017][ T9629] ? kmsan_get_metadata+0x4f/0x180 [ 307.390235][ T9629] ? kmsan_get_metadata+0x11d/0x180 [ 307.395532][ T9629] __d_alloc+0x8e/0xc30 [ 307.399795][ T9629] ? kmsan_get_metadata+0x11d/0x180 [ 307.405115][ T9629] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 307.411179][ T9629] d_alloc_parallel+0x135/0x1f40 [ 307.416214][ T9629] ? __d_lookup+0x71e/0x850 [ 307.420821][ T9629] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 307.426723][ T9629] ? kmsan_get_metadata+0x11d/0x180 [ 307.432034][ T9629] ? kmsan_get_metadata+0x4f/0x180 [ 307.437256][ T9629] ? kmsan_internal_set_origin+0x75/0xb0 [ 307.442996][ T9629] ? kmsan_get_metadata+0x4f/0x180 [ 307.448218][ T9629] proc_fill_cache+0x48b/0x7c0 [ 307.453631][ T9629] ? ksys_getdents64+0x500/0x500 [ 307.458665][ T9629] ? dir_emit_dots+0x450/0x450 [ 307.463516][ T9629] proc_pident_readdir+0x306/0x510 [ 307.468803][ T9629] proc_tgid_base_readdir+0x82/0xa0 [ 307.474079][ T9629] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 307.479868][ T9629] iterate_dir+0x3d8/0x890 [ 307.484518][ T9629] ksys_getdents64+0x1bb/0x500 [ 307.489435][ T9629] ? ksys_getdents64+0x500/0x500 [ 307.494526][ T9629] __se_sys_getdents64+0x8d/0xb0 [ 307.499514][ T9629] __x64_sys_getdents64+0x4a/0x70 [ 307.504589][ T9629] do_syscall_64+0xb0/0x150 [ 307.509147][ T9629] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 307.515149][ T9629] RIP: 0033:0x45c1d9 [ 307.519052][ T9629] Code: Bad RIP value. [ 307.523141][ T9629] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 307.531592][ T9629] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 307.539597][ T9629] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 307.547604][ T9629] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 307.555606][ T9629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016 [ 307.563622][ T9629] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:37 executing program 2: r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x80, 0x0) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x4ec, 0x0, 0x0, 0x14, 0x0, "a2e97179ba51c03db6da1e60c343fa8c50ff2d6208d936d6bfa92ce433cc611506ca98c472f336afa6379735ca47ebdc272f62d68d6a08ad484e355fad99b7d2", "2c0de3b2358fc90dff1e5f1e21c2d974f35aad8900509f82cdf618f640e6c8d7f113d399baaf3eb79c1af37f12cb1f6ea8cd91e023f394a769c003c015894371", "b2fe53b334d784098d4ea8a721d9e4c9f9bce61952f617042fd0e4afeb8b9759", [0x4, 0xbe3]}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8}, @TCA_TBF_BURST={0x8, 0x6, 0x1000}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {}, 0x5}}]}}]}, 0x68}}, 0x0) [ 307.836461][ T9637] QAT: Invalid ioctl [ 307.910671][ T9637] QAT: Invalid ioctl 17:02:38 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:02:38 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'syz_tun\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2d}}}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000040)) 17:02:38 executing program 0 (fault-call:2 fault-nth:23): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 308.449433][ T9649] FAULT_INJECTION: forcing a failure. [ 308.449433][ T9649] name failslab, interval 1, probability 0, space 0, times 0 [ 308.463021][ T9649] CPU: 1 PID: 9649 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 308.471670][ T9649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.481967][ T9649] Call Trace: [ 308.485354][ T9649] dump_stack+0x1df/0x240 [ 308.489801][ T9649] should_fail+0x8b7/0x9e0 [ 308.494314][ T9649] __should_failslab+0x1f6/0x290 [ 308.499343][ T9649] should_failslab+0x29/0x70 [ 308.504015][ T9649] kmem_cache_alloc+0xd0/0xd70 [ 308.508960][ T9649] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 308.518573][ T9649] ? proc_alloc_inode+0x5c/0x160 [ 308.523586][ T9649] ? kmsan_get_metadata+0x4f/0x180 [ 308.528795][ T9649] ? kmsan_get_metadata+0x11d/0x180 [ 308.534099][ T9649] proc_alloc_inode+0x5c/0x160 [ 308.538982][ T9649] ? proc_invalidate_siblings_dcache+0x890/0x890 [ 308.545387][ T9649] new_inode_pseudo+0xb1/0x590 [ 308.550276][ T9649] new_inode+0x5a/0x3d0 [ 308.554624][ T9649] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 308.560480][ T9649] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 308.566903][ T9649] ? d_alloc_parallel+0x1c3b/0x1f40 [ 308.572265][ T9649] proc_pid_make_inode+0x77/0xb10 [ 308.577564][ T9649] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 308.583447][ T9649] proc_pident_instantiate+0xf8/0x4e0 [ 308.588890][ T9649] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 308.594785][ T9649] proc_fill_cache+0x62e/0x7c0 [ 308.599954][ T9649] ? dir_emit_dots+0x450/0x450 [ 308.604773][ T9649] proc_pident_readdir+0x306/0x510 [ 308.609944][ T9649] proc_tgid_base_readdir+0x82/0xa0 [ 308.615202][ T9649] ? proc_fd_access_allowed+0x1e0/0x1e0 [ 308.620896][ T9649] iterate_dir+0x3d8/0x890 [ 308.625417][ T9649] ksys_getdents64+0x1bb/0x500 [ 308.630369][ T9649] ? ksys_getdents64+0x500/0x500 [ 308.635446][ T9649] __se_sys_getdents64+0x8d/0xb0 [ 308.640440][ T9649] __x64_sys_getdents64+0x4a/0x70 [ 308.645601][ T9649] do_syscall_64+0xb0/0x150 [ 308.650243][ T9649] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 308.656254][ T9649] RIP: 0033:0x45c1d9 [ 308.660156][ T9649] Code: Bad RIP value. [ 308.664259][ T9649] RSP: 002b:00007fad9c1e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 308.672713][ T9649] RAX: ffffffffffffffda RBX: 0000000000003f00 RCX: 000000000045c1d9 [ 308.680713][ T9649] RDX: a9dceadb052c07c7 RSI: 0000000020000df0 RDI: 0000000000000004 [ 308.688714][ T9649] RBP: 00007fad9c1e1ca0 R08: 0000000000000000 R09: 0000000000000000 [ 308.696710][ T9649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 308.704727][ T9649] R13: 0000000000c9fb6f R14: 00007fad9c1e29c0 R15: 000000000078bf0c 17:02:38 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'syz_tun\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2d}}}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000040)) 17:02:38 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'syz_tun\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2d}}}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000040)) 17:02:38 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'syz_tun\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2d}}}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000040)) 17:02:39 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'syz_tun\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2d}}}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) 17:02:39 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/ipc\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:39 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'syz_tun\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2d}}}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) 17:02:39 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') set_thread_area(&(0x7f0000000000)={0x8, 0x20001000, 0x3400, 0x1, 0x1, 0x1}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udplite\x00') getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:39 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'syz_tun\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2d}}}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:39 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp\x00') r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) ptrace$setopts(0xffffffffffffffff, r1, 0x29c, 0x22) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:40 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:02:40 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:40 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:40 executing program 2: write(0xffffffffffffffff, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:40 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r4, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) bind$xdp(r0, &(0x7f0000000000)={0x2c, 0x1, r3, 0x3b, r4}, 0x10) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r5 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r5, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 310.499597][ T9703] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 17:02:40 executing program 2: write(0xffffffffffffffff, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 310.623574][ T9705] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 17:02:40 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000000)={0x8001, 0x20, [0x2, 0x7, 0x0, 0x7, 0x101, 0x800, 0x200, 0x1]}) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:40 executing program 2: write(0xffffffffffffffff, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:40 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/518, 0x206) sched_yield() 17:02:40 executing program 2: r0 = socket(0x0, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:41 executing program 0: openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x2000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_open_procfs(0x0, &(0x7f0000000080)) r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) openat2(r1, &(0x7f0000000080)='./bus\x00', &(0x7f0000000100)={0x248000, 0x100, 0x2}, 0x18) r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) getdents64(r2, &(0x7f0000000580)=""/527, 0x20f) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x200000, 0x0) mmap$usbfs(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x4000010, r3, 0x7f) 17:02:41 executing program 2: r0 = socket(0x0, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:41 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:02:41 executing program 2: r0 = socket(0x0, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:41 executing program 0: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x6) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}}, 0x0) sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x80, r2, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x1b}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xfff}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x20000090}, 0x40002) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000080)) r4 = creat(&(0x7f0000000000)='./file0\x00', 0x8) r5 = socket$netlink(0x10, 0x3, 0x6) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r6, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}}, 0x0) sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x28, r6, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x48000) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:41 executing program 2: r0 = socket(0x10, 0x0, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:42 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_open_procfs(0x0, &(0x7f0000000080)) r0 = open(&(0x7f0000000000)='./bus\x00', 0x40042, 0xd) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) personality(0xc) getdents64(r0, &(0x7f0000000100)=""/506, 0x1fa) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x401, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r1, 0x8008ae9d, &(0x7f0000000300)=""/180) 17:02:42 executing program 2: r0 = socket(0x10, 0x0, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:42 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_open_procfs(0x0, &(0x7f0000000080)) r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x0, 0x1010, r0, 0xde33f000) getdents64(r0, &(0x7f0000000340)=""/527, 0x20f) 17:02:42 executing program 2: r0 = socket(0x10, 0x0, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:42 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r4}, 0x10) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)=0x5) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:42 executing program 2: socket(0x10, 0x3, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 312.814070][ T9779] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 312.891801][ T9788] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 17:02:42 executing program 2: socket(0x10, 0x3, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:43 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/mnt\x00') r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$setsig(0x4203, 0x0, 0x43d4, &(0x7f0000000340)={0x2b, 0x800, 0x100}) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = syz_open_procfs(r0, &(0x7f0000000300)='attr\x00') getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x104) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000000)={@private2={0xfc, 0x2, [], 0x1}, 0x43, r5}) 17:02:43 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:02:43 executing program 2: socket(0x10, 0x3, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:43 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f00000002c0)={&(0x7f00000001c0)=[0x0], &(0x7f0000000200)=[{}, {}, {}, {}], 0xc4, 0x0, [], 0x1, 0x4}) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsu\x00', 0x8802, 0x0) r2 = socket$netlink(0x10, 0x3, 0x6) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="af1c00dd7e2329b00b6c3c2dfba85b63ec8d1a0db70efc50bdf10000", @ANYRES16=r3, @ANYBLOB="01000000000000000000040000000800050000000000"], 0x1c}}, 0x0) sendmsg$IPVS_CMD_SET_DEST(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x44, r3, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xc245}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3ff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5aff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}]}, 0x44}}, 0x4000880) r4 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r4, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:43 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, 0x0, 0x0) 17:02:43 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) perf_event_open$cgroup(&(0x7f0000000000)={0x2, 0x70, 0x1, 0x8, 0x4, 0x7, 0x0, 0x5, 0x1340, 0x5, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0xfffffffa, 0x1, @perf_config_ext={0x10000, 0x72bfc6ec}, 0x20022, 0x78f, 0xe1, 0x2, 0x4, 0x5, 0x7f}, r0, 0x1, 0xffffffffffffffff, 0x2) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:43 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, 0x0, 0x0) 17:02:43 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, 0x0, 0x0) 17:02:43 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000000)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000000)={r0, 0x1, 0x101, 0xffff}) sendmsg$RDMA_NLDEV_CMD_GET(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180061ec5ae0bcb9f37d0df1533e26b309480100021500000a38600f5e29cce5c2d39b301a3d86748e72a03ceefe"], 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x44010) 17:02:44 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000), 0x0) 17:02:44 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = socket(0xa, 0x1, 0x0) close(r1) sendmmsg$inet_sctp(r1, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x7b, &(0x7f0000000100)={r3}, 0x8) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={r3, @in6={{0xa, 0x4e22, 0x0, @mcast1, 0xfff}}}, 0x84) getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nvram\x00', 0x0, 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r5, 0x54a2) readv(r5, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000180)={0x20002004}) 17:02:44 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000), 0x0) 17:02:44 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0x40084146, &(0x7f0000000080)=0x8) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = pidfd_getfd(r1, 0xffffffffffffffff, 0x0) ioctl$EVIOCGPROP(r2, 0x80404509, &(0x7f00000000c0)=""/110) syz_open_procfs$namespace(r0, &(0x7f0000000040)='ns/mnt\x00') ioctl$CAPI_GET_SERIAL(0xffffffffffffffff, 0xc0044308, &(0x7f0000000000)=0x7126) getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:44 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:02:44 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000), 0x0) 17:02:44 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000100)="7eb1bc8ccb6325a831fd1a787babd9f7d0dab6d47d46111170eb961d659f03f1e0fa33122ba628ce7d294744628da9314a8c963fc5f26c071839b2d3f7a808a073a71a9235707f7771678790b695ce3bad477223df436f50b0", 0x59) symlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00') syz_open_procfs(0x0, &(0x7f0000000080)) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x90000, 0x0) getdents64(r0, &(0x7f0000000df0)=""/526, 0x20e) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000180)=@v2={0x2, @adiantum, 0x3, [], "ebc71d0a3e5950ee64914c084df0526a"}) 17:02:44 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04", 0x12) 17:02:44 executing program 0: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000000)=0x7) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:44 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04", 0x12) 17:02:45 executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') setns(r0, 0x20000) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:45 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04", 0x12) 17:02:45 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100", 0x1b) 17:02:45 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:45 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_open_procfs(0x0, &(0x7f0000000080)) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0x0, 0x7}) getdents64(r1, &(0x7f0000000df0)=""/526, 0x20e) 17:02:45 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100", 0x1b) 17:02:45 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:02:45 executing program 3: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:02:45 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:45 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100", 0x1b) 17:02:46 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) syz_open_procfs$namespace(r0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x11, r2, 0x0) ioctl$VIDIOC_G_OUTPUT(r2, 0x8004562e, &(0x7f0000000000)) 17:02:46 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f511080001000201000208000380", 0x20) 17:02:46 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) r1 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000000)=[{0x80000006}]}, 0x10) getsockopt$sock_buf(r1, 0x1, 0x1a, 0x0, &(0x7f0000000040)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:46 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f511080001000201000208000380", 0x20) 17:02:46 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f511080001000201000208000380", 0x20) [ 316.775474][ T9916] IPVS: ftp: loaded support on port[0] = 21 17:02:46 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x1402, 0x2, 0x70bd29, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048800}, 0x5) 17:02:46 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f5110800010002010002080003800500", 0x22) 17:02:47 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f5110800010002010002080003800500", 0x22) [ 317.439128][ T9916] chnl_net:caif_netlink_parms(): no params data found 17:02:47 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 317.904975][ T9916] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.912317][ T9916] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.922023][ T9916] device bridge_slave_0 entered promiscuous mode [ 318.026804][ T9916] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.034957][ T9916] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.044368][ T9916] device bridge_slave_1 entered promiscuous mode [ 318.251430][ T9916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 318.299821][ T9916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 318.343464][ T9916] team0: Port device team_slave_0 added [ 318.354517][ T9916] team0: Port device team_slave_1 added [ 318.418362][ T9916] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 318.425639][ T9916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 318.452603][ T9916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 318.480280][ T9916] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 318.490000][ T9916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 318.516336][ T9916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 318.731173][ T9916] device hsr_slave_0 entered promiscuous mode [ 318.833608][ T9916] device hsr_slave_1 entered promiscuous mode [ 318.942735][ T9916] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 318.950353][ T9916] Cannot create hsr debugfs directory [ 319.268494][ T9916] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 319.331226][ T9916] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 319.399933][ T9916] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 319.439152][ T9916] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 319.687619][ T9916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 319.720019][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 319.729145][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 319.746259][ T9916] 8021q: adding VLAN 0 to HW filter on device team0 [ 319.772754][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 319.793552][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 319.802833][ T8753] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.810136][ T8753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.862733][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 319.872201][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 319.882717][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 319.894264][ T8753] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.901571][ T8753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.910613][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 319.921981][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 319.932937][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 319.943415][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 319.953683][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 319.964014][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 319.993844][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 320.003784][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 320.014110][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 320.023688][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 320.033325][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 320.050464][ T9916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 320.125170][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 320.133792][ T8753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 320.162255][ T9916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 320.233132][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 320.243513][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 320.298263][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 320.308909][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 320.337514][ T9916] device veth0_vlan entered promiscuous mode [ 320.356073][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 320.365726][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 320.394223][ T9916] device veth1_vlan entered promiscuous mode [ 320.478510][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 320.488560][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 320.516720][ T9916] device veth0_macvtap entered promiscuous mode [ 320.550580][ T9916] device veth1_macvtap entered promiscuous mode [ 320.596726][ T9916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 320.608176][ T9916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.618259][ T9916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 320.628827][ T9916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.638833][ T9916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 320.649641][ T9916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.663807][ T9916] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 320.673224][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 320.682789][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 320.692364][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 320.702504][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 320.738506][ T9916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 320.753102][ T9916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.763200][ T9916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 320.773828][ T9916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.783876][ T9916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 320.794513][ T9916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.808402][ T9916] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 320.817055][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 320.827066][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 17:02:51 executing program 3: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:02:51 executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') pkey_alloc(0x0, 0x1) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) r2 = syz_open_procfs(r1, &(0x7f0000000000)='net/dev_mcast\x00') ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$DRM_IOCTL_ADD_BUFS(r3, 0xc0206416, &(0x7f0000000040)={0x7, 0x1882, 0x8, 0x7, 0x2}) getdents64(r2, &(0x7f0000000340)=""/543, 0x21f) 17:02:51 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f5110800010002010002080003800500", 0x22) 17:02:51 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:02:51 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000080)=0x0) r2 = syz_open_procfs(r1, &(0x7f0000000040)='syscall\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000000)=0x4, 0x4) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:51 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f511080001000201000208000380050000", 0x23) 17:02:51 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f511080001000201000208000380050000", 0x23) 17:02:51 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = fcntl$getown(r0, 0x9) r2 = syz_open_procfs(r1, &(0x7f0000000000)='stat\x00') getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:52 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f511080001000201000208000380050000", 0x23) 17:02:52 executing program 0: ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000040)={0x0, &(0x7f0000000000)="b1b8f928f78f1b0e8555b4bc41cc", 0xe}) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000340)=""/526, 0x20e) 17:02:52 executing program 2 (fault-call:1 fault-nth:0): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 322.552564][T10193] FAULT_INJECTION: forcing a failure. [ 322.552564][T10193] name failslab, interval 1, probability 0, space 0, times 0 [ 322.565576][T10193] CPU: 0 PID: 10193 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 322.574314][T10193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.584624][T10193] Call Trace: [ 322.588188][T10193] dump_stack+0x1df/0x240 [ 322.592620][T10193] should_fail+0x8b7/0x9e0 [ 322.597151][T10193] __should_failslab+0x1f6/0x290 [ 322.602184][T10193] should_failslab+0x29/0x70 [ 322.607523][T10193] kmem_cache_alloc_node+0xfd/0xed0 [ 322.612825][T10193] ? __netlink_lookup+0x749/0x810 [ 322.617935][T10193] ? __alloc_skb+0x208/0xac0 [ 322.622629][T10193] __alloc_skb+0x208/0xac0 [ 322.627175][T10193] netlink_sendmsg+0x7d3/0x14d0 [ 322.632149][T10193] ? netlink_getsockopt+0x1440/0x1440 [ 322.637629][T10193] sock_write_iter+0x707/0x720 [ 322.642507][T10193] ? sock_read_iter+0x760/0x760 [ 322.647612][T10193] vfs_write+0xd98/0x1480 [ 322.652071][T10193] ksys_write+0x267/0x450 [ 322.656898][T10193] __se_sys_write+0x92/0xb0 [ 322.661531][T10193] __x64_sys_write+0x4a/0x70 [ 322.666239][T10193] do_syscall_64+0xb0/0x150 [ 322.670858][T10193] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 322.676810][T10193] RIP: 0033:0x45c1d9 [ 322.680735][T10193] Code: Bad RIP value. [ 322.684854][T10193] RSP: 002b:00007f4e8b787c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 322.693348][T10193] RAX: ffffffffffffffda RBX: 0000000000034c80 RCX: 000000000045c1d9 17:02:52 executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') ioctl$FIOCLEX(r0, 0x5451) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x2) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x7, &(0x7f0000000000)="80647eb6709da307a57c") ptrace$cont(0x20, r2, 0x0, 0x0) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x2) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) r4 = syz_open_procfs(r3, &(0x7f0000000040)='oom_adj\x00') getdents64(r4, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 322.701571][T10193] RDX: 0000000000000024 RSI: 0000000020000000 RDI: 0000000000000003 [ 322.709621][T10193] RBP: 00007f4e8b787ca0 R08: 0000000000000000 R09: 0000000000000000 [ 322.717837][T10193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.725880][T10193] R13: 0000000000c9fb6f R14: 00007f4e8b7889c0 R15: 000000000078bf0c 17:02:53 executing program 3: add_key$user(&(0x7f0000000080)='user\x00', 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') fsopen(&(0x7f0000000140)='pstore\x00', 0x1) fchdir(r0) fstat(r0, &(0x7f00000000c0)) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="5d686d52f620da7d7eca637cdc5df5d3b644ddb0"], &(0x7f0000187ff8)='.', 0x0, 0x2001092, 0x0) 17:02:53 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) fchdir(r0) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:53 executing program 2 (fault-call:1 fault-nth:1): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:53 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 323.630758][T10216] FAULT_INJECTION: forcing a failure. [ 323.630758][T10216] name failslab, interval 1, probability 0, space 0, times 0 [ 323.643973][T10216] CPU: 1 PID: 10216 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 323.652725][T10216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.662835][T10216] Call Trace: [ 323.666227][T10216] dump_stack+0x1df/0x240 [ 323.670639][T10216] should_fail+0x8b7/0x9e0 [ 323.675162][T10216] __should_failslab+0x1f6/0x290 [ 323.680189][T10216] should_failslab+0x29/0x70 [ 323.684978][T10216] __kmalloc_node_track_caller+0x1c3/0x1200 [ 323.690970][T10216] ? kmem_cache_alloc_node+0x1b0/0xed0 [ 323.696526][T10216] ? netlink_sendmsg+0x7d3/0x14d0 [ 323.701682][T10216] ? netlink_sendmsg+0x7d3/0x14d0 [ 323.706815][T10216] __alloc_skb+0x2fd/0xac0 [ 323.711329][T10216] ? netlink_sendmsg+0x7d3/0x14d0 [ 323.716464][T10216] netlink_sendmsg+0x7d3/0x14d0 [ 323.721640][T10216] ? netlink_getsockopt+0x1440/0x1440 [ 323.727242][T10216] sock_write_iter+0x707/0x720 [ 323.732300][T10216] ? sock_read_iter+0x760/0x760 [ 323.737233][T10216] vfs_write+0xd98/0x1480 [ 323.741676][T10216] ksys_write+0x267/0x450 [ 323.746099][T10216] __se_sys_write+0x92/0xb0 [ 323.750707][T10216] __x64_sys_write+0x4a/0x70 [ 323.755376][T10216] do_syscall_64+0xb0/0x150 [ 323.759958][T10216] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 323.765894][T10216] RIP: 0033:0x45c1d9 [ 323.769810][T10216] Code: Bad RIP value. 17:02:53 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = socket(0xa, 0x1, 0x0) close(r1) sendmmsg$inet_sctp(r1, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x7b, &(0x7f0000000100)={r3}, 0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000)={r3, 0x23, 0xac}, &(0x7f0000000040)=0x8) r4 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r4, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 323.773925][T10216] RSP: 002b:00007f4e8b787c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 323.782582][T10216] RAX: ffffffffffffffda RBX: 0000000000034c80 RCX: 000000000045c1d9 [ 323.790676][T10216] RDX: 0000000000000024 RSI: 0000000020000000 RDI: 0000000000000003 [ 323.798795][T10216] RBP: 00007f4e8b787ca0 R08: 0000000000000000 R09: 0000000000000000 [ 323.806825][T10216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.814854][T10216] R13: 0000000000c9fb6f R14: 00007f4e8b7889c0 R15: 000000000078bf0c 17:02:54 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) lookup_dcookie(0x7, &(0x7f0000000000)=""/117, 0x75) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x0, 0x0, 0xfffffffd}, [@ldst={0x7, 0x3, 0x4}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) 17:02:54 executing program 2 (fault-call:1 fault-nth:2): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 324.445877][T10238] FAULT_INJECTION: forcing a failure. [ 324.445877][T10238] name failslab, interval 1, probability 0, space 0, times 0 [ 324.460214][T10238] CPU: 0 PID: 10238 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 324.468954][T10238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.479072][T10238] Call Trace: [ 324.482465][T10238] dump_stack+0x1df/0x240 [ 324.486910][T10238] should_fail+0x8b7/0x9e0 [ 324.491447][T10238] __should_failslab+0x1f6/0x290 [ 324.496474][T10238] should_failslab+0x29/0x70 [ 324.501206][T10238] kmem_cache_alloc+0xd0/0xd70 [ 324.506076][T10238] ? skb_clone+0x328/0x5d0 [ 324.510592][T10238] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 324.516754][T10238] ? rhashtable_jhash2+0x3ac/0x4d0 [ 324.521974][T10238] ? kmsan_get_metadata+0x11d/0x180 [ 324.527288][T10238] skb_clone+0x328/0x5d0 [ 324.531655][T10238] netlink_deliver_tap+0x77d/0xe90 [ 324.536872][T10238] ? kmsan_set_origin_checked+0x95/0xf0 [ 324.542532][T10238] netlink_unicast+0xe87/0x1100 [ 324.547601][T10238] netlink_sendmsg+0x1246/0x14d0 [ 324.552665][T10238] ? netlink_getsockopt+0x1440/0x1440 [ 324.558141][T10238] sock_write_iter+0x707/0x720 [ 324.563035][T10238] ? sock_read_iter+0x760/0x760 [ 324.567990][T10238] vfs_write+0xd98/0x1480 [ 324.572453][T10238] ksys_write+0x267/0x450 [ 324.576895][T10238] __se_sys_write+0x92/0xb0 [ 324.581504][T10238] __x64_sys_write+0x4a/0x70 [ 324.586206][T10238] do_syscall_64+0xb0/0x150 [ 324.590911][T10238] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 324.597655][T10238] RIP: 0033:0x45c1d9 [ 324.601595][T10238] Code: Bad RIP value. [ 324.605698][T10238] RSP: 002b:00007f4e8b787c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 324.614182][T10238] RAX: ffffffffffffffda RBX: 0000000000034c80 RCX: 000000000045c1d9 [ 324.622442][T10238] RDX: 0000000000000024 RSI: 0000000020000000 RDI: 0000000000000003 [ 324.630747][T10238] RBP: 00007f4e8b787ca0 R08: 0000000000000000 R09: 0000000000000000 [ 324.638757][T10238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 324.646762][T10238] R13: 0000000000c9fb6f R14: 00007f4e8b7889c0 R15: 000000000078bf0c 17:02:54 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) getsockopt$inet_int(r1, 0x0, 0x12, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000040)='net/dev\x00') getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:54 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 17:02:54 executing program 3: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000140)='cpuset\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = dup(r0) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cpuset.mem_exclusive\x00', 0x2, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) utimes(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)={{r3, r4/1000+10000}, {0x0, 0xea60}}) sendfile(r2, r2, 0x0, 0x7fff) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000200), 0x4) ioctl$USBDEVFS_RESETEP(r1, 0x80045503, &(0x7f0000000000)={0xf}) 17:02:54 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000000)) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:55 executing program 2 (fault-call:1 fault-nth:3): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 325.075937][T10251] new mount options do not match the existing superblock, will be ignored [ 325.173289][T10251] new mount options do not match the existing superblock, will be ignored [ 325.219385][T10260] FAULT_INJECTION: forcing a failure. [ 325.219385][T10260] name failslab, interval 1, probability 0, space 0, times 0 [ 325.232335][T10260] CPU: 1 PID: 10260 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 325.241081][T10260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.251278][T10260] Call Trace: [ 325.254657][T10260] dump_stack+0x1df/0x240 [ 325.259097][T10260] should_fail+0x8b7/0x9e0 [ 325.263618][T10260] __should_failslab+0x1f6/0x290 [ 325.268650][T10260] should_failslab+0x29/0x70 [ 325.273342][T10260] kmem_cache_alloc+0xd0/0xd70 [ 325.278194][T10260] ? stack_trace_save+0x1a0/0x1a0 [ 325.283397][T10260] ? skb_clone+0x328/0x5d0 [ 325.288006][T10260] ? kmsan_get_metadata+0x11d/0x180 [ 325.293293][T10260] skb_clone+0x328/0x5d0 [ 325.297638][T10260] dev_queue_xmit_nit+0x502/0x1280 [ 325.302841][T10260] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 325.309436][T10260] dev_hard_start_xmit+0x20c/0xa70 [ 325.314674][T10260] __dev_queue_xmit+0x2f8d/0x3b20 [ 325.319808][T10260] ? kmsan_get_metadata+0x11d/0x180 [ 325.325111][T10260] ? skb_clone+0x404/0x5d0 [ 325.329642][T10260] dev_queue_xmit+0x4b/0x60 [ 325.334245][T10260] netlink_deliver_tap+0x9d4/0xe90 [ 325.340152][T10260] ? kmsan_set_origin_checked+0x95/0xf0 [ 325.345810][T10260] netlink_unicast+0xe87/0x1100 [ 325.350776][T10260] netlink_sendmsg+0x1246/0x14d0 [ 325.355820][T10260] ? netlink_getsockopt+0x1440/0x1440 [ 325.361291][T10260] sock_write_iter+0x707/0x720 [ 325.366201][T10260] ? sock_read_iter+0x760/0x760 [ 325.371138][T10260] vfs_write+0xd98/0x1480 [ 325.375612][T10260] ksys_write+0x267/0x450 [ 325.380045][T10260] __se_sys_write+0x92/0xb0 [ 325.384657][T10260] __x64_sys_write+0x4a/0x70 [ 325.389349][T10260] do_syscall_64+0xb0/0x150 [ 325.394062][T10260] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 325.400117][T10260] RIP: 0033:0x45c1d9 [ 325.404221][T10260] Code: Bad RIP value. [ 325.408355][T10260] RSP: 002b:00007f4e8b787c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 325.416865][T10260] RAX: ffffffffffffffda RBX: 0000000000034c80 RCX: 000000000045c1d9 [ 325.424906][T10260] RDX: 0000000000000024 RSI: 0000000020000000 RDI: 0000000000000003 [ 325.432950][T10260] RBP: 00007f4e8b787ca0 R08: 0000000000000000 R09: 0000000000000000 [ 325.440992][T10260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 325.449045][T10260] R13: 0000000000c9fb6f R14: 00007f4e8b7889c0 R15: 000000000078bf0c 17:02:55 executing program 3: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000140)='cpuset\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = dup(r0) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cpuset.mem_exclusive\x00', 0x2, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) utimes(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)={{r3, r4/1000+10000}, {0x0, 0xea60}}) sendfile(r2, r2, 0x0, 0x7fff) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000200), 0x4) ioctl$USBDEVFS_RESETEP(r1, 0x80045503, &(0x7f0000000000)={0xf}) [ 325.726692][T10265] new mount options do not match the existing superblock, will be ignored 17:02:55 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000000000)=""/23, &(0x7f0000000080)=0x17) r3 = dup(r1) syz_genetlink_get_family_id$l2tp(&(0x7f0000000100)='l2tp\x00') ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=[@hopopts={{0x12, 0x11, 0x67}}], 0x18}, 0x0) 17:02:55 executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x9, 0x400) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r4 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r4, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000a00)=ANY=[@ANYBLOB="d1951574b93e5713c51a0708d4aa90625ef69cafd055498c304e2bf3be37eec1c4a4b03ab6c0bd435008589f88652f243cf0eac79d0235049d8a1724048a9db93094f6f6fc4d703f4426a960c7c62cf56be514cbafedf300000000", @ANYRES16=r5, @ANYBLOB="000225bd7000fddbdf2514000000500004800900010073797a31000000000c00078008000200030000000900010073797a31000000000900010073797a30000000001c000780080001001f00000008000100030000000800020000010000d00004800c00078008000400ff7f00001300010062726f6164636173742d6c696e6b00001c00078008000400010400000800030000040000080001000a0000001300010062726f6164636173742d6c696e6b0000240007800800030005000000080001000e000000080003000800000008000200000000001300010062726f6164636173742d6c696e6b00001300010062726f6164636173742d6c696e6b00001c0007800800010008000000080004000100008008000300028700001300010062726f6164636173742d6c696e6b0000480006804400040067636d28616573290000000000000000000000000000000000000000000000001c000000f784f8335060fba14ce00d4de698f2b51bd101b0e215b196e0583fdd4c00058034000280080002000600000008000200bdbc0000080002000700000008000400020000000800010018000000080002007f00000008000100657468000c00028008000400dd0700000c00028008000100e24b0000a000068004000200040002004b00040067636d286165732900000000000000000000000000000000000000000000000023000000e7515264b5065763335cdd62f5857b74a6b38af5dbc4a07b9bfa10181c8abb7430d6bb0008000100080000003f00040067636d28616573290000000000000000000000000000000000000000000000001700000029f051f3ba850f79046269c684d23191dc9ac296bbfa9900"], 0x274}, 0x1, 0x0, 0x0, 0x40000}, 0x4000014) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r7, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) setsockopt$inet_sctp_SCTP_NODELAY(r7, 0x84, 0x3, &(0x7f00000006c0)=0xfffffffb, 0x4) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000007080)=0x0) sendmsg$netlink(r1, &(0x7f0000007140)={&(0x7f0000000440)=@proc={0x10, 0x0, 0x25dfdbfe, 0x10000000}, 0xc, &(0x7f0000007000)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="7c000000170000032abd7000fbdbdf25121791d782a3da6b1561252773ad79547f2fcdd0244ac37f0d90be2d881f99bb2e099c00c7762826928d7ed31ce2298184b91a2c8515239be7ec0a5696b9546543452e289e04283910ceaae4ff1790ea9d3269fb417f566935c439c3a28e3d3fd5ea2e5f3094f4c851c60000"], 0x7c}, {&(0x7f0000001000)={0x2270, 0x27, 0x200, 0x70bd2d, 0x25dfdbfc, "", [@generic="565c3b2885bfcfe3ef6ef8f95256165202a22bbc6a0da96829ecf77c1c20308ad6e0a800e0869d524622fe86039f79e3f20f34044189cdeeb0aa7384f2a7b7846e57592f0ebf039a6bd02ef2076ab91fc772972d6e5c2dd8ee884ff9dc", @typed={0x8, 0x17, 0x0, 0x0, @fd=r1}, @generic="94d0b9e4c7115acc1e88bdec06dca9f435d3b2a3d2fbe04b2a31bc2961000651bd990d9e0d4ec58693c52b5a7d9fea965042123796a133cc13bcc39b89755d05e3e4401e6933ddc57955fe21331dd8cc38d2d1743902f24a9ec6ec7bd491c656e3e397c3183a354b798cfc60da", @nested={0x218a, 0x34, 0x0, 0x1, [@typed={0xf, 0x9, 0x0, 0x0, @str='/dev/vcsa#\x00'}, @generic="3c356673b6bb35ac12e38f04f1f3c27ff7f46df5f6049ab53e926746ebbf6e7d88b1a9ad4f4b752ad220c921bc8c48a4c139be02c6dd1a7ea848fc98bcc5fa8da527f0b360e4f93ced6b6070c03490b5c0ade89834489658f23a2e159d801618a222d100532ef85481bdcaa89ccbf97451dc78260829706f99d8342c9ee71d60cb1e791368454f8260c422352523ba9f762a069bf44706c3492ec55a9b23cb781f03a0bcd0f79c08c4af1050622117a5ddc267bec8551db273f0bf16539195ff462fc64dc45035e49b3d3b07a77a0329eb68dcd4144452d9846e887bb46c05612f9d6f1eaffddcb8090a0a71918eb47b465d20ab9e399f0ad6d7ed41e149edf2c6001392cfaec954356cc82df468241c2f68bb7b9651a321b6697a4859563708ad1f93721d2f14695f23917fd6d55ca1e684f32903b8813a6496c2575ffb6133d3216a52f68e2ee05d51bc885bfcb10f0b5c3c7c8ab43c16392c3b88eb9b37220e31b2b6a1cbddf4ae4f76579a5d4ffa08111acb53a9454b5723e88612aa74619d3ed4f5432959fb467a80350c248570a7ee1cff1707bf32746ff82677aff0a950209d8b8d9bff8b31a188f5685a2765e4f03293c43ab0bbcf36463ebfbe4ef0936611609a42f8fa992f4f620e0afcecb22da29fb731e4059d80054d6173988ce7d76fb87e087a258c2840845b0097371e59fe6f2501ba75c5a817593717227aa6a0dbc095358ae21d0d6e8f75ae5caab6628a89efd592ad9553d5fc0abae17a1b519cd954638a76f22aa27c3ba3f4fef529f424387413f701233ccbb4224fe99d475fadbb7dd02c9f86de4f174825617fefc8f2a1bd45c78da81ca229bf11ee4472cff238c0604ffac8312c7cae1b2f167b26a9bb3c801b871695611609dbd8abb1bf6a16c8d4186c2045a4135a4f369b5b409ad25da7014343133dfb07b22b9898a27ce41044ac9ed5e0b95a0764b05638b9d2d324f4f2c660b626757f73ca87b5f185c2bd8f31799adee309b833a0cc0c8d198a0ab291d2ce5bed492b6bc80a2c410ae406b444cac0b52a701c130fb7ed73630085ccc3545282dba82678b73abe16cf66c1097f24d6f9797a4fbd003c0e5ea416b3e7fed2dc24c1200aada2d97caf4ed924ba2debd15a7c770ee3cde2f726b11da63c0fe47ba557e94005249b6447a421142c1d020b95ce5a699d9546bef2fee65b88a7038dc7c098043beb62938198a16b117a3355d5110b4edc415700ee6544dce116b874108b82b4b6c84fa9ed44d8cfa6e03f18956b3773aac25c9edbc223980239af2e78a4a0748e225805ad3628013e0553ffcc6e39ad16bd87d4142d3120277dd9d95ecb54922a73e209ef5b9eb019a3413db85084c5797bdca180442f0709e6556220f08e7e19d0dea001d043e405f90b53036812ce9c12b7262b5812a33929b4c2e62dda61c56330557901ff0010fe64dc47eb36cf8b5ca76d51db09177dd9b66b15b838c93f51664d6ef8e60fad802d223e32cb1df760d07b1c6780bd2a58adf01ebcf0109bcaa551afa5b998ccc93724ff01578078237e9ad46da5dc8af2c51965cce67ce34436217f8733713da5b5721c3d6ff5aff14dec1c706d3419a6ce0852dfcbecc8f793f4d943c9cf52d4415bf04b2e77b2acf144ce26b9ecc7a7047be44a8e865c4709bb4b9640f4c4a2bf8e7e90edc5d60e1121f84ff36dc8cbad6fa2f52e4b9b5b2f56c74ded927021450b05da796fc240ee09b2aa971fcca0b9d69ece5a5f9d252d9b0c970d042075079b07334bddb5b42b1f3bd42eeae6483c1f91ff70c4f934aa5aa30f695650d7fe947b40343e121c9cea274c26f3f2d75e1b02bd6baa99121298f313989949f773944f1e716b690b5df467f80399a1804f8910885e36e5018c1185006d3402f418631b8fd8032052b818b5b02a865c201bb900a727d037b3e294693b2fae5bafc8be93df1ba37c1f5294c5953b1a6f1082da333d481d98886efd3af594276105782985caeeaeb9aaeeb9a5f7e906de364fe6b2d98c349c4d1139e8ef3ae509c9b3994a3fb32b1ca206fcb932f2c89bc82f874f179528b138a193b99abb05e8fc218380ad430a8df35b1ebc0b29cfa828965696888e303811eadc4e8b7a3dff0cb94f42d6420422f9c3085d2f2f103dd0a38040a7a8daff0dbad95564d56cef3948088dcaac87818108bf87d53090d32ab05c5fd0d35eb2f4258c45c6fd3f963314166c8682e42675b493dd231ba1809f599485dd9d8b3c48ac5ec4aadd0992add452f22256fb499c28b86998a4a75db6b7fe91f5f09e6651a83119b4b13b84c1fd63a53777b32cdf2033707352ac88111bdd77cca95bf4e36dc18daca5e89b9d33c10cff5a3f7d68038a65bab3be7f0ff697e575db89795efb9e5e5f8fb6cf155b4fe70a5a05581ae8e5a68dccc5d7cee2186530bb967052c48584eca4306e503a4cc4be0c441aff25be0326ced4acb60573634b990b0120e8356185da7ba3e98487a2c50041dc2956b802077741e504879d99d05c9e4c2bb50f9f9d23f3b2fd5e22102d6d7fe8112fb32949d29e379da8eafebb1648e2b1d7cf0d7567a0b21935b637d940959fa0fed836dce5cadf500ab3e5c6e6200a5310c02aea273c16873a61c7d1bb52406867e732f295c352cfcc655262e6502ff3f6ccc7d2eef57e5c4b333ec63403ba023bcf7e40a8a413e3dc002110e210c63f781346090c9ca4fba66afce938136751d7d4b990464669ea2743496b353f400a79898bd2efb6b397731126be78fbdc3277b04f89e6ecd7ebcf5cf70fda92b83aaf5120d63c2874a08d76f781d338b5c2e68a1abf071440f02a6d890cdca4cc88fd5fb4984e30d924e08a3e51fa53b5f0d98d2c4b8bb8b2f2d036602ff99c8fed633ea83dec810a989dd1dc4dfc794152276e429266bebbe284ae39a6551eb88aa4e84de44fba9a5820299841c6a33c3ecf94db364410c94870cb3fc50979a78a7d4c64b11ae5d6999f4d8927ca0819cd5c6eef5afb650cba087a0870acbb60fa41bd4b085f85fc9ad75a30fee968d138b37ea1f862c21f2fb8aa031224e7f7e08e80967b7f3fd827fa4887a4f508867bd2553662ab8c3bfd902c489974745b13b09c7f9799d8f33d3d19659f667edc69c2e22130794c6d6a950407175cde4c8463916500c56aadd44f74936ec20771d96d1fc47382c43a8f7e0542a1ddc81c22837437bfa8a2b174b1376ce44b5a0cd013621a6857cd40cfbbc50019db73b2b18e38edbc015bcd0d42b840bb3451b677d30acc7503c450edb0030298e36ccb06d7ab5be6c2d40ff62e486d46ea701ddd49a80f1cb8fb71a0cc8374324dc7c32473301ab5b2e7f94dcf12903f06e6a3fd438054dcf200e95d36391ee6c61734ceddfc0c134dad626bdc19a876ef95cc8fae6a071ea69622a585d5154646cc1aa908c0f4099914db54e6f08344a7c487f6b8c55d7b465f8fe2dae00f6dc4ff5c973bfd405e9ec214765e58fe03ecb4ddc3fbe38e155aeba8c0a28f7b4cf09672d3358ab40f25f8a9b89dd4ca3c1a17e18754e2d10da4d84e8ad57085767f8946e9edb428d11027c0e0fa7bee7bb4441af3f73d047d06118cd9b7faa3a2248c64865a9e35091e0a65b4e1e2847814b7a62962ddc2d3a8d8469d6939c71a4ded8b65c8f4e0089d7765dd64a885d6d1992fb290f26b62fa03c43a64b85549ebb7f91a3dfd415d4c9220512b0bd56f8503b79db29f7ba66e65daca8430428adb95d3063cecbd415dfd98862f13861a5f08695c3d1f8e72d20990e71916bffe94a71f7178fc4f56d841ef43ce1d17dbea830aea3ee3f73819635d4b2025b58dbd4f4f05431c7678601cf82f306407da76decdb9052b573cc4aa7c1cf167c8aabf4caf1e8047ebed9a57867f1ad28d65b5c1ce2651d78317d145276262a1e6ef2312f77008ea5e504d7cff48d35c147b7e0504193f2416d35d4c24500d431462ef0f57cb8f77d59e56fa4fc9f21d9a092100f527687bcfaf568b74fab8e9fae157613c0abac8de873e56ad9612fda78a22bfc6f9858d6863cdd707e3e3a749629eedbcb326c8b21304ac777672d09ca0a4f8870c7c5765982a8d62dc172b24b0e338b446d59f5c7d013c721c82c5eb76db920da7100861c106adeb498a32ac6a872b0e400899065146e200be30865caa6eb284691a871807524ae1bcc7435064a3aea77e1b5899a92013b12c5eb065bc73614d928597f8697849792f684e4bcef1abadabb5113fa5e92615593699ddb83f8bdc5d8987659284bdfc0c552f19d431cf6ad6e645e01c2bad9a0e52e6e68eb4ab08af356566a4b0dc5fda28e2cad97ada9d40168082b49572c283a80c460116ccd353ae1e8c2f8afebaf1586e6a8b9f94d32ab21d8bf5a7ff4312cf832615f838e891ec8bd6835f8ce082069773261368a9b4adad5e788a8eb8015ed222fda6b9e1b3f12b45b82591852e711673c02c087ee1abb26184a38f4143bf9ca33968896117249873045648d9dc564ae0396467f7d69cf011ff386b8b4ff10f087d04b7dd9f3373fb01540b1c647685d0476167cdc1675be4659a729c0dc79cb3d6675b4b591d97ff070efadd355da13a40524767897e43d9566710d0a943ef69aad75b08eaca448411af790e2f6ff697725f5ffd5459d8de3ed37400cb296c0b04573cbaa8badd7ef97f89f9ba330873a3de03b04cccacddc6c0a80b903e30bc40b74894a26b6dbc475f128fb4eb71b6054ec6eb549b9a0c2686117ed4c4e6d31f4c6eba250135345d3acf62a6b3b5734a27f0a9f17c4adc23005fd5b4de1b12f22c1881e9d8c481bcc5afdfc6447334120dfe84712ac6ca9bb2745a784c0c2094c12230e65d7a61b80f188afa2db97dfb9aa5931cdf021fb15b04deebd9fdd502f82b607c630453ded7404f6ef63b72a66bc06b0467e58700aecb818f351325743fe9744919cdf40ff2fc4fb338ec4d960e1ca221f87a140143811760fb481816d25fee7891e004df0352595bdbef5af1d6e69c1084d195caf3af383eb6cca00624e4c917db71e03088b531c80f7ad1afb2febad50153879e0c31b5586b98c4e6042b9636e4c51656103ad874de8affaeec64f349b4aa12a66d756cc54ec929f6912a2375dc002c90e4831dd304deba05efb744a16be151600bd5ddb48c994428f5309fdf56e2ef8cff5f39fd96a9f48dccc95897695b79172f873388d28b754bdee151338fb7f6549a6d65b3e6b697c028954ce204e96f08b8532a597e53ce7634833780a8b6857f3e3c87e5834d24e96aa1df0e2ac27dde6c8f42ae411839185f4c745d2fad9dac9234faf3a5a8d3527dbdcb1ffb7b51989f34400e4fdc26b6207033c6b96c7e6b491d5d6dabdb827c7eca368a68a2e03d4a8fa14b6be46d5ea9b386cf847fd2ead61013afc38613026df1a63073c0d77aa324c2f964c250380bfe57d86c005a9699ea6712f9a6d9172d6cb51579bd1b7d67e1e41b644734d609f44fbe8e38bcc1207ba4dbbce63b89568f7f7c4eba3f0005e44f474010e31241a95ffe7feadbd1e9048f11bc003d222ba67c6c8c34a8af350bf0782e53e9acd6616cc40426a2d82abe3c1ef98891c311ca35edcd9bdd7d6618412a99bad5e32ee3ba4e173847aad71af9de0ff19df666dd74b3ca84d985de13f06601963f5001ec8ab7d3ac7f428d4c558721752a4617e4bd9e24fa495020ecac46ffc53d9474ada4289a5d3361b0292e6dc7cdd7c05bb48c13c8d91dd96f2808376b80dd7aa7de47998fbc81b77e99fe9886dd8bd81e14b8ee", @generic="81b558a048c2e9fa53ebe13bc0fd68cfc977f2d8fbe5b2595e55ad20505280019e18b14a625b11bcac771ce447f67e9c1fd0c13cc00abe390bbca505d38f2403af7058ba5aa85cec606d1fa75bee2eeac8b536ad5fc111c09511fc7e61520688e8039e5dfbaa81e7424ec2dd6131a28ab9ea0d80ce022d01d610c9ab216e17cd", @generic="848ae7237f23ee354011edfa2cc10183ec460954bfc59a738426306998527fb5ce86775419932606bccb95ba11d9e51811870ff6230c195984f4134cc3aecac0d4271396c1092769174d551a4fe3be86a093fc96856629c190a9120965ebb4db83acc196440c44933434ca4e585c15f60e8c858f69481c87ed725c0c9bee46c0473fb1bff6eb259271e89b52b812b5b04b45f1953b7711b701373b4f016efeb70028d80b697ace8974d9bcd1eb4bbc761ef53dde8d3b77ada74dead6bce7ae720ca7a4781ce2be42748953620edac084087de0bc5f5a52134f1b1bc5a98eec782f1222114acb9469d5ea61ad9d22d26ab156a1839815af03d7571e4d20f19ace28e41637030bca5f88395a2bd8ed8cf272407023acd5b26db18ecc2cfa32a650ca2d57ec66016efa7203100b3b82570fc68b86b577453aa37349ff3e6946e5d5903fdaf8a2fa6d861d891bb525ed6c06dfcdb0a55ad3d45d56e4e93397b5fb00b1394dd27ab44ae40fa7e159b43d06aeb9929e5f8caae9b946ffb8a3d33670065c0f22c4df6a34a73fc01edb4f283a9c4769b4db060dcfe23196e2e4a3d9ff61f64a0b2f2ab025b6e09b946eb0b1982c25c8f6afccc42e5b9c3cb3daab5b74c4ad8a761b593519bf47360a6b8d3a81ac0a93842f503bf677302995d3e3c43260cdca66db0f4a3c8ed44d83eb8f2180c57415c47b709f79b4b9276b634bb5d31dcc0d675e301031934aced5bb6cf0b3d68e33a24f42c0b0cf32185e5dda4946464d1a9c5c8319f559c9a0bdb7f4b06854af8b3f178278feed5cc40a99f33e21b40a710c6ef7c5081704a4eb8af7535365a4936ddcceb2c318a78ca0e8c57383f091c6f02fc84808146e44df15f59938e846ba8e0d971527ce0b40107aab34f3d43531e7b8f2b2b1a684dcb9ca7db94e818d6b0546d1f9c4b99c520ce18a19e90ec45b0076e52e77e63087b031c7615f9ff4f3e191965372b55ff2a5fa5a658d1bd9e75e3abb1158628f678b0b37c15182513219df6475bd0731a343a55ad4fac9ebbb537b1a76ce685fcc7b4ee699757da6be5fa25320023dc50f9c845a8dd881ee4c212df53f28ed8e76f857af072cf2130aebf599a7bdd9e134a491a31b62bf7e32abbf3201032559857a6d389acd4ec32ed6fbb7d62d4474e5656645e1289766d19d89e317e1d3d8bd71a7bcc6a8d20aacf4a583a7c9e06e23f20b7c92227c49bacb71e799124b5201b778d65165f53001ea9c057bb5b9a23b71d9489ce902159da7f50e060f99d11b4c4bfd0243b95fbce75efe2d5624ef841b2310628edfc16864a7403f7fe142b70831cff720c8dc75005a49b98bcdcb19bb48e7c36111d942c65b45e037825d414b5937601447ae7746ebe5a5cb9e61480a5e41a7c7ae9273f7f949981dfcc74f7f92ce94704232a0975a89e95900fe41b01e27e6fb6bc8b1ee895378d7e2d95a7e4d36f2bafe49e4fceef2249bc52a4151a3b223ccd97c8926442bb366050feba031cb24c86d530361fcfb2878344eee595e326afb9b182a09e546f3640192f8d0f587c5a79cad2b4d0e295ccb9afa4321bd5d90e375e0720b25b5b43a14ae44df5ffc2f68b0afec0a0e3198684564b05f92c21d97b30fcd5e6db6fad57e5a5ff26689b0f0998e54b52a6d0df36b5edbb53f8a1eb74e2b6c2adf2306445bc9db0f137764c732732e44335a0357266ee2a0cda552e8b18fcca5c8a251cdfa12aa2fb1e11faca7cc684f5d706dae43c26ebcf78d2a3549789530399e964c507a1a1288189028541998b9c9f20d51b94fd4310aacb8a2359d33177c8900d08988af7378808686ef5fa94384ddc52e36d47e55d8b2c30e94e5a81eb8ff4a862a2cb54c886504a61e0c96688abae9ba98a85391fa06c6edb428a77e7c72ca91d700ca3c40f7a7e8a15978cd5d0648312a112f7d2b83604795e9ce58434e524a5911f39bd0c58983f67fcc68a5cd738d1b4852d5827a5fefe6e35bab3c0f35bec1cbde1e972d906c5be1e6c91643e43f4a63bfc63747b148566b2cde98414ee0cb29d083720632f1c1fb1f11ad86ede6b37fbbe78ba599e011ed3f9f2ccc6d4faa27265b761f0a4818b27969aa44580b6f358383774dcb22c145735d5e638007805e0ebab9fad1e4950660f32e66f4ba3bd4953e23eaa670eabd7e40f90871ef937157060001cc807faa9d8e603615ce9ca243f85a3be1975f322505896415478b7820d88c39c70bbc0c2b93035dcae9e77237148e2f2cb23991048fb223d8e582e728e6608e76082055c0010765ccca9019b0e96426f213b152480220d6dd2a0a848f7cb31e3e5f9179e5bc4b67e918749b62974ef492630080a611945834789d07e984a1a742cc43e94557a76588690cb0243d5001282b8585ebcb0f09a8e6d24234b54efdef4ef582b93a08f40de9db0f4b8ee102e9a7d1340645c762c00195f75e1be3bb0e4990fdf74dd1c535b2b35b86b81d94b7bd58e611e720a519d765cf28e90d273e65b116fa9eca6b56ec665c144e44d7b1200f01303f1734ab508416e4a9b587b2d9e31801b19afd60985e761125ab53e97e104c4f6631b2030fe046d1f4da79e78964c7818375f613580af9341766b76e1184513c65319aa91a640285c02c1f5881ccd14bcd82c0749135571932931831aca6546c3c8a08365552408c2969eaace2725a96ccdfe60414ff89da682f772cd24439989dbc96ee134529e8eafc539ab07096e930cb7d13cc21f199e38a6795f7f5ea68c1ca71f6606ad7ed6535f7eaca85fd5348d2583bd2f701c06038af448437c4dbfd885a3e67facfaa1b536b85e0279d9dab123af0dc4ae7cde19642aaf52deba9335d0783f77d92791ee6ad00139f3eaf272b04e4633b25955f31bf7095d1ddf592df184b221536df875476c8731b2f13ddc5041b5ecf40fe6f4e4e68c4c622b82e7e074d0ac084d18845b69b02318ab5faaa8abe734563ca4842a59ca9ced725dfe6f5fe93b719b3ed12379c0417e4456acb2655e5effa40a8abd38f423e4a1144d5f3b008028d5d19345f99b15644e2cd729fd6d2f89638e7644a820c14985f1f31f52e908c1f6166a1f682e9de70cd9cfb867fd6867d3e761a2905d44274269b53a36396b449d7f9720170b54cb5ec7027963b877a1bc0518b280a9b1ccd00731eb0834657867d737e760ed5fe1d8026647173b3025d66f90fe6ce8561cdae310446b38ee4336c6f88d90eeedf72435098e57090a8a2d0c9200fd985998a0abf31d3eab6a670dae45c200d66178a17fd87ec01263160c4c1893e1e9aa72275da408605b0552d5be12b5c98f9c1bd708af3b4ba0166473dee1cfd74f3e84271d69fc46124426d4cd870800b4dc0c975ef4a3de164efcc67f7c5c358ac0547235c9f7676d9fcd3a3f6305dac735b40fbac42368c0e7f13b3096d1ddea9fda6aa137f76afb719c98a12614cd4e6d4961bd516454d3889c137c71e1007063b1ad5ff36a5a1e4d80b3d6a9572aad1a58d41a85cc83598edcd7c6a11a4ad160ab8f277785dec8ec707442a3c370b7df6b39ae05923c482cf31eeacebab48520f96bb3cbd5385b8ddea47634caa973e1c4afd7aaf1712d47f7d17f7d71dd003d847330ec28f46db68950705c10ad95e83ecd2dc186da5e2b766d01393a1a5452af287a058c653fcf6dc7c182c0f1f453845cd871530624f98230ef124d652c5e56bf1cd9177ab3794df65239c1c101332986a9ddb84279d49d8cd7d97e016dc2ab55c5508965ff79acf53bc6e8d3673dc1925e861bad44519fa43f14598227296136e7ab490404c92509cf9bf08200f33b3a0559d3ee9f51be312cdb8fdf6a2bef97501ca15d805513dae4affbb141feb8185a1268b8a91de19b4e83d25b4e91cb7d2179c0cd137264be7b1caab55045bec8565164f30e42400eea874bf44201556d3ccd588b351a2319890a36e9527c3dd32b6c33d290c351b60628c517edab342e5501e12aec61e57768af847d31cb9c4b75ba5fe17c0f628e6922ecba6f62b845ff08c9bb3fd6935da4f8aa177a363aa19ec12cb7956595cd58cfffb958012e777d2cdc8be4783049297ca33c4313828bc8ab3020853d964a9853375a2a99d3c589b70c63bce0e24bd2a9ea5472d6742b3e34209bd90585f90ddfb8c28de9651f4656f666a2a7375dc6e4edd91e330069e622e6e91a693cf3fb8f634fc0951a5893f1aff622c6367bb834ec34bb66c34e9c03fac79c8d1b935730d57671a660edd24179c6587658110e446e99810291763154d281b504bd95454cea85453aa050005dbc60749aeaf134ff548a618b6302be91123c03d12daf9b6a0ab75d04299dc695b652102177285f6d437232467f4ea421953ab9c949bc1882fa65eddd4ab3b30b8918cdfc73a5223ca39489ca9c664b913511d832e58e2c5fad3f4863a1ee7d63f97835640a1c02136963ab1ca106126eae09c3dc49afb6ab49a379c786b377e19fade70e9e16a6a900cd325966f18700816a8f334de3850cb43eb7120eee20ba99505b36dd477bdec1ad1602364d80995d2b6024e82660044a0a3764f22d430dad9a52686f9f3dbd506472ea2bb4264c3419dac0531e5536464a0756bc88af1569ea314972476a30143cb43338cf73fdfece27f82a873557c685c2f24989218a58e74ada0e8d2145defb788064a5b9d44c5bc222dc17ccc4debeb64122c32f6feea28127ac124f872b4ca6051c73a02f5e6f6ff1ccb5bc31c89203fdb3a0b864eea8bd1e77c4c8c3385aab9ca5a10527fe876b0dfb6e3c7e20e595ef37c923a42c7a2c0b4c6e885348ffab7636dd4aa1369a3b971a1034c73b570edf4b0617f3898a7ba943b25f4b288b6f06130c6dc7c30bad498cf7499363602ffa9f660a50bbc1311280e2ec2f142e74e1c39dbf5d722eb5f10426177b8819be4479a36a6d154193a07e11a313408d1db9f0bac8733e22d7f8b2f7e265177b0e56afa57b32afe0fabd1c25b84f8ab9107b81fabccfa142ffb73280171302921619427f166a64a1756f45e17c1320e4c8d36c2fbc0863734087ddfa0c94959f8092e8f89759da6f2208ae844ca9098a25899fbec71a278b2faccb0343150d9ce306e2fec529f5a6e5b802cb0a1adb59a49573e4f58af693ad7ab3cd01b3588d855bfca60ec1986322560f306d8108827108e1f66a45d0304b59bad7d8830a9603c5140d63010356bbb2cf798d88497d9d8e1def27ad3e4343b5656c4549b11658b9b9d607f6e090f820eebf33ed27fd3acc60eb074f6293f41690ad42995e6c9216c030f1b8d5b792c00d064980df23366f5a8c020866e91ded4034bcfcb6ba54a47d68ac58111531660f59a0e33259d4655836a60cad2f2448a091227c7e31cb2f69b2a556200c79ccfebe5ee8c028945c56d3187385c4c65d95a5f5b62d6859baf0af3d59a2c5dbb0171bb75d090879ac571f34db73a53f751703ca82f300e0e2023ec4310458c4a1f425436751b1d02bc666ecb3e82d9f004f4812c0909e4bee2e956f5e72317dbbf7e512d0aed11de9f1b68a4b2d6a95fe6ddbf53c4fced393cc015658e86167f76bfa6ef3dfa0ab2048b43cb170634878787bab461a4d7b413ed6541655eb61cb7a2e3f7d946ca30e6acf0e068e4baef39f1b3d54d2cddc6295848f23b99eaf408528f08b8909d2d8e41ae23843114eace031dd84d7ee027175628f9b82e292619faf8fd57825b077b0eb306f63ce5ece6d58ed1453625473cb528761cdde41a52b8cc0469af3138ebd19001784d60d7df31629e7028e6d1df", @generic="dc5297", @generic="8c936434b224a75b9226b8c7ace8eb80980ced8075f2951d241e4cc7e524b9acf43453c137c62dccefe7574040007321b4845f977db22aaecd141556d9cd4f1bb5b43b55971a81ddaadd2c1b2c95ba5f489a8703f63f6e2991054ba4f633482aa74fec665486342932b7dd4181e22fabf1f6c90b2b79e1f1dde2268562b5b337286769fcee2ff3624614ab9f35625888bd1880b29b8afa46990a679a091ae23fcac45d753c6ce58ffda6f53f4f85a285dac0b219ccee6d6572be58f0ec40e266dba1702757c2060ad1fbdeed6a7f7ddd4e930ebd0ef7a4dc8e211006bff4d7d913615118e2eb56ec2a1fa05b1f4e2526e162ea"]}]}, 0x2270}, {&(0x7f0000003440)={0x129c, 0x28, 0x2, 0x70bd2a, 0x25dfdbfd, "", [@typed={0x8, 0x7, 0x0, 0x0, @uid}, @typed={0x8, 0x4d, 0x0, 0x0, @fd}, @generic="4cf3cfc9811cd49391ef1018990b67563803de15938ff7e333500b084b3c95a304112eee1aa67fe2945f4dba6982e0d6a652dd48ec79dc4aa147621c91abc7e6ff36bb", @nested={0x121f, 0x34, 0x0, 0x1, [@generic="6773aeb7d203d055a81ae184ec3b087d02c328c5c1bbf1dfd2ad2bdcb5af0ddfbb6b4e54181f9f67ead7fa6a5f16835ecf9f7f37a820759edf15bcf03250c876f3eed91d69c551536e0bab517e7751b5daa2b0c8a741e61c7e05dee890bc13519a78ca78312c9ce0735b5ac2379b89a050232fbd34c82ec9e9b134fb7d8614fb6eb23d827f62b70643d55b5d88f6ba44b170b6c6f80771bbfca11aa2d9f90ed1bee7b0c0f512ecb7ed18b976283bd159a33d37e56f8cd9088d832849ff7d7a1fd5c45410b4f11428", @generic="8f8e49f01fc1e0eca13f4cae10308ec78d2c7eedec71ad8d9d2f52b2078387cb3f046f5104a04303b83e6ab5db0896e91f105a9d39d6448deec2ef81fd236f937cefb8de6ae62b3329d4eb3e93bf5eb8d53dfb750cf95a0f4b24a27d0335bb9cf43e4c52e80f181c8215be849c22cb29c12aa6e325373d6285b50f2ffef835081b41e07a52d0330cf4dbb74b6ed3d945f3ea3a81553d623fb18421b61415c68c3b954cf36eea0c9ac3a7bdb7879dbefa6aa4f7043436a5ac1ecc054f78e65dd4187d49ee119606bd9e01f8127a15c8b7cf2cdbc002acd7e99e287a2abf7b0260", @typed={0x14, 0x2b, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0x2, 0x0, 0x0, @pid}, @typed={0x8, 0xb, 0x0, 0x0, @pid}, @generic="c9092dd94cde108cca62c9c3f21c0a336fb25dac72de21c62ee3c446522f4be2ba51ecf4e1e7826d59e5b16acbfaa098bf02ea022e0ac7ebb8d07b71f466e282c42cd6a40fa293d18a03f381ee4d13ba2e34ab5648f2ebf7a4fee626da9cc7c54ddaaeb15e33d602ca5b9bceeda37287545596309a117dacad10a5a500b68ac9c665347148912e5e8da526d1f8ecf8cd3a71d34537ddc175bc4afaefd7183cdf2b698ef616348a5270a57c2897184fc5b9c24b807cef172d5d3fe06fca8ba92207b0db3be4969dfb6ae8e5befd90a22375ddf466da8787ab809d8a5e433a5afbeb786e51763443d9b4ff18ca4fa03f79e3e8c1bc59bac872c3d226880d3eab170e098546ca16e8edab561b48fd16c031f5fddc228ab4e5c3a5640365f017c59e764817df1c1d5f31e41bee2fa02196fd60d1b6a5e4557bcdb537f626aef5be55c36ab4daefcae480550d1ed5ba2eba145254c7b74ef016e2df021148bb3faeaf55a30e6c8235e623e2974af1b824d901ec8fa8a7b5b3d0549f368820cd4c534c260ae1842029da74f299cbd4844c963804f0f2ccd72a8f09d80d38835bbfebf9ee420e91c24dad852e55642a06154d82acd653de21b07242b63f63a398b29fbc2572ef1a7ef54f8e9ca2244a6ece91e445937061e0ce36e7aa600ee29e58a192a3b64917fc0ef314c4ab97ee13e74e767345906a23070810a0e289edbc14fd0d169b8908a3510d32997e98fd9cdcb503b91e8f66ed0e37521d1b8b064a0bcd4f41ae019609c0480395b506c5e5548d0e358d31113beb12eec6f2d2a7b6d9bb84787eb6b527405bd65129b918c3bcb6684a3fdfef7c1dac421a820cba44ff86841d7f2e14955e7ce145a9c60464c6721e61b24f814aa3fb1406a6de9d2104079353d984898e38202a3951a1541a6de4124f100d0f8fe71593446e0bc03a67cf5a64da95016f6afb1a0dcb8f27d16f79192d99995784ad445183157c3ec6cddb9b5c5a88b111f7b23d9d520d51460a3af412bba2892cfba2fd9e42482400f99757497a05b8f20e2dc48cd03206cf9625db0376fc80f4bd84af5ebe9b6e074fc77adf013ba69fae5978b51d0b20060cdab6d0611c05f8ba7e6b7279ed638946ffbdb4955a73fd8b09a23a02da8996ec2f432c3615dc1d916cc8a01f134aff3f4f7886a3dea8467fc4c7eddfbd2147f6539f6d393b106ff0b31fa877b1c7566fd4c471cf85aa05650b589835cb09d005317c81faa2b9c87b222246480fb61c2a65e96778926b9eaad5df2ff5d67fbeb80168650a7f68df0a05d6612f774f49d8c2a87d04eafcda74686ba06343c5eef47b21ae2c91e3f2854cdb1d1f144b67801ecfbd3c061b8c6ad027e9ce0734639fcfc72b05023d65e24b52742672da9d9a5760fef33fc3b3077094966a16cc7197319c473c46dce2821805d1c5548ec6ba8f141e1208becda242b305c3e8a18455d2735133e05c5711f010b719c0a3d3a5c9ff28bf7c9afb47491b0e96c45b311a2a455024f63a423472b30248e578e1377fd2f9754d11eb11a53074380e26324eb6c3bd170e02b04e9065a977cc793645036a3af641de617d224c9d40754ea40c728de3013673b83db72873243b16159d54722a8390ab7a117fb7d74d0ef40ba9389a76998acd57b1989bd1029c8d597a3c79e71bbfa7a93ae056ff1b473b0c00400de75cf4671a86b682eeac1d88c5747998a1dc4026426e679285e3237912d99f80810cbd50bf877ed7cdc86b28386b3323a1af8f9076850c85a3157a8d4882ada6710c03ceabc89ab402a12a503341f19576dc3db546de9c26d161ed26fd40d4bdadb7698c6b12f3c6c88102af6f60f02fced9e5f2540a4f8e62c46a07ad0e99dbbbcb49a9969d44e75d56bac555c97174bf55dde8496ff8ff84344fb50e07138249f5f641ce6fc004ee0fa61676f9c896c4f9bdadb009c64682b498d38511fcd3cb57fb3a99e0e894c68aa4ff95a3c927223e7534fec1dff12b4eaed10244e181a83f5fae3ce6d920d7eb980d345a21bf3d5542d04d1b79867a8e24e483ad19a9b2222c2f975c5989ceb1e29eaae0c5b2dd6c07f9cc25df4fb7b9b6ee8df6f1fb93439608a26491adda949a3fa377c206f813785bfb9466aecca3472ae039d3982d20176e9b7b5c6eb41a64c3650b2a2aab5b08dd4313333b1746671845af629fc107c02f3b93baba45e5ac54a61c0f91f9b3d3f5f73c39dd94cfb5654f3e271b34d0174ad5a05cc3b5d59f08a1046e98cffa8efcb00631db5174232c5c8665b8b00532c06b6275c9c5d9c215709e1b319452b4c4e31123c5c8d7b12b6b486d1ac9a55615bea01a7e5f42586b794f10259348f1f781e2fbf62a8be6d519bfe81a4c1979b7687175e23a11c690098216daf6f6504abfe2174e58e512ca5cea1ddfd64b57f21edd8022fe47085b298617549ff4018dacb9a9f7ca440087aa1d6ea9b314dfbf37834e5373f2cfcb8ce2691c7e23ef1019211b68fae989a5e8dc1139a082e1cf0d933038b06831a0a41db3bab4edc8c1a87cd15c8afc5571c4a61811879fc32264f99521e735ce2d8dbe47047c012e029ea3253f9e685ebe2d459c909eb704927c761307a500f8eed08361c9cac3618dd0e225ffd82f62e78a4eabdfa5d2c939c54abb347d7bc5576d4d1bdc95edbb789f0888462ab2ffc055445bc9e9fddf1fd7d7d8eb47ca87208b5b773cf3af98aa1f0d2f7d43ca490579132accf0ddf28894c6ca594de5503b9f8a34a7702902c2276070fa1789c6d4971c0460d0ed371fb980e7055efffb88c42581e2d894f807fbe52303d7961b8e6c255ae3ab9b2e9b6d954e70816e43952a734491e72848de8116757aa122c4d20f6d63125cddd22cf6f342f25392f7bd000a9c4f8fe2532eeb861aabc7d54cb44ebec665dde01c5f1e0205a00d6d9b00528958f57e8e988f4843494ddb9e235c237eb9da48120ad1662f5000d438a80235f04c95a41613ff27e324dfabed2ad927a41b8feae231fc082c50d91a3df3c8f2b578563badb00c4df886d37ae4940a06d0eddde3551df70c59c2cd2cd706a5dd64d6557dbcf3d65b10b46cbbfc30d65fb377ac0d0afa6d4a7bd0e452e2d2eb0ae8acfac67fd9a28ec6a21bce7011adc10543e4ada2ea6d249c2a35d3da9e3672b34e99b284b11b31dd46afdd0f2b67d1323f4b872eaab7a8166382452f0294dd7d4aed2b9d92b07e698b78fb67445d55128e90aa60dfb04ff7f9af8b67b2cd5426475a08ad27920f0d419ad8655d53a81de9729be7d4710b6ca918f3cf30763a6512665ade6dc918c7facfe50ef4451dc1320c095e4dd0139696bd3faa69af3e8d9b37fe372224f282984be95dde91de472aec1885e62093581bd548dc8ecff6db5ed07db2a4da78da89dad670aeb76f0ac7fff5ffd01406e21a6d08491122c94ed469de1257bb9a329960358b9534eb79f5750c824f6f4c6f185a6db3ea0059c17d426f6e98ca4f6f7ba814b5c95d39b6c851cd90b99eed4afa1f9793c87ffadde1d9d2691b8975ace354e7d29bf47bce7d379792a488f20ac88d79642fb7c3486f32fa1fd9c9c5d893a64c8f357ca708493bca1d25277748c3d85e4ca3e4e789bafebaac230711bff11039513c4aea598718473fcde112f613a099d4ee22782affc20794efd0572e6f81ae0e5e9c9b9448be01897adb5e66387b3e28a31eb962521a34523ccee7891138df037d791ca19ff715d16419173475ebdee01bde9b7a97b9cf6bb4d1a7ad03e3aa9490dc8dbd413cb09911c2dd7e7b964871700041c800458d8e8f1858502ff50b2ba635a183291c7ce8e3beebeb336d99de8dcb24370f998c1f827653714fc347978d12a575506724a06ba0f7a04995e5077dbb12b20d04fe7d9d0697731d75042c9ece4fe8bac52eef6027e237790f2ced7878585124fbf38a680099a777848aa93b8f6b3af57c3df48d244596bce5881f7a4064530310baa4c0b4ed1a6491496ff964e92b6d68a0a41a47a33bf5c5ebd888aefd39f2399df95bfebe59a5f1afc43bbf55b87587f1b14c97e6bab1b5b0b0a23b1ae682745b943af845e9df34e38285f93147f3fd7b14028bc5e0399c9f91d1d19f64fba7a43d63732759cf4e513c34c4fc85ed32a0a3ddc03e50c6f6b2db0acb41a0239b1b1e632a8ad74e60a43cb78ec174d40aa3db5fa2afef0d6f9f75dbe4c23cbb27549f0dd64083361dca77706c134e23281f724016ce6e47979fd56783ed0446cd1ac87be47b807b200594bfecc6d9b20303cf92a4e9b1e126bf164e671d245298d785abfb597b98af9ac12163f24dc6317d43fab570b202e43775aa9550e87d64ead5bfdc94c13fd09a527db4f72da4d0a17343aefee83afb2411eff441ca0440d1bb2e8ff48690dc9786cc037d7b708acb41824e0987e61f56df7cfe08c4ea6fa7ca7b11707961fe44e62d4a4463214d9281bbb14008c23d8186666d82ec45aea99e1b134bb7f172eedbdbbc2a277c43e7711e76693bfa69223f5eaceefc47f4c7907434eeadd274051078a660895f252495fac191c2538c88485b70f1148e095ce0a9462cc027ec731deef7866233d0f9b9b8250bb66f15fde6560ce6aa08f394d344e7c3d252f22c30b1f5412e40f6672c8b5862f617c391769500b5c71f409192e7eaf419a6ed52654cefea4641ce81bb4497e68de9318e278d469b01e6525100b94d27bf75497cc588500ba050a1055576b77cde5725d8180e90670431a34e3e7ada211c5e3e27c2e03edcfb8f333031e310c76e96bcca10fe2455a276641534421cf5800b71c9916ee739fd40286434efc1a82c5fea1ebf27929e4773dcf25235a9cba49a0cad7aeb5099f054e653c4e6bf4f407cdc4a768ad9f51d60193c4270ddcf0f2ca92e5dffb364638338a613275aefa0628225a74c928de2fdbaba5e8d3fab70f7360f0e428db8e411091d5f6c6f26655dc67d45ee8e5b8209d70d5c2ce07fda04c05132aa5291d4dda996719382388ac804cd37fbf29664ca5b15ca561530b056bcff4904567489d2c31bf03597d9028946622d490f2ba66e956d8e92851a1daab4a9fe93a095bf2905c5911688bc6e56151fe3487554516e6a6a803af137f7fe5db99805d56a19073472e0e3638c03421d55762afe632e9467b8db2d3d8c601e307eec74f0711cd3f4a70feab2cef76443e67427bfcfb6612afd24118382e7fdfa3c9b741ebf431714503500349206a0be1e9c6f2d1a9e3026a28153db46df1d1463177a085566a82c5bbf907964b62f8289aa5c07774fd32b03212598d4509fa76952f290f5af30903c7610cd486dae78bd767cc479fe93bba73973b72618d84ca2590219b5d8c6f0482cd2951b79432700b0df994ed8c9a4390aa682300afecd1545de5b7cf58aeff00f8ce7d8833ddf055bb9f66b03922fa3c537615801eefc635125d0715e76674e26b49d3b8a32a89aff0a7a4a9db2bed90979da5a0e608345d0d989a49448d596f6d99ce84fbb90d34e99ba9c895999c65acbd87d32f09482a1651544a4fd1623fd7313ca7591ac580b320ff2586f24f4615c11724341e1086ec4325f1f58678074db8e61d90cd6124a2cdb22f0e66553ca102250f044c881ffdb4c29aad1605885921b49dc9be724623bcfaacbcabd619edb86fa7027f914f8919505b7783860f2e3cec4333abd6790e591d7698b22e2711fdc71e27a5bf3a9c615b5cee4e67f8ef8c2f8a2f523c22c33f83716f20233b90aa2a547237284006344fdd2116fb861659523938d247562d86b3e7ab045", @generic="3758cfba4dee47e871db7c0cb08e0f345dc7b5c76c4152e081537b3684c37b063378404b84da45529b4f2847482f6d8cb26423132dba41c36fee6ff05da0ed0b094d3e0bbbd9d8a50d446e4d748afc"]}, @nested={0xc, 0x7c, 0x0, 0x1, [@typed={0x8, 0x43, 0x0, 0x0, @ipv4=@multicast1}]}, @typed={0xb, 0x4d, 0x0, 0x0, @str='ns/mnt\x00'}]}, 0x129c}, {&(0x7f0000004700)={0x25f8, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, "", [@generic="3c85c21e7b680d19d39853adeb7ec072cc4b51a97e5fb40d6d3bb7604b67e2765c717565b5c22e7759dcafa4d4ef7edb57e3a6b2e212a198f862d6e1b3e6f48667d3693fa215b6583a3c34885edf434dc2c3326e58d4caac1ce107db93d1fd1491def93ae6c23bf77768f2cd1a6f0aecbb5f4b97a5074777c36a0c626f6e37b4e902c75b76a00169c643", @nested={0x130, 0x68, 0x0, 0x1, [@typed={0x8, 0x39, 0x0, 0x0, @fd=r0}, @typed={0x14, 0x15, 0x0, 0x0, @ipv6=@private0={0xfc, 0x0, [], 0x1}}, @generic="93ce1011d79ef039c15d49a5c802dca5e69c22ef321a", @typed={0x14, 0x22, 0x0, 0x0, @ipv6=@remote}, @generic="383e2fe44427df4c9f319ddb89adcca421b9c1574d6241f10a1407d2bc204dc3ecb3110fabce16268f3ca3c141e278d43587af988c940d15652406a746065ba2b5d3295cc3edbf40bc7b326e1780a3ce63ea37ffd73fc29940c185b7d295ba55d1a66806f6a227da2397d4ae008c84474c0bf9eeb31b3dfcdbbb760cdf54299ca5ec9d4a2cdf7fcddea5ad760d930b095d0674acbe6e207fa2885cf9ca37a691ed5edb3bbd7a1f633b218a7fc1305454b742e2c5bffd6bc4c496f93ba3ac4b1c9f38bb38b669cf2eec4c98fddb73858786e1b96b13504a87668a", @typed={0xb, 0x95, 0x0, 0x0, @str='TIPCv2\x00'}]}, @nested={0x205e, 0xc, 0x0, 0x1, [@typed={0x8, 0x91, 0x0, 0x0, @u32=0x5}, @generic="63e7f6098d51b61fadc90aa5cbe249673a0d07e0f50dcaf89e29440ec4cba58c6efccae2ba15172b6dc24de8a4b6e9b14769e75bed347cf51de47aea093ec900be48c052d0ce7662658f59c0bd42dc8c4720040e604bf2e50b66b61d504b853776880858e11cacfcbb149b08d4042c88b0c118cf94122abe9e0e83d1cd186a1b2956d0730e24f85d149c69f03d47c88b938d3b1a5d0ec274758266cf7bda62809c97d97e3701cdb9b582e9d1048d1ecf1cb85c9df86b33a724dabc8aac2167d5b4c4ff01cb819a82f099de636b2a918b347c4acd547391ad70991964dbf352d58b42ffcf7d191f4bc5017a0ca9540935fbbf9b7664607517c4d2712fc8c995c500d7fb889a1bc1090aa5677515ba388765af1cafe82ec6ceec2e1de095889fac586381a07e367143577e9771e3a85830aa7f125eb1ca27eec95efc0f46ed5cb2b4230ecef81024ae0fa676d33dc7562c1c838376b9c735f63d9dce88a50169bcd9e652a2e9e9f9be892c1f78759eadc629809d102b9e3dfabfa7c7ad1880d342af3ffdbb91d6f5a293d396336a5aad77308e7bd61b542a5300ca6f924d003488cb50096e88748f6543d86c9dce531a241adc595f360997880e872851d7fb3045a93f4f304cf8f8b8ef71e6b6795f3da4d18f7f760dabd5c41f95857bad970911591321f84361069db6ce9f8d11996272552dca5bc84751c5ddb35f554866ce299936e026f62591c96c7c1553f487c7008ac56ef4c43dc70d25a9dd22aecc2408b651fbb4adc4a14b567210d64ca8d8e933bfeecca55af0860204dd53d5125ba009b7d711635a574576f65f6a2e6beccae7f8529436e8ae4a65eeaa0f5f08c5ba14138c10c86fe6e2c048429a6aee69a3c9e0c748afb3e197e8ce3be4441b2a1bc2f463572643caabbc0d8f6b6302311aac979bebf00dcb12870dbd9f71335a6bbff1e14ca592b78fe2598a2cd42a8d7ba9d05e69ba7a5a9accfaf6bce8538b90ac22353b7be205529caa90fd550383e007c10ee44276b696c77242b4cee37b66fba2038d9a0508ea608986c2c375239d9e952d7e0705d57c1f1c9d1b68731afe0a2eac025d96010648c68464e36635ebe1f5d3d89229cdb6a42807c1745b5d7cc489c639765fc0b7a6040c484c3f575984011e4f283e7112e56fd7ebca9e7d632c338e6be6c4a5b6877c1186a8df48565fa52d3b72d8721c17e7252734c331eda1e281ecaff7f2b8efcc63c0ca98902b6931c3743e8e3ed311dd29d822099ac2064a81457e21f739167f3f1f8c9d4cd59bd55214214d32940ab81dd559bfb4e53eba6594fb14bcdbb8fde0fb67c86077ee42689a14da88f42cb1e22f2e3ee66662fc734852b439e3c6ec726c5a961ab411493261dab9dcc5f96457a87d28453320057da0ba381949695da6ac0e7b5bacf577791fe2c45808b5cf1cd3c3f7feefeda803b6f3966b19558bba6c6e829734db638de30bf41f108e70185b5f13acdf2a302520d08ae1bc278bde8021b1ff2f0b44ffd4e44c23e04c2c80bae05650b16ca6fa62b12fdb27e085fde8842c11d391f68f57b3378a8369e7d259ed7708e18c40cb236103a2de982c3a19affbc4bbb20fd7452976041761cdef128ceea0477c65e57038dfda954521b37580fbf3ce81f41726a06fa7f93ef4d31531e83d558c72e6b66f7992a88a69234b4146899cde904e9c7ca95f22ca630c40032c82758a7b52300afbbd483c6f4b4d1d97e1b047294422fc344c22b202d0b78785b2dda875a158a4a46499d389cfbbabaf43f1cabbf06eae864aa05727fd18e069e71a9ed6c31eb199543b623ffcf0fe5073a7c04c11bd304d3037134b48a3c0f9134456109f09c51146bcbb1e6e6e5fe3f3b4a0391568978720a92f6a3fad649d17fbd10fd299d9ed368369d2ee432f04f3ef469925016886abfb447ea0665b9e2a1c013ef8ecedb53ed249ed4bb5c02362e9d660185d4d2fba46079feeaf750c77894579494da4ea2eab1c6e153c51e44825489bb50eafa9f2bf041d0c7e14fe5e1f011060feeb46252f764f7a7bf4793f9dfabaae598fe195a990b091570f72342b7f607cfd936e614fef2e23d6d99458eca64df091be48cece2665486e57b859e8fbc86fc344f36d62a2f1215d54d35a4db2fb89c2a5d7386e52f05f297a5f9581ac3050ec836a62039e372264e040e1d65d0670d8f93a8e81ed446e2b2fe4b6d6a3339564716a31f72485b8a33adaae248e897279c2a2d7402012c7ec96a51613b91ed9cfa0b0d18a06d6174e29bf490c724a2fb45e32f6eb5385a6b13b2ef4e197494f1897d3a00186feea0fe8f2d305808f2104e00cc5cc436149aac86c028c1afc81e9e72febe1d2e6201061753b83cd454d2e99c7ca7ad79c28f692a295b4cb43fe663d8bd1d245020591ab26d2f0169067133575c98f1648a868f2fd5acbddc6de0f5d31c02ed6cbca4153d32ee73b56a5a6749886c31cde40afc579dbd5528cbe287199dd14efdadbc9694b86dbdc13ef0f32ecedab56750752459129e7c099b1f93c387fc3d8753ca07004fc7312fbcccc95e28d2c67aa78269163b66b52b0367bd3b783cbf139928cc31095fd00e8569198bd8de3faf43d4028ecb7569a2fe1161d263baac9efcd739bda97e0cfaa8c8756eb5128b203eef7b811d9e7e23669e04eb36e582b4f76a402afd5b42da9078066c80bb34dcfa2aa09fc3629161f98e71627c880ebb1cfa98ebb20a3c62f64187108d81b4c119384ad78700d939fdf271bd04b334dc6df58fa8591db4df04467ede9861551e5686030d642d32e0f7c54c97348127d62fd698b54e6312cf6242b3e1778c8cdc57a3f4dcb5d736084a44a90a243a232311a92930d9f2470079a6dd26359e231fc58f0c8c86a87eb3d11da56581b64fad1f1fbcc852f24a16ef340dbd1e1107469cd4b12a42f7bd38ef95f3bf7317c5a8a8151bbe94f5cb94241f5c4a285a93039a7e9441df990c66fab9a8505202fd51b529114833a6a5124f287ee56958e9b281948d2305c44101f960ff2b8efef60d568cf3899e837ee530e631bdc345b9d9a7aa589b88579e8c20d79eb97c030390572dc85b721c4b388985a89ed67e993b39e664ea4cfdac19fff04c84392dff16360bc44f785e357c2543d5912bc9eb9f4781a86ee6629259d09dc3a8dea0d143cf5515303dcc2624f135d618e408b74c70cc5d58ee1012dade00c5b2af94aaeeed5dbb4894e2ab8adb33e125a1d1b3f5a27ad3429c26a676f6ed8f8a4369ee5368d04179ab88118525146501fe831aca33ae3f927500ceb7f7d50729cffb8db3eaa201f418b6bd279356df8c2bb4d5b9b3a47cb97bea2e8776bb28fa2b675830c021134caf8d6a3b57fdd8773b177a4dc6d98233d6afa04031d2ebf6d1a6d03d7c9894dcea46e3fddec2cf17fe4569ad9fbf933ee053ae725cee21a9ea725952f263eb61eb685613f54a536787aba2576459bc93d0ebbf4949fb681c59830d861263941e6859e844d2755ef196c45e3e05a18ce1ede681ac1a3a3f0c86ae7ee2f997ac95ca394d22c1e6fa5464037dcb7e7ff4e892df2e2fb3629842a0f2c3d44709a81f631a73191c552143445455c427383542596e2ca97d4cf0f5d8e6ae11eb32232c605105bacd65bc17fb987844e97beda596ee69095a71aba99326594aa0cc638df587d030fabbc68ea64cd7d567ef8eb7cb4ecef76c4c5103b65ed7f762dce556abb2fa983e53e16e884e871dcfdcad99f52e413b490d636a2d7ac4995d8391d52620c69f743f800a17e8ed7d023dc2e7c4a78fd393c282323fc3fe11c2ab7e2834abf7d291a9284a047d85f3c196a5bafaf7df50cdad9ab57a74fd67707591e04a860dfe61c8d0d16533359f2aaf96a9d2a96be1b5c190ddf09cd1a4bb092b2b655cdbc2824be802524088169d522334fd58b56dfa5090666767a3d4f946cb76f4ee07b7b55c016eb13a3dfdcabbf3f51d0f24730968e95a71337a8bdfeb77ada08eea51fd52ee1cbfc485e5939391099ef2aad648811e9ac8ccec479a0eac1b61cd136a3f209a9fb25a72ca070e25419e1862ae41b07e6613512bb533133823aa76d99a3b5d6202d56a447a72361f817d4239e175bdee24c866a1fffe0146591206b3764fbe1f51ed483508379d1616e5f4d8ce647b594ff5a59cd82f1421dbae71cf232a734eade7058da1c64f54ea1253337e9dbaa353b15cbe5614d4d355385533275ea614c5dcf4c2c430f2a9789ffac63fc14dbfb2784570b237cf7c80e0b6973aa474e99f235a3a61644e481b8f03cf28b0b3e5c274bb938a8a78b41e9d536caaa85dc8281209bf082ea5daac52a42751b31d786af1cec050615eca5c4f055406e8686a802ecf61803d6cdd5594223af48c2c6f74cb3ea77f7d30395b32dc157ccd42e5829e46985ab78ee74efa9ffcc6dcd7734b82763eb9c3bf1d885c11218f0362f3b2ba791552fd68658191c72046e72c434af9838c3fac95627fd2830cf75731d5d9cd40ab9b6bdba6ed377b000df7eb67b2883682e5c49b2b1b9eb625c37a2afa0f9cdd8af4b7adcbfd2a6d793b6f8b77050cbf0cf07eab96009d0cfb61c27f192ba2387a7e22c27ec88379807c34c2003230918e2047d2d7df99568a3a7f5147d79b65b282effaa73128708a2b0d26a71963117bfd0cd2767cb776d650d1e8fdea400aaf65113023af166cb42a484303429d1f713f8dc09625226092891a83feed9e376dfafff7f89cf5bae709d889365b1cf0641c99688832a26ff4cd40642eb1b5435534d1a07526a3f83a0fcd6db94cfa321b919182f5dc2cf247a222de362485c063f965c7b43a9780842ae7fccd74f63504f54e651606107c192da9d548f31f7f791fc34d9ef1627d69558875cc9ea6b988359a17f718aa4ae54f2e827b1a0cfb0099e3f9ecc92401646783f8911d50c892be17efd17673f407b488d18e5c7f51397f269e2d1342d6fe612fb0a3e1824438687f691b80df36efd03a5413ed8a7599c5bd6de9bdc46224feb5c8a14d7d383de1a711c655b2f793a4ae5bd49e2ee0c3323c61bc88dffae5641b753caf46fe60c449e4955bf4499412c06d18d0376fd3a2323739261ff89063d6da4667231ee995ba6c88e9539ce59b7eb22869b55751c86ad17407367188a5712636a37d58cdefbd85cf128a00a2e25d9585cb56b94a4a377c2f58805453facf9b3937f34610d5483014033feb877c93527cec3457c532521bbaaa384b70a54a094a0431b6fee65ffc98d1cd87ea26986df85ae54f143fc47156e1a8a701b21691de0d803bb4c459017248da458077da77ab5b86761b80268d71633d944aeee0cc2c87d00b80e614990dff965fde5593059a61222ddfa4442656530bef34d7bba206ac240d6b6e60d8798873fa35af29bfd83e1af82ce58f631ee0b33c2303201560e15d3bd141edd2624995cb6ca7e33490dee7b17c8396b8bd18d584c5d8d4c09f5961c5802b850a06d28c9a330fb52ea1d1cce5a1d98061adb159ddc7f2b225db8b8b21446e9ae15e3b7e1cd25a8e6f1086be1cbddf1fd134e57f3e3afb3560d822eac7e8c80add9151b912ed6e8ebe78d76f614100dd40dd19be26e55005c9bd99dca8745eaada4e6d0a2d08b11978caff5786fbc096c5234cca0797b78441bae29cf0d0a5b2ca5d83e3e04924805cc653cdf4351a8c0d3c19c96e70786497fc91808b6b59e53c9381df56b1e4c429cf3c07491b5433b38a707cffa556cb5fa4312aaa6369bc4b3ef09de12e636a36bc039724974f585d91ad89e86", @typed={0x1004, 0x7c, 0x0, 0x0, @binary="982e4bae0bbd4be61d03296ab07d01af5b520942c8c58871613132029fbfcb2398c5fc555002ce8be19cf0b9b4d897ec7db44b198e8d8666c1f1a0ac748fb56b760a8ed82664e96b3fa7c4e6380c0477a2e266380fdcfbb1e67851ee107c3a53d292f1340fb584e410f82be7a2aff4403a14a5986c438c525abf648f6fb7d562a20a6a3b264122e3362e13e70ef202ee184ee92d289e7402c48482566b95665d7ad5d6cf9f54d0a1d01abd73b1821e212ddd837eb08cfc984c9a9eec98d5aa0107bf550eb03cad17420f945cdbd65afd6cbdd400c0bfe0e3e00f3063f7b50dc85580857263dc4b3ba89803eea37eb032cd7a79f93450538443c4f4bf8e040da967bf31a503c31330653af123ddcd246c417172fa9d188014641dbc38cbfa0ee0a9c04fee9cf91f2f83840f2c47e124305356b94ad10a22394d2273a6a0c2603073bc57a50b298a0a4871746e056bc0a477a9cdbe0b28baf8811265d80416332910fe9931b7432609a0618f1a277b070ce12bdf4ec15cbf797b2d512da0f24f616904b7d594be2eaa6f2819822876d1b07840e7e966489eda9be9435ad0bc08e6a6f91c0ed50e8f7c6da550604868a8b4b56eb88682f56153cf7c984af45f5c343dbf0c5a669c748a0e42aeaff96ce27b9ce92eab0e0dd787b50d96da47897a41ce0f8e6011584c90d9587eed6d64074195f5f901eaa8f7fa6577a60e49cf2388710c7e0c42391cb9c1230746674fd8ce45fea6382b4c42dd486ef0a7c231965d8937dd9146dfb473d4d8af717b0632b6e878baa55a52f362412e2b46c70b95143932699f807475e372c06ce79b259c7a091142733e86d65d9ab34cd8bb5b7858d2c358d87c570ed7fbaa7d165505c58e7b194162f73fb4873bd2642edaf29fa0d2dd802f5190e7a0166be6050637decc15b41d46631a24ef9c0fd58d11dee248bb07190d4d50b4de825fcf7c66d533aac90c322cebd1c075f5bf9460dd83bc7b47a7a3c83b06d9724bfb633af9e89f9749e257789ef3eece4973d11e66cfcf8585072455ec30f00eb5c9f4a4cd49789390b73cb6fe855a10155cafea82d3c282176cc49855bb4ac71423eb579068f15166f58a2f993ed269535f0f9f1c1250df8e9b0c5775d96485ecddcbcc7d1d2f021b5e379e5027c39482053ba72688cf88366eeb1e81a68d9bfb441ccec5773e638fb32b9df0d4f8b9a7677ffaeba9ce03393ab6463652b63b978bd72aa5e0c7baca45bef5f0fc6b72f5b7e2491064e66e4fcb08dd5b166f380c4affab10ff22f3f68b27513974c935c3891186c8666852896d592870ed246d61107ddaf8d1825af288c62535084835f1e738d3929aff44a8623de96f11da61d784dabbdce4909da626f66424fa7f549f9d29032d4849089b01b8eb36cc9e5df762f5fa94387f47c56cf18b9e8b0b8cf7f823c561d5301f8dadc611c58e02c7b665bdf8522b8878f1cff2468eb70e1a44ad6ddfb6ec9c2e10724ff1cb0dc8e0ab010e090cfe8dedc8bd461b654d601a9383b71256f85ffe12a9be48f69db89ced01f2a80b2eca657d306fd5c779a1f212a152669ee900af6f0dc06dd70d8db9dcafade74ac3771402e072e292792fffa988339a5c3c3d51f2a8d605d5a570404ba5295d50431acee70a70632f4e78b0663790c6b7a6145c25602ba8c6af573cf52f70adac64e17163cce098af464bbe21aee839357129551d4b60427c44e044e06ffe8dd858287b5eeac43429239915343cb3b5ae7b84627b275547f50c9b96c086a22f3b0c155fbcb9471b055bbb3a6cccf007d877803a4edf7a3edb526a8eebc6748a9a947ff92cbfd9b2e38603f7874ac69a7b0fa6d01f94972d4d682a5916a8e866c75683e51167eaede4badc11547d2075d8db8413f5ec12334b565b16e38728845cce8cf0b54e5fbdce50adcdf89deb747ccdb0e1d142c8c5901240b516fef9e3ce8f3a66a5f93c59aca976e119ec4ec9f99ba206af0f38e7bcf7ff1cdd7555b1b88c3e58b02946272c983af245874c4fe61fcb503cd229f109bde974f58306553ef509a30f50fe1b7dbf68ffa3752a5c567a681aab1a1217ea6682e24af9d98e1afd2cf49adb41513fe8b7d5fcc2b80ef2bfc7784666c71f4a995ca65f33e7c4b4d16e7beea3798fbcbf425e1fd10d6b96a45e9fcc16e2b7092ac81d4aeaa6e9d85ad173c21404b04724885c76239a07249ad8285b69a948c3bde7db7c6106a27f0bac4df616f9bc28cdbdcaf73fac16af115e1fe6c95321b98317d4744977b4ae58234a80e677b0bf57e2520e064c89598ced199d7c60244bd1186333b6953e9f0545a2b1c489577c9f2c856383ddafd06bbe4ad9f4ea0867748a21e328f65ac887896bc3f52a9d341d11929f9487abaa188a51026f723cc4e53528f43730577db0844880aca8f06aaab0fc1547e9a43e3ea578b1cfbed5280b7945ae515c7420ce8e6afb1dfda5901a652c6b7d9335ca584e1e9c70e116f7af29037b252008510c8dae82b6c9f76ec349c3ddf0f99e6ac92d94dc194b403e13fb388d907fb9cf7715c16cacae91fe54e8eacb3324dc5b02afefbe235781f5276869cb74b1735f4d1536121f9ed36c5dd31c172f16b41d036e28754c5eeec9c3637d50996fe822c5701bd82ee4587c75be84a16551502c2f937229fb25530329e5ce198391e71dd98519d9762e43ab4fc99faefa50114d46d5653649f2d6bfa7f9432d4ce9a5055351d0b2c4e2cfc24486de9f039ece364c9a7e57d62976f49034f419c719e47a3608409f612c418d71b22ec6e0acad252e91568a49713903ab60c6fa0e2bb83479a54a72ee296a7f9eec9232fc1b5610c3d43e793305ba9d8f3742a1c02f4cc109b1ff48e2970eaf31a26f8ac77506281c5dca81aba7d2b557373f46e4463894736d3ce4da34c9ffa7129fadb7edd5343892c1dc7fc499f7813733e3a4c23ed988f64acbff759769adfd652b8382a33226c55b9cda3fe96cc803334ffff3cb858c7f5ccbeedc1aad0b21834e5e05068c80643d31bbe6ed824593086e484e29abfda256872dab6c778c855bf1b48ab581f602e08383bef201922a4601b49ccf1dfa94cc7b2f051aa47c71f082d96298b66473389905e59c53da19fb2817b74c2759961a64ce87e8cdd6e243fb66517370684fa5bc00867713a6d5e6e45c1e4cb26bd0431a13a0eed83031c449d7befb24f2c47e3f5df691df09c0cfbb2857e4dd992e9833a4d13ad8ae21d6d7296bd9644c5ab36ebb1f5bf3e55a96a6ba1ff3b7ac65de772a9c127d65534d873088857639eb1e0ca3af5dd478ecc0f1092c0da4c3a38ddfd92554b35dada2b177da8c9628a793baac166c4692b0788b4c8cd4b0c0d5471166d1adadb68be124499e5e95b3205b75172f1a2ea943af14cd17d57ea242d0eadf4ce5426b2f5e3c9224aa2c5bed6079dfaea193e0f550d0a327ea02972c140022562a4fd4ae42751869bad38b220919da1ecedd08f9c18af2c2855d277f4c677e5e6212115eba607967e47bbacbc0158a228a11b3a5fcc68c4e6e4df682281beb4331c6dc4583e0346d6c9288d1078c0cea6095d1735e10327cc44f76c27642222db9d666e75fd259f78d307717866e5c1ac5ca0ca33b9ef10de60f6c8cfa159afcadcda5142077536744224903f027e8649fbedd2c4e5bb2e9bcfe1c845e0c360e2efbc00b1fbd0c5f3cd179011dc1e494c2e4ea9f4f62e0c39b964728f07552bac69ee9023a3f0053b4f10d8a57f3b9398705e5f5d2c56a8132d102ef0536aae02ec24048f06701a34c0d10631e4fae784466799f1303fed1fe3223a5b860ef76184e914621d452475910c8f2c9ee400cc3f35208fe4169e4ef4752e8edf8f5f4cbd9ff8b481f8ff84e05c265b0074d6ce1a7a51acd02afa312e21e1053edc1f69a17970f97b05141cf644fd705abdadd45c4f12247387d048b6627544d3691268edd06c1f53873cb3328c3ae5c7c28be8094ef6110768aa51ee6c7927c55f545e79cad4f9ea1ef647e4e5f1249fa9b120f53a38cf87c959f1ab0f28c1d04c8d73ccfefa2752519ae0dafc39ac3bb03c8ed38bc90c64814f03cd5001135c1921f6c7005c17778ceb928e7f0fa96ab95aeadabf980a9f55ff30a6156eb02828fccb6ec59327d034ef0f86cbd21fca8e507b4a7af0139fa930f480fb09e43f875032ca1141b508add8b6727d9b65f65765bbdabfe09d16e6126f719e60f0430c0eeba7a7e342c48dfc779a267ae5d04271022751daf9f16376476f048934f905433ae4dd7045660275acf6dcf7f8a329c628a7a0ce8df3ad73c44679163d82802052c1a7333985fa237d71689316e2754600496d6c84be8faf8295ba80f15dadb8ad192f2a9c289dd6e21d9b287a8067780579b41a9162bef5eb275d0872d343ecdd9ec99276c2dea0132a281fa1829ee296d0e424eb2a8a2defd847239dde5e8bd9e53201b621f3fa121b4ed868092db58e9781441606886b5c99574eb0f31a8427b53bf19f7fc5ca31554644613ebe62e8a9418a78e2fec0aef14f01b2d33b7140375b2cebf4659cfe0c110ce60278c37e71741637e314e7921ae4fc92cb11f3cfaa6ad3949d1c1151704a43e02be6948f39f7051f996c912997c926de408e556d363bd0d16a1ba8471875466e3fe08999927ecea075531268cf21287df79a8b5b01bc02ebc3281314c0c595b521834c6f87f2272740243917e2afe7629641b203a04221fe8dbe049feebc058176346bd3276acc0ac722cf05040e905756afd1197eeaad85a686dbfc3014cd63308118392ca0fe060ea3175685af7ce31aa507d0673d038872674d606c032ceb605a469518db53092ecc55e88e9466adc75d7c3f496c8b2e350cd050328a7bde5ab44b8961ee0b8968c9c775408e0824bdbc222fd7a368ecda8ddfabab2afb3d731fba54dbf057916d33796a5e1d3468ff247f8a8edd9b9dc4deb776012a9e675c15fcde8f326562ea8c5cc776eefa7c0928a20344cd2ed544787c27e569d8e16ca0f99fd8264f707a9b002932226975f5801353bad433d75e4e1984d66a972ec56d56560af25929c1e58784b331c5e8b1306ee4077b44fba54cabd34e6d95c7b51753d9557b4c235203f573a467f10e86b96f40a097a0321d4ccfc5d20bf733712cc888ca4d6891332a4b126546524fe360d3e9e05fda8400221098cf18b65f5860a5514dd3c1c20811e9d32aecf48a8928f75fb443777ba6f5be7373b71ef7053f62e5e3640deded3ae7f7ad4b0d5f123791da52f464de5808ecf19d502f9ac39052f313fc8e9376f86db7e2ceb8c99bfee99f96dda67985675594b936853d86b4a3071bc2e39226302b40cd4fdb8171d04db21a70d1d528b4cdb20dcb50292a6c015b44df3601c415276d66f72cac2cddf130fb050233e617991c4a4f086bfeb8fe84c7c11c16ec45d03479d30d5230c93cf0b0de86e635e33707df0711f1cf45bf98eb0c8ade684666339c653be6561a748a15364ca63f0a4b1df8ead620ef104301cf7f4825952fa58ee70a89fece0c77da34dd293bb9564f1be80b0b83d33fc05bec17771aa8494a0338a68b5ca11a6445a36fc24f701ca1c89f207e7acef4fc1eba704e3e9e660ac272141e6596e658d1d080f9a464b927181c6aae3dd03a70be7b40fa63717f6f62910a434a3fdb60ba301774f0fab468d9bb1faa2913d293f26ae9e6c545eb4fd4292fd44c9af2e3fc7396f1189f06805ddb492e3645cd69afa015fa4aaef02a0e3015e00de54c9bd8febdbc009fa3c0c28852249fc"}, @generic="66f775f81f7297ea807906e437d62636ee0f5a3bbe15f083a59783da7bc332641616292babdf6c9731", @typed={0x8, 0x7a, 0x0, 0x0, @fd}, @generic="d769c412d2ce12c33496941bee839e4bb27e109923", @typed={0x8, 0x92, 0x0, 0x0, @str='udp\x00'}]}, @generic="685dff337b85a47ae17a96ecb0afc0622db914b5f99eafb4cda7171e9e69d3e690b496ecc7c623a21024d0be6f1b863236feb4e86ff5f2de9013aff73f8c2f9da396f6cf685eb5b213d7876a82128c52d8d4f0ec81368d134fb0bfa348b102c50ae2a005e3accbb2d22b2b32b391d83e87779885294a51c752c7e573e6b86ecddfb1faf15e23db8ab7920111389e4456341cdff3e823e500f90c2648cc2cdc7944d240532e839034a5e6cc664de29f55fd0b9fea4f745ab12028ac7cac4436314e", @nested={0x116, 0x1c, 0x0, 0x1, [@generic, @generic="1c533f51c7c3b3599c0191f30ecb07ed50e4388bc6a7f36c0a3915af5661c6cde772df2f43575f", @typed={0x8, 0x10, 0x0, 0x0, @u32=0x7}, @generic="1d7f7fb7ff7e24e3b33609446e77379893efddabf012bc2c09e7b95f9e046645dffe84c5478616899a2b6e12bb0f95ffb94a60c7debe15517e07d594617b864ae48917771aff653a043ee4b2c79db062cb8db1f87ce46878994d56436e0d39ebd2bfa5ce4369ed699e4b7623aeba32dab4deeee97f43a5509d3c2b9cc87c016f1c22870db1a235230edd9cf75858dd1f2f40c09e73a8c9f902c50ecf5ba884b25a86f2e15f18e7755228ad9c3bc277461929a227562521442ba64224fd67bf471e4e68059ac9195e99c7f2914e52fc4f76d4ceb2cc48d67557", @generic="9038256286ea0277095a"]}, @generic="c3d543302ccdd6f73dbbc187499b824d5827cfe606af727dfcd9a4c65330850afb4b83c987f589707516b42aa512e1660f7cbba4d5ae2aa96a2a74985639fd90c962173913f2c1b95bdba2050d39772191cca8b86850e1ec12aac9d1ae8be884c9a44e79acb44b80d41932e1c0a9b9c52c5e8960128cefdeb2909a6217490123eb852bd754a6a63683da56b430c2ed86477e79a2f63a1025e8332c1545901abcaf787340fb4bbf2aa4a7729d82c48fafcfe0c26032bc92", @nested={0x11e, 0x8a, 0x0, 0x1, [@typed={0x4, 0x57}, @generic="f42bd7f268299feeab4a8e7d6d95ebe3daa6ff8c1b48b694ba78827551aa23506434edbb2a02ceab3bbf993c899817b681f18f636347494aadd4eb9810399e8f3c9113cb22d302dca611fba44da37505a47c2b3ce1c0e923e934acaae31e1428ff10db0231b08d", @typed={0x4, 0x77}, @generic, @generic="699b0277c68f75b88ea0cebad1486499e08c2773e93c4e344e1c4151bb0a81db13553a7e6cf92b6c4bfef9fd", @typed={0x14, 0x4b, 0x0, 0x0, @ipv6=@empty}, @generic="3fad8e8f73567328739599b517c071a0b66adcf2b5ef3fdf32a393656cf64a6255046dcbb1f2085b0e7999aecb3027c008a5eb8f8cd65fd9030661829ce262b323a2f8f830fca4f709cccb7a99a10a650613dd466172023f8bdffd9792c6c85e9e712a", @typed={0x8, 0x8a, 0x0, 0x0, @ipv4=@rand_addr=0x64010101}]}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, [], 0x1, 0x0}}, @typed={0x8, 0x1c, 0x0, 0x0, @pid=r8}]}, 0x25f8}, {&(0x7f0000006dc0)={0x10, 0x29, 0x10, 0x70bd29, 0x25dfdbfb}, 0x10}, {&(0x7f0000006e00)={0x1c0, 0x38, 0x1, 0x70bd27, 0x25dfdbff, "", [@nested={0x1ae, 0xc, 0x0, 0x1, [@generic="6eaf4f24d4b32ee5dc4d4fe6dcf810447c04f84d495f81d54564320fac82a93323d8e918288a0df51a03f8fdfc610a1f74a202ec2c537f7b70456fb5396fd3f07351a8ba6f27f8acd739b67a6fb55411f4b44fcfaea0fe5fe9de08933329abb8b9150bbe33330db3a6bb6d829293f06d65651109b0fc747a051a54b52633948330e7d5c3384c8ee928d234b71d5f56eb68d9b51119f4289ff3a99a78619191f143026b0dbd", @typed={0x8, 0x43, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @typed={0x8, 0x6c, 0x0, 0x0, @pid}, @typed={0xc, 0x53, 0x0, 0x0, @u64=0x3}, @generic="55e3374f18b961ef50eeda47222a37dd1013f17bdb7c061633579765575bf4b9d2bdee6088356d3669c0e1852c0a79aa47df814256d4118e9f7d921640807a7d17ef68cd4d825c2f154a4392c5f3293ec6488d71bdf60ce2c71a15b6eb1717df865b4228a07b9c36e194276d425004b4720e769e6a1aafe09d24ab30c97a192a54ed3017242bc6309751d0463c96fb3fe22c365fefcad2ffd34403815920bd293c5e5a13f2b501c38db700a9f4eb4321035376e0f76fb885b4ed97601d3b723342f9b7b581221c4234acbd47ef33d7490157e0c7ef2bf3f9b9e75d03f382d84556", @typed={0x8, 0x19, 0x0, 0x0, @u32=0x3ff}]}]}, 0x1c0}, {&(0x7f0000006fc0)={0x1c, 0x1c, 0x2, 0x70bd2a, 0x25dfdbfb, "", [@typed={0x8, 0x67, 0x0, 0x0, @ipv4=@private=0xa010102}, @nested={0x4, 0x46}]}, 0x1c}], 0x7, &(0x7f00000070c0)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r6]}}, @cred={{0x1c, 0x1, 0x2, {r8, 0x0, 0xee01}}}], 0x60, 0x40000}, 0x8005) sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x6c, r3, 0xc573de0d27bdfe6f, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}, {0x20, 0x3, @in6={0xa, 0x0, 0x0, @remote}}}}]}]}, 0x6c}}, 0x0) sendmsg$TIPC_NL_LINK_SET(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0xc4, r3, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x9c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff88c5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x743}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4f}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xcc1f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x44050}, 0x810) 17:02:55 executing program 2 (fault-call:1 fault-nth:4): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 326.196901][T10275] FAULT_INJECTION: forcing a failure. [ 326.196901][T10275] name failslab, interval 1, probability 0, space 0, times 0 [ 326.209713][T10275] CPU: 1 PID: 10275 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 326.218451][T10275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.228583][T10275] Call Trace: [ 326.231981][T10275] dump_stack+0x1df/0x240 [ 326.236430][T10275] should_fail+0x8b7/0x9e0 [ 326.240967][T10275] __should_failslab+0x1f6/0x290 [ 326.246113][T10275] should_failslab+0x29/0x70 [ 326.251112][T10275] kmem_cache_alloc_node+0xfd/0xed0 [ 326.256401][T10275] ? __alloc_skb+0x208/0xac0 [ 326.261065][T10275] ? rtnetlink_rcv_msg+0x1246/0x15c0 [ 326.266449][T10275] __alloc_skb+0x208/0xac0 [ 326.271071][T10275] ? kmsan_get_metadata+0x31/0x180 [ 326.276279][T10275] netlink_ack+0x54c/0x11a0 [ 326.280862][T10275] ? kmsan_get_metadata+0x4f/0x180 [ 326.286088][T10275] netlink_rcv_skb+0x321/0x650 [ 326.290934][T10275] ? rtnetlink_bind+0x120/0x120 [ 326.295955][T10275] rtnetlink_rcv+0x50/0x60 [ 326.300580][T10275] netlink_unicast+0xf9e/0x1100 [ 326.305510][T10275] ? rtnetlink_net_exit+0x90/0x90 [ 326.310637][T10275] netlink_sendmsg+0x1246/0x14d0 [ 326.315688][T10275] ? netlink_getsockopt+0x1440/0x1440 [ 326.321150][T10275] sock_write_iter+0x707/0x720 [ 326.326010][T10275] ? sock_read_iter+0x760/0x760 [ 326.331031][T10275] vfs_write+0xd98/0x1480 [ 326.335501][T10275] ksys_write+0x267/0x450 [ 326.339935][T10275] __se_sys_write+0x92/0xb0 [ 326.344727][T10275] __x64_sys_write+0x4a/0x70 [ 326.349434][T10275] do_syscall_64+0xb0/0x150 [ 326.354045][T10275] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 326.359985][T10275] RIP: 0033:0x45c1d9 [ 326.363913][T10275] Code: Bad RIP value. [ 326.368033][T10275] RSP: 002b:00007f4e8b787c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 326.376517][T10275] RAX: ffffffffffffffda RBX: 0000000000034c80 RCX: 000000000045c1d9 [ 326.384635][T10275] RDX: 0000000000000024 RSI: 0000000020000000 RDI: 0000000000000003 [ 326.392685][T10275] RBP: 00007f4e8b787ca0 R08: 0000000000000000 R09: 0000000000000000 [ 326.400804][T10275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 326.409038][T10275] R13: 0000000000c9fb6f R14: 00007f4e8b7889c0 R15: 000000000078bf0c [ 326.458962][T10274] tipc: Invalid UDP bearer configuration [ 326.459111][T10274] tipc: Enabling of bearer rejected, failed to enable media 17:02:56 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3) r1 = memfd_create(&(0x7f00000000c0)='\x00\x00\x06\x00\x00\x00\x00\x04\x00\x00\x102\xffk&\xbe\xde\xfe\xc9<\xb0\x8d\x1b\n\xef\r\xdc2(Xr*&\xb3}\x10\xdf2\xd2N+l\x89\x86\x81\x02\x16F\xebg\xc9\\&\x1b\x1d\x1e;;K\xda\xaf\xd4\xc3\x8c\xb8m\xb6D\xb2%<\xc0P3\\\x87\xef\xb3\xee\xae(\x01\xc6\xcaL\x12\"\xfd\xde\xdb&k\xfed\x90\\y\x19Q\n', 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x43) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="0203"], 0x2) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) [ 326.624760][T10274] tipc: Invalid UDP bearer configuration [ 326.624832][T10274] tipc: Enabling of bearer rejected, failed to enable media 17:02:56 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000100)={0x7, [[0x8001, 0x1000, 0xfff, 0x6, 0x1, 0x81, 0x4, 0x3], [0xc0000000, 0x10000, 0x100, 0x6, 0x0, 0x81, 0x9, 0x7b9c53d4], [0x200, 0x3, 0x6, 0x732, 0x1, 0x2, 0x80000001, 0x8]], [], [{0x800, 0x2, 0x1, 0x1, 0x1, 0x1}, {0x0, 0x80000000, 0x1}, {0x7fff, 0x3, 0x0, 0x0, 0x0, 0x1}, {0xfffff801, 0x5, 0x0, 0x0, 0x0, 0x1}, {0x4, 0x2, 0x0, 0x1, 0x1, 0x1}, {0xda1, 0x8, 0x0, 0x1, 0x1}, {0x0, 0x7436, 0x1, 0x1}, {0x10001, 0x4, 0x0, 0x0, 0x1}, {0x0, 0x100, 0x1}, {0x3, 0x400, 0x1, 0x1, 0x1, 0x1}, {0x9f, 0x8, 0x0, 0x1, 0x0, 0x1}, {0x3, 0x6, 0x1, 0x1, 0x1}], [], 0x5}) r1 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) ioctl$VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000380)={0x3, 0x6}) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000000)=""/110, 0x6e}], 0x1, 0x80000001) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:56 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000140)='./file0\x00', 0x0, 0x7a04, 0x0) chdir(&(0x7f0000000240)='./file0\x00') r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = creat(&(0x7f0000000240)='./bus\x00', 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x420c1, 0x0) mknod$loop(&(0x7f0000000100)='./file0\x00', 0x10, 0x0) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0)='l2tp\x00') sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x3c, r3, 0x300, 0x70bd28, 0x25dfdbff, {}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @local}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x81}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @broadcast}]}, 0x3c}}, 0x20000044) write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f00000000c0)={0x25, 0x3, 0x0, {0x0, 0x4, 0x0, '}^h.'}}, 0x25) write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[], 0xfd14) r4 = open(&(0x7f0000000080)='./bus\x00', 0xc042, 0x0) sendfile(r0, r4, 0x0, 0x80001d00c0d0) 17:02:56 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) socket$inet6(0xa, 0x800, 0x614) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) r3 = syz_open_pts(r2, 0x800) ioctl$FS_IOC_FSGETXATTR(r3, 0x801c581f, &(0x7f0000000080)={0x1f, 0x81, 0x100, 0xc29, 0x7fff}) exit_group(0x8) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000000)=0x5) [ 327.157349][ T32] audit: type=1800 audit(1595264577.060:2): pid=10292 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15740 res=0 17:02:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x38, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1841}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gre={{0x8, 0x1, 'gre\x00'}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x38}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 17:02:57 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 17:02:57 executing program 2: socket(0x10, 0x3, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x40200, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000000c0)={0x3, 0x0, &(0x7f0000ffc000/0x3000)=nil}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) write(r0, &(0x7f0000000080)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x39) 17:02:57 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000500)=""/526, 0x20e) getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, &(0x7f0000000740)={0x2, [[0x0, 0x52f, 0xffffffff, 0x3, 0x40, 0x400, 0x6], [0x9, 0xa, 0xe854, 0xb5, 0x7ff, 0x3, 0x4, 0xffffffc0], [0x8, 0xaba, 0x0, 0xee4, 0x0, 0x7, 0x8, 0x7]], [], [{0x8, 0x3, 0x0, 0x0, 0x1, 0x1}, {0x9, 0x3ff}, {0x8001, 0x3, 0x1, 0x1, 0x1, 0x1}, {0x14, 0x3864, 0x0, 0x1, 0x1}, {0x1, 0x101, 0x1, 0x0, 0x1, 0x1}, {0x7, 0x9, 0x1, 0x0, 0x0, 0x1}, {0x6, 0x0, 0x1, 0x1, 0x1}, {0x8, 0x3, 0x1, 0x0, 0x1}, {0x0, 0x7, 0x0, 0x0, 0x1, 0x1}, {0xffff, 0x3, 0x0, 0x1, 0x1}, {0x3, 0x7ff, 0x1, 0x0, 0x1, 0x1}, {0x40, 0x2, 0x0, 0x0, 0x1}], [], 0xd31}) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) ioctl$RTC_ALM_READ(r2, 0x80247008, &(0x7f0000000000)) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000040)={0x8, 0x8001, 0x0, 0x7f, 0x8, 0x9}) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x28, r4, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {}, {0xc, 0x13, @l2={'ib', 0x3a, 'sit0\x00'}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4008051}, 0x80) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0)='l2tp\x00') r6 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x8000, 0x0) accept4$alg(r6, 0x0, 0x0, 0x400) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000a00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="17090000000000000000010000000500070000000900000009000000000008000a0000000000077c5ca81bc32cf7caa7bc0dac58e013455e1a5ed6ee8d66c383f18f0669203235bda98faa5434a2d963f4f05038a4f8290a43ed1a001950d39f6497d5ff4d682304c85adb6db006bdb320b88531d16f09270bac334e4af2e967f94310df98c45388360f15bb12d9b5955a26504492ce82323b0a885370d708f519df9cbf96b0a285c490f990dce110e80190d9f62c310142ecd266402db531c74026"], 0x2c}}, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="45000200699dd16da02918f5aa33bd929dbe59bc1bdd2f0147d87ac7bd4a1571228b6aecc4551df05dd8faa40b772256bbe1ae43fa0288272c9b5c969fa6fedc3fbe8f4380ab4b088a0be58aaa2d3f2d738747b3c1faa857fd4945a37caae37a236491cc4135ea63981a1c2534badacf17e027b7bb2c4d001652b23425b6b120450fb839b441da0877c1b43aeb9b33769261991ceafd96f69c154992cee265a1df876611a3b22db675181091e6e00be114a17ba0170c44b6bf2ea206e0a00b2035b51805d19a526f9c3b9e2a2767773aa80edf1cc7d1a1d0fcf32c3c6e12411d239139a45f8fe0d3f9aeba5969d6324dd1d88154d510", @ANYRES16=r5, @ANYBLOB="00032dbd7000ffdbdf259372227982400600000005001300ff0000000600"], 0x24}, 0x1, 0x0, 0x0, 0x4040000}, 0x4004081) 17:02:57 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) recvmsg$kcm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/133, 0x85}, {&(0x7f0000000100)=""/195, 0xc3}, {&(0x7f0000000200)=""/174, 0xae}], 0x3, &(0x7f0000000300)=""/28, 0x1c}, 0x40000100) 17:02:57 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x9) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:57 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000140), &(0x7f0000000240)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000a80)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup2(r3, r4) openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f00000002c0)="b86a068ec00f20d86635200000000f22d80f21d864f30f5ae20f32ba2100ec0f20e06635080000000f22e00f20e06635002000000f22e00f300f828ec6", 0x3d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000440)={0x0, 0x0, @ioapic={0x6000, 0x0, 0xfffffffa, 0x0, 0x0, [{}, {}, {}, {}, {0x0, 0x0, 0x2}, {}, {}, {0x0, 0x2}]}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x793d20, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r6, 0xae80, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0xb, &(0x7f0000000080)='/dev/hwrng\x00'}, 0x30) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000180)={0xc, 0x8001}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 17:02:58 executing program 2: r0 = socket(0x10, 0x3, 0x80) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:02:58 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = open(&(0x7f0000000080)='./bus/file0\x00', 0x600101, 0x36) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) ioctl$CHAR_RAW_ROTATIONAL(r2, 0x127e, &(0x7f0000000000)) 17:02:58 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10000, 0x2, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) 17:02:58 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$KDADDIO(r1, 0x4b34, 0xb1) getdents(r1, &(0x7f0000000000)=""/104, 0x68) 17:02:58 executing program 3: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket(0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x5, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x1f, 0x20801) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r1, 0xc0385720, &(0x7f0000000040)={0x1}) r2 = socket(0x6, 0x802, 0x0) write(r2, &(0x7f00000000c0)="24000000200099f0003be90000ed190e020008160000100000ba1080080002007f196be0", 0x24) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'lo\x00', {0x2, 0x0, @remote}}) [ 328.677090][T10349] IPVS: ftp: loaded support on port[0] = 21 17:02:58 executing program 2: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) write(r0, &(0x7f0000000040)="2400000058001f000307f4f900230480050000feb530772b47860a8078e9ed8a7cc6877f1ac4fe8c5a", 0x29) [ 329.686052][T10349] IPVS: ftp: loaded support on port[0] = 21 17:02:59 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r1, 0xae80, 0x0) 17:02:59 executing program 0: r0 = gettid() r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0xe0, &(0x7f0000000080)=""/238) ptrace$cont(0x20, r1, 0x0, 0x0) syz_open_procfs(r1, &(0x7f0000000040)='attr/current\x00') ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0xff) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000000)='ns/uts\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:02:59 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) write$sndseq(0xffffffffffffffff, &(0x7f0000000080)=[{0x9, 0x2, 0x7, 0x8, @tick=0x6, {0x80, 0x6}, {0x3, 0x1}, @addr={0xfb, 0x9}}, {0x1, 0x6, 0x2, 0x1, @tick=0x1e, {0x2d, 0x80}, {0xfa, 0x2}, @quote={{0xff, 0x81}, 0xfff9, &(0x7f0000000040)={0xc7, 0x9e, 0x8, 0x80, @time={0x0, 0xee33}, {0x5, 0x5}, {0x1, 0x6}, @control={0x3, 0x9, 0x80}}}}, {0x1f, 0x3, 0x3, 0x0, @tick=0x7, {0xff}, {0x40, 0x80}, @raw8={"1dfe55dae63aec568892fac2"}}], 0x54) 17:02:59 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) accept4$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14, 0x80000) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 330.010648][ T1410] tipc: TX() has been purged, node left! 17:03:00 executing program 2: r0 = socket(0x10, 0x80000, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:00 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = gettid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) ptrace$setopts(0x4206, r1, 0x1000000, 0x10) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000080)) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000000)='NLBL_MGMT\x00') getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:00 executing program 4: r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @local}}, &(0x7f0000000080)=0x80) pwrite64(r0, &(0x7f00000000c0)="416c3c7bdde2d95e67ade4593c38190185754c0f83dec8227f944cef46d569b551f9e39da244e8aac3c756794908671af5c7a9dfdb0b15c6ef9f5c933793493f59638070d6031f0ecc9960751d10009c98043374704d1498", 0x58, 0x383b) r1 = dup(r0) ioctl$MON_IOCG_STATS(r1, 0x80089203, &(0x7f0000000140)) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x1d, r2}, 0x10, &(0x7f0000000280)={&(0x7f0000000200)={0x6, 0x840, 0x8, {0x77359400}, {0x0, 0xea60}, {0x1, 0x0, 0x1, 0x1}, 0x1, @can={{0x1}, 0x5, 0x0, 0x0, 0x0, "402e836e47809e3c"}}, 0x48}, 0x1, 0x0, 0x0, 0x40090}, 0x8000000) ioctl$SCSI_IOCTL_GET_IDLUN(0xffffffffffffffff, 0x5382, &(0x7f0000000300)) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000340)) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000003c0)={0x0, 0x200, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x1e71c38, 0x5, [], @value64=0x6}}) ioctl$KVM_SET_TSS_ADDR(r3, 0xae47, 0xd000) r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000400)='/dev/dlm-monitor\x00', 0x100, 0x0) ioctl$KVM_S390_VCPU_FAULT(r4, 0x4008ae52, &(0x7f0000000440)=0x6) write$P9_RVERSION(r1, &(0x7f0000000480)={0x15, 0x65, 0xffff, 0xffff, 0x8, '9P2000.u'}, 0x15) r5 = syz_open_dev$mouse(&(0x7f00000004c0)='/dev/input/mouse#\x00', 0xffff, 0x101000) r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000500)='/dev/dlm-monitor\x00', 0x800, 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000540)='9P2000.u', &(0x7f0000000580)='#@^#]-,`%+--%\'$\x00', 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f00000005c0)={0x0, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, &(0x7f0000000680)=0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000006c0)={r7, 0x800, 0x1f}, &(0x7f0000000700)=0x8) ioctl$KDGKBMODE(r5, 0x4b44, &(0x7f0000000740)) ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, &(0x7f00000007c0)=""/177) 17:03:00 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000080)={0x0, 0x200, 0x2f5, r2, 0x0, &(0x7f0000000040)={0xa00001, 0x1, [], @value64=0x6}}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) ioctl$RTC_VL_CLR(r4, 0x7014) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r7, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) sendmsg$can_raw(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x1d, r7}, 0x10, &(0x7f0000000180)={&(0x7f0000000100)=@canfd={{0x3, 0x1, 0x1, 0x1}, 0x3c, 0x1, 0x0, 0x0, "7033e4e3d72db7206045c3f9ff1d8c65ceee50f4df86271073be167d62ac2c333f75fc517be2c79774814fd52aa5d257d7cbf433b13ac9ab01d9b138d5473b69"}, 0x48}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:00 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x20200, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f0000000040)={'broute\x00'}, &(0x7f0000000100)=0x5f) r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 330.825063][T10429] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 331.004902][T10437] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:03:01 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r1, 0xc1004111, &(0x7f0000000100)={0x10001, [0x3, 0x2e1, 0x6], [{0xffffff0f, 0x1ff, 0x1, 0x1, 0x0, 0x1}, {0x10000, 0x2, 0x1}, {0x4, 0x25, 0x0, 0x1}, {0x400, 0x80, 0x0, 0x0, 0x0, 0x1}, {0x5, 0x20, 0x1}, {0x2, 0xfffffcce, 0x1, 0x1}, {0x1, 0x0, 0x1, 0x1, 0x1}, {0x3f, 0x3, 0x0, 0x1, 0x1, 0x1}, {0xcdb2, 0x10001, 0x1, 0x0, 0x1}, {0x20, 0x2, 0x0, 0x1, 0x0, 0x1}, {0x4, 0x6, 0x0, 0x1, 0x1, 0x1}, {0x7, 0xba0, 0x0, 0x0, 0x1, 0x1}], 0x44f4}) [ 331.900749][T10449] IPVS: ftp: loaded support on port[0] = 21 17:03:02 executing program 3: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000000040)={0x2, 0xfffd, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = openat$mice(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/mice\x00', 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) setsockopt$inet6_opts(r2, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) ioctl$DRM_IOCTL_CONTROL(r2, 0x40086414, &(0x7f0000000000)={0x0, 0x1}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket(0x40000000001e, 0x1, 0x0) r5 = dup2(r4, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r6, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) accept$inet(r6, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x0) 17:03:02 executing program 2: r0 = socket(0x28, 0x5, 0x5) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="8496a8280b65e3fe2efefe07000000dddf45f80ff7d800000000cda55517a9aead90ada877558340e84c3394a75bbbc56ce9aa1b430fdb56b7", @ANYRES16=r2], 0x1c}, 0x1, 0x50000}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x100000c0}, 0x1) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="8496a8280b65e3fe2efefe07000000dddf45f80ff7d800000000cda55517a9aead90ada877558340e84c3394a75bbbc56ce9aa1b430fdb56b7", @ANYRES16=r4], 0x1c}, 0x1, 0x50000}, 0x0) r5 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r5, 0x0) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000180)={0x0, @empty, @initdev}, &(0x7f00000001c0)=0xc) sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xfffffffffffffff7, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, r4, 0x2, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x800}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 332.621137][T10449] chnl_net:caif_netlink_parms(): no params data found 17:03:02 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r1, 0xae80, 0x0) 17:03:02 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x4000, 0x20, 0x4}, 0x18) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000080)={r0, &(0x7f0000001000)="05be8796d406de71e90bc83c184ec3066c81a5997edece1abe47ef1f1de4fc67f388faf79328303523f67e25dfb9483b89e0e4db376e4262b61840e681d460111a729913d94f52f5be8af471c33f42fc888fe87cf412f6880684e7a47a59b21a17e58574704506fcda14b9965d97d8da6d7a2f0a935edc2676ce88c2f28fd538a515b6d9fd9faf7070e213d4bda00a6f88c3e2ca1e1df21c0d94e891d4b3383a14bb6d8777654f5cd3c6631df2a45caa45c1cad6f76faa9796f4e3fd53ff2a5884339fffb9cbae80349fa9104de53ad3c70acf104924b501a3a93ed7d8bce29011cd69df5021ba554a45b4fefc7930abcd513cd26b7387960bf48be100c6f108a24b93be2e710dc88451c20185d524d7601e27411fbde38a5cc7eed6f5aeccfdd73d903c9c5031efc6cb287cad76830c68546376e06ad8fb071023c0ecc08bf2daba4709d980a36971a5552346eacb3abac8b989ecaf5888b842fb131c062ea12ecf646a6634ff3ee88988f704371a109204dc4bcbdc5e33d9c4316ec4fb5e118b9e07ff8c013abb5cf0a00fc8e268738123164ccf80ff45acdc286f959d0d20189935c9a141cd32a72c2be66fa7d9b56add7e287e48641a939f7927e770418cc8a3207795f697a9331a5d69032cfd5d50afdf30430d44b29a267b2374a7e0f5ebadb45273cb3ea67665ec1628716ae74d98e1172defe1b18b36edd7efe67bea8a86556e3b7e7607ed5f90d33519bcd4a51c70fa6a29bc56b77b8168856dece9206c748d7de748ac72b941b61cb1f8c3da41e4e50dfd308672a1f7321f31b0944cb9acd2a6df7781793ce46f183eb4060454729dc970d143815c62dc2a252dd1f9415f8e90cb204194817e1462df0c9a22d368e249354ebe86d7a9a6db019e0d998cfc6f74fb12822958e910280c36e7f170793f6dce64f0d49dd722e328f483e61a37f09c2276bdd0a14decaed79a95af011529dc97c9d3b68ed0a53f21c2f09bef51ee6e85443f2f4d35d7bec04aae07f7adb4d5721d0d78bbdd50f9d965a3730689ddd0f27db594aefb39c37f1769b9ce78d37066e84b3a5ff7c1c960ab7ea3bb1f587c7d4bb477ee53df7b4c91c1ac555d4cdee6150dfbd05de4d35f724107441b29c618a9f0f5618cce4dc040b3f3f07dbdb233e9eb56b1911a72fe42099144213506c7537acc27a0f4ab50dc7de6888b17452e758276051de436094757519712a10fd7385694445de7b24efc8df020837f4b73567d08835874c22edde4d8b31005337a241589ae54571d5e0d0762fd02dcd94df71a924d18d6d0b3fe11a2397a53c01138d69629c11d0daf63ae4c9fa4239ff4ab2f00cbb46af2dc78c965146b7b5ddbd6b15d3f85d4dc5a3254f4773b1dcbcdb91e0460bbf9d21dd1d54c0ff739b5102d7afd18cba633614de6c78953585ed0382a91bd1d90d7d0a02f02ee9719143d988f7765466669a216165c22e49ea0e197df54f1153b4fbdd95a64cdccf243758f4928593a6111d1bdc2f0e7755e360aca4417708401762eb62c61a743f089f0d9605142c7b98bdde68fa1725b4f24e879deb0b9fe8fda273a67043bf7c796bc3563e206d952fef2deec73c1927dcacb2df0d115ace3559e381dfa64ae01679320c8374a397525bbf2b825bc981e02640097b680e17389cdf359c00ecfa9bb51ce715676bd301585ba036515d644c39154ba32f806eb423a805cf0ab2d35efc03640b07fdf164aff779b9dcef7b5b0ab9a5c8906e561d67b68cbe0f0e7af19de4fe376ee71e3060905c346c64e640819000217d43baecf27e43300fe7aef7bd48d09cbdfa9cc6872665030181773b1de104f1e480b85872b92b105ad105224e521c62c89c8d4fb9a6be0521281a2646083070405aa333b767430c979c44551b4c05ff212aa48808e976ffada7bb457713c14c04804901a375c894ac1cad8cc709df1cc04997adc6ce8e6bc6188d5adacc931343febacb27033e5308feb589673bc23515de4faa395522b0e77226134507f7679c864ac7367c484fc47f19fe555decdbe57758dc3654bdae24c2615d731d34476745bf33a5cdd0b9b78b6e61bfbe7e9fe8fe0b83a3fc7707d732b79a9453e3fc309f3a24527e34f4eaed32a2fd5c0230bdd5e03bfe482cac8e3cdc1fd10f8e2318fc54297051aa7fdc0190e7640ef962cd8f2485e32d631d3a52219e327038dd580499ba9e13bcc649c94744f88906d8ea41de7e0b97f872940cbdc20dd042527e8839bf2cd6fb8ef494c36b292db8020cfacdd95885c3cba1cd2231589df511d10a3811920bd995d92f48ff1f001b47a06ae6e32304db8ab2e606bb9644ff1e2e240e937b5c64db48954cb4b3df5f18a6ea1fc7d6f3323cca5ed216361b8d394d65f5b285ac1b3d35168ab520db0d0b94182ef8a5af766f6579716875f338f86bce64fb4fecd4f16da13bdd10d95b64b50c659e6184851cd2df581b249ebb9ffab723557725dc1d52c74920dc90e7589fd7e195d37e0080ce7ccd68e306d77a4ed50e7d0b33e42d9978d8912cb814e58efc0dac751087fbdd404dca0cafa228e33c43482de8ec6dd01da12da1967b40cb596939a217dd89a5b514520e9e419747405f3634884607810f0e4bb6fc17b1399cc89a4f791b57f3dae5450b395f2555b7e7b057abc5c3a340b4ef7a393aa31c6dd0bf38070eeb27506a56e023f20fc858b359ac5e25266bc818451db2b7c7aabb73b83a2951860352cb92cce44faf735a2dc72f2a0fc9d91eb3fd623c1aae63e1fdfe9bfc9bc8e4e05c01d8e217018bed19d26e6e44227c1306386245000941f36c2bc9de48ab19fafc1699b3fc9f636fc79c919fe79e0b8868bf56e6d3d17e3a616cba99e6b39f78da8e28c3f883eeda9f18022bbdc50fe86b22c6dfd2bce197a134d1c8e208e00ac65bbe610f8c2b3e3fa37a55da4f773ba20d888b3f9b16fecfe74494f0c3a087a835719582abd0057dbbb7d70cc866e86801be10df0f6d277c5d7e5134d4445d2edf5b352f30ad8db638fbe9e8e76994c24954049c2cb47a3dcaddcab8f025d4eee75fb30682a7a6286ec2e4cd58b47e9562dfe70cec4196d6cef194d0c933199a16256015264fd47a909f35b8462ac6cdf4b074f65caa3123864ce2e5a186fb401c9b575debb89bf3800a759274f82def7b01e439b76c72c03ce739e8f71872deac7d61533e3d4096e7883eb9814056afbff5e8dca3897337ae8fc3dcb1eced9eaecad420113763ece708d5d72bda2a2dfb6925df9c9c1dd334c7888b234e7140d1160fd83e8b5692f121a6ca4faa2bd7e72509c5c48890dc91380f62ad1ecf56c6ac341b2a524a54371d10b2438ae9a874d668ee2273b19b5139b867db3524415b18858b1dd47ba48791528ece5d1cee4b97602aae2cab3a3b5983e5b627a76ecef9062d8f58f7c25bb3ca38890dc702908dcb03d1dc10efda86907e730dc8c09401217e543ca0dd0b4737ac51d8315541123d115eb3087eba09aa8dbc21001bc92e1faa4c0481e18b2212b698f23bdaca45c5fa6a59895b3b870950c9c55274cfaf03f402102fcc6c9b0c6044cf20c7ec5f2528fdf9a108c100d9b4cce40be97c9445985ffdb73a56c88f9da5c0a0daf0ead58293f3355278e3a49ebc1c262c06ed80375b79a5f041a30bab073644b9b32616192a31f7825cdf6a51d43aa64261ab21992924502d7e311f9d6e25878ebdbd70059964b3a70ec0f3c451cc6577d148deecdcfd12d99d7ce78d77b3a047182aeb427cb585b07650736b7ed923689cbca6fc45ec5c5ea48133c35cf1c9b4e75a2891447e18ef16f0b48dd910b5fc74260076e3d759cc97b18368d55b75da8eb4d020eb8bb90e4b6c8c1bf0bef710a086317dceec79416aa3f281f740e3596fddca3c6ec6425ccf55eb02dc7de1233a8d5c48a21071f82e20546205386ab554b6bbe045a8e6eebe016bd5935e6946ed4c745b68c2643197f6c91fef83a200a9f18a923281213d8749be3114a110bd664838c13b2ff6b56cfe862986d9fba12dfb274793ce49e2d77b8c02b38a04e137147944466ac8df0a8b98fb922aea56385a77c5229c6bfebd421dc18a4bc4265991ed814cfd51aabfe4981f9e7bfa50e0f7186b88fad0579126081acbe904816d180329ddd34876d22d1ab315aaa10a9da6726b84e6c8fd86a3e3d0d22c5890512b6552e38ed24ffc27b30818c2b93ad2ed1422faa562baf650196e9e09acc0e3043ffe056720409fadeb4a690d9d42a810a0ef9a6a16a4aaee99b8a9aeafb242660b49856698ae10898e7410a37071a105813e24b3004c7ece9ec77fddf90ec68635102ce675e235f5bdbdadc4b3ba692a6dc31e71412e3b32847530efaf7b3eb99bd6a6b472ac6f9a004733507beb032c42a31ac47b224c664f4ffee95ecb5031ef3957b39aa67dd3dbd0c1e441f1406c3d773de77399efe44055efae1466fa7de2c7b2d9d6b2c74cdfb3922b16c5013f147184825fda8e6483443bc4a7f14e613e73d52eeb11fa9cd10f511092b7a773212d6bd565a5464c7eeefdbbed12a5bf3f9b8fd514373ea631420669bb065dc1310ec79735e110fffc04c47e4a8a73a1d9f1201d8f0037eddd91124e50b4ebde56bca38b27969103095a138c7639ff4f1cf6dbf6c8cb25dea1f6ba7353870c7b074fc7ae45af9ec5175784d6aff4a7b17c75058e8f97fe02276412e5a877b396a7209bd5e4c14eb211ae6ca4d56430aa982caf87c2abc23db47bb624390f48f8f5fa9ce91131f24aacecb51473b6786f74f4c39cbca942a0d8547859aea3821c1224d23ea258b7e9b97f3f3b2b3f4db4b7a649a2290b80b8f42fd981bebe5875102558d4076e0c758de464b2e87d1d49f05fa17b37bcc9048e1a2e2775d5ec65a8c2422f11b29d869f84896601d9cc20c7778834b46030df481119d812156d2d746237ebd3d1794c67cb9dda8004a84b528e0c1941e5c5b91f9a80becf2b819c0d52ec006520363008997a16cfbdcceef8348fec01f9b3abc62ef4c49713d071aa91dd94f44f6f19bf84130303b4b271ddface99ee41c751cd202a4e0172d1bbe4771a783985f81760b57dbfa69b8bf384bc87bc16847f3a0c7abc09e78d74d18a3286c63c7d8a5be66e1a65d68b7544327b51258721cb80cecd80259624bc099da9b7c3d92b67d178482271586529b72c3f1b5820d85e65975733e2e59459ab77d6278ac0644e052e351f78fced77f44bb6d9cb8067081cbcb134d0adfba96fed1b142c9d842308547cf37cf2d607cb9f0085ecd59f9679576178db5742360998056f0bce9444712527bf2e3f0c935ff5373c1eae9b1e490009e6b4af9143bcccd7005be3c05a490d4b6f28a01d8cb01fe281d7126fcd073f59ba1cce7720fe1c6409e5815846329ab3eae1d74cc3101d3a76f1cc22f5a06bc5edde196175e3709592047b0f31c356819e64d88514abad148499886173c5a872f3ce749269e2a02847af52a787889420073243e6cc91c866295f81624c3c4290d17dfce2f68c93fa29a6c525e6d2d84394301a3de6287ea328375bd72d8f458b2ddaf90bfbd0d7b81500296f9a600403fc1947163ef1c8275dea2682920280e469588845d66dfee89ffb0d72b1a4f971d5b887165b1e64a0a7c0c5e034fb6cccd6a21074e219f0713f28458d794fe8869ca40a9506edafd1a788075f5d48a10eb97dec9781a3754e0b437cbb109c3d64ccdf31ccdb441c6e424818acd4d8532b72d50e8c83358252019399bff66c9bc8bfbbe69a97f8759498ce55b2378e43b49", &(0x7f0000000100)=""/116}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:02 executing program 2: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000040)={0x5, 0x1, 0x5, {0x6, 0x8, 0x800, 0xff000000}}) r1 = socket(0x29, 0x800, 0x401) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0xa4, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_RINGS_RX_JUMBO={0x8}, @ETHTOOL_A_RINGS_HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0xffffffc0}]}, 0xa4}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) tkill(r2, 0x2) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026, r2}, &(0x7f00000000c0)={0x1c8, 0x2f, 0x93cd, 0x7, 0xff, 0x6}) write(r1, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 332.837548][T10571] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:03:02 executing program 3: r0 = socket$inet(0x2b, 0x801, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80}, 0x2, 0x0, 0x0, 0x0, 0x81, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r1, &(0x7f0000000900)=ANY=[@ANYBLOB="5300000044a6aeabc81e1506000000000000001000fff64017db9820000000000000d403ffff633b27e59aa19338ac231515ef7cae8c705b6156d23571eacb8df1d2c1249045b8682634dd9d37590a3848499118c9aa66080228727544c62c3d080000000000000097f682e40feac9fe339eab6cde2b172dee3816906787d4f23632530929cdd3601115f74b3012a081a4af9a1d22a991efdcdfa06f6b4ee99c182cebc355eecfcefaf004dc20b91268c5b989f630ba60526d3db3ce7e9c1a7ca52cdfd2b762bb7c69c34d27752a190d3559ee47b7a3c4cdcbbe7eddeb5fc13a3551d1e27c14501ffaee1d397a3632f1d29ae8af7f5347d6792d841d0618afb896c4f07b350fb2ad7baf2d14969c39b6e701a8f7f3d0ca7698de161e1289048962f9aa6c6a272ac379319de72637b6a99149c90005d2cb57b04258a1bdfefc8a9097ce02a28d23f985855543493cff563278d8d6c34fa921ac40e5a9db3ceddabdb0e4066281842c26517e670cf7cc8b5faf65300b81f5d971bd54c42ade7fbef2ec78034aa5ff2ba786b1bbf52683a28ab33f343b3b4687d7459def9edbdbbbd07768"], 0x58) socket(0x29, 0x0, 0x0) openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x4000, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c0000000906015c29d3dfc2a1012f000300000708000940000200000900020073797a31000000004c0007800c001940020000000000000818000180140002402001007cdbc346000000000000000002060004400000000006001d40010100000c00018008000140e0000002a5550008000940800000010800094000000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = dup3(r2, r3, 0x0) openat$cgroup(r4, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, 0x0, 0x0) 17:03:03 executing program 0: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) r2 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, 0x1, 0x4, 0x3, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x4}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0xfff}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x2}, @NFULA_CFG_FLAGS={0x6}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x1f}, @NFULA_CFG_CMD={0x5, 0x1, 0x3}, @NFULA_CFG_MODE={0xa, 0x2, {0xffffffff, 0x1}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x80) r4 = socket(0xa, 0x1, 0x0) close(r4) sendmmsg$inet_sctp(r4, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="30000000000000008400000001000000000000961c"], 0x30}], 0x1, 0x0) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r4, 0x84, 0x7b, &(0x7f0000000100)={r6}, 0x8) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000280)=ANY=[@ANYRES32=r6, @ANYBLOB="580000003344fa9626d98106c4f449ca54cd9db6223ea1734f4bc931f0d9e718f30bd860d4968c5e568b9ac60b5d06fdd06cdc8338e4dde1d899dcbd38986f3edb7e302e9b1546085ce1e143393714a8669e9f40a8c33e14c70375ab"], &(0x7f0000000300)=0x60) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r7 = syz_open_procfs(0x0, &(0x7f0000000080)) sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20004008}, 0xc, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="880004006404080026bd7000fbdbdf25e696ba8831e9dd7b5679ee9791b9924117f8cf316ab105b53ee2479ebdf937880b86bcbbcda6e9b90eb612e085c26f81fdf181e3562abefec291f07a4c7608d981fe97817375c7ee8864865262b0d64af3c2ee16e8cbe26b6a98dc413fe393d08b5a67c9f58f0dc7d76bd19f0956cb2a663c0b58e9000000"], 0x88}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$AUDIT_GET_FEATURE(r7, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3fb, 0x400, 0x70bd2a, 0x25dfdbfc, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40090}, 0x4000000) getdents64(r7, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 333.131969][ C1] sd 0:0:1:0: [sg0] tag#3086 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 333.142726][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB: Test Unit Ready [ 333.149366][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.159274][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.169107][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.179089][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.189121][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.199063][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.209075][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.218978][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17:03:03 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r6, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x6c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x60fb975cf4266756}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}]}, @ETHTOOL_A_COALESCE_PKT_RATE_LOW={0x8, 0xd, 0xfff}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0x3ff}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0x9}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x5}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0x1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8050}, 0x4040) [ 333.228886][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.238783][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.248811][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.258734][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 333.268585][ C1] sd 0:0:1:0: [sg0] tag#3086 CDB[c0]: 00 00 00 00 00 00 00 00 [ 333.425162][T10449] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.432900][T10449] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.442473][T10449] device bridge_slave_0 entered promiscuous mode [ 333.452523][T10608] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 333.515491][T10608] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 333.581550][T10449] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.588774][T10449] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.598444][T10449] device bridge_slave_1 entered promiscuous mode [ 333.608761][T10614] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 333.751520][ T1410] tipc: TX() has been purged, node left! [ 333.922657][T10449] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 334.003910][T10449] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 334.119897][T10449] team0: Port device team_slave_0 added [ 334.186350][T10449] team0: Port device team_slave_1 added [ 334.309328][T10449] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 334.316619][T10449] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.344419][T10449] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 334.474907][T10449] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 334.482544][T10449] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.508739][T10449] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 334.737652][T10449] device hsr_slave_0 entered promiscuous mode [ 334.771688][T10449] device hsr_slave_1 entered promiscuous mode [ 334.810849][T10449] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 334.818504][T10449] Cannot create hsr debugfs directory [ 335.207949][T10449] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 335.253500][T10449] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 335.355737][T10449] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 335.475336][T10449] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 335.789203][T10449] 8021q: adding VLAN 0 to HW filter on device bond0 [ 335.837055][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 335.846555][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 335.887776][T10449] 8021q: adding VLAN 0 to HW filter on device team0 [ 335.925262][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 335.935400][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 335.944953][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.952211][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 335.961961][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 335.971849][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 335.981127][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.988312][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 336.013980][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 336.023984][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 336.034958][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 336.057426][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 336.067948][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 336.106353][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 336.116448][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 336.127461][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 336.138480][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 336.148080][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 336.166682][T10449] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 336.180276][T10449] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 336.189768][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 336.200508][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 336.280366][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 336.288265][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 336.307769][T10449] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 336.362086][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 336.372256][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 336.430719][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 336.442503][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 336.464891][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 336.474242][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 336.487392][T10449] device veth0_vlan entered promiscuous mode [ 336.534887][T10449] device veth1_vlan entered promiscuous mode [ 336.608384][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 336.618205][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 336.629304][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 336.639657][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 336.681155][T10449] device veth0_macvtap entered promiscuous mode [ 336.701352][T10449] device veth1_macvtap entered promiscuous mode [ 336.748922][T10449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 336.760410][T10449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.770503][T10449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 336.781058][T10449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.791217][T10449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 336.801767][T10449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.811760][T10449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 336.822314][T10449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.836072][T10449] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 336.845349][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 336.854964][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 336.864485][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 336.874621][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 336.956955][T10449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 336.968020][T10449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.978089][T10449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 336.990434][T10449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.000437][T10449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 337.010993][T10449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.020991][T10449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 337.031537][T10449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.045587][T10449] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 337.055792][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 337.066008][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 17:03:07 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) setsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0xb, &(0x7f0000000040)=0x4, 0x4) 17:03:07 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x15) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xf) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/6, 0x6}], 0x1) r3 = dup(r2) sendmsg$AUDIT_ADD_RULE(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2c040000f303020029bd7000ffdbdf2505000000000000000d0000003f0000000100000009000000ffff0000810000000700000007000000070000008100000003000000000000000500000003000000000000000001000005000000040000000800000001f6e7ff5122f0ccd91effff7f00000000dc9595100000000003000000070000003f000000040000000300000008000000040000007a0a0000000000001f000000ff07000025fa000006000000060000000800000000000000ffffffff1c000000c20d000000020000ffffffff070000000002000003000000050000007f000000ffffffff8de1000007000000200000f40279fd72db06cee7fafe9e00000000000700000001000000050000008c0a000001000000080000000000000008000000090000000500000008000000090000007511000000000080f9000000010001003f0000001eaf0000000000000900000000000000ff7f0000000000005d0e0000000001000600000000000000380d00009e71000000010000feffffff0004000008000000010000000400000007000000010000001f0000000000000002000000280200000000010005000000010000000400000020000000020000000400000089660000acd6000001f8ffff0300000001000100130a000004000000ffff0000ff000000960d000004000000ff0f0000ffff0000080000000800000003000000ff7f0000ffff000001000000060000000180000020060000000000000500000006000000ffffffff26000000200000000400000002000000ff0f000002000000ffff0000ffffffff000000000800000003000000010100000500000009000000090000000700000001000100775cffff710b000000000000000000000700000006000000f9ffffff000000007e000000000001000349cd28701e000005000000cd0c000000000080020000000000000005000000020000008000000000000000050000000200000006000000a9a900000600000000020000070000003f00000000000000ffff0000f60600000600000004000000ffffffff2f7d00000100000008000000e9070000c1ffffff0010000006000000030000004b0c0000ffffffff0008000003000000090000000100000002000000ff0700003b000000f7ffffffffff0000cd00000009000000ff0700000010000004000000040000000700000001040000ffffffff0000010008000000020000000104000000000000ffff0a800400000000000000ff0300000d0000000300000003000000060000008d29000000ffffff00f8ffff03000000070000000104000006000000080000000300000001000000010000800400000007000002000000000000000100008000100000ffffffff4b0500000500000000000000000000000f045b32060000000300000000000000000000000800000003000000000000000400000003000000000000800c0000002f6465762f75696e707574000c54dda17ad91f836bc9aa7282727a9be6ad0c74d2c28b18366f16e3095fe5a0bda1b4376d4c1cd886497d71e8a3d33831499388a618b2ba79ca02697128f597cca8f39346eb46aff8e6da3a6c9206526b42c1b43c8f74c600f4253c46896a88f8ebcfb6990ee445b02f551a4bcd40533633939c4f8d3ada5bf8bbbadb913af59e6a3dcc6afffd2d9b6569c664f901fe168e8505717d8d3db35395dc082062dd9f46e23f1fef88c42144632ad9dc4208bac0d96a"], 0x42c}, 0x1, 0x0, 0x0, 0x81}, 0x4000000) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 17:03:07 executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r3 = dup3(r2, 0xffffffffffffffff, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r5 = socket$tipc(0x1e, 0x2, 0x0) poll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x204}, {0xffffffffffffffff, 0x200}, {r0, 0x2008}, {0xffffffffffffffff, 0x20}, {r5, 0xc9}, {r2, 0x143}], 0x6, 0x0) readv(r4, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$int_in(r4, 0x5452, &(0x7f0000000100)) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e24, @empty}, @in6={0xa, 0x4e20, 0x8, @empty, 0x9}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e23, 0x2, @mcast2, 0x1}], 0x58) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000080)={0x80, 0x6, 0x3, 0x7, 0x3, "95639823e499c983d4ef89972b1212f887c345", 0x10000, 0x7f}) ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:07 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 337.575451][T10724] input: syz1 as /devices/virtual/input/input5 17:03:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xc) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x181200, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x13, r1, 0x0) getsockopt$sock_buf(r0, 0x1, 0x0, 0x0, &(0x7f0000000100)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fsopen(&(0x7f0000000080)='ntfs\x00', 0x1) dup2(0xffffffffffffffff, r2) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r4 = open(&(0x7f0000000000)='./bus\x00', 0x7518c2, 0x0) r5 = gettid() ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x2) ptrace$cont(0x18, r5, 0x0, 0x0) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r5, 0x2, 0x0) ptrace$cont(0x7, r5, 0xffffffffffffcac5, 0x9) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r4, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x420204) fsopen(&(0x7f0000000040)='rootfs\x00', 0x0) [ 337.699760][T10734] input: syz1 as /devices/virtual/input/input6 17:03:07 executing program 2: r0 = socket(0x10, 0x3, 0xb1b5) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:07 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) syz_open_procfs$namespace(r1, &(0x7f00000000c0)='ns/mnt\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:07 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000140)=ANY=[@ANYRES16=r2, @ANYRES64], 0x6db6e559) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000000)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)) 17:03:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000390400"/20, @ANYRES32=r6, @ANYBLOB="03000000000000002000128008000100736974001400028008000100", @ANYRES32=r5, @ANYBLOB="08000300e040000108001f174a"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}}]}]}]}, 0x3c}}, 0x0) 17:03:08 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000007c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(r2, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x2c, 0xf, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0xffffffffffffffff}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r1) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2) readv(r4, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:08 executing program 4: r0 = perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000840), 0xb}, 0x800, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r1, &(0x7f0000000940)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000007c92d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d887f4c301701a80a2a88d2fbea06e16a61fd063f026ed73606fad7e35bd536c2442eac30224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0c630e806000400000000000000e69051f6d24317f9ebfeb82ee2469fb371aa8b208d25f196ab7f2dc045421b94d878d0e1c2a5c74633a687a135308e49ce118c81517ac7bb2994cc00ab51144c1ef00f00001f5e73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea88fb413e28e8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae7f000000886871080d1588bb30abcbfecb4e10d4067a02736f08914faa037346190041c88e57569256d0f1ec82518bc8bac2ef0f6e8bfd9ad94599c3230328ddf749696d54f2781bccc42e6ef592a1fc36a0fb792d3a4a0c4f3c930328b63ed42db18137f243d01a67ea9fe8e34b25676f9816cdae263897bbd363474000277471b2443fc7e43ac3f235212e9b337cde732722fb730a72f081fb9703a9797a0d2a97ed71341711886867b0861dfa2025bf66607ec9cc2a58d44b65cc39e209a6343c0b2b74053bbc3b0d7bbf0a48bacc71e80e85e7216ee07883b807c68947e3498eb1bbb0439b4c1bee006a7c940e91a8cb146a08b2a9ddf25af3960ca5477b7a1c193c19d737a4606051391d8d53cb9f014b4d83a547ec140b4b76ad43f17e5de7fa56398ed1aab80d924043bf1bf7d614d00ec1136f61093c9d39949d007bdf41b70828965cb081e5bee37d5c9c24643108f8c118e16ce13f95532f09d583b51f58417e2d61d2b3ba9a7d981c55021309caab1b9dad72e7777589e55f88b0b1b1ec9d562a58713d049db4160f1c6d74d76e48f4d17c60c3b474bc8c6dc942f5ff38a7dfb93c23b1211ea8f3cf0f09bac99602d1f2e0825816a4899000005468f410ebb62585"], 0x1c2) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x1, 0x10, 0xfa00, {0x0}}, 0x18) dup2(0xffffffffffffffff, r0) open(0x0, 0x44200, 0x1e4) r2 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x400, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x850) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000008c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\n\x00\x00', @ANYRES16=r3, @ANYBLOB="000426bd7000fedbdf250d00000008003400cf010000060028000400000000000600", @ANYRES32=0x0, @ANYBLOB="e0f0fdcb69a067053b14d7a44ca9ff6dedc9d15f7745c5298ff283c1edd156d0beaa2059b57c0366b4ef51f4f58652ef0dbdde68cd9d7f6a7ddbcbe278a8c7269503bfe6467dd6c6586d913cda836caa174be4b24508d143721ac2ce061bdf94fef5a7db2f89c65a9f62833a1acd106871bc4932d16942676621459c"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x2400c004) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYBLOB="00042abd7000fddbdf251f00000005009200e00000000c0022800800020080000000fd919200010000000800010004000000"], 0x38}}, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000380)) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000800)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dd5cd5cd49640b0c15ad8122bc8d5aab9fbc860b11a4545a4b1e0152b953b4d1dd1899bcf1b30d4c18759e108b29527b0cce6a1f085ff3827bdae0022216b339f1c6a2b31599c93d5ba3b9a8df3618e18c6a994b6d6e03cda01f573af6c3704906f31fa93128e7da3c2cdbe6b8becf4582374891228fa702f60514b3992d5373036825bb0807b8590317abdf4bb78a41afb500b1d41d192ac89c03cd96194ffa765867d7cea90a0d33d5b97a1e5886bc8a05b90704e1a6085eabc7de5bed014d90f74d0bfc9d54184d99cd1b0194497600", @ANYRES16], 0x1c}, 0x1, 0x0, 0x0, 0x4880}, 0x44090) r4 = open(&(0x7f00007e2ff8)='./file0\x00', 0x0, 0x0) fcntl$setlease(r4, 0x400, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x8000090) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) 17:03:08 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/ipc\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) flistxattr(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)={0x58, r3, 0x1, 0x0, 0x0, {0x33}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c, 0x82, 'source_mac_is_multicast\x00'}, {0x5}}]}, 0x58}}, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001440)={&(0x7f0000001340)=ANY=[@ANYBLOB="f4000000", @ANYRES16=r3, @ANYBLOB="000028bd7000fbdbdf25060000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000300000000000600040000000000080001007063690011000200303030303a30303a31302e300000000008000300010000000600040000000000080001007063690011000200303030303a30303a31302e300000000008000300050000000600040003000000080001007063690011000200303030303a30303a31302e300000000008000300020000000600040003000000080001007063690011000200303030303a30303a31302e300000000008000300010000000600040000000000"], 0xf4}, 0x1, 0x0, 0x0, 0x800}, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) write$FUSE_INIT(r1, &(0x7f0000000000)={0x50, 0x0, 0x8, {0x7, 0x1f, 0x9, 0x40804, 0x0, 0x7, 0x2, 0x5}}, 0x50) getdents64(r0, &(0x7f0000000100)=""/526, 0x20e) [ 338.948035][ C1] sd 0:0:1:0: [sg0] tag#3108 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 338.958779][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB: Test Unit Ready [ 338.965593][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 338.975454][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 338.985404][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 338.995389][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.005338][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.015303][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.025172][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.035027][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.044894][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.054763][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.064723][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.074582][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.084440][ C1] sd 0:0:1:0: [sg0] tag#3108 CDB[c0]: 00 00 00 00 00 00 00 00 17:03:09 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/udplite6\x00') getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$ASHMEM_SET_PROT_MASK(r1, 0x40087705, &(0x7f0000000080)={0x7, 0x5}) [ 339.765150][ C1] sd 0:0:1:0: [sg0] tag#3109 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 339.775892][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB: Test Unit Ready [ 339.782663][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.792531][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.802391][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.812364][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.822245][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.832109][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.841962][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.851831][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17:03:09 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x0}, {}]}) ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f00000001c0)={r2, &(0x7f00000000c0)=""/232}) ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000000200)={r2, &(0x7f0000000400)=""/252}) ioctl$DRM_IOCTL_UNLOCK(r1, 0x4008642b, &(0x7f00000001c0)={r2}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) sendmsg$NFT_MSG_GETSET(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xbc, 0xa, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0xe6}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x9}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x2}, @NFTA_SET_POLICY={0x8}, @NFTA_SET_DESC={0x88, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x7c, 0x2, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x54, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xbc3a}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6e}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x100}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x100000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x101}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xff}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x6}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4004}, 0x4) [ 339.861727][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.871634][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.881540][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.891509][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.901352][ C1] sd 0:0:1:0: [sg0] tag#3109 CDB[c0]: 00 00 00 00 00 00 00 00 17:03:10 executing program 2: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) write(r0, &(0x7f0000000080)="24070000000465983f00e80d00000000ef000d805473c419adb6000000006f0c2343267fca5a8a347d7c5d", 0x2b) 17:03:11 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:11 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000000)=""/156) 17:03:11 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f479002304000a04f51108e3f600020100020800038005000000", 0xfb) socket$inet_icmp(0x2, 0x2, 0x1) r1 = perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000680)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000640)={&(0x7f00000003c0)={0x30, r2, 0x100, 0x70bd2b, 0x25dfdbfd, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}, 0x1, 0x0, 0x0, 0x8010}, 0x4) sendmsg$TIPC_CMD_GET_NETID(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x200, 0x70bd29, 0x25dfdbff, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x804}, 0x4000000) 17:03:11 executing program 4: r0 = perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000840), 0xb}, 0x800, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r1, &(0x7f0000000940)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000007c92d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d887f4c301701a80a2a88d2fbea06e16a61fd063f026ed73606fad7e35bd536c2442eac30224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0c630e806000400000000000000e69051f6d24317f9ebfeb82ee2469fb371aa8b208d25f196ab7f2dc045421b94d878d0e1c2a5c74633a687a135308e49ce118c81517ac7bb2994cc00ab51144c1ef00f00001f5e73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea88fb413e28e8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae7f000000886871080d1588bb30abcbfecb4e10d4067a02736f08914faa037346190041c88e57569256d0f1ec82518bc8bac2ef0f6e8bfd9ad94599c3230328ddf749696d54f2781bccc42e6ef592a1fc36a0fb792d3a4a0c4f3c930328b63ed42db18137f243d01a67ea9fe8e34b25676f9816cdae263897bbd363474000277471b2443fc7e43ac3f235212e9b337cde732722fb730a72f081fb9703a9797a0d2a97ed71341711886867b0861dfa2025bf66607ec9cc2a58d44b65cc39e209a6343c0b2b74053bbc3b0d7bbf0a48bacc71e80e85e7216ee07883b807c68947e3498eb1bbb0439b4c1bee006a7c940e91a8cb146a08b2a9ddf25af3960ca5477b7a1c193c19d737a4606051391d8d53cb9f014b4d83a547ec140b4b76ad43f17e5de7fa56398ed1aab80d924043bf1bf7d614d00ec1136f61093c9d39949d007bdf41b70828965cb081e5bee37d5c9c24643108f8c118e16ce13f95532f09d583b51f58417e2d61d2b3ba9a7d981c55021309caab1b9dad72e7777589e55f88b0b1b1ec9d562a58713d049db4160f1c6d74d76e48f4d17c60c3b474bc8c6dc942f5ff38a7dfb93c23b1211ea8f3cf0f09bac99602d1f2e0825816a4899000005468f410ebb62585"], 0x1c2) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x1, 0x10, 0xfa00, {0x0}}, 0x18) dup2(0xffffffffffffffff, r0) open(0x0, 0x44200, 0x1e4) r2 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x400, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x850) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000008c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\n\x00\x00', @ANYRES16=r3, @ANYBLOB="000426bd7000fedbdf250d00000008003400cf010000060028000400000000000600", @ANYRES32=0x0, @ANYBLOB="e0f0fdcb69a067053b14d7a44ca9ff6dedc9d15f7745c5298ff283c1edd156d0beaa2059b57c0366b4ef51f4f58652ef0dbdde68cd9d7f6a7ddbcbe278a8c7269503bfe6467dd6c6586d913cda836caa174be4b24508d143721ac2ce061bdf94fef5a7db2f89c65a9f62833a1acd106871bc4932d16942676621459c"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x2400c004) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYBLOB="00042abd7000fddbdf251f00000005009200e00000000c0022800800020080000000fd919200010000000800010004000000"], 0x38}}, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000380)) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000800)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dd5cd5cd49640b0c15ad8122bc8d5aab9fbc860b11a4545a4b1e0152b953b4d1dd1899bcf1b30d4c18759e108b29527b0cce6a1f085ff3827bdae0022216b339f1c6a2b31599c93d5ba3b9a8df3618e18c6a994b6d6e03cda01f573af6c3704906f31fa93128e7da3c2cdbe6b8becf4582374891228fa702f60514b3992d5373036825bb0807b8590317abdf4bb78a41afb500b1d41d192ac89c03cd96194ffa765867d7cea90a0d33d5b97a1e5886bc8a05b90704e1a6085eabc7de5bed014d90f74d0bfc9d54184d99cd1b0194497600", @ANYRES16], 0x1c}, 0x1, 0x0, 0x0, 0x4880}, 0x44090) r4 = open(&(0x7f00007e2ff8)='./file0\x00', 0x0, 0x0) fcntl$setlease(r4, 0x400, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x8000090) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) 17:03:11 executing program 3: r0 = semget$private(0x0, 0x8, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080)=[0x200]) semop(r0, &(0x7f0000000100), 0x2d) semtimedop(r0, &(0x7f0000000040), 0x1b9, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x0, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_ADD(r1, 0x4c80, r3) semctl$GETZCNT(r0, 0x0, 0xf, 0x0) [ 341.736006][ C0] sd 0:0:1:0: [sg0] tag#3110 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 341.746779][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB: Test Unit Ready [ 341.753838][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.763850][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.773746][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.783656][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.793498][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.803430][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.813273][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.823134][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.833050][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.842908][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.847123][T10806] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 341.852731][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.852829][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 341.881767][ C0] sd 0:0:1:0: [sg0] tag#3110 CDB[c0]: 00 00 00 00 00 00 00 00 [ 341.936987][T10806] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 341.992088][T10822] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 341.992088][T10822] The task syz-executor.3 (10822) triggered the difference, watch for misbehavior. 17:03:12 executing program 2: r0 = socket(0x28, 0x2, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) write$binfmt_misc(r1, &(0x7f00000000c0)={'syz0', "23e6845d6cd8dfb64b319f44bcfdcb4b5ecadb4876ed08ca36cccc315d4dd310f386a23bfe09ae5dba37c145f116c6369d809f5661a37b61939d3c3dcef59e7a8f03e5014ea58a92a6e95aebce4b42905b5439269f27b6a501afb85598074743143b2300161668e61297b671daa2de6882c570ee201671062001b256c834265ac72641e43775453f5e6706d9274f9916410267fb749920c4434a3bbbc32fd0a3e38836bfe50ceedb31f158e7b26bd2cc1c868631f0fdd259649f6d9e6f7f9c43104c2c0bb435e19d5229fbb6cef49d3a5911246017b397e955a317be6fe957939978feb5010133ebb9ddf2cc95"}, 0xf1) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc080661a, &(0x7f0000000040)={{0x2, 0x0, @reserved="320f70637bec23c32915b2ec50ec8519c8da5aaf3519db54e46880df36cb9485"}}) 17:03:12 executing program 3: r0 = perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000840), 0xb}, 0x800, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r1, &(0x7f0000000940)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000007c92d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d887f4c301701a80a2a88d2fbea06e16a61fd063f026ed73606fad7e35bd536c2442eac30224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0c630e806000400000000000000e69051f6d24317f9ebfeb82ee2469fb371aa8b208d25f196ab7f2dc045421b94d878d0e1c2a5c74633a687a135308e49ce118c81517ac7bb2994cc00ab51144c1ef00f00001f5e73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea88fb413e28e8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae7f000000886871080d1588bb30abcbfecb4e10d4067a02736f08914faa037346190041c88e57569256d0f1ec82518bc8bac2ef0f6e8bfd9ad94599c3230328ddf749696d54f2781bccc42e6ef592a1fc36a0fb792d3a4a0c4f3c930328b63ed42db18137f243d01a67ea9fe8e34b25676f9816cdae263897bbd363474000277471b2443fc7e43ac3f235212e9b337cde732722fb730a72f081fb9703a9797a0d2a97ed71341711886867b0861dfa2025bf66607ec9cc2a58d44b65cc39e209a6343c0b2b74053bbc3b0d7bbf0a48bacc71e80e85e7216ee07883b807c68947e3498eb1bbb0439b4c1bee006a7c940e91a8cb146a08b2a9ddf25af3960ca5477b7a1c193c19d737a4606051391d8d53cb9f014b4d83a547ec140b4b76ad43f17e5de7fa56398ed1aab80d924043bf1bf7d614d00ec1136f61093c9d39949d007bdf41b70828965cb081e5bee37d5c9c24643108f8c118e16ce13f95532f09d583b51f58417e2d61d2b3ba9a7d981c55021309caab1b9dad72e7777589e55f88b0b1b1ec9d562a58713d049db4160f1c6d74d76e48f4d17c60c3b474bc8c6dc942f5ff38a7dfb93c23b1211ea8f3cf0f09bac99602d1f2e0825816a4899000005468f410ebb62585"], 0x1c2) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x1, 0x10, 0xfa00, {0x0}}, 0x18) dup2(0xffffffffffffffff, r0) open(0x0, 0x44200, 0x1e4) r2 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x400, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x850) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000008c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\n\x00\x00', @ANYRES16=r3, @ANYBLOB="000426bd7000fedbdf250d00000008003400cf010000060028000400000000000600", @ANYRES32=0x0, @ANYBLOB="e0f0fdcb69a067053b14d7a44ca9ff6dedc9d15f7745c5298ff283c1edd156d0beaa2059b57c0366b4ef51f4f58652ef0dbdde68cd9d7f6a7ddbcbe278a8c7269503bfe6467dd6c6586d913cda836caa174be4b24508d143721ac2ce061bdf94fef5a7db2f89c65a9f62833a1acd106871bc4932d16942676621459c"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x2400c004) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYBLOB="00042abd7000fddbdf251f00000005009200e00000000c0022800800020080000000fd919200010000000800010004000000"], 0x38}}, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000380)) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000800)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dd5cd5cd49640b0c15ad8122bc8d5aab9fbc860b11a4545a4b1e0152b953b4d1dd1899bcf1b30d4c18759e108b29527b0cce6a1f085ff3827bdae0022216b339f1c6a2b31599c93d5ba3b9a8df3618e18c6a994b6d6e03cda01f573af6c3704906f31fa93128e7da3c2cdbe6b8becf4582374891228fa702f60514b3992d5373036825bb0807b8590317abdf4bb78a41afb500b1d41d192ac89c03cd96194ffa765867d7cea90a0d33d5b97a1e5886bc8a05b90704e1a6085eabc7de5bed014d90f74d0bfc9d54184d99cd1b0194497600", @ANYRES16], 0x1c}, 0x1, 0x0, 0x0, 0x4880}, 0x44090) r4 = open(&(0x7f00007e2ff8)='./file0\x00', 0x0, 0x0) fcntl$setlease(r4, 0x400, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x8000090) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) 17:03:12 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000240)) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r0, 0xc0305616, &(0x7f00000001c0)={0x0, {0x51, 0xfff}}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000180)={'ip_vti0\x00', @broadcast}) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x8, 0x0, {0x25, 0x34, 0x4, 0x11, 0x6, 0x0, 0x2, 0xdc, 0x1}}) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='net/icmp\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/arp\x00') getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) bind$l2tp(r3, &(0x7f0000000040)={0x2, 0x0, @multicast2, 0x3}, 0x10) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r4 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$setperm(0x5, r4, 0x0) add_key(&(0x7f0000000100)='ceph\x00', 0x0, 0x0, 0x0, r4) keyctl$negate(0xd, r4, 0x8, 0xfffffffffffffff8) getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000000e1400042cbd7000ffdbdf25080001000200000008003c0005000000bddbd24078c37e6abc3701dea729c489c769b0b0ded7f96f0d61fbaef169f9b8f12218e7f038f3e4f92a593408ace033441cd77bb39b273565f18eb56bb2fba4bd6bed772088721e7ed444258873cdc9af426749e1e1104f9ecc3077f0125f0048943ca7170da54994eef09661aff983b44a1b408809acb9bdfccd48bedb3e8bad54f89f6ec89b1c3b86190824af905705bef3dab63cd0f595fc3b3b68a0fdda87685abf2a2767bc999948320b0966c350faf1e9d78340ebea56fb38fd02673b3f67d987bfa5a6f15d1aa784bdf5bf9188d4b3078feddd7d2f8ef7318181adc1646456936adec9d9a4c9c2b9672ef4a8c2fd9593b9875b542f5becd081b6ff3d46db33a378e1b9c073b735dc5125027018e48de6c90e0298cd8fc4f459ef3fe8e500d21f62ae705e8f07a52d8fc0a1d36a8242f941c0fc9ad02c3b81bd22dc529ff7acf4617ac0f2bd71e84012156f4ac930611fb71f40112dd1071f9b1b0762bd3d096bb80dac59d27ba2948a0758784f423723ba67bdc9f3b37b5aee48236efe3f2b3c5e52763bffe2b3096e2f0fb21485a97880835a4592d9575900b9ff968c4b771e00bbb8ea5a1872931ce30c80170bdba6862e22b191fda68cc52174082833572651cb704d993dfa8326e6a0a5e703a00c9b218fd1b2a202139bbb0534213cdc87bd7c48e92125590729299b9e4ecfe19700"/542], 0x20}, 0x1, 0x0, 0x0, 0x40001}, 0x80) [ 342.932348][ C0] sd 0:0:1:0: [sg0] tag#3111 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 342.942977][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB: Test Unit Ready [ 342.949709][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 342.959535][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 342.969897][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 342.979778][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 342.989723][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 342.999554][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 343.009392][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 343.019123][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17:03:12 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000040)={r1}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) mincore(&(0x7f000000a000/0x3000)=nil, 0x3000, &(0x7f00000001c0)=""/274) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000180)={r0}) [ 343.028976][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 343.038859][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 343.048730][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 343.058611][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 343.068600][ C0] sd 0:0:1:0: [sg0] tag#3111 CDB[c0]: 00 00 00 00 00 00 00 00 [ 343.085895][T10834] hub 9-0:1.0: USB hub found 17:03:13 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@delsa={0x34, 0x11, 0x9, 0x0, 0x0, {@in6=@private0, 0x4d3, 0x2}, [@mark={0xc}]}, 0x34}, 0x8}, 0x0) [ 343.135211][T10834] hub 9-0:1.0: 8 ports detected 17:03:13 executing program 2: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000080)=r1) ptrace$getregs(0xc, r1, 0x7, &(0x7f00000000c0)=""/206) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r2, 0x8008f511, &(0x7f0000000040)) 17:03:13 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x375) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000040)={0x0, 0x8, 0x100}) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 343.996857][ C0] sd 0:0:1:0: [sg0] tag#3112 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 344.007646][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB: Test Unit Ready [ 344.014394][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.024234][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.034053][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.043877][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.053697][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.063551][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.073419][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.083266][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.093115][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.102953][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.112796][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.122627][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 344.132449][ C0] sd 0:0:1:0: [sg0] tag#3112 CDB[c0]: 00 00 00 00 00 00 00 00 [ 344.169025][T10855] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 344.169025][T10855] program syz-executor.4 not setting count and/or reply_len properly [ 344.221563][T10855] sg_write: process 21 (syz-executor.4) changed security contexts after opening file descriptor, this is not allowed. 17:03:15 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:15 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) r2 = syz_open_procfs(r1, &(0x7f0000000080)='sessionid\x00') getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000000)={0x2, 0x3b50000, 0x7ff, 0x98, 0x10000, 0x7}) 17:03:15 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x375) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000040)={0x0, 0x8, 0x100}) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:15 executing program 2: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) ioctl$TIOCSBRK(r0, 0x5427) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000040)=0x2) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:15 executing program 3: ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000100)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00\x00\x00\x00\x00') perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x800, 0x0, 0x0, 0x0, 0x4000000, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000019940)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999191ca8f7adf1e8bbb53a7b0ee051f6d243b406a14e3b038317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878c5d9c2a5c74633a687a1353b8e49ce118c81517ac7bb299454d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000000000000000001c00000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a3cb7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780700020000bf57fb0000000000001300b287b8fa642798efdf2ba1ab22aa45ffff744b90323550ccba6a307af49f988163b4ce3f8cab9ff45f3a48f431a70bf4b32bf6349a1bc54a3d908fab17cb52774fe204f9c731f03f17ce62db03"], 0x1a3) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x40000, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1) r2 = socket(0xa, 0x5, 0x400) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000440)={0x5c, @remote, 0x4e20, 0x0, 'ovf\x00', 0x0, 0x1f, 0x6a}, 0x2c) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0xa2b02, 0x0) write$P9_RSTATu(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="6b0100007d00000005fc000000000000000000000000000000000000000000000000000000000000000000000000000000001f00046e6f6465767b6576626f7825ffffff81020000000000000000000000000034007002007dfa673effeb09b5351f5bde314000000000187b82d9b500002b595fcb14034354b9fd9ef196a51cd5157adc8105b494e11100b09bf472916500f8f669fb716dcf315ec2f385409ac65b94080339c08c2c3b9e1d52c36cde7ba4a400b4b0b4f134a666a8524826b2b4a88e017a7757b206f8b09a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1c0dbe36f4fd1a4cc280e8d489da649a375a002f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eb9390ea84f934300dba0c2f7f09ff53c7e4d1ad66e13070198319f30118447aa9aa57eb0a07b74", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x16b) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000080)={0x0, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000}) r4 = add_key$keyring(&(0x7f0000000980)='keyring\x00', &(0x7f00000007c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) add_key(0x0, 0x0, &(0x7f0000000a00)='F', 0x1, r4) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)={0x5, 0xb, 0x0, 0x1, 0x0, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x40) syz_open_dev$vcsa(0x0, 0x6, 0x0) sysfs$1(0x1, &(0x7f0000000180)='big_key\x00') ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000380)={0x7f, 0x7fff}) clone(0x4412c500, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000001c0)=@gcm_128={{0x7}, "b8fb319c6fc17e06", "33e3b4b3da4c1ffdb79474f53d8abda6", "0e6bb51a", "8dc32e66b34f4677"}, 0x28) [ 345.733863][ C1] sd 0:0:1:0: [sg0] tag#3114 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 345.744681][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB: Test Unit Ready [ 345.751529][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.761662][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.771637][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.781555][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.791707][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.801584][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.811500][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.821447][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.831613][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.841565][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.851521][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.861346][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 345.871278][ C1] sd 0:0:1:0: [sg0] tag#3114 CDB[c0]: 00 00 00 00 00 00 00 00 17:03:15 executing program 2: r0 = socket(0x2b, 0x3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x10080, 0x124) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt(r1, 0x3b13, 0x4, &(0x7f0000000080)=""/162, &(0x7f0000000140)=0xa2) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 346.005614][T10870] IPVS: ftp: loaded support on port[0] = 21 [ 346.075101][T10877] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 346.075101][T10877] program syz-executor.4 not setting count and/or reply_len properly [ 346.494459][T10875] IPVS: ftp: loaded support on port[0] = 21 [ 346.541286][T10899] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 346.541286][T10899] program syz-executor.4 not setting count and/or reply_len properly 17:03:16 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x375) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000040)={0x0, 0x8, 0x100}) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:16 executing program 2: r0 = socket(0x27, 0x3, 0x8) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 346.654132][ C1] sd 0:0:1:0: [sg0] tag#3115 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 346.664811][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB: Test Unit Ready [ 346.672183][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.682887][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.693310][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.703279][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.713522][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.723846][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.734073][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.744133][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.754346][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.764422][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.774574][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.786717][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.798174][ C1] sd 0:0:1:0: [sg0] tag#3115 CDB[c0]: 00 00 00 00 00 00 00 00 [ 346.806184][ C1] sd 0:0:1:0: [sg0] tag#3117 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 346.818007][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB: Test Unit Ready [ 346.824865][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.835325][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.845383][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.855469][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.865442][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.876249][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.886241][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.896481][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.906459][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.916670][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.926999][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.937227][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.947382][ C1] sd 0:0:1:0: [sg0] tag#3117 CDB[c0]: 00 00 00 00 00 00 00 00 [ 346.955421][ C1] sd 0:0:1:0: [sg0] tag#3118 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 346.967053][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB: Test Unit Ready [ 346.974532][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.985538][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 346.996175][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.006642][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.016792][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.026855][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.036926][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.047191][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.057392][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.067911][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.078335][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.089855][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17:03:16 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r1, 0x200, 0x70bd25, 0x25dfdbff, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x8}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x64010100}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x20010040) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x4c, r1, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @local}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x408d0}, 0x41050) r2 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000240)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000300)={&(0x7f0000000200), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, r2, 0x200, 0x70bd27, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}}, 0x0) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 347.100245][ C1] sd 0:0:1:0: [sg0] tag#3118 CDB[c0]: 00 00 00 00 00 00 00 00 17:03:17 executing program 2: r0 = socket(0x26, 0x3, 0x10001) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) r2 = socket(0xa, 0x1, 0x0) close(r2) sendmmsg$inet_sctp(r2, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x7b, &(0x7f0000000100)={r4}, 0x8) r5 = socket(0xa, 0x1, 0x0) close(r5) sendmmsg$inet_sctp(r5, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) r6 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r5, 0x84, 0x7b, &(0x7f0000000100)={r7}, 0x8) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000040)={r4, 0xfffffffb, 0x7ff, 0x7, 0x80, 0x3f, 0x3, 0x5, {r7, @in={{0x2, 0x4e21, @loopback}}, 0x2, 0x6, 0x9, 0x0, 0x27}}, &(0x7f0000000100)=0xb0) write(r0, &(0x7f0000000000)="2408002c0103800500000ca3f3e1d4b3fdcc2eda0bd512443ba0f901000000000000000000", 0x25) 17:03:17 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:17 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x375) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000040)={0x0, 0x8, 0x100}) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 347.519237][ T7] tipc: TX() has been purged, node left! [ 347.603050][ C1] sd 0:0:1:0: [sg0] tag#3120 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 347.614615][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB: Test Unit Ready [ 347.621694][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.632359][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.643197][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.654072][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.665519][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.676071][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.686389][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.696556][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.708384][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.718605][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.729663][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.739887][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 347.750184][ C1] sd 0:0:1:0: [sg0] tag#3120 CDB[c0]: 00 00 00 00 00 00 00 00 17:03:18 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:18 executing program 3: ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000100)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00\x00\x00\x00\x00') perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x800, 0x0, 0x0, 0x0, 0x4000000, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000019940)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999191ca8f7adf1e8bbb53a7b0ee051f6d243b406a14e3b038317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878c5d9c2a5c74633a687a1353b8e49ce118c81517ac7bb299454d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000000000000000001c00000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a3cb7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780700020000bf57fb0000000000001300b287b8fa642798efdf2ba1ab22aa45ffff744b90323550ccba6a307af49f988163b4ce3f8cab9ff45f3a48f431a70bf4b32bf6349a1bc54a3d908fab17cb52774fe204f9c731f03f17ce62db03"], 0x1a3) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x40000, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1) r2 = socket(0xa, 0x5, 0x400) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000440)={0x5c, @remote, 0x4e20, 0x0, 'ovf\x00', 0x0, 0x1f, 0x6a}, 0x2c) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0xa2b02, 0x0) write$P9_RSTATu(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="6b0100007d00000005fc000000000000000000000000000000000000000000000000000000000000000000000000000000001f00046e6f6465767b6576626f7825ffffff81020000000000000000000000000034007002007dfa673effeb09b5351f5bde314000000000187b82d9b500002b595fcb14034354b9fd9ef196a51cd5157adc8105b494e11100b09bf472916500f8f669fb716dcf315ec2f385409ac65b94080339c08c2c3b9e1d52c36cde7ba4a400b4b0b4f134a666a8524826b2b4a88e017a7757b206f8b09a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1c0dbe36f4fd1a4cc280e8d489da649a375a002f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eb9390ea84f934300dba0c2f7f09ff53c7e4d1ad66e13070198319f30118447aa9aa57eb0a07b74", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x16b) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000080)={0x0, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000}) r4 = add_key$keyring(&(0x7f0000000980)='keyring\x00', &(0x7f00000007c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) add_key(0x0, 0x0, &(0x7f0000000a00)='F', 0x1, r4) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)={0x5, 0xb, 0x0, 0x1, 0x0, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x40) syz_open_dev$vcsa(0x0, 0x6, 0x0) sysfs$1(0x1, &(0x7f0000000180)='big_key\x00') ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000380)={0x7f, 0x7fff}) clone(0x4412c500, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000001c0)=@gcm_128={{0x7}, "b8fb319c6fc17e06", "33e3b4b3da4c1ffdb79474f53d8abda6", "0e6bb51a", "8dc32e66b34f4677"}, 0x28) 17:03:18 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:18 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x375) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:18 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000080)=0x7ff, 0x4) r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$sock_inet_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000040)) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 348.500115][ C0] sd 0:0:1:0: [sg0] tag#3121 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 348.511807][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB: Test Unit Ready [ 348.519321][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.529716][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.541241][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.551891][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.561782][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.572136][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.582216][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.592793][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.603250][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.615581][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.626121][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.637418][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.647941][ C0] sd 0:0:1:0: [sg0] tag#3121 CDB[c0]: 00 00 00 00 00 00 00 00 [ 348.659063][T10954] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 348.659063][T10954] program syz-executor.4 not setting count and/or reply_len properly 17:03:18 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x375) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 348.784609][ C1] sd 0:0:1:0: [sg0] tag#3123 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 348.796917][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB: Test Unit Ready [ 348.803997][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.815377][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.822733][T10965] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 348.822733][T10965] program syz-executor.4 not setting count and/or reply_len properly [ 348.825930][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.853850][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.863922][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.874480][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.883932][ C0] sd 0:0:1:0: [sg0] tag#3124 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 348.885040][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.896174][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB: Test Unit Ready [ 348.906723][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.913868][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.924523][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.936019][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.936143][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.947030][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.957736][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.967838][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.978793][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 348.989078][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 349.001579][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17:03:18 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x900, 0x40) fcntl$getownex(r1, 0x10, &(0x7f0000000040)) [ 349.011686][ C1] sd 0:0:1:0: [sg0] tag#3123 CDB[c0]: 00 00 00 00 00 00 00 00 [ 349.021632][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 349.051288][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 349.061421][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 349.071679][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 349.081878][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 349.093080][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 349.103683][ C0] sd 0:0:1:0: [sg0] tag#3124 CDB[c0]: 00 00 00 00 00 00 00 00 17:03:19 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) socket$inet_udplite(0x2, 0x2, 0x88) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:19 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x375) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 349.180145][T10963] IPVS: ftp: loaded support on port[0] = 21 [ 349.491649][T10974] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 349.491649][T10974] program syz-executor.4 not setting count and/or reply_len properly 17:03:19 executing program 2: r0 = socket(0x21, 0x3, 0xffbffffd) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0xa, &(0x7f0000000040), &(0x7f0000000080)=0x4) 17:03:19 executing program 3: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x375) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 349.969417][T11005] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 349.969417][T11005] program syz-executor.3 not setting count and/or reply_len properly [ 350.125488][ C0] sd 0:0:1:0: [sg0] tag#3126 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 350.137480][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB: Test Unit Ready [ 350.144245][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.154826][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.164915][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.174934][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.186410][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.197023][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.207387][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17:03:19 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 350.218246][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.228299][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.238692][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.249022][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.257139][ C1] sd 0:0:1:0: [sg0] tag#3128 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 350.259901][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.270978][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB: Test Unit Ready [ 350.281330][ C0] sd 0:0:1:0: [sg0] tag#3126 CDB[c0]: 00 00 00 00 00 00 00 00 [ 350.288246][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.308045][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.318971][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.329217][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.339341][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.349866][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.360795][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.371625][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.382135][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.392665][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.403387][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.414101][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 350.425372][ C1] sd 0:0:1:0: [sg0] tag#3128 CDB[c0]: 00 00 00 00 00 00 00 00 [ 350.624693][T11016] IPVS: ftp: loaded support on port[0] = 21 [ 351.039232][T11016] chnl_net:caif_netlink_parms(): no params data found 17:03:21 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) getpid() r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:21 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) socket$inet_udplite(0x2, 0x2, 0x88) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:21 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) fstat(r1, &(0x7f0000000180)) getsockopt$bt_hci(r0, 0x0, 0x1, &(0x7f0000000040)=""/201, &(0x7f0000000140)=0xc9) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:21 executing program 3: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x375) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:21 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) write$P9_RMKNOD(r1, &(0x7f0000000080)={0x14, 0x13, 0x1, {0x20, 0x0, 0x8}}, 0x14) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x400, 0x800) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r2, 0x6612) [ 351.252951][ C0] sd 0:0:1:0: [sg0] tag#3130 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 351.264895][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB: Test Unit Ready [ 351.272758][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.282878][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.293534][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.304306][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.314277][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.324784][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.335096][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.337043][ C1] sd 0:0:1:0: [sg0] tag#3131 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 351.346005][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.346175][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.357489][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB: Test Unit Ready [ 351.367205][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.377701][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.384779][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.394954][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.405469][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.416727][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.426773][ C0] sd 0:0:1:0: [sg0] tag#3130 CDB[c0]: 00 00 00 00 00 00 00 00 [ 351.437175][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.466139][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.470470][T11129] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 351.470470][T11129] program syz-executor.3 not setting count and/or reply_len properly [ 351.476404][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.504953][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.515368][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.526093][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.536478][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.547136][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.557559][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.567404][ C1] sd 0:0:1:0: [sg0] tag#3131 CDB[c0]: 00 00 00 00 00 00 00 00 [ 351.587570][T11136] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 351.587570][T11136] program syz-executor.4 not setting count and/or reply_len properly 17:03:21 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0xfea1, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "d64d4d", 0x38, 0x3a, 0x0, @remote, @mcast2, {[], @dest_unreach={0x2, 0x0, 0x0, 0x0, [], {0x0, 0x6, '$\x00@', 0x0, 0x3a, 0x0, @loopback, @mcast2, [], "39a4ef13f5cff0be"}}}}}}}, 0x0) 17:03:21 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) getpid() r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 352.007177][T11016] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.015007][T11016] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.025057][T11016] device bridge_slave_0 entered promiscuous mode [ 352.206512][T11016] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.214346][T11016] bridge0: port 2(bridge_slave_1) entered disabled state [ 352.224262][T11016] device bridge_slave_1 entered promiscuous mode [ 352.376789][T11176] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 352.376789][T11176] program syz-executor.4 not setting count and/or reply_len properly [ 352.556271][T11016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 352.620888][T11016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 352.743128][T11016] team0: Port device team_slave_0 added [ 352.766701][T11016] team0: Port device team_slave_1 added 17:03:21 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 352.879431][ C1] sd 0:0:1:0: [sg0] tag#3134 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 352.890130][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB: Test Unit Ready [ 352.896760][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 352.906694][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 352.916636][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 352.927172][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 352.937159][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 352.947079][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 352.957014][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 352.966916][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 352.976840][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 352.984607][T11016] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 352.986723][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 352.994961][T11016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.003290][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 353.029150][T11016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 353.049577][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 353.059509][ C1] sd 0:0:1:0: [sg0] tag#3134 CDB[c0]: 00 00 00 00 00 00 00 00 [ 353.161484][T11016] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 353.168551][T11016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.195425][T11016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 353.309683][T11016] device hsr_slave_0 entered promiscuous mode [ 353.340103][T11016] device hsr_slave_1 entered promiscuous mode [ 353.369331][T11016] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 353.376971][T11016] Cannot create hsr debugfs directory [ 353.814296][T11016] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 353.895683][T11016] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 353.970722][T11016] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 354.032148][T11016] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 354.165380][ T7] tipc: TX() has been purged, node left! [ 354.218248][T11016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.221670][ T7] tipc: TX() has been purged, node left! [ 354.243150][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 354.251543][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 354.267843][T11016] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.286498][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 354.296082][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 354.305709][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.313139][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.371561][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 354.380786][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 354.390813][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 354.400268][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.407465][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 354.416524][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 354.427588][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 354.438660][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 354.449119][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 354.458455][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 354.469042][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 354.502508][T11217] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 354.511410][T11217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 354.521769][T11217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 354.541633][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 354.552199][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 354.582814][T11016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 354.617727][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 354.627080][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 354.659997][T11016] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 354.691347][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 354.701917][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 354.757351][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 354.767400][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 354.785668][T11016] device veth0_vlan entered promiscuous mode [ 354.816311][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 354.826420][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 354.841732][T11016] device veth1_vlan entered promiscuous mode [ 354.876127][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 354.886216][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 354.945065][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 354.954639][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 354.975778][T11016] device veth0_macvtap entered promiscuous mode [ 355.012903][T11016] device veth1_macvtap entered promiscuous mode [ 355.061280][T11016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 355.072030][T11016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.082196][T11016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 355.092865][T11016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.102895][T11016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 355.113541][T11016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.123730][T11016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 355.135010][T11016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.145169][T11016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 355.155795][T11016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.170918][T11016] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 355.182205][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 355.192898][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 355.202701][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 355.213247][T10694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 355.312106][T11016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 355.322856][T11016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.333238][T11016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 355.343884][T11016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.353970][T11016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 355.364692][T11016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.374827][T11016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 355.386089][T11016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.396321][T11016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 355.407104][T11016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.421751][T11016] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 355.501850][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 355.511676][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 355.847162][ C0] sd 0:0:1:0: [sg0] tag#3074 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 355.857831][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB: Test Unit Ready [ 355.864751][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.874698][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.884579][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.894560][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.904563][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.914435][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.924319][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.934191][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.944289][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.954134][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.964015][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.973880][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 355.983751][ C0] sd 0:0:1:0: [sg0] tag#3074 CDB[c0]: 00 00 00 00 00 00 00 00 17:03:25 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609ab4000000000000000000000000000000000f390d71cc6092c0149f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea4342b11a5dbb27622cd9f9d843a8d25f196ab6f2d0600421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000005f01eb85910285f6dd69048821b68b5f2e9cecb34ad4e52727007a6e3cdf09176a27bd639383c88c968f5bbfabb5524173a1b50ccbeb399445d326a342e0ee9aefaaa2b9347cfe8ff978645ce60736905bdb519f34dd715fbaa05fc19e7cf58d48adb59e831514bdc5f1bf5b54c2da13e8370c347b9c9e8540cfe4db1978a00a722f56413cfffa6257383a64fbf1dc2192e16babba37a8d124ca0d62574a747d68a512609663ffd6a88a1d5597b6b332cc3544825286e79944d7d44e5e32048ebe60a2854ecffeb45411278d146212127b6b69699d67ae2d082e66796509950154f7ae88b38052e4e4bc2765917da160180f329f01433c9003d74f7ae3d8e83a32cd"], 0x17d) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x375) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:25 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000040)=0x2) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:25 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x8401, 0x0) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000080)='syz1\x00') 17:03:25 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup3(r2, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r6 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r6, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}}) write$tun(r1, &(0x7f0000000180)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "ebffad", 0x8, 0x2c, 0x0, @local, @mcast2, {[@routing={0x0, 0x0, 0x2}]}}}}}}, 0x42) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xba71bc3c) splice(r0, 0x0, r5, 0x0, 0x18100, 0x0) 17:03:25 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:25 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) getpid() r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 356.239408][T11276] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 356.239408][T11276] program syz-executor.4 not setting count and/or reply_len properly [ 356.501923][T11289] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 356.501923][T11289] program syz-executor.5 not setting count and/or reply_len properly 17:03:26 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RSTAT(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:26 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/uts\x00') r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@qipcrtr, &(0x7f0000000080)=0x80) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000100)={@multicast2, @empty}, 0x8) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x400000, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) 17:03:26 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0xff, 0x4) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:26 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 356.731314][ C0] sd 0:0:1:0: [sg0] tag#3076 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 356.741968][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB: Test Unit Ready [ 356.748718][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.758631][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.768581][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.778348][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.788261][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.798180][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.808064][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.817940][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.827867][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.837794][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.847708][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.857628][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 356.867655][ C0] sd 0:0:1:0: [sg0] tag#3076 CDB[c0]: 00 00 00 00 00 00 00 00 17:03:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x5000aea5, &(0x7f0000000280)) 17:03:26 executing program 3: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad6142134b62f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da", 0xef}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x3, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x2000}}}, 0x78) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 17:03:27 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RSTAT(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae90, &(0x7f0000000280)={0x1, 0x0, [{0x7, 0x0, 0x4b}]}) 17:03:27 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=@delqdisc={0xb8, 0x25, 0x300, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x3, 0xd}, {0x1, 0x5}, {0x4, 0x5}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0xff}, @TCA_EGRESS_BLOCK={0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x3}, @qdisc_kind_options=@q_choke={{0xa, 0x1, 'choke\x00'}, {0x18, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x200, 0x8, 0x2, 0x11, 0x1, 0x0, 0x1}}]}}, @qdisc_kind_options=@q_prio={{0x9, 0x1, 'prio\x00'}, {0x18, 0x2, {0x80000000, "33275fee015064b1497fb631385696db"}}}, @TCA_STAB={0x34, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x2, 0xffff, 0x6, 0x1, 0xe2, 0x1, 0x7}}, {0x12, 0x2, [0x6, 0x7, 0x2, 0x3, 0x5, 0x133, 0x3]}}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 357.183679][T11310] ptrace attach of "/root/syz-executor.3"[11309] was attempted by "/root/syz-executor.3"[11310] 17:03:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_SET_OP_GET_BYINDEX(r0, 0x1, 0x53, &(0x7f0000000000)={0x7, 0x7, 0xffffffffffffffff}, &(0x7f0000000040)=0x28) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:27 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RSTAT(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:27 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x38, 0x0, 0x1, 0x409, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x38}}, 0x0) [ 357.516302][T11335] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:03:27 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 357.702633][T11339] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:03:27 executing program 5: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000003a0037f127bd7000fbdbdf250a000000c1302e88ff844c15b8f59eb3"], 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x40010) setsockopt$sock_int(r0, 0x1, 0x12, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000080)='$', 0x300000) 17:03:27 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x38, 0x0, 0x1, 0x409, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x38}}, 0x0) [ 357.924798][T11350] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 357.924798][T11350] program syz-executor.4 not setting count and/or reply_len properly 17:03:28 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:28 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xdf6, 0x22400) r2 = socket(0xa, 0x1, 0x0) close(r2) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) readv(r3, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000080)={{0xfffffffffffffffd, 0x3, 0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2) readv(r4, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) dup2(r3, r4) sendmmsg$inet_sctp(r2, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x7b, &(0x7f0000000100)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000040)={r6, 0xff, 0x2, [0x1, 0xf801]}, 0xc) 17:03:28 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = socket(0xa, 0x1, 0x0) close(r2) sendmmsg$inet_sctp(r2, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x7b, &(0x7f0000000100)={r4}, 0x8) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000040)={r4, @in6={{0xa, 0x4e20, 0xffff09b1, @dev={0xfe, 0x80, [], 0x30}, 0xfff}}}, 0x84) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:28 executing program 3: 17:03:28 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:28 executing program 5: 17:03:28 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000040)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 359.002793][T11377] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 359.002793][T11377] program syz-executor.4 not setting count and/or reply_len properly 17:03:29 executing program 3: 17:03:29 executing program 5: 17:03:29 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:29 executing program 2: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x6) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}}, 0x0) sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)={0x160, r2, 0x200, 0x70bd25, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xff}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x64, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private0}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x10}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x32}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x8}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}]}, @IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x5a}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x20}}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6cb7}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private2={0xfc, 0x2, [], 0x1}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010102}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x89}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}]}]}, 0x160}}, 0x800) socket(0x10, 0x3, 0x0) 17:03:29 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) write$9p(r0, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) [ 359.446125][T11395] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 359.446125][T11395] program syz-executor.4 not setting count and/or reply_len properly 17:03:29 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:29 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfe}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xffffff0b) ioctl$TCSETA(r0, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000000000000000000010000000001000"}) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}}, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, 0x0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) 17:03:29 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000cab000)=0xc) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:29 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000180)="2400000058001f0003f7cb11235e21fe0f4000000000000000000a04f51108000100024a0002080403800500000001bc069b270aa2bd07209e1f4114200a104e08ca565916cc986e24a055d3c655c786dfab812590d6f6d38bfe1a1bb8587928cd2d67e471daa70100000096b4249eaec39d40757eb42ed1afd730951001dc7af3303f653bbd2deb990218f05d8fbff48969cd202338a12dd520fe815fa2b30019e52e91d2d3be8a19a82c61c5744823efaff3fc50492797819d7fec4b11177785e2fb12b6afe1bbba30ab9bcde4f3d37deb330626bcb944598a16caa652b4073f18ae4141ff", 0xe6) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) sendmsg$AUDIT_SET_FEATURE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x3fa, 0x20, 0x70bd2c, 0x25dfdbfc, {0x1, 0x1, 0x1, 0x1}}, 0x20}, 0x1, 0x0, 0x0, 0xc850}, 0x4040080) waitid(0x0, r1, &(0x7f0000000400), 0x8, &(0x7f0000000480)) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)={0x58, r3, 0x1, 0x0, 0x0, {0x33}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c, 0x82, 'source_mac_is_multicast\x00'}, {0x5}}]}, 0x58}}, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000009c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000980)={&(0x7f00000006c0)={0x284, r3, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x4}, {0x8, 0x15, 0x7ff8000}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x7}, {0x8, 0x15, 0x8000}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0xff}, {0x8, 0x15, 0x4a0}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x1}, {0x8, 0x15, 0x3}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x6}, {0x8, 0x15, 0x3}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x3f}, {0x6, 0x11, 0x5}, {0x8, 0x15, 0x6}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x6}, {0x8, 0x15, 0x9}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0x3}, {0x8, 0x15, 0x8001}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x10001}, {0x6, 0x11, 0x1}, {0x8}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x8}, {0x8, 0x15, 0x5e011467}}]}, 0x284}, 0x1, 0x0, 0x0, 0x1}, 0x0) ptrace$peeksig(0x4209, r1, &(0x7f0000000000)={0x8, 0x0, 0x3}, &(0x7f0000000280)=[{}, {}, {}]) r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/mice\x00', 0x20000) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000640)={0x1, 'vlan1\x00', 0x1}, 0x18) sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x2c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x1e}}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x40000c0) 17:03:29 executing program 5: 17:03:29 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 360.119560][T11418] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 360.276205][T11420] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 360.276205][T11420] program syz-executor.4 not setting count and/or reply_len properly 17:03:30 executing program 5: 17:03:30 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000000)='ns/ipc\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:30 executing program 2: r0 = socket(0x22, 0x1, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:30 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000cab000)=0xc) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:30 executing program 5: 17:03:30 executing program 3: [ 360.812762][T11440] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 360.812762][T11440] program syz-executor.4 not setting count and/or reply_len properly 17:03:31 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1a022}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:31 executing program 5: 17:03:31 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = socket$netlink(0x10, 0x3, 0x6) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x0, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}}, 0x0) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="d000000024b92632c556159397b8820dcd748b6f4b8d081e3860db9fa60c0f29c010df55444600fe", @ANYRES16=r2, @ANYBLOB="000227bd7000fddbdf2501000000400003800800030002000000060007004e2300000600040000080000080003000100000008000500e000000214000600ff0100000000000000000000000000013000028014000100fe80000000000000000000000000001d06000e004e200000080003000200000008000600ff01000014000380060007004e2000000500080000000000240001800c0007000200000002000000140003007f0000010000000000000000000000001400038008000300040000000800010000000000"], 0xd0}, 0x1, 0x0, 0x0, 0xc084}, 0x94) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:31 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000000)=[{{0x2, 0x1, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}}, {{0x2, 0x0, 0x1, 0x1}, {0x4, 0x0, 0x0, 0x1}}, {{0x3, 0x1, 0x0, 0x1}, {0x1, 0x1, 0x1, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x2, 0x0, 0x1, 0x1}}, {{0x800, 0x0, 0x1}, {0x3, 0x1, 0x1}}, {{0x0, 0x0, 0x1, 0x1}, {0x2, 0x1, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x1, 0x0, 0x1}}, {{0x0, 0x1, 0x0, 0x1}, {0x4, 0x1}}], 0x40) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:31 executing program 3: 17:03:31 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000cab000)=0xc) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 361.385739][T11456] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 361.385739][T11456] program syz-executor.4 not setting count and/or reply_len properly 17:03:31 executing program 5: 17:03:31 executing program 3: 17:03:31 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) unshare(0x8060100) syz_open_procfs$namespace(r0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00') sendmsg$ETHTOOL_MSG_LINKINFO_SET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x1c, r3, 0x7, 0x0, 0x0, {0x5}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5}]}, 0x1c}, 0x1, 0xa00}, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x54, r3, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_TX_USECS_LOW={0x8, 0x10, 0x8001}, @ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8, 0x13, 0xc5}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5}, @ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0x5}, @ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}, @ETHTOOL_A_COALESCE_TX_USECS_HIGH={0x8, 0x15, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0xa091) 17:03:31 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:31 executing program 2: r0 = socket(0x10, 0x5, 0x7fffffff) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00') r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r4 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000000100), 0x4) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r5 = dup(r3) sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x101}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYRES16=r5, @ANYRES16, @ANYBLOB="ce0975c5d06681905be28016092c6cedc1f62b04762ae6b79a19fda98922a83fbaa965805d4809e1409ba1220a7d127f9b53ac3eb61410ab9b7cd14120ecc154bb9e54"], 0x54}, 0x1, 0x0, 0x0, 0x20000080}, 0x44000) 17:03:31 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/ipc\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) [ 361.956788][T11477] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 361.956788][T11477] program syz-executor.4 not setting count and/or reply_len properly 17:03:32 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:32 executing program 5: 17:03:32 executing program 3: 17:03:32 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) syz_open_procfs$namespace(r1, &(0x7f00000000c0)='ns/mnt\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:32 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:32 executing program 5: [ 362.624152][T11494] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 362.624152][T11494] program syz-executor.4 not setting count and/or reply_len properly 17:03:32 executing program 3: 17:03:32 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x1b8, 0x14, 0x200, 0x70bd2c, 0x25dfdbfd, {0x26, 0x9}, [@INET_DIAG_REQ_BYTECODE={0xd1, 0x1, "93761f51f157d59737dc5d3974c9c2ba95d7d1f57bc64dcd34c08337dcebf8114d585c02beb7b2db4649dcf08b03460bdf4326fdea08a2ff7fc27c2cd081379ffe608588d0d7c599d8c610622922820f744ec69cc5cd9cd6186bcfdcfc1d8d607b7dc8f27041e9badc98def3f2bb028924c1976b984f00b608748f4cac8d1bc5ff837870ac5499b7886337ac4182c53e876cfb04dcc930cd7ddbbc02a5ce73bb8fce45df32e240ce32fabf01575677170454a9bcb0ef9a9d2e8271b3bc912b67f522cc0709638207256a9fbf78"}, @INET_DIAG_REQ_BYTECODE={0x5b, 0x1, "0e2745ca3ae8351ac7dcfbe89f093cf6667c0028d925125a4e09913e7d58cbf3edcd182adea63adc5be1c1bfb0911ab22d3e4c77984f0435624052a016f7d306995d5ca6b0b57a698c598c4317140da9175df222cb7f83"}, @INET_DIAG_REQ_BYTECODE={0x3b, 0x1, "80a7aab8d5baad1de5d8baea1bc98e16d7b3d6f4eef53c0cecd8367930ca15d9cdcd55b3d4db2079fd6d82c65271677279ae1726fef5ce"}, @INET_DIAG_REQ_BYTECODE={0x35, 0x1, "a1dd9abe23d4cf75cffdcb1af20dafd562e4e8b5d6fd6aa7df457d8e65fc2a95ab0656c63b9510b6e5382da465a582acd4"}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x2004c800}, 0x880) 17:03:32 executing program 5: 17:03:32 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:32 executing program 2: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x10) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7) r1 = socket(0x10, 0x804, 0xfffffffe) write(r1, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:33 executing program 3: [ 363.197311][T11516] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 363.197311][T11516] program syz-executor.4 not setting count and/or reply_len properly 17:03:33 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:33 executing program 5: 17:03:33 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000340)=""/533, 0x215) 17:03:33 executing program 3: 17:03:33 executing program 2: write(0xffffffffffffffff, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000040), &(0x7f0000000080)=@udp=r1, 0x1}, 0x20) 17:03:33 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, 0x0, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 363.760366][T11537] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 363.760366][T11537] program syz-executor.4 not setting count and/or reply_len properly 17:03:33 executing program 5: 17:03:33 executing program 3: 17:03:33 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040), &(0x7f0000000080)=0x4) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:33 executing program 0: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x300, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000000)=0x200, 0x4) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r2, 0xfffffffffffffffd, 0x7, 0x8}) r4 = socket$netlink(0x10, 0x3, 0x6) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}}, 0x0) sendmsg$IPVS_CMD_FLUSH(r3, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="299ab3d04d8acc37a0dfc08259115b0aa4544d39a1c901a15f1971e0de8586e24363e3d5c0252696c206bdcf25b0ffff42514ea02979d88838db4e8e44efca3b931428", @ANYRES16=r5, @ANYBLOB="04002cbd7000fedbdf25110000003c00028008000600b85b0000080006000987000006000e004e230000060002004e2200000800040001000000080006000200000008000700ffff00001c000180060001000200000006000200320000000600020043e2000008000500f7ffffff5c00038008000500e0000001060007004e2200000800050000000000140002007665746831000000000000000000000008000500ac1e0101050008007400000014000600ff0200000000000000000000000000010800030001000000500001800c0007000200000002000000060001000200000007000600736800000c000700010000003100000014000300ffffffff000000000000000000000000060004004e240000080005000000000008000400090000004000028006000f000600000008000400ff070000060002004e23000014000100e000000100000000000000000000000006000e004e21000006000f0001040000300001800800080002000000140003000a0101020000000000000000000000000800080002000000060002003c000000"], 0x198}, 0x1, 0x0, 0x0, 0x4000000}, 0xc0c0) 17:03:33 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, 0x0, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:34 executing program 5: [ 364.299589][T11555] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 364.299589][T11555] program syz-executor.4 not setting count and/or reply_len properly 17:03:34 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) readv(r2, &(0x7f0000001440)=[{&(0x7f0000000240)=""/250, 0xfa}, {&(0x7f00000001c0)=""/18, 0x12}, {&(0x7f0000000340)=""/7, 0x7}, {&(0x7f00000014c0)=""/30, 0x1e}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/77, 0x4d}], 0x6) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000040)="125d48e419fff367fc7830717b5eb9df334752400720ab368b8ec7d2522c855502a3a77dc0fbce91bb8d2973e1cf09bc5993eb68385d31b1a5f2b2e2d61828962cdfe91a37a79c44ce79b3be008801bb1f2c94cc7030f9320c2dc372cbfcc7961c26bafbc5b0de8c14f5502b8e1a8371d91f4b225a631e0de2b4206ab7fecb5b3e4fac5f285e65d7506b2c2aaba837b235e3b1326d01285dd1b13455ad985dd0ca7fafbd4edb747ac7db6128feceae9245fc50c0c48a4bf542034c65200db970", 0xc0, r1}, 0x68) 17:03:34 executing program 3: 17:03:34 executing program 5: 17:03:34 executing program 0: ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)}) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:34 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, 0x0, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:34 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 364.748339][T11569] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 364.748339][T11569] program syz-executor.4 not setting count and/or reply_len properly 17:03:34 executing program 3: 17:03:34 executing program 5: 17:03:34 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) socket(0x10, 0x2, 0x0) r1 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r1, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:34 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000040)='cmdline\x00') getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:35 executing program 3: 17:03:35 executing program 5: [ 365.130776][T11586] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 365.130776][T11586] program syz-executor.4 not setting count and/or reply_len properly 17:03:35 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = socket(0xa, 0x1, 0x0) close(r1) sendmmsg$inet_sctp(r1, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x7b, &(0x7f0000000100)={r3}, 0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000040)={r3, 0x84}, &(0x7f0000000080)=0x8) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:35 executing program 3: 17:03:35 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') personality(0x4000000) r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:35 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) socket(0x10, 0x2, 0x0) r1 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r1, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:35 executing program 5: 17:03:35 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:35 executing program 5: [ 365.815532][T11607] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 365.815532][T11607] program syz-executor.4 not setting count and/or reply_len properly 17:03:35 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) openat$mice(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x200000) 17:03:36 executing program 3: 17:03:36 executing program 5: 17:03:36 executing program 2: r0 = socket(0x9, 0xa, 0x1) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:36 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) socket(0x10, 0x2, 0x0) r1 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r1, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:36 executing program 5: 17:03:36 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(r1, 0x4008550d, &(0x7f0000000000)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:36 executing program 3: [ 366.461927][T11628] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 366.461927][T11628] program syz-executor.4 not setting count and/or reply_len properly 17:03:36 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0)='mptcp_pm\x00') sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x70, r2, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x3c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xfa}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000001}, 0x4) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f00000002c0)=""/537, 0x219) r4 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r4, 0x0) ioctl$TUNSETFILTEREBPF(r3, 0x800454e1, &(0x7f0000000040)=r4) 17:03:36 executing program 5: 17:03:36 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:36 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, r1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:36 executing program 3: 17:03:36 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x4, 0x1, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 17:03:36 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000040)={0x6, 'gretap0\x00', {0xc892}, 0x5}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:36 executing program 5: [ 367.211010][T11658] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 367.211010][T11658] program syz-executor.4 not setting count and/or reply_len properly 17:03:37 executing program 3: 17:03:37 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x50000, 0x4) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r3, 0xc1004110, &(0x7f0000000500)={0x0, [0x4, 0xff, 0x4], [{0x9, 0x9, 0x1, 0x1}, {0x2, 0xff, 0x1}, {0x5, 0x8000, 0x0, 0x1}, {0x2e, 0xfff, 0x0, 0x1, 0x0, 0x1}, {0x101, 0x101, 0x1, 0x0, 0x1}, {0x3, 0x2, 0x1, 0x0, 0x0, 0x1}, {0x1, 0x8eca, 0x0, 0x0, 0x1, 0x1}, {0x7fff, 0x2, 0x0, 0x1, 0x1, 0x1}, {0x5, 0x25e, 0x1, 0x0, 0x1, 0x1}, {0x20, 0x101, 0x1, 0x0, 0x0, 0x1}, {0x0, 0x8, 0x1, 0x1, 0x1}, {0x5, 0x0, 0x1, 0x1, 0x1}], 0xfa000000}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc}]}}}]}, 0x40}}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc5, 0xc5, 0x5, [@int={0x4, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x12, 0x4}, @struct={0x2, 0x6, 0x0, 0x4, 0x0, 0x2, [{0x7, 0x2, 0x7}, {0xd, 0x0, 0x6}, {0x6, 0x3, 0x9cab}, {0x0, 0x3, 0x7}, {0x9, 0x0, 0x1f0}, {0xf, 0x0, 0x6}]}, @datasec={0xe, 0x7, 0x0, 0xf, 0x1, [{0x5, 0x1, 0x80000000}, {0x4, 0xf45, 0xffff}, {0x2, 0x81}, {0x5, 0x5, 0x29a}, {0x2, 0x8001, 0x50}, {0x2, 0x3, 0xfa}, {0x2, 0x101, 0x3}], 'U'}]}, {0x0, [0x30, 0x5f, 0x61]}}, &(0x7f0000000100)=""/74, 0xe5, 0x4a, 0x1}, 0x20) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r6 = open(&(0x7f0000000200)='./file0\x00', 0x80001, 0x140) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280)='devlink\x00') sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r6, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xb0, r7, 0x20, 0x70bd2c, 0x25dfdbff, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x100}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x80}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffffe676}}]}, 0xb0}, 0x1, 0x0, 0x0, 0x20040000}, 0x1) 17:03:37 executing program 5: 17:03:37 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x300000d, 0x30, r1, 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000080)={r3}) sendmsg$IPVS_CMD_GET_SERVICE(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x84, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfff}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x77}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1ff}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x10001}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x81}, 0x88c0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f0000000040)=0x4, 0x4) 17:03:37 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, r1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:37 executing program 3: [ 367.792836][T11676] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 367.792836][T11676] program syz-executor.4 not setting count and/or reply_len properly 17:03:37 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:37 executing program 5: 17:03:37 executing program 2: r0 = socket(0x4, 0x5, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0xff) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x200, 0x0) recvmmsg(r2, &(0x7f0000001580)=[{{&(0x7f0000000080)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000001440)=[{&(0x7f0000000100)=""/38, 0x26}, {&(0x7f0000000140)=""/207, 0xcf}, {&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)=""/94, 0x5e}, {&(0x7f00000012c0)=""/103, 0x67}, {&(0x7f0000001340)=""/242, 0xf2}], 0x6, &(0x7f00000014c0)=""/139, 0x8b}, 0x7}], 0x1, 0x40002100, &(0x7f00000015c0)={0x0, 0x989680}) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001680)=ANY=[], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001780)=ANY=[@ANYBLOB='@\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=0x0, @ANYBLOB="00000000000000000e000000080001006270660014000200080009000000000008000600", @ANYRES32, @ANYBLOB="9654b581ff49721d98916c8947af6306a8753eb39d66222d34ba646ac2d0ca025cd2934a3ade0409e6c1aa"], 0x40}}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000001740)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001700)={&(0x7f0000001800)={0x88, 0x0, 0x300, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x88}}, 0x20004015) ptrace$cont(0x18, r4, 0x0, 0x0) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r4, 0x0, 0x0) ioctl$TIOCSPGRP(r3, 0x5410, &(0x7f0000001600)=r4) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:37 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rpc\x00') getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:37 executing program 3: 17:03:37 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, r1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 368.169123][T11690] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 368.169123][T11690] program syz-executor.4 not setting count and/or reply_len properly 17:03:38 executing program 3: 17:03:38 executing program 5: 17:03:38 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000040)="2400000058001f000307dcf900a9ec2faf1c61b63be2a5fdfc3d2304000a04f51108000100020100020800038005000000", 0x31) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000000)=0x7e8, 0x8) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) epoll_pwait(r3, &(0x7f0000000140), 0x0, 0x2, &(0x7f0000000180)={[0xb0f]}, 0x8) sendto(r0, &(0x7f0000000080)="0b549a899e3e0c52f8858327a849990c7d505e06f82d4da5ba76547cd63c256b01d192afe0a2707a3afe1c0c2dcac690260fd621b63084b33a7bf33747c63a3ddaf5170c89c51fbe5bccadcdee486f7fc901e4c2e7ac05eb46d48151f35af519599bd653d993b6fb2c0b88d47e3a9318c432c1a3350e6af34f5b946b52217d37faf6077ee42353efb65ccf4a1eb8d4b403ae8e630bc5f2e48b7eb5a90007758bca76b809757d9af5b5894dd5cd9f12f54a1b86388dfe", 0xff74, 0x8000, &(0x7f0000000280)=@rxrpc=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x6, @mcast1, 0xffff}}, 0x80) r4 = socket(0xa, 0x1, 0x0) close(r4) sendmmsg$inet_sctp(r4, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r4, 0x84, 0x7b, &(0x7f0000000100)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f00000001c0)={r6, @in6={{0xa, 0x4e20, 0x6, @private0, 0x7f}}}, 0x84) 17:03:38 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) setsockopt$inet6_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000000)="49d4366dce45ef8b0785a4a797ae4a02ea7634341eb3f5997bd7880536a965baadb65b07127ce15501992cd8d435e5f090b6a5", 0x33) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$KDFONTOP_COPY(r1, 0x4b72, &(0x7f0000000040)={0x3, 0x1, 0x9, 0x11, 0xb4, &(0x7f0000000100)}) r2 = syz_open_procfs(0x0, &(0x7f0000000080)) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0) sendmmsg(r3, &(0x7f0000003800)=[{{&(0x7f0000000500)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e20, @loopback}, 0x3, 0x4, 0x2}}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000080)="92bbe4dc2a30c667423598e338ecca837a00a8bf772d81f93290b7c56738f4ec351a31e21052795e601631a62cfb7b682bf1fc714bac890819b5", 0x3a}, {&(0x7f0000000580)="4c74be1889dc2c926546dfa2ffe8a78a721f6075cdd7d50e53c9eaa0512a2c442363d6ee9f2ae399be61a151cee048f4aa81a7a36232de81281c9367f0b23f536eda33468d8b50c2278cf62f87eba35ace4f4e85a82fbfc8e40378d6d54f31b6a173534fb9fdac9e8bcd4fb58aab50e11a4b70653d209d40b915d57c9027ba9767a25c6dd7a5fee6178015fa0c3d7b0d9b0c7add0f4f14", 0x97}], 0x2, &(0x7f0000000680)=[{0x100, 0x116, 0x80, "583dca153e94fa91f81abff818b734127980d7c4b15e1613379af5bfb2fd46300711de561bc1dc134ef731b451e2df60f6326aae09be28f5d23d0ecc94e93ffdcaeb46762bffcc43318c1930187a0a6f5b4e6f1b757183e201404917ebdc60aa5c15e2ae02ffc01ac6780e505b5c30a35cff7f27719fb93bccefd6ef8faa43965473ef0b5208ec57ac88e02ac0dec9700dee15e4bf190b51c02f8c7cab876f00c8bb1a319f500713400325780b8c7a9faa0c3c7ed0d0c659f04eff48f3f306624c730bf7655e021b87c8e582904094dd968e34cd8b6665675a5f7fbc5c9f7162ec054b48f2760571ea"}, {0xb8, 0x109, 0x8000, "47750e30b8dce35df8b7c88106c8b64fffe323effe84344ac956fd66f19c5370e0fae82e13fcaaa95c6b7b93abf984ad44f06b180c7f34e39d875286b26ef0a9fae70e253bea60839010110ae56d1b18b6d31b902a057c57b656a3d4f5da7516235251a2205087d2a3bc2ebc1fdd219839f0ecb389b92de7e145eb6038711fdb90affdc6a9c249e316410dce8cc5e76aa7379d73b8ba596a8f53030e81f5e83de2bfb2"}, {0x70, 0x0, 0x2, "687444d64ab17dbbabf4a89c83e14b7444224a54d3fcaa8d77e4919469a73110521b21d0b86ee4626d60bdc0cadc71a03df698b6882f5faa2cbc702f6a777755efd51f5a47ae5b05e12660bfd250e31522dfb0e22945c459a3d2745958711962"}], 0x228}}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000001000)="69ff082a69062876916609408d244f14da9071d78404c6029cf2beec09fb8b4bc9495f6c0fe67c09bc4cc1ce003e6caa0380afdca2ba4386399d3283ebb638631cc147643e93e025afaa62c147a1cfb5fbc2fba43725a0aee19f0b190a10b44a6c6119693f07b536ae94e38e7fae4c2786a9496c2b2d124dfc3e8e8de0b8a4fdf4f85d132cc3763840383acfa5939c09da82854e43a98d1dee54f720e80a26f13ed81596476a4a6cf9f07bdde5c7b84cf2c6d397d10847dff62e2247210b6f9974b9ded240c237c5a6b038c4bbda0b855eba51fc0a01561e5060ab8ffe840e34b83fd4ec9b3a9f78668d39afee2aab07dee8828cadd0bf9a0bfd46c12fb7f56948ead2ae5feff8037e56e1c436428523676947fb1e706874ea9d5e6e9e903fd6ddc012021818e25d91d0bf49536f62e5ab4805bc0c8149690e0795b34506af5672a2ae7aa9c3127eeea9ead6cb61c5681cf8a4a45df65b622b7761b1c12ac4beb47ff6466e8e22069f7ef37cf905f8e35e680bc2c5ab8249e1a81891d3701a643305dd2d0ab37f98ff6a2f3887c8c6c938df59e1a43cd4811dae54538578ae2d33e0fedc04994d6113c8ca0e443b5cc8118f5fe7390399068bd7111317d6b36bd5acf4ba7916f3a717684dfed8d00935433703c1e882d006516c97a26bf2777f3d1813bc8c5e0464a04549e872be36cd19360c35c7abe520d8cf017d8538dc29c389dc2a2931b10b0f5020911603b4a0f7c0ce6443c8962a13d1720294efb06985d5c905bbe84cda142793f62526bf9e800a7c833182905ab380a5dea49a1dbdeb8c6f667bded12c7e30e645966e4b74b0157422d401352ce0e10f6602fe7a2e6724230eaa856cedc835b8efd6103f9f4f25577b4a3590bff85e6afc778450c12cbdd51aa942b43e96a27719cf3f1a1de4e2e27fe84d3ab93632ee1aefc02ce28a7f4497748461842c806f9bf5552ea9ef2f853601a4482e011ee2d41ef985c8292af89eeeee3a489b6f6691c263fe3a141f181fe88b63f0e6a6f52eb67ccefe2da14b2f855fba103e8c3b3d3508fb5201c2665766197bf3b8986632f399af74a52ecc549f1118df1153ade7453e85cfef9621ae327011a8393297429c859d295ad5920f267b8e3ddb4c952ddda0740e24d7d1d40611079c3bbfb6927b335b77de55f718bdd1fbf7e7ec3094094fa2fba56d181d373a79dc2ac5f216fd8cd8945e83c4d412cd05b382c2a546a98722e297ae1f417e13fa578a26a4577f16e71c5f62276f942d92218fb8a7be6bd96afb0a3279e19bf2acc2462b56bd207f968dc0925d8c43facc28622009b97bb42848db2f24a28dd0e68dfc8e3231c5b914e229e676f3c424abe7acf49adbd917dce33135edbd4971381cf0b4003901dcc83140f24c22d26824635b15df7df77c4606dd8682ef6b5ae1d8be92e0c0b6e4352f32009f6bf0b37b8fbc83a6aa6d4f61c103051505583918a3b72267c4bef9aa5a7be3519ac52618291087306f13a6bae0605d977b91f681e0a972ee011f551fb22738935e320b76a7e185a82950b20174adeb8abec4a3f2d4c6e96ab6cde57865858297414ee846882c4a56081ab12ccf542ce7079ca9f71984f5c43a3559f1a7b761b4db29cbee0e7e1e1dc97d3eb56726dce559f2258745a235964b58889755877a99f5c06c1f2bf32d71ec2b6cf347a234b5328e7826ad0971870bb8f6e3906cfe3dcf27fabeafc2b57d0842055963088062c12855e3a34517f0115f29d909a1064f9600feb0cebe68cdcf791cfaac14227234700c215a964a30ce3d235fd086211ef774cddf0d592e2ed516e48e255fb836a01038e17cae9e57c4a3f3188bebfca404f49281b3121db42a27bc33be7a930339252917fecf05b6e7ece1a4e882ab8d1cdb4c07c06de4b0240a1ba721758e8ff978aeff2f4048b79bc20027a6a27a402acfdc82032773d1aff452b468fca631cab25f907fbac48cf38db7da87a5e73b0e832be6d2651a23a2daaa68167f8936bbed316829ce35b099fdd9b694bd1df4a22bed1d6e32d3c9a09bfb843dc2a097d030394849f0e5446e78040052ca6609c7ff932ba96fafb73092dad87b3f8c40bce3225248d6660cfc1e2921b9c530eff6eebb77725cedd55cebc925e33c1be8ea89acc0f7fa1525ed4f0fa9ba3f72aeb52e3c34837a9f03ac83666c3a00aac3acc85b5adc9b8b60f48f2ac6b70bd5abfac5bb208e71487931db80d749c0d9b9ed762cae72671257b607efed73b1c6b5d6a1498c7314af82ad6332e7816f059bf977bc25c5534da56609404ada2214f980adf43dbcb2e6f225eb23c12babb87f9863e77f39268f388fa89eac304c4e40f6f0ca88a107eb349f9948973be53c63cd05050b8f45531c43f7fa5c904e12e768c663d84aae765e014bfe4d648048dcb8451dc1e4589c899685136009bf59e2e5b876c2759446ed5e20a5d4557eb26ea571f7acb09f34e9ed8a83828fdcf3676a87d130d167f4308a3bd4914895aa89e11c76011aa7f2392ee5821eac5ed511a857a9d7b4246b01515a42574beff5a43c2d55ea3ef502aabba266f6d8383e7aeba7860b1d911993a2f9e98dcf376d97d44fa85f66a5615ad95ab48a78501070baec26fb6dda35e2d0d2019c029623fb26e2c3a422bd447dc0d1c2036ea38dfc10c656ca7ef48123bb4a9765a99258b50ab88e70ec5a09ab961803afad274fbd742be49b9257dab95f4bdc5d27c34f87661f07c958a7bdd220813d3119e772593e190cc57874f578265e9f1cd21ede0c6017c69218926611200172a5efdec073ac95c820e958294c7ee83a7c5daff123944549f57c3a21397b15fa2d793cbac0f2d157ca11cbc2d6c497f39a011813ae549beffbfe06188d2d63f1684e668a4db4cf39e534ed7193d42969bfe04df5a541e29ff2c89968da7a555a9422b2f8bda4cf59fe59eead323c967be2366578fa5d0df9cfe1839d15b2cb1aa253ff26648590c61bbb537bbe46a27f98c69439faf967ad1df682002331e07bbcdc7445d92a6317461ec1c0f101263dfd0319663ac56b213266095475b3e5114e717f3e537ac5d91de135d43b8717ef4d7086e13d33a0d95703a5ae90c04f394f0eed792529afac7add072a6b365369bea01f826cd1fb3ed218c5195c8167a9793ee7175eb954558244ff848bfc44c39d50a85d58d6941402467990b8f51c956ac8abf0e7145fcdebfd686ec1d2c3ac3612b6a088c6f7dce71065e706cebef483e813007b75b87339aa746519d82cb155e897424393d1911d3dd1770719e889737f3a2fdb5eb7a415870e86c6fa1f29af13d4219e2e9b7c0a9d8ed79abcc0180bbf2acde2822f3eca37d5b32850875c6337fe880881fc92e0c3ae8da9a3c8c02cf79ca5e251a33f61426284517d7437c7acd11981077f4d563c216b7c93681d1635419352e14b763ec47f9df66e9c73e085df1612a223253fc34390ad953ca2689e80f69b295a9c473238877f63c2ec3be632e89f08ec53ce382285ea3df857d7612e1b933227c5bdc69ae9d4a618cc530b969c211748c541dd4eaa1ba300f470c4a065d184bb2fa7592033f004d17abc2e183256071c292692ba3a8f420ff5c61d8510dea2d2bd545b06dd0e656ddbc7a1c72060933b4a8ccb1186861b4ad1a033a80aeed85cf27b75671df5ef5364e622705ec420a8ad214fa84701dbf54ca3ecce95136f85668dd660659b31b05a1924d2d9217d712b3cd14f62e18b42efabcac24b3dd7bae1c6ce344162d20c88a179ec42e7c4f19507faab3dfea7d708597aa58ebd51617da744e953a8120f4a547bae3cf05fda1b58c2629550c2893ec6dfac449ca3693ee1923e01d65015d569fdd77bf003d77893c9325bb95fdf7fc8b02b0c120320337290f81386117bf55bf0c868e1ff545a2cc61b0f9cbab8673ed24ae917e7f065a676b1893133934d64f7a6de98725d12324c08b1f43f3d2189a9a73e5c06b397062dbc2670e3abce95e59ff1e1dae0a4d61a74625f750ee619aeb925d9b4e8bd8f8b509c83cbdee822499101e082ed5e38f40620131284be2d9212587223ee93aa89be691ac5882c5f598c565b0b4c6c76f2be66335a2633432d244e4ed9f1abd5b136693b0d3c97d8420c06df0f69d81f97453b5b4a5c7f07dca9c8a19e68071c158171381dd1871c2e9c44bc59ce6c1a351c8310692b1a097e4891be209da4522e758ae5d71fed76c468b5c598354a019020e7a49e1142cc05a3b9cd934238baf64d84d92d97a72c9acaad149250776f94fc75a7ef2e912b9d831a4a2c76921fab64127e382e98ed1de85c8c3a0d2f28ea065f1f6ed5fbebe5ed4107f30fa5456ad38714b72c7908bc924746495a82cf28b3a763693a832fc4013324099f9e6b70034908784262f2b04bdb3c21792a9add366c4084bf4fadc2ae63869cb294b85927f624e58c41ec45c4695f8f4d152665c34eab29ba4f49e4696bf82ec8a0c87cd0cccba136edd50a4d85e18a247e77e738bd8486dfddcb814dfbde3b01e44e86b53b2baeaf43a2783b6de9494c8a57c55d834d2e6a7474ebc4afb442bf5b427b9bb8b5c0c3443fdc576a0f304bda75a190571628c7cab73810a68d8079fb1935d282bab127b3bcb9488a7ebf294a3266334b2cb036f021d12887ff750ff7bb59e7a488b63a820ddad974792448ce558140b4d40876f57899618500f678eec267ecdcb035433ef8c361de45df6ba36e77c68de7f336f52a33c8a54a677ccd12c83c3ab8de5f9573f82de2327864cb648680a004c0df80343c9a62c32d8720a04c6768a0d3d1244653a047d6e4afe4e1c10a1c36620715eb9483216f12265343e38c343157f75035e9d64b46d9d39fbb3dde2f42da874f9c8e30273ac947b309c883bc88636e02265d832e7ecc993ad954a7c84eb06dddd5b5d0ad91d8ddf713152e7748d65ac9ce014120bb00ae364d00e1ce13dbf40772642aa64401db218bac0acc6553c09f0dc43eefb6f65899935f712dcc16312e8f6581e929e7c74660b4d76b69fd38521fbd16e5e0cde12a2dd8dcf80eb3d14301566b989517c99afcca0c268cf4f6edbae14e271d35407a7ee24e917bc1770f449b7d2f7288172699bcfc9fba7e9a638ff4e0dc379bdeec610e3de329e7708b33f712770fa80b8377c999ffd93259cc9e1d99269cd05cb00ba7ac86d675cfbd0a3495a83be689f44fb5491fd362dc0fd17ddcca6ac994f57cf68aef9d6cda2715371cfb54e6783e0fbf86e7a7853c7a00e76a6d49b3f4e2913f35c44048b21cc4d5c109ca30615293014acbaedaf15a229a1e303ddeed045cd764daa10325a3ae386d3a4e84a177b21ecdad6f49c9c911c0e90b30697f5308c4698f5244308b215abf1d2ab7daa61f489a9cdb7c59d4a7cad26a3375711e0bbe37259ad372ad3de36dca27a02823a5c89092b9d1f8101f58c17ac8e0f13f3c8d22224e53bead25ca88dba797315ab050640843a27433c88d26fbee9bd24a8ccd082850f06fbc34b87bdf5247939a4648b3c599636a7d650c6c8c9c58766005b87d6e075028d26600a2991d15bf1e17f7845cbc1ab4c8816c12da87a789f76c16423013095706429a232731e796a7bdb83043cefc014e1f421a4e74b8b2dcc58f5f8ba8860671b79a492d9ad0d4942ff8a8d597126cf86f651d97ed7a1542139d1d802eb5f0dceea6bb8d42633230e7e80b953199545b8c8583b31421235cb4904d0f88f798655842e723d5781c881b8c80f2f2c14657e9a4883ee9c4f1b4fbc711e84c49592e8977", 0x1000}, {&(0x7f0000002000)="116c853439357ffbf49d40ae7f0328cad6d676248797a36eadd96b7449fe067ba4027deb475987750ff3cc7164ba3ed20030c4b9217e311f74d104994a764fe2b6e133fe6439712689438f7a4a9d5cac3371c0722341c1796ba76bd4d0a401a366f2732b11df0a62fd3de2b4b528c0cf5e8f3e006588001d3429f964fe9b84639fcd23b469b5fcafad6ce7fa23765bc210d4f7b6fb9c5a2a3e87354631ba2af6803b29a55e8f38be0153a48f50c0e5fef680df3cdb7f7e4a67d0772d050e587d766f64f75cbdf0e20ac5c25acb712657d759ae2671d8a9010cc06992a880d7998c60331b3b78f594c572984cc3af31d7c95aadc85050c03aa5dd0b2daaad536e4b1785b54593c0c33da37cc9a8a8b6413015c95c9814d78321984b781bba52ad6b4d8894f13407ec3777eb2b5e552f6ffbf70a4155d6abcca69a14273181e5f6ada7500d54be59ad784878cf6bb5aac453d4edf1358ad34598368072e714c5fdd557178903b5fa93717cc7c4954b6de195a52f004d342e5d21ab62ad3c90cf5701b83f8f656ecba39268f2868af98a2035e95af0bc9206ec1f6aa19f7602c8a255ab1a406ac035be94bced41b2bd57826de140e123cc9689e6d4b9a532eadefabd1597d7c0373b98ff2f51e33fdf96ff076edc7b398dd0fa3a11075d7df2a30ded7e176757b4a6a6035ae0acadf7f48f4b6925c37bc6207b9a36293395f04901ac5e8aa57125e8d2a79e4d714a429bce838d2a23d2c6c176b41a92238435eb197360fcb2682e4570d77c24d0fccecf74d0c70119e200bcfe859dd02d13812ba78c841397c148c96d13fe84b8b06f6baae761a2171f3c0ba307a7d2f048cef7bb31d8092627b585c7e2d9e4007610df9bd34c7b9e20a623a86ddcf011c29bc711e41291765ad5aa3d51ed1dc7677a63cf87c571610d968d407596013dfdd9dc400169e7bf292eb88f2faee4ec3dd3affc14151d3d812c3aa165ff90bde6b361bd75e00c52c12d2e94c6c8886ecdf2ba3c8afb15fd60c1556fc2f8934f7ec44235cd2a224530363d7d67210c2bd4d8b4b3e2e5351203b1dfe52e38a11266d7ed75cb740f8452b48422cf3fc67af47bee3f818b9a6525ef704fa21ecb5280a2c0113de88587e0c2a9cc3b77745d94ab8dc27322876e8a11305231410fcd51d3675bd403e33c92d79581711ee993dc4459f402394c64e782826e4a1e2b2f6604deb6c16d16e8aadf00484684707a98fe1028d1fa35a23aff38a75f2d52ffbac9bd4ae95ce16cd227935b2058084e66f20bc209ee53e74d06a150d765154e484d701077d8d3c51f67440689ed666cf2a79e3014ef5b1d49fc7350c5b020cb0102d085532b9e20f27cbfab1d2cc325095395f663a4e15a86ef8b50402975c5ff9d49bbf4ca8a7b6b2c64e7d7b57e1d4908e4781f281adfd737235ce808c1822d9d7a0a5efd259fd3396f73a11b7a53d0be595b560c563350e93d6af688e5f864d276ac5419635b9d60886f7ef4020b3216a1c77f1964bf15b0bce3dd42d4f14f37b87a418a8adf2331b833ad11edbcc44663b3c5f9c65e03b25330b89a517f84254605538cdfbe8acf542a0d9890757101d26244ec90e8ae6c55b562d8a7f5b083188489cead9dd0806f102384fe4ece893d8d12eb76c36d8f2618f8f1851cd0919997461c85152f1673b44e5c1ec5beb4f7587119eff3022b0a4bad5bdeae3bea63cf091e1582d2cfc4552aa9b097dbe09ea4d1cfc9bfc716252d880e3e86c1d1657908f41b3b2f312cdc3d5df0dd3f626cd181652b9711f96cd97ed8f37bf72648e6e207e7430d90c6530accf5fe56dd998f207c3aa7cb0ddad57331d96107317bce3c635e17607f7d03337ff7b2ea1e0e00a76a16c41df2cf4b68114480d0754c6ef2a25e94f5522e2405e96ea9ca04eb9b60769c8e910216e66c4e245493b2bb2e28d57d181287d422707e1445fb7265c891eef204adfb1ef749d8ea101731120f4ac97470ab5738902dd6363ca03d468ba6103c38af00d3a15133524f2136e51191f528099b02119736e285626129869cd193816d97b285bed37a8b84ca9c6bb9c687019ad3037450cf1ed577ac4c1234ca3ec050810b7624837ca96b60992b8701b23b9ce65a714585915ca478cd946e685cdb6842d182044153ac392ab073e4a9542b4bff55fff6c7e445e52395565dd63d24314080e08b032b98f6012763edbabf9d2d248bb9f8023657e3b59c28de721dbee506eccfbd2da844f74f33da02ca32e582f081daa701e62f8d89b5ee6b960c8136cb19ae162cc76c9c46450e4a98861670c80176b801e6a1f412ed0d113a7e08ce0150f2cbab55767917711fbae1f44a8f65366a9ceb4be31d26b9f99229af888920683b15d302c8867359b7881631f06069673480b33ff0169684e9ab0b58542bbbee32c93188620988a72fd928b1510b3cecdc925663effc859cfeafa55670b00628b8d629771485fbc5d09b0277dc90d1f11c9aa881ca78f59e273e727876a82c0d7269370bad2d361265da8bee720b7fb585d1605f196aee2209e4fd99482d7609a0ad51a69380cf86645f7bebc0f70004d60b35b4c374d7a0cc34bc847e644449b8410640bd19b41a1631d38e59ed1633c80d1b1e86845abc055b68f6caf77b5d5b587ff46226b4d29cd0727e508fc6926cb8e322c5c279dfd42fc6d32ee27da2d6e9e9db47a8268ebb49749996694e7f54254aa30861972672c625f8b867823582d3ae2fccb4927328eb3588437edb4e8c41ff41ab928a5ff418ffb2bf8163804da0ced79383c951b31280897167b29011a34845ce5d7ced6fc0c71ab6ff065be4256b4073072e98ac497919c61c083eb9e5ad60b3b5c2425077ac3faf8c90a4926ecdfbd1ebaedbb0b8349b8111ab3da4a94cbc6e0f57bdae366e0c5b0abd0574584bebe4e30659dbcf6cff331b30ea5a70cb261d40cde2bb2e9e3b3c410376295987de20230d0327cde7f82165bfb58f3ed363e436e748897e8daef69bbf99370a60c757b035cda1afb09342c94c7a53223dc5d985bb0a30720d97af910fa71d6fe47b19c7eaddcd8eee6400526d369bd82041befc454e6c2e67327e9d551d3d81ce8f9a589572283df90b7ba9e95cdc83b9debd556980debff8b7be0f978a65b9086cdef1d799a98d9e15228782d9384f8670cba671d763ee91885873b7a55bbdf8bfbee6cf9ba851b512aa1b3671f8cf704f5e9ac0272bd5f802a3e78443548de876e6270e7aca66a89c9f19f3c42545adbe1167709886bb1089c63c00de07d632aec6f6b68796d7e7c01798f69998cabc3ae8697f05088025ddaf3943e9c183e7e0ac19059d7ebea67bcc0e332011d2db515615c234429a465da14d72321fc74a81901b494c23146d00ba7651446a976a793145d23eb19e48f8c1b9d2ed27a5c9d045a90b206aac5dcd8fb096e5b25224a7eff067b61189136cc9459c2678a118dd5b72175b7f40bcc12095d01d2b589f5413f4159acd9034c302f60644b55c771c0472280551513d484685a1034348dbce2e57d0abc87060ccf7a02a58c2222ace19f2342c20d88727f1a6f20bcaa6600020560c4262cd496e792c51b844a6ff3c03f00de912605d3c807f36118454cf930971860392c919681d02994165f31c4141dbb924aa074581f079cd1181501c000c42e425475ef29ec01ef3dbbe030b304216022b4f819aecf9b778fdcf6fe39b956e5c56142afd55075db3c58edfcdac3d05f072ed7635c76f4c8b16dc6c83b890e8d8f7829221c80a777bc59db5834e5c389fad0e1e9d7c13f2a32d5ef3cbe710128cc74f09e89a0f9327bf3f3a3144cbfdf48f83f98234d188fa2c644b04fd1442baa0da0defb35cdf2e08278c20f70549c2b6497d24768c4f715a67f32151a1c07c59775ee9edda562cbf7327c3f49519349d3ab7d4611f65d6c531e364e9cb5e40a15b880a06c546c4308c9835fa58b5c934805bd9c51762892d3bfe85bd926c71eca80b181c4c18099bca8cc0ad84e00a309030df3cf0a0dcd291ec64e8e7b3b21c123b8f9df4a71e28ce790fdbe6dcde8c77fc709cb9f78fecab2f5369cb033e2d0147833ed37efbcd8bb7e6cac2a4e926bcbdc79d6ffb22d80b3c9ddf14ae9e772dfdfffc046f2a93ec0e1a49ae466f6fcf6a5239610110139059f06bb8dc3ea82e34fb4db557db65b046d4780015b00a85f584b4a842b338911a8b885a8d31362aca57238244ba1af3aecc95195d8edeb5470da929ae2499a09105523cd88874549276e52f5f3d99ff30c467faade1e705d52c799e703cdf1198cfb3e5fdcf46274d239ea6bb8b4f674ac0bf5be2bac0e117492b9b9664ef892ced49ef6e5096c5b41edcbc1ea73e8ab31a8a2fbb72c23ee6535ea1ee1c4de3a65aef05548cd3a0f0fcd7dc1bf99ef5bcba7ddb1cdfd3f499638143e7b3e8cf2e7a3032f21e405ac06aeac90aafd493aa6c5659d9ec518e5e8404bd098f7f215b4aef3b49a87bf0d626e5a0093d87cc277ddfbacdd2497e737fef75d181ace3080f278c926cb7cec108135755dccf179b8a3282ba088d29c921f4052e55abd594e269e65c6cc535824b8b125c0842175ec7c98e4aff1fad6091c7700e5a978677665d7df1551070d7101820a474c24e23e0628adc859692f20e89d7d38c9c8dcb17d47a867430f0ed703c0cc52f7b1943dd9ab0da8d5340a982f526a1e8f09a6b47d501168395cdd0cba60bca9e8c7ba923f292b2249914e92bab2b2e780e32ab04bb4aac14e92027d42db5cead9074a79bf0083af2c78a75521c3cb3e12a8159a586dc1bbd3a5bff9f29c807173f810529d3e6fb279e9b3386824c5238ebd21868ffc3cac5955ca67bd01dc7a55a0ce109ced0467939acd01217857cdbce73301064926ceae4850e10749793fa4f25f3e4f6036a1fe3b33f5ec20ae74187ff6a055535c0e709d5ad07f47200fbe063bb5ea40ecf832883fc20bb873434137eb43edb772cc22d1cad5c96369aa147a5a1c115a3ed61247bc311721931b8041c3e8f983ec984b4cb8e40c4e1b3393de2624318ea2a91f92675a2197ebffec196a5cb3728e210b71d97cd0539e1bbdc9f670061328ff439dddb7af45430643f1e81fb60ca1a26792b8acf5b0b69c8783ff613ff682c941abe4da0729ef2adbf28445a80edd7811a15ae13f8d7c80248744218016996dc9f52a52a3bbf2cf7a16b6f4e19413691ec53ba1042a0f391c29feca298bb358d047cb0041cbe3914880067d00e235c191a29a9a7ef327e1bd08b2eadeb807140de7ee98f535b4a7cca7ea02316e922aa7aa41e2927cdbabcd4326bc15f2e2112756859b2c5fe02801d3cadaa9aeeb64b74ffa9e2c0c4c4bb003bfb94f8a94a7640a09b9dd267b7468550b5c94da710a42fe683d669c7f500d0a0a67012524757ae7eec8246f2365e0ed2c4cc2a7556f0c67b7201b475870116205d6e59822801be17af5e3d139478425306c47e5387a06511edf39a99c9f2b262fee3863c50b1b96b3914a62e9705554356ca8d86dd5d84082e89ad38cd6ec70206de0b5b7a2bc1c497a43a99c0b89db3bc171a18ed2baa701d4b36065eb9734a8f61e1cb65cfa6d67e653c701902c36ea4a8ed44cf1fae2b50debaea6bca89309c57d9491624a48f7cc5e4a313a99d2a31b489073eac9cdd1e12585b738afdcfa873091110c046ae2aa1767906a68eed9a6b852af4b66e1be32acf8ca35c8dfe457c7ae068eff74412c1683c9f932f304c602665932efb4eb10f346562076c7834abccb8c7f3586e44", 0x1000}, {&(0x7f00000008c0)="097d003ba5fba6d339502c5b85e1f547ee17c1c93169daf9f87f73c39b2e88e8a99a7fcb5e39e68644551e6b744595d8b4dc1ee4151b686bb4ab1b28225f0dcb52cd0ef1f2962250c0057c47acfdf55a", 0x50}, {&(0x7f0000000a00)="b7866fb5b817d684f9aa47086c378e046dce3d06ee6c324859919cde1c559c5705b41d49a90d260985ea12a0666a9dd7f446ef2cfcf2defb31a5d970a5389141b981a31119d8eaddfbccc37cac982bf3cd8b1d45b1ca313952a3749daca55c1de042321d20e4ddff410859d2855314f66d1dc2b43fa3fd1300be6c416a0bc8457b8f3226bbb7f8331e20ffe809a02c5df4cf53a0d7f98219a1ec02f3e658701e5dde37e197a572ade4de056b7fe22c860c9c4b95ee63419777976c139b0cdeaf6bfd052ac7e5afb9860e4adff8c70b536f73cb5891456c7f1da55cf24ca4a9d57b5f56e230fc84f6", 0xe8}, {&(0x7f0000000940)="ac4d1f392dd4ad63c3790fe3919ffe8b2703cc226eb46204e86aa76e8368c9f2f02cb876a7ad83b0e40ca8de52f7fa5fbd8f6e4daf62db27bf2ef02a4af7b8cfb0729598f05e", 0x46}], 0x5, &(0x7f0000000b80)=[{0x68, 0x112, 0x4, "1d00d5d8cc2b7dadab4a34464c0808ab8ed498840e2aee775df20c8579fc4a1a602df9ab9778c0dc8bf5d1f6de0e5d65430fdaf75c4a0a4c8e4d1d8d3f60313ec65f85cfff8d1a0f49d39266fadc5b6cce37e9247d77f5da"}, {0x60, 0x1, 0x8c, "a99cb7fb9e119566d0a50790f59a4f11673f1f44414fcbf73760df09e0fb2e80a55ca5afa9efc2180ee519429bcb4ad6822f1e7e53cb9cb0ddd68354550a98eceeabc0813db191de0d9992df"}, {0xe0, 0x111, 0x400, "3dac0f558bb2627f7a1b8a6c6852d6e5e0dc3080cc5d14b008d722bad3ca0949bf39de437a3fd9175eaadd8c1ba1ee258348662aee180d9bc1ae03840f96bf3c4da7644fb37d0579329d257c669a5a568650fe37670ef26bfb1ceb822af2f7323ca670de94455b083ac642c5fb579d548de633d91ecdfb36b285e4f224e5876ed4fa63fabd48c3f841065731551338302ea5cbce15bba574fbfb80f90a7b796cd79f15ecae88b98d369750e0b860f1477987837fc6f7e817925a67e835f1b50a037d4b63add5dd822e88"}], 0x1a8}}, {{&(0x7f0000000d40)=@generic={0x1a, "ff4d19f035e5ffa3c3aaad2e5a78f0e288175b7dfd3de616b172eb9c99e777b0b24adaeb8cc5a5429bde9d93d2f4f102fe31b859bd1d61e80cddb2ad36bc8e3bdb984ead14687ecc04dfea42f97ce90e30385b19dad0bdd27359d85329b701ea96eab3a46feff04a0b39474a17cfed0fff6a78647ef2aa887bc99e05e99b"}, 0x80, &(0x7f0000003000), 0x0, &(0x7f0000003040)=[{0x90, 0x100, 0x3, "891d20a61b70f75465c45a0692bce923685fe68542c90bed476f2017f252fc111d55818880a923f6e0760f3d1c9d561e478ffceb1b12f6681251ca694c8dbcdc98fee8cfeb94729f79a92b443fc1c574e04ba3c1460dc7b8240eaed2c5e66b43c3a1e3adc0a27f8f5236f2de06e8931861e28e7388cd3acd38d4b24b6110"}, {0x20, 0x131, 0x40000, "b5e4bf1a723cd8f5f2184b"}, {0xc0, 0x1, 0x0, "97838844c1445431456e38da84e69d4d422099dc61a338d8d4e90e15c66e370918f40aba1828bbc6f8f82813be85da7a0fdd48f94f109d100ab62aad0c57f42ed6a25030712dfb9c1854e3a9afc1e92145fd20f451a35c2394dcb2f9f05150df07a484c718155be5ec79c2af0aea7ebacc79ce762097240fdc7b2301acda265e5a28b6cad38ac20517d54578474499951c6ad1f96585a5fc59ebfe83974379f19445948e8fb764c4a3130dda"}, {0xe8, 0x84, 0x7, "1d3b72fe6be5bee0e91c4e478efae90a05701a7451779cc0b1a9f6540573455ad86674bd8d7c5ca0d737800e40256a29c683913e3d50c91037f9f91714fe4900c4f0c2e84820a29247d3ff727045d3d0ac2c7ce94d0a6d8298f6c329ddef2df635093b49eb843e32bc7bd071a8bddaa52790fd9ea5c209c6bb51fa4dda095ddbd369f5527019f6469c35f70c1b2f0f018389aca39da25ebea1ce1a6367f5720c0c9930ea49d4acadf2a27b021a82dd5e810ed1ca994135cbea9e8d1c0d03931df54527e5f6abbe3a22d9d3a7498b4894f1fd63"}, {0x28, 0x88, 0x2, "a615dec4094f2fa5328847ae11f99a5d7c82e04f440142"}, {0xb0, 0x10e, 0x3f, "bdfeaa219d2afb768167b9aaf653e60266da259566cbcc4322b2283c8efd1b01fc586d2b91a7f825415acdec357c83827775bc93051d7947bbea2de92191efd37653406dd73b3899fbcc6b9991be2a8e3f86b537c893c363d9559bb7967ef4a5959397c0adefee1b423b76527b13e20bfc1d9c54abce13b1ba89b59daa7c70250738278299a03e5c4bd76a799dcf53d431e411010855d810b8d80eedff33"}, {0x80, 0x10e, 0x8, "6a3851a3a82939c73d510769c4cebb4afb34c215df7c25153655f7dfdf5faf6cd5029297d7262b4ee4ed3e50f9b43198b532b71ba0989ce5a4fbb38db33f7be0719b7c53fa89d3117adc5e33d954f37169f40f198faf20de04e320b43c761672f4d349de980a57f384a9776d"}], 0x3b0}}, {{&(0x7f0000003400)=@nl=@kern={0x10, 0x0, 0x0, 0x2000}, 0x80, &(0x7f00000034c0)=[{&(0x7f0000003480)="4355489712a5f2a27cdade066188dd06142e", 0x12}], 0x1, &(0x7f0000003500)=[{0xb0, 0x0, 0x1, "01287ed060bb169c61f238502fc177b149549819664d48a6a12f5b525cfb248d9148cab284211c8674ac80289c29b28088fa16af07e83749af9fc438907bc6c16eba7171da2ad1076eeae83b98f5c314a636a8997764d363b1755544ef7e77e7cf18c4f3cd5a22abe720e3b84a7f32d2042877b3dc9d3efedadb622e612f93d51f6fd0789bf3ed030077c5cba56ad3b9224ca634f49da2e8256b"}, {0xf0, 0x109, 0x3, "40ae69effbcdcead3ed34ab099206f509e512f11fd1daf8cffe4496d95e0aaabc6a7078502e514e5f72a9b6c0ea1edd5adb9f57142001082f057e12b274d39ab8f6d198fe3375303f52a146aaadc087549886d835569cca646f2841c404ce65543d3e52c2199a4b4f8221b697b516c8013e77f38b12c97922121030f500652423a0478431c239714fd524f0a90f822ef47ebece8ca965fa8642b27cd81855283db99902f6ef1fa9125c5f74943e5302e05df484a4e29d41624ba87b2e71c89e8074ea00cfcac41c1dd803ca2750f9e7a2b96ede60ec1757e70e1"}, {0x28, 0x107, 0x910, "d881dd4276e01c8c6dcd46c100b4bb017a694fe643df29"}, {0x100, 0x119, 0x7fff, "3cf40933e3cadb490342ffb4a6dd9a3e06c6fbd014be842faa737d68550030a70d8334d231b2148b75c3d0fd1ad6fad6a6c18244f7e4b48d19a5dd1803a31ac87d0d7a0b3a77fc88224a27986a0b1f95c3b14f4fd7bb02fcc7e964c70549f9407b582dbb2845891c28d89e8a8db3cd88d23b487f358c344f5e95aaa600e070b92b5a02d4b0cab00bac8dbd4d71789c1e693a15a23b7838dffe91db6d133a866b8db0aa889980357f737bc2294fbf300c60f971c1b591e91c7ca93d877904d79b6cd0077f35f0354ff5413c57ff9ebd020eceea3fc1239b471c61928ee912a8236286218e49c3f7abd33cccde55"}], 0x2c8}}], 0x4, 0x40000000) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:38 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:38 executing program 3: [ 368.641588][T11704] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 368.641588][T11704] program syz-executor.4 not setting count and/or reply_len properly [ 368.672195][T11705] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 368.696918][T11705] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. 17:03:39 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:39 executing program 5: 17:03:39 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:39 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') 17:03:39 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) write$FUSE_LK(r0, &(0x7f0000000000)={0x28, 0x0, 0x8, {{0x3, 0x5, 0x1, 0xffffffffffffffff}}}, 0x28) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:39 executing program 3: [ 369.311512][T11724] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 369.311512][T11724] program syz-executor.4 not setting count and/or reply_len properly 17:03:39 executing program 5: 17:03:39 executing program 3: 17:03:39 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x2) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) r3 = syz_open_procfs(r2, &(0x7f0000000000)='auxv\x00') getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:39 executing program 2: r0 = socket(0x27, 0x800, 0x80000) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCMBIS(r1, 0x5416, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:39 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:39 executing program 5: [ 369.847034][T11744] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 369.847034][T11744] program syz-executor.4 not setting count and/or reply_len properly 17:03:40 executing program 1: openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:40 executing program 3: 17:03:40 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x79, &(0x7f0000000140)="c4fe910c6786cec96ddb5322addee07bee6333b5cacd891969b71832cb470c94d61f0014dca7712c1414e6d655f4c9fd98a568097aa4acd6ecd74d473fdd43b9693122310088463ad3f8fbe0a10fff4bbaef7cd058ec3a54a90a11a408e616ac5091783220798a2b0180000000000000c6fa53cea17bd8d700"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33263ee9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:40 executing program 2: write(0xffffffffffffffff, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x21) r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0xdf27a1ffcaa0725a, r0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) ioctl$VHOST_GET_VRING_BASE(r0, 0xc008af12, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = openat$cgroup_freezer_state(r1, &(0x7f00000000c0)='freezer.state\x00', 0x2, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r2, 0xc0096616, &(0x7f0000000100)={0x2, [0x0, 0x0]}) 17:03:40 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:40 executing program 5: [ 370.273477][T11761] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 370.273477][T11761] program syz-executor.4 not setting count and/or reply_len properly 17:03:40 executing program 5: 17:03:40 executing program 3: 17:03:40 executing program 2: r0 = socket(0x25, 0x2, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x2) 17:03:40 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="1593000000000000000001"], 0x1c}}, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r1, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000540)={&(0x7f0000000900)={0x804, r3, 0x2, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_IE={0x7e4, 0x2a, "e42a12773f0ddc9860c7bbf54c5afd0a34072436563918b0d230e6e44cf481e1d29baefa457b74c05eec62d0d8a55d4dd69b7f6eb4fa011f5f69dea21368eb3594a582b31b05fb57781cd0f3835ad0913e20b7dd887cd1ebdea995e76670a270e38b0c6f61ba38d9b56a7574a29c0a80d053dad2d80816f148b660f87a5870960783383156df8fab17a98e1e53d66fb02504a985ffbba43019facdf82d018bf95677ca338c0c394300fcf1f866dbd2bd4c1bf5d5c29be6935dd606e7639603c374362c8b45512166cafde087f2d148c1fb468fc5002aacb49f44748ea57510f2b3c329539a9c518b97bb110d23bf9622eac1b0aae0d0dd1d938cfd7a1d94f0737043d264180ef10064d2a610c73755b739d434a3124fbdb4149dfe9e238c75c8f5625ad67448e10bb25b151103e27ed1b241f8b61e3ba2b316ef787b2323c84820592b233a75cb896635db4c1bd87ba5ac4d44ec86595d821d549d150d5ef35f9f0b362933fa60a654f2a5a024249ef9622ee6a718e76e9683f6261965d4af71d00c116f76e62b1c9a1e95b8222fb5e548132fa5f6da77fd4aee5636892441c0cd599403dac4ff8fd9c1477f381f25da1cae4b8f26b67b41c95c92b3541b0c5db27649fdebd0d65d60f4088b5eddf1b5873eb4380b911e2c8060842ff929de9b322a486b41f4dec61e5aceef54d5289f9df3c055294e9eff2861e30f3232bb13d266c74e1e2d91b3fc61c22264599c99e25abbe1c7e9db53c1a53800e4104224bd338f7dcf87b3025d3e2dc77b7022bf9ff7dd3b6503def1a298437afc3b1767807c3103d5ab102f61f8577af21cacc694e0f4dc7dfa1fdcd29f0ddf165e055fcfbec483f962f2bd4ad94ae9700b682866c3428c634bab32d73bd7f294a606709510282b228da8cd82e6c6febfc321860d507ac66977058b8578c0a8210e65498acbc64baaf232f0191ae2da905ab580e085371d7facafdd386fa9aef0db8f0965281ead495f9030ab3fd1344f5e9bddb18c49210501c21f14c0ec82e3cf74f839bf700a179a3c36d50e7fd70669d903a0dcaf4726e624f7c0eb52fcf1dfce7e1768264c6163919ffc1a594aea04f0082fc83b8aea04c0ee89024826b9671c10d00ee60132e94fa551a22c2ad12dd23e6b4df88fa87c3c5247d2cdd33d8b63d683c84a78d7b78f75acb4a66639935d0229312611d4b2c8a4bc5f72740ee38f1d0966450dea6ffb83af79afd4176c163e340462d7d2b616065a49776d75e6d45d8ac199b6d544575d8eec4cdbd41277b8b28dc74766c541bebdfb61e921880b41df3873b43b34016cc061c4dc809cb31196cfb74ca508754f45b630f03884b9558c17af6a17df5203d0de0fcdd28ed4f1374bd03795b8f61426d2583708ffcf6ceac3fcbf07311d5c3da9790fb198b4bd0b696567e58f9786252c4408fc4729a75c34df8a0b2675feb9086b8b1b16baeb2d62f74d03dca45bfc8ecead65f762a37e78c6275ac16220e3928da703aa1da44f8447f1925115cf05d5d22553afc90468b3b9398486435bac15c122a8652b01c9431d74c676b6b7d790c3d899f5a63068f17f453e6565c4057f82d6cdab7d7178c5470df6c5c2bc29e77a94e55991d371c381325f86b974458811f3dd98a5735568fcfebab436faf6d2664916ec7af734e4909cf276f5a3b714755305ce4ea022d415f0af5a11d40cce40db3a86fc83d05b52b1ae98c6bf288fa0a0fca1ac2018cea413b6c312293ea8d0a473d8fe69026077f3c53d8679faedd017fa2985ddbc648966370dbda3d5fe519a1d17e23f88d2b51059177fb1a10707d562b1c70a2c93525f36ba04ae6d63b65b66ab1f1f144c1041ad930d4f9acdc31e0b01d5132fc899cc281de077e1cf14717678a25764bf8e5f8ccf88ebde84add88e2db36ae017fae01fa97e0446ff12b30277e44269f08f7ed75816b3d231daaddd8afdd5f9a47b6a4afe54eec64da53b3ee9bb4d805ec77af6466b135f55114cc2b797fc2169532aae9bd90146125c4e7f416e293ca0e1d4b64929e2ae9c39a0dc74efa4285bf5644fba1bb1022988843795eb570667e1005faadec04dbca2574750c5308732322568c59f2108a0fc1587d0ff37e1b28579580e20a0168b83a5b7eb90b1f7caa8deb806fc43745cd6f29f066b65152f19c49b38797d059adad237d128780e401e5b18ce66c568d2f8405a1b065421dcfe6a3e88bdd48c7d3089e93a9d576be484a5faa3a73421f304cc1ddb6dbfd62c88a1fd467a1e205adfc60a2b35aec0c92673ee2356ae18228da920b8d40f9fc0a1060695a7380cb18a2ecabc6212a5613e935b7cb31241a0de40a53f2d7c4dbfcbd62bac1f378154f4a9e65b8e0bd1c74f59cc0c1670e9327b65fc8cbb00b0daa3d7b1f2f68617083405b4aa43386c5914a74a6c0101737175d39683a55795a8a134cab47e20318500562fb406631c4e74d8c5226707a8c85187b1d82436f4096491ac2239e4a91a93daae2c4455a0deb13f2d8e0816737dd5999231e2c59588679b54ada9b358eaafdcc0eea68d3a2b20c81fac0c864c457515593354f8d361f2ccf3de8d8f540873f4e2063b1f22c5efb42d50b2fc7d5d21a462e8a4a0b8e3d749e3801da221f20afff6a3b829246092bfafbbea501c72f5fcddec6bbd8076d97f8a6ed5f7b61ff8f05ae8c201a3f11fd8c00b43149bc30df0d9e9dc765fb6a2eb2669cb4ee005beea417a535d45e78bf4f30c23000796c66b2189b2f2ca5f27db2955f7f4f5970a0a92aff69c18abbac3802ff63d8629bb367c99edac29fcd8ecff611fd3324e1f525d94599efc1012eb331ea3456dd7c13e40ea0187"}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x80, 0x4}}]}, 0x804}, 0x1, 0x0, 0x0, 0x4805}, 0x4000) sendmsg$NL80211_CMD_DEL_INTERFACE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x2c, r3, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x7}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x80000001, 0x3}}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc0}, 0x8000) r4 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r4, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r4, 0x8983, &(0x7f0000000000)={0x3, 'ipvlan1\x00', {0x8001}, 0x7ff}) 17:03:40 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:40 executing program 3: [ 370.676412][T11775] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 370.780128][T11779] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 370.788333][T11780] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 370.788333][T11780] program syz-executor.4 not setting count and/or reply_len properly 17:03:41 executing program 1: openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:41 executing program 5: 17:03:41 executing program 2: r0 = socket(0x10, 0x3, 0x0) unlinkat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:41 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:41 executing program 3: 17:03:41 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) openat$vsock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vsock\x00', 0x10200, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e20, @broadcast}}, 0x6, 0x9}, &(0x7f0000000100)=0x90) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000140)={r2, @in6={{0xa, 0x4e21, 0x5, @private0}}}, &(0x7f0000000200)=0x84) 17:03:41 executing program 3: [ 371.412889][T11801] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 371.412889][T11801] program syz-executor.4 not setting count and/or reply_len properly 17:03:41 executing program 5: 17:03:41 executing program 2: mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x400000, 0x0) r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={r0}) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e21, @remote}, {0x2, 0x4e23, @rand_addr=0x64010100}, {0x2, 0x4e24, @broadcast}, 0x120, 0x0, 0x0, 0x0, 0x3ff, &(0x7f0000000080)='ipvlan0\x00', 0x80, 0x8001, 0x4}) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x16f90807420b01d6, 0x3, 0x1000, 0x1000, &(0x7f0000003000/0x1000)=nil}) ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000440)) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f00000002c0)="2400000158001f000307f4f9002304000a0df5110800018083020100020800038005009a1a4045936d6271b3dc74cc4622c581fa58be3eb9fe84f70306a32c6d746aa4418a6b01e6871b247dde4cab50f0bf422c284a2c827ac8de1d47c4520000000000e401a72c9eb02c86cdf0fe5d4580ea5f44c647115879123913bc0115a709832e452741446c2fa688b318301c7ab085ee882adb80878a7ca6cee89b6a1bb856ad1b18c193244477976385fff940bdba2ff9af7bef9d441630f10e59983d5d3580229583cb0faecc45a7222397cb941f720d6f161e829e8ccc06cb8fe03f3c14e71122dd3f01c6c2f5a7777cdd46aa58d40fa7b9aaad7ac08b8353b2dff5643143", 0x104) r4 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r4, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="1593000000000000000001"], 0x1c}}, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r5, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000540)={&(0x7f0000000900)={0x804, r7, 0x2, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_IE={0x7e4, 0x2a, "e42a12773f0ddc9860c7bbf54c5afd0a34072436563918b0d230e6e44cf481e1d29baefa457b74c05eec62d0d8a55d4dd69b7f6eb4fa011f5f69dea21368eb3594a582b31b05fb57781cd0f3835ad0913e20b7dd887cd1ebdea995e76670a270e38b0c6f61ba38d9b56a7574a29c0a80d053dad2d80816f148b660f87a5870960783383156df8fab17a98e1e53d66fb02504a985ffbba43019facdf82d018bf95677ca338c0c394300fcf1f866dbd2bd4c1bf5d5c29be6935dd606e7639603c374362c8b45512166cafde087f2d148c1fb468fc5002aacb49f44748ea57510f2b3c329539a9c518b97bb110d23bf9622eac1b0aae0d0dd1d938cfd7a1d94f0737043d264180ef10064d2a610c73755b739d434a3124fbdb4149dfe9e238c75c8f5625ad67448e10bb25b151103e27ed1b241f8b61e3ba2b316ef787b2323c84820592b233a75cb896635db4c1bd87ba5ac4d44ec86595d821d549d150d5ef35f9f0b362933fa60a654f2a5a024249ef9622ee6a718e76e9683f6261965d4af71d00c116f76e62b1c9a1e95b8222fb5e548132fa5f6da77fd4aee5636892441c0cd599403dac4ff8fd9c1477f381f25da1cae4b8f26b67b41c95c92b3541b0c5db27649fdebd0d65d60f4088b5eddf1b5873eb4380b911e2c8060842ff929de9b322a486b41f4dec61e5aceef54d5289f9df3c055294e9eff2861e30f3232bb13d266c74e1e2d91b3fc61c22264599c99e25abbe1c7e9db53c1a53800e4104224bd338f7dcf87b3025d3e2dc77b7022bf9ff7dd3b6503def1a298437afc3b1767807c3103d5ab102f61f8577af21cacc694e0f4dc7dfa1fdcd29f0ddf165e055fcfbec483f962f2bd4ad94ae9700b682866c3428c634bab32d73bd7f294a606709510282b228da8cd82e6c6febfc321860d507ac66977058b8578c0a8210e65498acbc64baaf232f0191ae2da905ab580e085371d7facafdd386fa9aef0db8f0965281ead495f9030ab3fd1344f5e9bddb18c49210501c21f14c0ec82e3cf74f839bf700a179a3c36d50e7fd70669d903a0dcaf4726e624f7c0eb52fcf1dfce7e1768264c6163919ffc1a594aea04f0082fc83b8aea04c0ee89024826b9671c10d00ee60132e94fa551a22c2ad12dd23e6b4df88fa87c3c5247d2cdd33d8b63d683c84a78d7b78f75acb4a66639935d0229312611d4b2c8a4bc5f72740ee38f1d0966450dea6ffb83af79afd4176c163e340462d7d2b616065a49776d75e6d45d8ac199b6d544575d8eec4cdbd41277b8b28dc74766c541bebdfb61e921880b41df3873b43b34016cc061c4dc809cb31196cfb74ca508754f45b630f03884b9558c17af6a17df5203d0de0fcdd28ed4f1374bd03795b8f61426d2583708ffcf6ceac3fcbf07311d5c3da9790fb198b4bd0b696567e58f9786252c4408fc4729a75c34df8a0b2675feb9086b8b1b16baeb2d62f74d03dca45bfc8ecead65f762a37e78c6275ac16220e3928da703aa1da44f8447f1925115cf05d5d22553afc90468b3b9398486435bac15c122a8652b01c9431d74c676b6b7d790c3d899f5a63068f17f453e6565c4057f82d6cdab7d7178c5470df6c5c2bc29e77a94e55991d371c381325f86b974458811f3dd98a5735568fcfebab436faf6d2664916ec7af734e4909cf276f5a3b714755305ce4ea022d415f0af5a11d40cce40db3a86fc83d05b52b1ae98c6bf288fa0a0fca1ac2018cea413b6c312293ea8d0a473d8fe69026077f3c53d8679faedd017fa2985ddbc648966370dbda3d5fe519a1d17e23f88d2b51059177fb1a10707d562b1c70a2c93525f36ba04ae6d63b65b66ab1f1f144c1041ad930d4f9acdc31e0b01d5132fc899cc281de077e1cf14717678a25764bf8e5f8ccf88ebde84add88e2db36ae017fae01fa97e0446ff12b30277e44269f08f7ed75816b3d231daaddd8afdd5f9a47b6a4afe54eec64da53b3ee9bb4d805ec77af6466b135f55114cc2b797fc2169532aae9bd90146125c4e7f416e293ca0e1d4b64929e2ae9c39a0dc74efa4285bf5644fba1bb1022988843795eb570667e1005faadec04dbca2574750c5308732322568c59f2108a0fc1587d0ff37e1b28579580e20a0168b83a5b7eb90b1f7caa8deb806fc43745cd6f29f066b65152f19c49b38797d059adad237d128780e401e5b18ce66c568d2f8405a1b065421dcfe6a3e88bdd48c7d3089e93a9d576be484a5faa3a73421f304cc1ddb6dbfd62c88a1fd467a1e205adfc60a2b35aec0c92673ee2356ae18228da920b8d40f9fc0a1060695a7380cb18a2ecabc6212a5613e935b7cb31241a0de40a53f2d7c4dbfcbd62bac1f378154f4a9e65b8e0bd1c74f59cc0c1670e9327b65fc8cbb00b0daa3d7b1f2f68617083405b4aa43386c5914a74a6c0101737175d39683a55795a8a134cab47e20318500562fb406631c4e74d8c5226707a8c85187b1d82436f4096491ac2239e4a91a93daae2c4455a0deb13f2d8e0816737dd5999231e2c59588679b54ada9b358eaafdcc0eea68d3a2b20c81fac0c864c457515593354f8d361f2ccf3de8d8f540873f4e2063b1f22c5efb42d50b2fc7d5d21a462e8a4a0b8e3d749e3801da221f20afff6a3b829246092bfafbbea501c72f5fcddec6bbd8076d97f8a6ed5f7b61ff8f05ae8c201a3f11fd8c00b43149bc30df0d9e9dc765fb6a2eb2669cb4ee005beea417a535d45e78bf4f30c23000796c66b2189b2f2ca5f27db2955f7f4f5970a0a92aff69c18abbac3802ff63d8629bb367c99edac29fcd8ecff611fd3324e1f525d94599efc1012eb331ea3456dd7c13e40ea0187"}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x80, 0x4}}]}, 0x804}, 0x1, 0x0, 0x0, 0x4805}, 0x4000) sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2040080}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xac, r7, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x1c, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "4fa4c50a973bb505016de59b0d"}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "8421e8e3ec"}, @NL80211_ATTR_KEY={0x44, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "a0cb253f48e5aa187ca0aaae42"}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ad6e1d2bca7f7601c7e0086b6b"}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "44cd496be2"}]}, 0xac}}, 0x4040099) 17:03:41 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:41 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 371.715493][T11809] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 17:03:41 executing program 3: [ 371.785817][T11809] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 371.882577][T11816] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 371.882577][T11816] program syz-executor.4 not setting count and/or reply_len properly 17:03:42 executing program 1: openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:42 executing program 5: 17:03:42 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000080)={0xa30000, 0x2, 0x80, r1, 0x0, &(0x7f0000000040)={0x300ef, 0x5, [], @p_u16=&(0x7f0000000000)=0x2}}) ioctl$SNDCTL_DSP_GETCAPS(r2, 0x8004500f, &(0x7f0000000100)) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:42 executing program 2: r0 = socket(0xb, 0x3, 0x2) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:42 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:42 executing program 3: [ 372.373179][T11828] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 372.373179][T11828] program syz-executor.4 not setting count and/or reply_len properly 17:03:42 executing program 5: 17:03:42 executing program 3: 17:03:42 executing program 2: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000280)=0xc) keyctl$get_persistent(0x10, r2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000040)={0x1, 0xf91d, {0xffffffffffffffff}, {r2}, 0x8, 0x8907}) capset(&(0x7f0000000080)={0x20080522, r3}, &(0x7f00000000c0)={0x4, 0x2, 0x401, 0x2, 0x6, 0xfff}) r4 = socket(0x2a, 0x2, 0x0) write(r4, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:42 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:42 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = gettid() ptrace$setopts(0x4200, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/ip_vs\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000000)={0x0, @broadcast, @dev}, &(0x7f0000000080)=0xc) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r2, 0xc0a85352, &(0x7f0000000100)={{0x5, 0x1f}, 'port0\x00', 0x0, 0x20, 0x3, 0x3, 0x6, 0xe0, 0x2, 0x0, 0x0, 0xfb}) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:42 executing program 3: [ 372.899022][T11849] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 372.899022][T11849] program syz-executor.4 not setting count and/or reply_len properly 17:03:43 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) getpid() sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:43 executing program 5: 17:03:43 executing program 0: mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000)={0x6, 0x200, 0x7, 0x7}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = socket(0xa, 0x1, 0x0) close(r1) sendmmsg$inet_sctp(r1, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x7b, &(0x7f0000000100)={r3}, 0x8) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={r3, 0x4, 0x9, [0x9, 0x9, 0x58be, 0x200, 0x0, 0x9, 0x7, 0xc9, 0x7fff]}, 0x1a) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r4 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r4, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:43 executing program 3: 17:03:43 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x140a, 0x800, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x18}}, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) write(r2, &(0x7f0000000080)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:43 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:43 executing program 5: [ 373.482729][T11870] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 373.482729][T11870] program syz-executor.4 not setting count and/or reply_len properly 17:03:43 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) r2 = syz_open_procfs(r1, &(0x7f0000000040)='net/fib_trie\x00') getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) 17:03:43 executing program 3: prlimit64(0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/timer\x00', 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}, &(0x7f0000000280)=0x10) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$nl_audit(0x10, 0x3, 0x9) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) open(0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x6500, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f0000000140)) pselect6(0x40, &(0x7f00000002c0)={0x0, 0x8000000, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000300)={0xffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0x0) 17:03:43 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r0, 0xf505, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:43 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:43 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000400)="24000000250007031dfffd94200a0009000000001d85680c1ba3a20400ff7e2800000026", 0x24}], 0x1}, 0x0) [ 373.968587][T11892] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 373.968587][T11892] program syz-executor.4 not setting count and/or reply_len properly 17:03:44 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) getpid() sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:44 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f00000004c0)=0x1, &(0x7f0000000500)=0x4) r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000480)={0xbc, 0x0, &(0x7f0000000300)=[@acquire={0x40046305, 0x2}, @release={0x40046306, 0x3}, @increfs={0x40046304, 0x1}, @register_looper, @release={0x40046306, 0x1}, @enter_looper, @register_looper, @acquire={0x40046305, 0x1}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000040)={@fda={0x66646185, 0x0, 0x0, 0x1f}, @flat=@handle={0x73682a85, 0x0, 0x3}, @ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/34, 0x22, 0x2, 0x28}}, &(0x7f0000000100)={0x0, 0x20, 0x38}}}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@flat=@weak_binder={0x77622a85, 0xb, 0x3}, @flat=@binder={0x73622a85, 0xa, 0x3}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/225, 0xe1, 0x0, 0x4}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}}], 0x86, 0x0, &(0x7f00000003c0)="611e7c1529e64f9f24a8fd949370927a0e4c7192106eade802574047f4f8d32388c1a4588c6bcf1d755d3388519b3c3c640c61bbafbde436aa55a56040111d67795529996d02f5af0b4878b79dcdaccb2a06008ab8c355990f79eb50768aba0773e4e92fbe2f35c31cba5bdf89ecaa7883fbf96cca5711114ef386bdd60d3da2436e9e7be0c7"}) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r4 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r4, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000021000000", @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000040ce4b168be46b45f271c901fab3f62d8bbf", @ANYRES32=r7, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) connect$packet(r4, &(0x7f0000000540)={0x11, 0x4, r7, 0x1, 0xfb, 0x6, @dev={[], 0x33}}, 0x14) 17:03:44 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000280)=0xc) keyctl$get_persistent(0x10, r3, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000080)={{{@in=@multicast2, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@multicast2}}, &(0x7f0000000180)=0xe8) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) setgid(r6) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) setgid(r8) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000c40)=@nat={'nat\x00', 0x19, 0x5, 0xa5e, [0x200001c0, 0x0, 0x0, 0x20000684, 0x20000932], 0x0, &(0x7f0000000040), &(0x7f00000001c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{0xe, 0x1, 0x88ca, 'veth0_to_bridge\x00', 'veth1_to_bridge\x00', 'ip6gretap0\x00', 'geneve1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0xff, 0x0, 0x0, 0x0, 0x0, 0x284dbac2980a2768], @local, [0x0, 0xff, 0xff, 0xff, 0xff], 0x6e, 0x1d6, 0x306, [], [@arpreply={'arpreply\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 0xfffffffffffffffe}}}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x7, 'system_u:object_r:inetd_log_t:s0\x00'}}}], @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x1, 'system_u:object_r:userio_device_t:s0\x00'}}}}, {0x11, 0x9, 0x8100, 'batadv0\x00', 'netpci0\x00', 'geneve1\x00', 'veth1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0x0, 0xff, 0x0, 0x0, 0x0, 0xff], @empty, [0x0, 0x0, 0x0, 0x0, 0xff], 0xee, 0x156, 0x18e, [@mac={{'mac\x00', 0x0, 0x10}, {{@remote, 0x1}}}, @ip={{'ip\x00', 0x0, 0x20}, {{@local, @dev={0xac, 0x14, 0x14, 0x2d}, 0xff000000, 0xff, 0x74, 0xc, 0x0, 0x1, 0x4e24, 0x4e20, 0x4e23, 0x4e22}}}], [@arpreply={'arpreply\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0xffffffffffffffff}}}, @common=@AUDIT={'AUDIT\x00', 0x8}], @snat={'snat\x00', 0x10, {{@dev={[], 0x17}, 0xfffffffffffffffd}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc, 0x1, [{0x11, 0x28, 0x8035, 'batadv_slave_0\x00', 'ipvlan0\x00', 'geneve1\x00', 'veth0_to_bond\x00', @random="71b71f21dde7", [0xff, 0x8f34a0b0c6ad4fa4, 0xff, 0x0, 0x0, 0xff], @link_local, [0xff, 0xff, 0xff, 0xff, 0x0, 0xff], 0x116, 0x246, 0x27e, [@cgroup0={{'cgroup\x00', 0x0, 0x8}, {{0x7, 0x1}}}, @ip6={{'ip6\x00', 0x0, 0x50}, {{@dev={0xfe, 0x80, [], 0x1b}, @initdev={0xfe, 0x88, [], 0x1, 0x0}, [0xff, 0xff000000, 0xffffffff, 0xffffff00], [0x0, 0x0, 0xffffffff], 0x4, 0x84, 0x24, 0x0, 0x4e22, 0x4e21, 0x4e24, 0x4e20}}}], [@common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x4, 'system_u:object_r:initrc_var_run_t:s0\x00'}}}], @snat={'snat\x00', 0x10, {{@remote}}}}]}, {0x0, '\x00', 0x3, 0xffffffffffffffff}, {0x0, '\x00', 0x3, 0xffffffffffffffff, 0x2, [{0x3, 0x60, 0x8035, 'netpci0\x00', 'ip6_vti0\x00', 'batadv0\x00', 'bond_slave_1\x00', @local, [0x0, 0x0, 0xff, 0xff, 0x0, 0xff], @broadcast, [0xff, 0x0, 0xff, 0xff], 0xf6, 0x12e, 0x166, [@owner={{'owner\x00', 0x0, 0x18}, {{r3, r4, r6, r8, 0x4, 0x4}}}, @limit={{'limit\x00', 0x0, 0x20}, {{0x77f72cb8, 0x9, 0x2, 0x800, 0xff, 0x2}}}], [@snat={'snat\x00', 0x10, {{@multicast, 0xfffffffffffffffc}}}], @arpreply={'arpreply\x00', 0x10, {{@random="665cee58af2e", 0xffffffffffffffff}}}}, {0x11, 0x4, 0x59, 'netdevsim0\x00', 'batadv0\x00', 'team_slave_1\x00', 'veth1\x00', @random="ce09d23ecef4", [0x0, 0xff, 0xff, 0x0, 0xff], @remote, [0xff, 0xff, 0x0, 0xff], 0x6e, 0xde, 0x126, [], [@snat={'snat\x00', 0x10, {{@empty, 0xfffffffffffffffc}}}, @snat={'snat\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 0xffffffffffffffff}}}], @common=@ERROR={'ERROR\x00', 0x20, {"f8f26a2509f399b067a1dd3f9df7f3b99a066651d8cc6b77a147b43da362"}}}]}]}, 0xad6) 17:03:44 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xdd0a8308}, 0xc, &(0x7f0000000240)={0x0}}, 0x0) [ 374.485547][T11907] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 374.485547][T11907] program syz-executor.4 not setting count and/or reply_len properly [ 374.563809][T11909] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 17:03:44 executing program 5: syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) write$9p(r0, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) sendfile(r0, r1, 0x0, 0x1c575) 17:03:44 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) getsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 374.778229][T11920] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 17:03:44 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:44 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x1}, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) open(0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x20100, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000140)) 17:03:44 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000000)={0xfffffffffffffff7, 0xf77f, 0x9}) [ 375.035105][T11931] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 375.035105][T11931] program syz-executor.4 not setting count and/or reply_len properly 17:03:45 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mountstats\x00') dup2(r0, r1) ioctl$EVIOCREVOKE(r1, 0x40044591, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) gettid() r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0) r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x1) write$9p(r2, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) sendfile(r2, r3, 0x0, 0x1c575) 17:03:45 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200)='nbd\x00') r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x44, r2, 0x20, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x5}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x2}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffffffff9573}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x20000045) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000140)={&(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x0], 0x6, 0x2, 0x4, 0x0, 0x8001}) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:45 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) getpid() sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:45 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8d, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000041c0)=[{{&(0x7f0000000780)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000bc0)=""/98, 0x62}}], 0x1, 0x120, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x35) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000c40)={'syz0\x00', {0x1, 0x1, 0x0, 0xc89d}, 0x0, [0xff, 0x8, 0x2, 0xfffffff7, 0x0, 0x9, 0x80, 0x0, 0x7, 0x7f, 0x1ff8000, 0x80000001, 0x180, 0x2, 0x0, 0x5, 0x5, 0x5, 0xffffff80, 0x0, 0x4, 0x2, 0x7, 0x10001, 0x6, 0x7, 0x0, 0x9, 0xfffeffff, 0x1, 0x7fffffff, 0x7, 0x8, 0x8, 0x8001, 0xb6, 0x0, 0x1, 0x4, 0x7, 0x5, 0x6, 0x4a, 0x0, 0x0, 0x4f, 0x1, 0x4, 0x2, 0x5, 0x7, 0xfffffbd3, 0x0, 0x3ff, 0x7, 0x5, 0x2, 0x7fffffff, 0x20000, 0x3f, 0x0, 0x401, 0x1, 0x4], [0xffffffff, 0x7fffffff, 0xfffffffa, 0xe4, 0x8, 0x0, 0x4, 0x3, 0xfffffff8, 0xd0, 0x1, 0x0, 0x80, 0xfffffffc, 0x1, 0x200, 0x0, 0x877, 0x8, 0x3, 0x9, 0x800, 0xfffffff9, 0x5, 0x80000001, 0xba3, 0x3, 0x7, 0x4, 0xd7, 0x0, 0x5, 0xb0e, 0x200, 0x6, 0xffffffff, 0x80000000, 0x8, 0x0, 0xfffeffff, 0x0, 0x5, 0x1e5, 0x5, 0x7, 0x40, 0x1000, 0x8000, 0x1000, 0x6, 0xfffffffc, 0x81, 0xe23, 0x6, 0x0, 0x7f, 0x400, 0x1, 0xfffffff9, 0x0, 0x423, 0x1000, 0x4, 0x7ff], [0x6, 0x80, 0x8, 0xfff, 0x81, 0x2, 0x7, 0x6, 0x8000, 0x7, 0x5, 0x4, 0x8, 0x7f, 0xa03, 0x1, 0xcbb8, 0x10000, 0xa0, 0x1000, 0x1, 0x200, 0xbf, 0x0, 0x100, 0x8001, 0x0, 0x7fffffff, 0x100, 0x80000001, 0xfe000000, 0x1000, 0x10000, 0xfff, 0x8, 0x1, 0x5, 0x8, 0x0, 0xa75, 0x2, 0x10000000, 0x1, 0x9, 0x7, 0x7, 0xd4c, 0x8, 0x2, 0x80, 0x1d, 0x10000, 0x1, 0x4, 0x7fff, 0x81, 0x200, 0x9, 0x40, 0x9, 0x7, 0xce55, 0xc7, 0x5], [0x4, 0x8, 0x2419, 0x8, 0x9, 0x7, 0x4, 0x47a, 0x0, 0x7f, 0x1f, 0x10001, 0x40, 0x800000, 0x0, 0x20, 0x4, 0x7, 0x0, 0x9, 0x80000001, 0x3f, 0x1f, 0x1, 0x1f, 0x7fff, 0x401, 0x7ff, 0x0, 0x10001, 0x10000, 0x0, 0x3ff, 0x5, 0x43, 0x3, 0x80, 0x401, 0xdfa, 0x6, 0x4, 0x3, 0x3, 0x10000, 0x80, 0x8, 0x3, 0x8, 0x1, 0x5425, 0x100, 0xfffff801, 0x400, 0x8, 0x3, 0x100, 0x5, 0x4, 0x7, 0x8, 0xffffffff, 0x5, 0x40, 0x2]}, 0x45c) mkdir(&(0x7f00000000c0)='./file0\x00', 0x363) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x807a}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @local}, 0x1c) 17:03:45 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) clone(0xba00, &(0x7f0000000200)="1d6729f7ec77b8d93f3e29850521951e17f6008964ce834750154fe2d6fbd5e40a6e9746b74317974d9203bf64298826cb5d38ea4be83869cd28ceef9db69aa879a3a4752cee456bd9c0a2a63825c563f268dcdd6c40bab98830acb88f4a202e99d064eff2c68467104055cd1501e11fbf6c6b0c4d26dd28dd60f348e95f970a7eb32539fafdd908bad8a20f8ca3f87b8d7fe232bf504474919898572cdcb14d6c25a4888237703c2ba66d968755994802612e", &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000340)="79d7507cb084213687748e86") getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f00000005c0)={&(0x7f0000000580)=[0x1a19, 0x1ff], 0x2, 0x7, 0x7, 0xa060, 0xfff, 0x7ff, 0x1f, {0x7, 0x3, 0x4, 0x6, 0x8, 0x3b6, 0xc62, 0x7, 0x20, 0x1, 0x3, 0x81, 0x40, 0x0, "68e3af9e72c8dedc24a6f8f2f672b0dc268e70a77a35ededb8e8e669d3ac5b0b"}}) ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f00000001c0)={&(0x7f0000005000/0x1000)=nil, 0x4, 0x2, 0x42, &(0x7f0000003000/0x3000)=nil, 0x7}) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000440)=0x3f, 0x4) bind$phonet(0xffffffffffffffff, &(0x7f0000000400)={0x23, 0x2, 0x0, 0x6}, 0x10) write$snddsp(r1, &(0x7f0000000080)="75e0ad6fbbe7fa16fc189623983433edecce4e3b2b1a80060a2555d593098d04473fc81f6f0e00e903916280479317dc8781dfffa499a06bbf429b283e48b39ba416076ee5e7f2ae3ecaea3a343e9b51f08a12793f8df266820f9fc27fca60f29b6cdff492c2319d25b48f74b31ceabaf0ca7c7b49aa29abe0186665bd53b530ac4a4963c7ad5c5e59d83e30d858ef4d0271bd39632b76e5cb8b4b706b01d0583e0c9931a0af839db01f85d6e1b6fe1a0d952c48012dbe5863c96681e08387fa4652153ecedba08f6ad924353a82e761794d8ec0a747c3cd6fb82f7acf2459ed56e6bba162c08a50", 0xe8) r2 = open(&(0x7f0000000380)='./file0\x00', 0x101242, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) prctl$PR_MCE_KILL_GET(0x22) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f0000000640)={0x0, {0x80000000, 0x2, 0x5, 0x3d, 0x3, 0x10000}}) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r3, 0xc1004111, &(0x7f0000000480)={0x9, [0xfffffffc, 0x7fff, 0x8], [{0x4, 0x3, 0x1, 0x1, 0x0, 0x1}, {0x4, 0xac, 0x1, 0x1, 0x1, 0x1}, {0x20, 0x0, 0x1, 0x0, 0x1}, {0x7, 0x6, 0x1, 0x1}, {0xfff, 0x401, 0x1, 0x1, 0x1}, {0x3f, 0x9, 0x0, 0x1, 0x0, 0x1}, {0xff800000, 0x2, 0x1, 0x0, 0x1, 0x1}, {0x50, 0x3ff, 0x0, 0x1, 0x1, 0x1}, {0x81, 0x40, 0x1, 0x1, 0x0, 0x1}, {0xfffffffd, 0x3, 0x0, 0x1, 0x1}, {0x0, 0x4, 0x1, 0x1, 0x1, 0x1}, {0x2, 0x20, 0x0, 0x1, 0x1, 0x1}], 0x6}) ioctl$EVIOCSABS3F(r2, 0x401845ff, &(0x7f0000000180)={0x80, 0x91d, 0x6, 0xd8, 0x4, 0x80000001}) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000040)) 17:03:45 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) modify_ldt$read_default(0x2, &(0x7f0000000100)=""/240, 0xf0) recvfrom$inet(r0, &(0x7f0000000000)=""/37, 0x25, 0x803af63d2ec13352, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10) [ 375.794843][T11960] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 375.794843][T11960] program syz-executor.4 not setting count and/or reply_len properly 17:03:45 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mountstats\x00') dup2(r0, r1) ioctl$EVIOCREVOKE(r1, 0x40044591, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) gettid() restart_syscall() setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0) r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x1) write$9p(r2, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) sendfile(r2, r3, 0x0, 0x1c575) 17:03:45 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:45 executing program 0: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000080)="120000001200e7ef007243b717afd7030a7c", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000006b40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000011c0)=""/4096, 0x1034}], 0x1}}], 0x8, 0x0, 0x0) 17:03:46 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000080)="120000001200e7ef007243b717afd7030a7c", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000006b40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000011c0)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) 17:03:46 executing program 2: write(0xffffffffffffffff, &(0x7f0000000040)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 376.206363][T11982] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 376.206363][T11982] program syz-executor.4 not setting count and/or reply_len properly 17:03:46 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000600)=0xda6, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b047511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) 17:03:46 executing program 5: r0 = socket(0x10, 0x803, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendto(r0, &(0x7f0000000080)="120000001200e7ef007243b717afd7030a7c", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000006b40)=[{{0x0, 0x92171cfb126ec2a7, &(0x7f0000000040)=[{&(0x7f00000011c0)=""/4096, 0x1011}, {&(0x7f00000000c0)=""/119, 0x79}], 0x2, 0x0, 0xfffffffffffffd18}}], 0x4000000000001d9, 0x0, 0x0) 17:03:46 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:46 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) readv(r2, &(0x7f0000002300)=[{&(0x7f0000000000)=""/12, 0xc}, {&(0x7f0000000240)=""/164, 0xa4}, {&(0x7f0000002380)=""/4105, 0x1009}, {&(0x7f00000001c0)=""/2, 0x2}, {&(0x7f0000001300)=""/4096, 0x1000}], 0x5) r3 = dup3(r1, 0xffffffffffffffff, 0x80000) sendmsg$AUDIT_USER_AVC(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xb0, 0x453, 0x2, 0x70bd2c, 0x25dfdbfc, "58d7764b5037dd8d188e064751b9ab99598ca3d2dda9e6b03e0808e58f6a4129e2e526c35d7a468e46df9d477cd34a7c0291cb96a9c050e28c89fe34272b8d18407b2de74953ad06eb880470f9af5608039879f401f2bec1cd080405a182bb50453e8d0c723ec29e15522281558875d5d67ac48deced17dbc641d64eb7b23ea4778019b02563c6d00743152cb0d01de13dbc75e356b1ca980082012eadff", ["", "", "", "", "", "", ""]}, 0xb0}, 0x1, 0x0, 0x0, 0x40c0004}, 0x40) 17:03:46 executing program 4: ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, r1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:46 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x208200) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x101}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) 17:03:46 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000440)=[{&(0x7f00000001c0)="b1e0", 0xffe7}], 0x1, &(0x7f00000000c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x2b}, @remote}}}, @ip_retopts={{0x14, 0x0, 0x7, {[@rr={0x7, 0x3, 0x9e}, @noop={0x0}]}}}], 0x38}, 0x0) [ 376.912219][T12016] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 376.912219][T12016] program syz-executor.4 not setting count and/or reply_len properly 17:03:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8d, 0x400000008d}, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000000880)=[{&(0x7f0000000580)=""/93, 0x5d}, {&(0x7f0000000600)=""/244, 0xf4}, {0x0}, {0x0}, {&(0x7f0000000840)=""/47, 0x2f}], 0x5, &(0x7f0000000ac0)=[{&(0x7f0000000900)=""/41, 0x29}, {&(0x7f0000000940)}, {&(0x7f0000000980)=""/28, 0x1c}, {&(0x7f00000009c0)=""/4, 0x4}, {&(0x7f0000000a00)=""/146, 0x92}, {&(0x7f00000025c0)=""/4096, 0x1000}], 0x6, 0x0) sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000b40)=[{0x0}], 0x1}, 0x401}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000002100)={0x4ac, 0x0, 0x200, 0x70bd2a, 0x0, {}, [@NL80211_ATTR_IE_RIC={0x48d, 0xb2, "5419448e0278224863788496bb93a908fd74beb6029f2cbbc7afaa976340bb42d5b23e05cf6ae0b33d3d254b19baf5fe70633ae2645b508187e1d4cc343d2e2dc815fdc60c40f2b75d2412a3cb17cd6797b2a47feb927f3c49779dfc6bd52573910c1b106822905f1695423c7e607ae2b913f2c05344957ff29e41ecafe33a975050ba169923a273a837db69181325ab76dd5386de1c0ea0e796949b87ddd7785f237c55acac85cf59ec1641bd24c8b756c5bb6812b8497a40a349d5c8b015fe4ed43737d9a315db9f24caa1fa6afb7f5e48b120c6312023e7c4db7c632f1064b2202342fc988731eaab3366c02f99084f9cd180db292e1d9f153747d4e06ae2b4161c358f4fe01357a8c33f94a42659c051993fda057258548890804da2ab33ca43806dbbe7a6e1b17de5337e2bd23c05639faf23884eba3e3b14425967e9169d3e3d9dd6015104c7296adb19f8237bc3308a263b1c4367228d1515897418099bfe41a4c935ba806cbb52906b47a247ed9e23ae216bddceacd3ed318773ab71424a762f4654b4714601fb96d274a3181559b884863808a116cddf857eaf334fd3ef44997d424b8c811f87d8b61ab32f5215dd22493f469789b370796dc6c983a97e0033a6412d23822d6898a5f1caaa92f7bbb900bfbec0138bbf2bd950c34a604326fb952d6791fe65d934d11cb26dcadcf6e7d027386d54910411851b5edb3ce11d71560f6a90b7c3982b578a20c63b673f94618857d23a9b1feb8364f520918d99a9c4ec3682d2b7e0610d68d50054ba1a4677ef3472569c9b16cc4477f6e679e4d1819758735ccb3637a579c4c2325c6de9acccfbfae22f96e8206acf789408be8d9f5e65a6dfa724d0a8337c157d5ab44343f6f081301652b6d0278978f92ba3f319011e1a0cd11e07ec7c711bd57d2dda8a96d63b521ace30d300a16b2d1320c5c479f066c52871ab9d4c16ca02786e302cfc7e94041e1bf2addb8e453b6e264545d99e5d2dcbf0efdae8a983969b3e53783cc01fc1c419177be0881bfa4c0d54dda23266f8eef5d83efffc3928b4ca0417a4ce4e2892016011a89512904632a29355f7915a6bd3c1364ed2b5a0f849302aa08aab33019861dc6c886f9a739e19387764f7f7053d1a557ee4546843ad5fdae4101e46ae3343901dcc872078fc17dfff201f1d8a025c46664dc692b7fac0fbafb5f88994130a17105c79d94e91fd388cdf53a2a66e2b8d46c390c92e47999311b7b92f6f27727253664759fec7702ae9d7a2ff164ad1e1a3638fdb99dac77c68bc5d552014776ed5930f5a131a03dbdc9b9d65bdf5e728f77c659cb83a5ce107e013f3db3efa1fb555b1c9431c3866e67deb4f56af873a4f227be35f1c48b122a74b301bfc77628559ebce0cca85a82cad0621bd5aeb8c1ef89e74b3d0948de6434934d7747387714fd0296c4e474662314f6daf6ab77bc4d8e7286d697be2daed8145cae4408800d17c33a12cf07157c30cd89c993e52a7161a66552c9ed8f6377782b730176b19c945988e3e438d42760e8420e2045f438a9664165fcd3e186d75b1219c8877a4428aa8b02951cf65406cbb21bf6a9538d698e019e3f285905e1aefc291f28f8266551e62d70b86c9948a70"}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x1}]}, 0x4ac}, 0x1, 0x0, 0x0, 0x8000}, 0x8800) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000004c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x9000, 0x0, 0x0, 0x1, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x4c, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_1\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, [], 0x1e}}]}, 0x4c}, 0x1, 0x0, 0x0, 0xa84f7cafe0ff76fc}, 0x4) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) 17:03:47 executing program 4: ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, r1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:47 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:47 executing program 0: openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x4000, 0x0) getpid() [ 377.419131][T12032] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 377.419131][T12032] program syz-executor.4 not setting count and/or reply_len properly 17:03:47 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$evdev(0x0, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/timer\x00', 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) open(0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x18094e89e20eb01, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, 0x0) pipe(&(0x7f0000000140)) pselect6(0x40, &(0x7f00000002c0), 0x0, &(0x7f0000000300)={0xffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0x0) 17:03:47 executing program 4: ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, r1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:47 executing program 0: sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={0x0, 0x74}, 0x1, 0x0, 0x0, 0x4000424}, 0x24080000) r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mountstats\x00') dup2(r0, r1) ioctl$EVIOCREVOKE(r1, 0x40044591, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) gettid() restart_syscall() setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0) r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x1) write$9p(r2, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) sendfile(r2, r3, 0x0, 0x1c575) 17:03:47 executing program 2: r0 = socket(0x15, 0x1805, 0x3500) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) getsockopt$CAN_RAW_LOOPBACK(r0, 0x65, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) fcntl$setpipe(r1, 0x407, 0x4) r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$TIOCGDEV(r2, 0x80045432, &(0x7f00000000c0)) [ 377.922094][T12051] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 377.922094][T12051] program syz-executor.4 not setting count and/or reply_len properly 17:03:48 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:48 executing program 0: syz_open_dev$usbmon(0x0, 0x45, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x77, 0x101001) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000380)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10, 0xffffffffffffffff, 0x0) 17:03:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8d, 0x400000008d}, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000000880)=[{&(0x7f0000000580)=""/93, 0x5d}, {&(0x7f0000000600)=""/244, 0xf4}, {0x0}, {0x0}, {&(0x7f0000000840)=""/47, 0x2f}], 0x5, &(0x7f0000000ac0)=[{&(0x7f0000000900)=""/41, 0x29}, {&(0x7f0000000940)}, {&(0x7f0000000980)=""/28, 0x1c}, {&(0x7f00000009c0)=""/4, 0x4}, {&(0x7f0000000a00)=""/146, 0x92}, {&(0x7f00000025c0)=""/4096, 0x1000}], 0x6, 0x0) sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000b40)=[{0x0}], 0x1}, 0x401}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000002100)={0x4ac, 0x0, 0x200, 0x70bd2a, 0x0, {}, [@NL80211_ATTR_IE_RIC={0x48d, 0xb2, "5419448e0278224863788496bb93a908fd74beb6029f2cbbc7afaa976340bb42d5b23e05cf6ae0b33d3d254b19baf5fe70633ae2645b508187e1d4cc343d2e2dc815fdc60c40f2b75d2412a3cb17cd6797b2a47feb927f3c49779dfc6bd52573910c1b106822905f1695423c7e607ae2b913f2c05344957ff29e41ecafe33a975050ba169923a273a837db69181325ab76dd5386de1c0ea0e796949b87ddd7785f237c55acac85cf59ec1641bd24c8b756c5bb6812b8497a40a349d5c8b015fe4ed43737d9a315db9f24caa1fa6afb7f5e48b120c6312023e7c4db7c632f1064b2202342fc988731eaab3366c02f99084f9cd180db292e1d9f153747d4e06ae2b4161c358f4fe01357a8c33f94a42659c051993fda057258548890804da2ab33ca43806dbbe7a6e1b17de5337e2bd23c05639faf23884eba3e3b14425967e9169d3e3d9dd6015104c7296adb19f8237bc3308a263b1c4367228d1515897418099bfe41a4c935ba806cbb52906b47a247ed9e23ae216bddceacd3ed318773ab71424a762f4654b4714601fb96d274a3181559b884863808a116cddf857eaf334fd3ef44997d424b8c811f87d8b61ab32f5215dd22493f469789b370796dc6c983a97e0033a6412d23822d6898a5f1caaa92f7bbb900bfbec0138bbf2bd950c34a604326fb952d6791fe65d934d11cb26dcadcf6e7d027386d54910411851b5edb3ce11d71560f6a90b7c3982b578a20c63b673f94618857d23a9b1feb8364f520918d99a9c4ec3682d2b7e0610d68d50054ba1a4677ef3472569c9b16cc4477f6e679e4d1819758735ccb3637a579c4c2325c6de9acccfbfae22f96e8206acf789408be8d9f5e65a6dfa724d0a8337c157d5ab44343f6f081301652b6d0278978f92ba3f319011e1a0cd11e07ec7c711bd57d2dda8a96d63b521ace30d300a16b2d1320c5c479f066c52871ab9d4c16ca02786e302cfc7e94041e1bf2addb8e453b6e264545d99e5d2dcbf0efdae8a983969b3e53783cc01fc1c419177be0881bfa4c0d54dda23266f8eef5d83efffc3928b4ca0417a4ce4e2892016011a89512904632a29355f7915a6bd3c1364ed2b5a0f849302aa08aab33019861dc6c886f9a739e19387764f7f7053d1a557ee4546843ad5fdae4101e46ae3343901dcc872078fc17dfff201f1d8a025c46664dc692b7fac0fbafb5f88994130a17105c79d94e91fd388cdf53a2a66e2b8d46c390c92e47999311b7b92f6f27727253664759fec7702ae9d7a2ff164ad1e1a3638fdb99dac77c68bc5d552014776ed5930f5a131a03dbdc9b9d65bdf5e728f77c659cb83a5ce107e013f3db3efa1fb555b1c9431c3866e67deb4f56af873a4f227be35f1c48b122a74b301bfc77628559ebce0cca85a82cad0621bd5aeb8c1ef89e74b3d0948de6434934d7747387714fd0296c4e474662314f6daf6ab77bc4d8e7286d697be2daed8145cae4408800d17c33a12cf07157c30cd89c993e52a7161a66552c9ed8f6377782b730176b19c945988e3e438d42760e8420e2045f438a9664165fcd3e186d75b1219c8877a4428aa8b02951cf65406cbb21bf6a9538d698e019e3f285905e1aefc291f28f8266551e62d70b86c9948a70"}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x1}]}, 0x4ac}, 0x1, 0x0, 0x0, 0x8000}, 0x8800) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000004c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x9000, 0x0, 0x0, 0x1, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x4c, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_1\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, [], 0x1e}}]}, 0x4c}, 0x1, 0x0, 0x0, 0xa84f7cafe0ff76fc}, 0x4) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) 17:03:48 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:48 executing program 2: r0 = socket(0x10, 0x3, 0x0) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000040)='wg2\x00', 0x4) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 378.513746][T12074] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 378.513746][T12074] program syz-executor.4 not setting count and/or reply_len properly 17:03:48 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) [ 378.603712][T12083] hub 9-0:1.0: USB hub found [ 378.656533][T12083] hub 9-0:1.0: 8 ports detected 17:03:48 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:48 executing program 3: socket$inet_sctp(0x2, 0x1, 0x84) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007f80)=[{{0x0, 0xe000008, &(0x7f0000000180)=[{&(0x7f0000000000)="94eb98c5f97e2c2a4a02408ccb88a96a52bbf810f9b72aa17225a6c6bcb1f56bc51ce9668fee7066d816af4c6bf88f7adff4c49f3dc6e467603e98d004b63403d6570cf7d036784cb892eb7750", 0x4d}, {&(0x7f00000003c0)="f0583ac29776b175c108434c251d2996f169fa34891154de372b60d30b7e13b8a820cc31b4dc8a98236205d5c5329b8482ae7ac5a999d57dc5a723cd5eede9b9edda4b522a6a4a42b8076e488ef139f0baa6bd32babe0c990c66a75c9956b8272a0ba6d52cbc094e996f6cb52e5bb9d2c5abeb1621f359b622fdbbe583c1d262bc28fc4d856e83a3b3cbcfcd83d8ed0c9184f31afac72189b6896a321993fdf79568ee4506113d22bef08fbc36aa5c9cbc600ffedd7d500aa3aa933dddaae7e82eac134d436af91d9a893a262388a7e8c3256a4042a07366998bc11e5884d9853f08f7eebebc4b41323144308cc64ae9913afe5bbed9765b08f447b723eb97199b2fd202ea2017e0cd5efa17f5e993396f29debd1159de0f8836d890b3d81d8cc2a3cf95b0910b6c739928a03a80284dda986c1d6f6899e445b5f8eec34985be9d75447646f44baf1321c3c112971c0caae973a32c05a69f091c9c9622e3e66d2458befc41e72805c8e7349d07e22f890db3d1f1409ef9f2027155844fbd4f7d104e62405dbce5a810181cd05072b94826780b6950180572e93543a736af99858cd6ed71ee4fe722e1e28c2329a6e2f1720bf8fecc96dd3434d6696851845630650548cb8d548a8cde246769913a743257954a8d4d9950ff419c25b5a2db3d817170d0ac70942acbf77bf9746f94bc45a07731ddb9b45d99994a649c3f7f19a75da137f0347babf5df5fea1cccc1392c0434f4cb80164a62e30eebc59f9f53e6f5673ad7753bfb50352ffd9541a943e2a9ac095e8321f7e48223e69398c9fb08429e37aae353cffa23de86fca4f74a5c15aa6d15acbe410341ff99132337400d65e5ab0b19dd7a68a74d69c2b44c7ad7d71e8c480e96c65f31c9bb3f1b1b9bd8a9d9e485cdcb361d5408461bb7eb42d22b8a140cda3239aa5033e57abe392ba62371cb35d49b5abe79587ed299709f542b4a08a72ffae9f488893e257ae1cd0cfc18e124bad5e476a3a18c97c40b571cdb511b69bfe60aad8a9909eb2a639d315b53e2cffcd13d04ca116aa88e90e7ce06658bca74921ee05461ae13076c8c51ae8fbd37eff7d61b8928069a469b1cd5076d9f156e84864e9f729dc8c6b4a967d8188138357a34e5eb1e350e4e4688170b5fa87c78e8a294dbf64d551a1a2e82eba19ac81bcf622a15c754725ae3b38c4240f9f5835aafd8ee6a95a9e83c11e68be8ad5835c49f0f623b168efdb670af3743a2bd64f7ed039f80dd1c9ad1d93d7ba6b43cd91a0339f95969f5bf4468757016f654ee67b07cd34cf60a643ca9e04770005a0025e24dcc14f5f712da46d5909714f73a7a3a64db16efa0b57fdec4acea474a8f5800b1dbbc264608aa6bdbc0cd0a21c2b4c7e7e7f825dc551389686b3e917926a48f1bc6a6695a5de4acc3a966bd33e7014327390db9a158271674a5f3d779195cb4ffc3e185d7b9e95eff5da68e89cdcc2b0bf1f390581f9dcc81db50382c69f811647307db2e033be601fc22a5cfd18679768111d3d8e98bc8f987db0c1911a3b39910d56abdead660cffa1c7e547d7868fb75796393f2748b102d79302e712e4f8e38d986626b2168151b80b32d6f8026831d4d00b52e519c6616711b17f95f4822329c151fc5deb482e98505385dd1fe855ddfed02bfba4caa14a8c0daa7be61d35a59499b02af98bf8ab586ad194229234c6528182e52e7abbb3ca22ed4b5e2e1b144d9a3ed3057b6e2383255e055b7317a96fb4261a48215b4a453d7edf9d11cef2e13dcc798e5b5f27f4a6bac604fe04fab212894888bd035749c91ce42bfbd7fb7df5211f77c42bfae9a077303503c890207ffb987f65b183ecb495fb242ceac7d8b546376b9a8d2f7baf71374a69bfd7cf20692a16d4155dff1a1a00e8b4488ebba6268d15ace5f13a580ab2f8308fbbee8722a77270e5fb7546d4b5493f2247b14aa2e0e4a927ecc8f9f", 0x574}], 0x2}}], 0x400000000000398, 0x0) 17:03:48 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x8, 0x404000) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000000100)=r2) 17:03:48 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:48 executing program 0: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$kcm(0x2, 0x3, 0x2) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000700)={'team_slave_1\x00', @random="f960f5091ce5"}) [ 379.175194][T12102] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 379.175194][T12102] program syz-executor.4 not setting count and/or reply_len properly 17:03:49 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) syz_open_procfs(0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) recvfrom$inet6(r1, &(0x7f0000000000)=""/35, 0xffffffffffffff13, 0x100, &(0x7f0000001880)={0xa, 0x0, 0x0, @mcast2}, 0x1c) shutdown(r1, 0x1) r2 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r2, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 17:03:49 executing program 2: r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) write$UHID_CREATE(r0, &(0x7f0000000100)={0x0, {'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000080)=""/118, 0x76, 0xcb, 0x6, 0x4, 0x3}}, 0x120) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-monitor\x00', 0x400, 0x0) recvmsg$can_raw(r1, &(0x7f00000018c0)={&(0x7f0000000280)=@phonet, 0x80, &(0x7f0000001740)=[{&(0x7f0000000300)=""/28, 0x1c}, {&(0x7f0000000340)=""/158, 0x9e}, {&(0x7f0000000400)=""/210, 0xd2}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/10, 0xa}, {&(0x7f0000001540)=""/131, 0x83}, {&(0x7f0000001600)=""/237, 0xed}, {&(0x7f0000001700)=""/21, 0x15}], 0x8, &(0x7f00000017c0)=""/224, 0xe0}, 0x81b5536113c60f4a) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:49 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x8, &(0x7f0000000100)={{0x0, @rand_addr, 0x0, 0x0, 'sed\x00'}, {@local}}, 0x44) 17:03:49 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 379.615600][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 17:03:49 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 379.932618][T12127] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 379.932618][T12127] program syz-executor.4 not setting count and/or reply_len properly 17:03:50 executing program 0: mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='squashfs\x00', 0x0, 0x0) 17:03:50 executing program 2: r0 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0)='l2tp\x00') sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x2c, r0, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x2c}}, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c007c1a0931eb71f70080", @ANYRES16=r0, @ANYBLOB="00082cbd7000fbdbdf250100000008000c000000000006001c000200000006001c00810000000500070003000000050004000300000005002200010000000500050000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x400a014}, 0x48800) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x8040, 0x0) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:50 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 380.623485][T12147] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 380.623485][T12147] program syz-executor.4 not setting count and/or reply_len properly 17:03:51 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) semget(0x2, 0x0, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x25) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x169, 0x4) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000780)={@in={{0x2, 0x0, @local}}, 0x0, 0x9, 0x6}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x5, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$FUSE_CREATE_OPEN(0xffffffffffffffff, 0x0, 0x0) recvmsg(r0, &(0x7f0000000240)={0x0, 0xfffffffffffffd83, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x5801}], 0x2c, 0x0, 0xf080, 0x158}, 0x100) write$binfmt_elf64(r0, &(0x7f0000000600)=ANY=[@ANYRESDEC], 0x1000001bd) 17:03:51 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 17:03:51 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:51 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)) r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0) getdents64(r3, &(0x7f0000000440)=""/538, 0x21a) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x10000, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) write(r0, &(0x7f0000000100)="2400000058001f000307f59bcbafba553a142e69a97a7046ea45f900230400ff04f511080001000285000208001380050000004fc262113bc9bc63b7ea0fa2113c7afbdfaedeadcc04c69808e7527dbd4378596def0ab94d0c097087e3e0b983ddf9d2cb9201614077c45eeb0e38b93a3d6d3d64c3dab0b37b5ea39abcb756e708435011ab5345546b443f8d8146746df9dd347f77ebf05b2c4bf8bd3e4c93354346c7df972e5cdac92c69b38acbb925c051d84ccb6dbc8f5470d3643fc166a953e6e9789973a422bd92e1208aa492855e0c06337414eba0be3bc4693858ed072eba28e8c7fb140646a5860e1e44d30c1c52c73cbd4348bfe8f121f8", 0x158) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r4, 0xc018620c, &(0x7f00000000c0)={0x3}) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x2000, 0x0) openat$cgroup_type(r5, &(0x7f0000000080)='cgroup.type\x00', 0x2, 0x0) ioperm(0x800, 0x2, 0xfffffffffffffffc) 17:03:51 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) getpeername(r2, 0x0, 0x0) 17:03:51 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 381.397171][T12154] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 381.434916][T12157] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 381.450712][T12161] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 381.499717][T12160] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 381.499717][T12160] program syz-executor.4 not setting count and/or reply_len properly [ 381.637114][T12154] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. 17:03:51 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:51 executing program 5: clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x510, 0x0, 0xffffff80, 0x178, 0x370, 0x178, 0x440, 0x258, 0x258, 0x440, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x330, 0x370, 0x0, {}, [@common=@unspec=@bpf1={{0x230, 'bpf\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00'}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffb}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x570) 17:03:51 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) mmap$xdp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x180000000) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='macvlan0\x00', 0x4c) connect$inet(r1, &(0x7f0000002600)={0x2, 0x0, @local}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000200), 0x4) sendto(r1, &(0x7f00000000c0)="06", 0x1, 0x40480c4, 0x0, 0x0) sendto(r1, &(0x7f00000004c0)="06", 0x1, 0x0, 0x0, 0x0) r4 = socket(0x26, 0x80000, 0x0) write(r4, &(0x7f0000000040)="240000795ebba2f813e2c9f9002384000a0405000000a55f94d19a133e367d621ed642682731acba636cbad0c2a99179ac59eadb4785e4ff40343cb0681d4c813ea5c35336a58fe4111337dc5e7c67195994ae5a48768ea80e0bc6aa2fb9acde4e6b7d7e8cbda2036796f97b8f8b954b23d2371e03fa2017e7e2c23996680cd1485b00c7e2f23e3bf9bc0d17b64885b6cc3fe7c9fb15e07a15008f3e954d1eff4eb37c38a3d69dfd62c68ffe1277868c299135a9a3657afe6ced6157c7aa51d0f3255cbe3b7a4dabe5ced9b3140da45fbdc33fac7a9e9674fa48d2cdeb1f830538c275f23e88b41c59de1497d8bd7cb4af4f", 0xf2) 17:03:52 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 382.177974][T12181] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 382.177974][T12181] program syz-executor.4 not setting count and/or reply_len properly [ 382.218139][T12183] xt_bpf: check failed: parse error 17:03:52 executing program 5: socket$unix(0x1, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 17:03:52 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 382.732263][T12205] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 382.732263][T12205] program syz-executor.4 not setting count and/or reply_len properly 17:03:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000001280)=0x6, &(0x7f00000012c0)=0x2) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000240)={0x5, 0x7, 0x9, 0x6, 0x15, "03c4121fcebb07f6a3e848f6168298690099a8", 0x2, 0x1}) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x5e, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="680000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b03000000000000380012800b00010067656e65766500002800028005000300090000000800010001000000140007000000000000000005000000005bb33f09a4ea10b568034fb9a1d09500000001080005005ac8c3fc5d1dcb9b3c30ef85810c191a6c73e1468d82295c0718b453ebdf75adc9ed4d9a8a878cfd5f05296efc3fb7b0a5da2bf5b50e4d9a512be886c05faf81", @ANYRES32=r1, @ANYBLOB="e9ff0900", @ANYRES32=r1, @ANYBLOB], 0x68}}, 0x20000040) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000001280)=0x6, &(0x7f00000012c0)=0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f00000000c0), 0x10) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x12) ioctl$NBD_SET_SOCK(r5, 0xab00, r0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newlink={0x58, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @geneve={{0xb, 0x1, 'geneve\x00'}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @loopback={0x5}}]}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8}]}, 0x58}}, 0x0) 17:03:52 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 17:03:52 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) sendmsg$unix(r0, &(0x7f0000000300)={&(0x7f0000000040)=@abs={0x1, 0x0, 0x4e22}, 0xffffffffffffff64, &(0x7f0000000280)=[{&(0x7f00000000c0)="1f6963afc74aaef307435175dd82910f55a61905a7e2d483f91f175fed92c9971d30b9bb89384659cd3ebec8bb0096f95dac37faa52315732b7f361ea7fceb2747b546713a89377c2ff92236f01af7f9d88f37fb8ab398b3901a7c93a84b5da7c6cc62fab14a54f582a920449803c48b6df88b26bd0e8600e2c6161cdaf8768e665f02b63903d71840293243109c033b4e11871d1809a502c3ac27cb0484523d09fe265dc353bcaf30", 0xa9}, {&(0x7f0000000180)="86817d8468e19025ff9f535812a3ecd3dc29fe1eb34847babee0193a976b5545c641b56077113bdd84a63af13562d0f9b87c5408c6ff386060156e0d588a575220362bec5e4ec5c3a37561f6e22fa66d35c71ecfe9e13a6476b092a4e50cb503f75158c103402e2f0baf5c9d42cbe0523859523db3866dde449f34a66eb603a461f43e99a0e5e9af662b85b4ce4c98faf9fb426ed46312f0b35c4d56dc25ba340fa83a44d64e9bd4ec6d009627ab43d3b473d571c18d7a2656808a3583d42383a5adb9336f", 0xc5}], 0x2, &(0x7f0000000340), 0x20, 0x8040}, 0x4c840) 17:03:52 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:52 executing program 5: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x54) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) 17:03:52 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:53 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, "d95a3f02b8a5c87c2c56d068d655765be7ceffb6a8b7b6b542c44e4e439cde09"}) [ 383.078143][T12220] device geneve2 entered promiscuous mode [ 383.113465][T12223] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; 17:03:53 executing program 2: r0 = socket(0x1b, 0x800, 0x3f) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 383.113465][T12223] program syz-executor.4 not setting count and/or reply_len properly 17:03:53 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x121041) 17:03:53 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:53 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:53 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000004, 0x1010, r1, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000060064660343a3fa86d88dd657ce25fa00"], &(0x7f0000000080)=0x8) 17:03:53 executing program 5: pipe(&(0x7f0000000200)) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) [ 383.716918][T12243] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 383.716918][T12243] program syz-executor.4 not setting count and/or reply_len properly 17:03:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xffffff0b) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "000000000000000000000010000000001000"}) 17:03:53 executing program 3: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000700)={'team_slave_1\x00', @dev}) socket$kcm(0x2, 0x3, 0x2) 17:03:53 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:53 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$sock_netdev_private(r1, 0x89fb, &(0x7f0000000040)="d621547beff70ea457fa654c45b580") 17:03:53 executing program 5: perf_event_open(&(0x7f0000001340)={0x1, 0xae, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000300)={0x11, 0xd, r2, 0x1, 0x0, 0x6, @local}, 0x14) sendmmsg(r1, &(0x7f0000000d00), 0x400004e, 0x0) 17:03:53 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 384.297057][T12268] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 384.297057][T12268] program syz-executor.4 not setting count and/or reply_len properly 17:03:54 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:54 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00') sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x1c, r2, 0x7, 0x0, 0x0, {0x5}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5}]}, 0x1c}, 0x1, 0xa00}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r8, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x114, r2, 0x2, 0x70bd28, 0x25dfdbfc, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x4810}, 0x2) 17:03:54 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000840)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501d07ba00af339d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945ff15d809957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26765ba5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f79f2be9087a3e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a0578442926ef4e912f01a201e694e3806e8c8fe8b69524cd19f7525d8d66bb766f7f3f918c86a70400000000000000133af94a5a4cfc794d8b9d7c33632152c58eaf302f0b2e0c252b0000000000000067a19b09e00e50d3006f1bbefbe08de65e11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87c1999d8679406419406bf0c5329bd5b4697336112b0b8754ce3574046bf611a108f8df4d1a88597850b702b6fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f7faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4a189edbf9fb7c42b1f435ccd4d96822e6b70b62912c926dbe417cccc4f696bb28fa8a3ea847f10e9b1106f3bb506f1d7fbdf801000000000000006c028eb5b5a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d55badf9b86b1c28adff556e0900000000000000e607d403bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315878f88a8fb1dd679fb4c5557abae6849917dc51a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d30519339b44197c22da8650579475a131c2115b97275712a5fdfd60dd8900c44c67133eeb0109dcb60dddad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d9447c4df6e21ee0e54f8be072e0b083bbd86b19cb074577a25ff581d92af08a06f857311a2f144c6b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83841feb402a2415a9850d5f0183ec67be96dc0e4acd7acf1dfe79d6771903b76e211c22d641030e1ddac018dc3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000000000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e9efb3e1e7a27310d00"/1197], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0xfeffff, 0x113, 0xfffffffffffffec8, &(0x7f0000000700)="c45c57ce395de5b289137d637a223920f181c2e57d71483cfb2d0c5a3fa67258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0x4a, 0xffffff0c}, 0x40) 17:03:54 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 384.835854][T12283] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 384.835854][T12283] program syz-executor.4 not setting count and/or reply_len properly 17:03:54 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:03:54 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@remote, 0x0, 0x0, 0xff, 0xb, 0x0, 0x80}, 0x20) [ 384.959358][T12275] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 384.984497][T12277] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 385.154958][T12277] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 385.164888][T12302] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:03:55 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:55 executing program 3: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000080)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x8}}) [ 385.380818][T12269] not chained 10000 origins [ 385.385462][T12269] CPU: 0 PID: 12269 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 385.394133][T12269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.404240][T12269] Call Trace: [ 385.407531][T12269] dump_stack+0x1df/0x240 [ 385.411851][T12269] ? kmsan_get_metadata+0x11d/0x180 [ 385.417042][T12269] kmsan_internal_chain_origin+0x6f/0x130 [ 385.422754][T12269] ? sched_clock_cpu+0x7c/0x930 [ 385.427596][T12269] ? kmsan_get_metadata+0x11d/0x180 [ 385.432782][T12269] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 385.438574][T12269] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 385.444627][T12269] ? psi_group_change+0x1007/0x13c0 [ 385.449817][T12269] ? kmsan_get_metadata+0x11d/0x180 [ 385.455001][T12269] ? kmsan_get_metadata+0x4f/0x180 [ 385.460117][T12269] ? kmsan_set_origin_checked+0x95/0xf0 [ 385.465749][T12269] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 385.471917][T12269] ? _copy_from_user+0x15b/0x260 [ 385.476899][T12269] ? kmsan_get_metadata+0x4f/0x180 [ 385.482001][T12269] __msan_chain_origin+0x50/0x90 [ 385.486929][T12269] __copy_msghdr_from_user+0x555/0xaf0 [ 385.492387][T12269] __sys_sendmmsg+0x558/0xd80 [ 385.497058][T12269] ? _raw_spin_unlock_bh+0x4b/0x60 [ 385.502205][T12269] ? kmsan_get_metadata+0x4f/0x180 [ 385.507308][T12269] ? kmsan_internal_set_origin+0x75/0xb0 [ 385.512926][T12269] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 385.518815][T12269] ? kmsan_check_memory+0xd/0x10 [ 385.523748][T12269] ? _copy_to_user+0x12e/0x1d0 [ 385.528495][T12269] ? kmsan_get_metadata+0x11d/0x180 [ 385.533786][T12269] ? kmsan_get_metadata+0x11d/0x180 [ 385.538971][T12269] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 385.544780][T12269] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 385.550936][T12269] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 385.556830][T12269] __se_sys_sendmmsg+0xbd/0xe0 [ 385.561597][T12269] __x64_sys_sendmmsg+0x56/0x70 [ 385.566438][T12269] do_syscall_64+0xb0/0x150 [ 385.571019][T12269] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.576896][T12269] RIP: 0033:0x45c1d9 [ 385.580773][T12269] Code: Bad RIP value. [ 385.584824][T12269] RSP: 002b:00007fc29ac8fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 385.593480][T12269] RAX: ffffffffffffffda RBX: 0000000000026100 RCX: 000000000045c1d9 [ 385.601440][T12269] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000004 [ 385.609399][T12269] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 385.617372][T12269] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 385.625338][T12269] R13: 0000000000c9fb6f R14: 00007fc29ac909c0 R15: 000000000078bf0c [ 385.633309][T12269] Uninit was stored to memory at: [ 385.638329][T12269] kmsan_internal_chain_origin+0xad/0x130 [ 385.644034][T12269] __msan_chain_origin+0x50/0x90 [ 385.648962][T12269] __copy_msghdr_from_user+0x555/0xaf0 [ 385.654405][T12269] __sys_sendmmsg+0x558/0xd80 [ 385.659067][T12269] __se_sys_sendmmsg+0xbd/0xe0 [ 385.664198][T12269] __x64_sys_sendmmsg+0x56/0x70 [ 385.669134][T12269] do_syscall_64+0xb0/0x150 [ 385.673622][T12269] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.679582][T12269] [ 385.681893][T12269] Uninit was stored to memory at: [ 385.686906][T12269] kmsan_internal_chain_origin+0xad/0x130 [ 385.692612][T12269] __msan_chain_origin+0x50/0x90 [ 385.697547][T12269] __copy_msghdr_from_user+0x555/0xaf0 [ 385.703016][T12269] __sys_sendmmsg+0x558/0xd80 [ 385.707938][T12269] __se_sys_sendmmsg+0xbd/0xe0 [ 385.712687][T12269] __x64_sys_sendmmsg+0x56/0x70 [ 385.717527][T12269] do_syscall_64+0xb0/0x150 [ 385.722015][T12269] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.728666][T12269] [ 385.730993][T12269] Uninit was stored to memory at: [ 385.736003][T12269] kmsan_internal_chain_origin+0xad/0x130 [ 385.741798][T12269] __msan_chain_origin+0x50/0x90 [ 385.746723][T12269] __copy_msghdr_from_user+0x555/0xaf0 [ 385.752170][T12269] __sys_sendmmsg+0x558/0xd80 [ 385.756836][T12269] __se_sys_sendmmsg+0xbd/0xe0 [ 385.761587][T12269] __x64_sys_sendmmsg+0x56/0x70 [ 385.766425][T12269] do_syscall_64+0xb0/0x150 [ 385.770920][T12269] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.776791][T12269] [ 385.779101][T12269] Uninit was stored to memory at: [ 385.784137][T12269] kmsan_internal_chain_origin+0xad/0x130 [ 385.789856][T12269] __msan_chain_origin+0x50/0x90 [ 385.794790][T12269] __copy_msghdr_from_user+0x555/0xaf0 [ 385.800240][T12269] __sys_sendmmsg+0x558/0xd80 [ 385.804903][T12269] __se_sys_sendmmsg+0xbd/0xe0 [ 385.809651][T12269] __x64_sys_sendmmsg+0x56/0x70 [ 385.814488][T12269] do_syscall_64+0xb0/0x150 [ 385.819071][T12269] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.824950][T12269] [ 385.827263][T12269] Uninit was stored to memory at: [ 385.832273][T12269] kmsan_internal_chain_origin+0xad/0x130 [ 385.837979][T12269] __msan_chain_origin+0x50/0x90 [ 385.842904][T12269] __copy_msghdr_from_user+0x555/0xaf0 [ 385.848347][T12269] __sys_sendmmsg+0x558/0xd80 [ 385.853033][T12269] __se_sys_sendmmsg+0xbd/0xe0 [ 385.858216][T12269] __x64_sys_sendmmsg+0x56/0x70 [ 385.863056][T12269] do_syscall_64+0xb0/0x150 [ 385.867555][T12269] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.873519][T12269] [ 385.875829][T12269] Uninit was stored to memory at: [ 385.880840][T12269] kmsan_internal_chain_origin+0xad/0x130 [ 385.886542][T12269] __msan_chain_origin+0x50/0x90 [ 385.891466][T12269] __copy_msghdr_from_user+0x555/0xaf0 [ 385.897001][T12269] __sys_sendmmsg+0x558/0xd80 [ 385.901670][T12269] __se_sys_sendmmsg+0xbd/0xe0 [ 385.906420][T12269] __x64_sys_sendmmsg+0x56/0x70 [ 385.911437][T12269] do_syscall_64+0xb0/0x150 [ 385.915943][T12269] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.921814][T12269] [ 385.924124][T12269] Uninit was stored to memory at: [ 385.929829][T12269] kmsan_internal_chain_origin+0xad/0x130 [ 385.935536][T12269] __msan_chain_origin+0x50/0x90 [ 385.940457][T12269] __copy_msghdr_from_user+0x555/0xaf0 [ 385.945911][T12269] __sys_sendmmsg+0x558/0xd80 [ 385.950841][T12269] __se_sys_sendmmsg+0xbd/0xe0 [ 385.955679][T12269] __x64_sys_sendmmsg+0x56/0x70 [ 385.960517][T12269] do_syscall_64+0xb0/0x150 [ 385.965022][T12269] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.970904][T12269] [ 385.973230][T12269] Local variable ----msg_sys@__sys_sendmmsg created at: 17:03:55 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x0, &(0x7f00000000c0)}, 0x10) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x1000001, 0x11, r1, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x102, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={r2, 0x13, 0x0, 0x1ff, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}, 0x20) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000040)={[{0x4, 0xa78e, 0x1, 0xa, 0x0, 0xbe, 0xe1, 0x97, 0xff, 0x0, 0x6, 0x3f, 0xffffffffffff0001}, {0x3, 0xdd, 0x79, 0x6, 0x0, 0x0, 0xa0, 0x20, 0x0, 0x2, 0x7, 0x6, 0x80}, {0xfff, 0x8, 0xe7, 0x7, 0x6, 0x5, 0x2, 0x4, 0x8, 0x1, 0x81, 0x8, 0xb16}], 0xd}) [ 385.980163][T12269] __sys_sendmmsg+0xb7/0xd80 [ 385.984739][T12269] __sys_sendmmsg+0xb7/0xd80 17:03:55 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 386.069128][T12311] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 386.069128][T12311] program syz-executor.4 not setting count and/or reply_len properly 17:03:56 executing program 5: 17:03:56 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000000540)="2e0000001a008102e00f80ecdb4cb9020a000004a1dc5f09850569556a6c3255200e000200810040fb1200010004", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 17:03:56 executing program 3: 17:03:56 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:56 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:56 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f00000000c0)={0xa10000, 0x2, 0x2, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x980920, 0x0, [], @p_u32=&(0x7f0000000040)=0x800}}) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000100)=0x3) r2 = socket(0x10, 0x3, 0x0) r3 = inotify_init1(0x0) r4 = inotify_add_watch(r3, &(0x7f00000000c0)='.\x00', 0x20000000) inotify_rm_watch(r3, r4) inotify_rm_watch(r1, r4) write(r2, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 386.937506][T12336] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 386.937506][T12336] program syz-executor.4 not setting count and/or reply_len properly 17:03:56 executing program 3: 17:03:57 executing program 0: 17:03:57 executing program 5: 17:03:57 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:57 executing program 2: r0 = socket(0x11, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f006830bbc5057c0307f4f900230400ec03f51108000100020100020800", 0x24) r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x200, 0x80101) ioctl$VIDIOC_STREAMOFF(r1, 0x40045613, &(0x7f00000000c0)=0x800) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x800, 0x101100) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) readv(r3, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2) readv(r4, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) fcntl$getownex(r4, 0x10, &(0x7f0000000140)) 17:03:57 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:57 executing program 0: 17:03:57 executing program 3: 17:03:57 executing program 5: 17:03:57 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000680)=ANY=[], 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000000c0)={0x9a0000, 0x7, 0xbcb, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x99096f, 0x7, [], @value=0x9}}) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000880)={'syz1\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd911, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f]}, 0x45c) ioctl$SNDCTL_DSP_GETTRIGGER(0xffffffffffffffff, 0x80045010, &(0x7f0000000040)) r2 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, 0x0, 0x0) bind$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10) socket$inet_sctp(0x2, 0x5, 0x84) socket$unix(0x1, 0x1, 0x0) write(r0, &(0x7f0000000000)="2407abfdb66bb7ab009f0003e2a8de7864dbc97864b9511ad8070000e52300000004ef501e58db0cf511080001000201000208000380050000000000000000000000000043cac0be19edce1334ce25a6e16ca2b78a6a9611d20831f1f44eea9458", 0xd8d30b70cf10a84b) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f0000000080)={0x1, 0x6, 0x41}) socket$vsock_stream(0x28, 0x1, 0x0) [ 387.854352][T12361] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 387.854352][T12361] program syz-executor.4 not setting count and/or reply_len properly 17:03:58 executing program 5: 17:03:58 executing program 0: 17:03:58 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x98, 0x1, 0x8, 0x201, 0x0, 0x0, {0x1, 0x0, 0x5}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED={0x8, 0x9, 0x1, 0x0, 0xff6}, @CTA_TIMEOUT_SCTP_SHUTDOWN_RECD={0x8, 0x6, 0x1, 0x0, 0x3}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8917}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_SHUTDOWN_SENT={0x8, 0x5, 0x1, 0x0, 0x3f}, @CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED={0x8, 0x9, 0x1, 0x0, 0x8000}, @CTA_TIMEOUT_SCTP_SHUTDOWN_RECD={0x8, 0x6, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_SCTP_SHUTDOWN_RECD={0x8, 0x6, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED={0x8}, @CTA_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT={0x8, 0x7, 0x1, 0x0, 0x1000000}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}]}, 0x98}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) r1 = socket(0x3, 0x6, 0x1) write(r1, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:58 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:58 executing program 3: 17:03:58 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 388.372384][T12384] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 388.372384][T12384] program syz-executor.4 not setting count and/or reply_len properly 17:03:58 executing program 0: 17:03:58 executing program 5: 17:03:58 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) ioctl$SIOCGIFMTU(r0, 0x8921, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = accept4(r1, &(0x7f0000000040)=@phonet, &(0x7f00000000c0)=0x80, 0x80000) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000140)={{0xa, 0x4e22, 0x3, @private1, 0x3}, {0xa, 0x4e23, 0x3f, @empty, 0x68}, 0x4, [0x6000000, 0x3f4f, 0x9, 0x7f, 0xd46, 0xffffffff, 0x4, 0x4]}, 0x5c) ioctl$F2FS_IOC_FLUSH_DEVICE(r2, 0x4008f50a, &(0x7f0000000100)={0x1, 0x7}) 17:03:58 executing program 3: 17:03:58 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:58 executing program 0: 17:03:58 executing program 5: 17:03:58 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 388.935340][T12403] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 388.935340][T12403] program syz-executor.4 not setting count and/or reply_len properly 17:03:58 executing program 3: 17:03:58 executing program 2: r0 = socket(0x10, 0x80000, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="ff92000000000000000001"], 0x1c}}, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r2, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000540)={&(0x7f0000000900)={0x804, r4, 0x2, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_IE={0x7e4, 0x2a, "e42a12773f0ddc9860c7bbf54c5afd0a34072436563918b0d230e6e44cf481e1d29baefa457b74c05eec62d0d8a55d4dd69b7f6eb4fa011f5f69dea21368eb3594a582b31b05fb57781cd0f3835ad0913e20b7dd887cd1ebdea995e76670a270e38b0c6f61ba38d9b56a7574a29c0a80d053dad2d80816f148b660f87a5870960783383156df8fab17a98e1e53d66fb02504a985ffbba43019facdf82d018bf95677ca338c0c394300fcf1f866dbd2bd4c1bf5d5c29be6935dd606e7639603c374362c8b45512166cafde087f2d148c1fb468fc5002aacb49f44748ea57510f2b3c329539a9c518b97bb110d23bf9622eac1b0aae0d0dd1d938cfd7a1d94f0737043d264180ef10064d2a610c73755b739d434a3124fbdb4149dfe9e238c75c8f5625ad67448e10bb25b151103e27ed1b241f8b61e3ba2b316ef787b2323c84820592b233a75cb896635db4c1bd87ba5ac4d44ec86595d821d549d150d5ef35f9f0b362933fa60a654f2a5a024249ef9622ee6a718e76e9683f6261965d4af71d00c116f76e62b1c9a1e95b8222fb5e548132fa5f6da77fd4aee5636892441c0cd599403dac4ff8fd9c1477f381f25da1cae4b8f26b67b41c95c92b3541b0c5db27649fdebd0d65d60f4088b5eddf1b5873eb4380b911e2c8060842ff929de9b322a486b41f4dec61e5aceef54d5289f9df3c055294e9eff2861e30f3232bb13d266c74e1e2d91b3fc61c22264599c99e25abbe1c7e9db53c1a53800e4104224bd338f7dcf87b3025d3e2dc77b7022bf9ff7dd3b6503def1a298437afc3b1767807c3103d5ab102f61f8577af21cacc694e0f4dc7dfa1fdcd29f0ddf165e055fcfbec483f962f2bd4ad94ae9700b682866c3428c634bab32d73bd7f294a606709510282b228da8cd82e6c6febfc321860d507ac66977058b8578c0a8210e65498acbc64baaf232f0191ae2da905ab580e085371d7facafdd386fa9aef0db8f0965281ead495f9030ab3fd1344f5e9bddb18c49210501c21f14c0ec82e3cf74f839bf700a179a3c36d50e7fd70669d903a0dcaf4726e624f7c0eb52fcf1dfce7e1768264c6163919ffc1a594aea04f0082fc83b8aea04c0ee89024826b9671c10d00ee60132e94fa551a22c2ad12dd23e6b4df88fa87c3c5247d2cdd33d8b63d683c84a78d7b78f75acb4a66639935d0229312611d4b2c8a4bc5f72740ee38f1d0966450dea6ffb83af79afd4176c163e340462d7d2b616065a49776d75e6d45d8ac199b6d544575d8eec4cdbd41277b8b28dc74766c541bebdfb61e921880b41df3873b43b34016cc061c4dc809cb31196cfb74ca508754f45b630f03884b9558c17af6a17df5203d0de0fcdd28ed4f1374bd03795b8f61426d2583708ffcf6ceac3fcbf07311d5c3da9790fb198b4bd0b696567e58f9786252c4408fc4729a75c34df8a0b2675feb9086b8b1b16baeb2d62f74d03dca45bfc8ecead65f762a37e78c6275ac16220e3928da703aa1da44f8447f1925115cf05d5d22553afc90468b3b9398486435bac15c122a8652b01c9431d74c676b6b7d790c3d899f5a63068f17f453e6565c4057f82d6cdab7d7178c5470df6c5c2bc29e77a94e55991d371c381325f86b974458811f3dd98a5735568fcfebab436faf6d2664916ec7af734e4909cf276f5a3b714755305ce4ea022d415f0af5a11d40cce40db3a86fc83d05b52b1ae98c6bf288fa0a0fca1ac2018cea413b6c312293ea8d0a473d8fe69026077f3c53d8679faedd017fa2985ddbc648966370dbda3d5fe519a1d17e23f88d2b51059177fb1a10707d562b1c70a2c93525f36ba04ae6d63b65b66ab1f1f144c1041ad930d4f9acdc31e0b01d5132fc899cc281de077e1cf14717678a25764bf8e5f8ccf88ebde84add88e2db36ae017fae01fa97e0446ff12b30277e44269f08f7ed75816b3d231daaddd8afdd5f9a47b6a4afe54eec64da53b3ee9bb4d805ec77af6466b135f55114cc2b797fc2169532aae9bd90146125c4e7f416e293ca0e1d4b64929e2ae9c39a0dc74efa4285bf5644fba1bb1022988843795eb570667e1005faadec04dbca2574750c5308732322568c59f2108a0fc1587d0ff37e1b28579580e20a0168b83a5b7eb90b1f7caa8deb806fc43745cd6f29f066b65152f19c49b38797d059adad237d128780e401e5b18ce66c568d2f8405a1b065421dcfe6a3e88bdd48c7d3089e93a9d576be484a5faa3a73421f304cc1ddb6dbfd62c88a1fd467a1e205adfc60a2b35aec0c92673ee2356ae18228da920b8d40f9fc0a1060695a7380cb18a2ecabc6212a5613e935b7cb31241a0de40a53f2d7c4dbfcbd62bac1f378154f4a9e65b8e0bd1c74f59cc0c1670e9327b65fc8cbb00b0daa3d7b1f2f68617083405b4aa43386c5914a74a6c0101737175d39683a55795a8a134cab47e20318500562fb406631c4e74d8c5226707a8c85187b1d82436f4096491ac2239e4a91a93daae2c4455a0deb13f2d8e0816737dd5999231e2c59588679b54ada9b358eaafdcc0eea68d3a2b20c81fac0c864c457515593354f8d361f2ccf3de8d8f540873f4e2063b1f22c5efb42d50b2fc7d5d21a462e8a4a0b8e3d749e3801da221f20afff6a3b829246092bfafbbea501c72f5fcddec6bbd8076d97f8a6ed5f7b61ff8f05ae8c201a3f11fd8c00b43149bc30df0d9e9dc765fb6a2eb2669cb4ee005beea417a535d45e78bf4f30c23000796c66b2189b2f2ca5f27db2955f7f4f5970a0a92aff69c18abbac3802ff63d8629bb367c99edac29fcd8ecff611fd3324e1f525d94599efc1012eb331ea3456dd7c13e40ea0187"}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x80, 0x4}}]}, 0x804}, 0x1, 0x0, 0x0, 0x4805}, 0x4000) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r4, 0x8, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x2, 0x2}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x8}, 0x10000080) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/timer\x00', 0x40c40) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r5, 0x54a2) readv(r5, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) fchdir(r5) 17:03:58 executing program 0: 17:03:59 executing program 5: [ 389.201171][T12409] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 17:03:59 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 389.265894][T12416] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 17:03:59 executing program 3: 17:03:59 executing program 0: [ 389.474938][T12424] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 389.474938][T12424] program syz-executor.4 not setting count and/or reply_len properly 17:03:59 executing program 5: 17:03:59 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:03:59 executing program 3: 17:03:59 executing program 2: socket(0x29, 0x800, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1, 0x0, 0x8000, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB='@\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r5, @ANYBLOB="00000000000000000e000000080001006270660014000200080009000000000008000600", @ANYRES32, @ANYBLOB="177872fa34f58543880329ea68ba9519c8c6a991b3a2807deb190cc7db4d9fa19d7cd9055299b69db2a2cfc0df688da909be8e1aeb8e65397644fd366894be1ab9a1924096468b870981e7a6586e2bfa10dc64d4a3c747c3a4a8f75898732be3594e1c0587721bb9dffe9bad5505697fb520267953"], 0x40}}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000240)="ae03cabaa6642c02ed46bc915ea8acbf1fc5e608d1c0cc42383727ac74800a4a888e46c6d9176ca36ef679581bfd415a300e0613bb074414bc83ecce43a75d6f9043126ae4b6d9fa9511a0f08149b25f3896d0db6372fc37e26b5c385a83cd6c49cee72a0fb70603011fcaa3faa121531ba52104f2916f6401f3b2e532958bcd96051ad8fc7316ff9622c4bbe27d8c92ac15d1c7544fa382139ad845eada29a640189216a2e78e0234", 0xa9}, {&(0x7f0000000300)="ccc9e3bbd5915ab88fc2ecdb4b035b8cf58560043487ef4ce8d4eb3696f4ee81de49d61ebef0c4aafb29a522a461a63e6c59858d97f5e53422ea1826f810d894459d557af050d14244e9a8e7133dd2b89078f8cab17c74af86f4341831d78deb082d72c3d71f14c38d28358561eb32eed4916b2754abbed1b9f4ff8a5a45adcc108352a35cf760bf774ec0602ffa13d0bd40b3d43717042891f82f926f95b0e2cba802bf00c646524f025991341593c94c15772fcdc37e2c840f1c261cad9c057fcc6d6e38deed715a0abac86bb0c5af24718c12fa3eadafeb528bd038e30ef8789a4dcb0f", 0xe5}, {&(0x7f0000000400)="3775398698241718a4801e57c92d03e70cabe6227f45e01d6373db8e457c8ac78225394dc486338c6e50bafbeab8d87ce2e20bc2557a9d8aada062aa5ef5c5bfaee4d039f0c5431bbd0c6c70ce02703c97db2a215c67191d1b23d571f8eb30a979cf26a3f2ea8b4f2c3bc67e1566bc7359508033869de2c70d2fa7f26359c875fcd415e8c616413dd2b587ad568be64b4bb093a4a4cca8fc61fb21109b3f3da9f3137f448124184481d3540bc97f858c67c37ccd34e215bc76e175ebf58385bc6da6b4144a3a10a5306152b0c2ca81edb67c0446d7f1a7", 0xd7}, {&(0x7f0000000500)="d596f4b3cc4fec5052545e445a11858917f5fc7ea4c688c7ad28bfe408e0ad66cbbc20015269b73067485325b152a0d509de0f2127c28e106fcf983815986157df57ee9909675908e3c98edb7e3ba130e0255d2da79a7f89283a6d8f292e2d8fa4d5a10bbccb0e52470db60760d020386df9b078cec233c5e3675cb48125994a9e1985a0c9c58c3b5e3dbb35ad03f845ca168a8a01d39007d25b6c3bcf57190ff69c0f701f4c36462ccc37e22ad84c6e33dc7953a6b04ae80babddb5982086a9d4459d1a35e275f1d337064a0a1456e689b90680745f940b3a77555ab95de2d64e445b9ac1c9750fab900a069aa6356fab266869320cb1a1bf", 0xf9}], 0x4, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x800}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast1, @broadcast}}}, @ip_retopts={{0x38, 0x0, 0x7, {[@timestamp={0x44, 0x1c, 0xdf, 0x0, 0x6, [0x6, 0x7, 0x1, 0x1, 0x515, 0xfffffffa]}, @generic={0x82, 0xa, "b0e38c6c3b9d07b8"}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp={0x44, 0xc, 0xa2, 0x0, 0x4, [0x4, 0x7f]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @private=0xa010101, @local}}}], 0xe0}, 0x20000041) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec\x00', 0x2, 0x0) r6 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x4, 0x151500) write(r6, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:03:59 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:03:59 executing program 0: 17:03:59 executing program 5: [ 389.902313][T12435] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 390.031089][T12447] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 390.031089][T12447] program syz-executor.4 not setting count and/or reply_len properly 17:04:00 executing program 0: 17:04:00 executing program 3: 17:04:00 executing program 5: 17:04:00 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:04:00 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:00 executing program 5: 17:04:00 executing program 0: 17:04:00 executing program 3: [ 390.560081][T12460] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 390.560081][T12460] program syz-executor.4 not setting count and/or reply_len properly [ 390.667393][T12448] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:00 executing program 0: 17:04:00 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:04:00 executing program 5: 17:04:00 executing program 3: 17:04:00 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:00 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000001c0)={0x6c, 0x0, [], [@pad1]}, 0x10) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r1, 0x89f9, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000040)={'ip6gre0\x00', r4, 0x4, 0x0, 0x40, 0xffffffff, 0x10, @mcast1, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}, 0x8, 0x8, 0x6, 0x4ae}}) [ 390.982397][T12477] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 390.982397][T12477] program syz-executor.4 not setting count and/or reply_len properly 17:04:00 executing program 0: [ 391.045253][T12480] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:01 executing program 3: 17:04:01 executing program 5: 17:04:01 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 391.266802][T12485] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:01 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:01 executing program 0: 17:04:01 executing program 3: [ 391.606050][T12504] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 391.606050][T12504] program syz-executor.4 not setting count and/or reply_len properly 17:04:01 executing program 5: 17:04:01 executing program 2: socket(0x10, 0x3, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) getdents64(0xffffffffffffffff, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000240)="e20473cc11c703638a684b9ea4be45dbe6802ecd19e4dcaec03fa61c9fb257a107a936741a763ce5a028f4862495bccaa2bee75093dc3f62fb4a040e3811918b4d1954c1dbc199208ab1f788a2672709caae21d0c3e5b2afedf066dafd9e15a5303f306bb4be48d8ad4e16848fa6b08995e6b23822c4887cb76ae9642286ac7dfbbd8b0882305552032ed48a8e058b42c45dfab811f340a71a88e98630c7", 0x9e, 0x0, &(0x7f0000000100)={0x11, 0x1b, r4, 0x1, 0x81, 0x6, @local}, 0x14) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) flistxattr(r1, &(0x7f0000000040)=""/165, 0xa5) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:04:01 executing program 0: 17:04:01 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, 0x0, 0x0, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 391.822221][T12509] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:01 executing program 3: [ 391.912226][T12509] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:01 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:01 executing program 5: 17:04:02 executing program 0: 17:04:02 executing program 2: r0 = socket(0x10, 0x3, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000040)={0xfff, {{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x25}}}}, 0x88) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 392.209986][T12534] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 392.209986][T12534] program syz-executor.4 not setting count and/or reply_len properly 17:04:02 executing program 3: 17:04:02 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, 0x0, 0x0, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:04:02 executing program 5: 17:04:02 executing program 0: 17:04:02 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:02 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$EVIOCGBITSND(r1, 0x80404532, &(0x7f0000000040)=""/4096) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000001040)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) write$P9_RMKDIR(r3, &(0x7f0000001080)={0x14, 0x49, 0x2, {0x20, 0x1, 0x3}}, 0x14) close(r2) 17:04:02 executing program 3: 17:04:02 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f00000000c0)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00'}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) r5 = socket$inet6(0xa, 0x3, 0x3a) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r2, 0x0, r4, 0x0, 0x4ffe0, 0x0) 17:04:02 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, 0x0, 0x0, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 392.803305][T12552] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 392.803305][T12552] program syz-executor.4 not setting count and/or reply_len properly 17:04:02 executing program 0: r0 = openat$vcs(0xffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) ioctl$int_in(r0, 0xc01047d0, &(0x7f0000000140)=0x8) 17:04:02 executing program 3: perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) 17:04:03 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:03 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000000)={0x1, 0xa, 0x4, 0x70000, 0x8, {}, {0x3, 0xc, 0x96, 0x0, 0xfe, 0x8, "f4da780d"}, 0xbcd, 0x1, @offset=0x1, 0x80000000, 0x0, r1}) socket(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'ip6_vti0\x00', r2, 0x29, 0xf3, 0x9, 0x7fffffff, 0x32, @mcast1, @private1={0xfc, 0x1, [], 0x1}, 0x700, 0x1, 0x7, 0x6}}) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="380000002400070500000040ce49168b6b45f235", @ANYRES32=r6, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0xe}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x58, 0x0, 0x0, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x404a011}, 0x4894) 17:04:03 executing program 0: perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0xa4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001145042, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x12, r1, 0x0) [ 393.455855][T12578] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 393.455855][T12578] program syz-executor.4 not setting count and/or reply_len properly 17:04:03 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_extract_tcp_res$synack(0x0, 0x1, 0x0) syz_emit_ethernet(0x3a, &(0x7f00000001c0)={@local, @remote, @val={@void}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 17:04:03 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 393.499365][T12577] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 393.644434][T12585] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:03 executing program 3: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') dup(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x30132, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x3ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mount(0x0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000280)='binfmt_misc\x00', 0x0, 0x0) r0 = syz_open_dev$vcsu(0x0, 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) creat(&(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) rt_sigqueueinfo(0x0, 0x15, 0x0) unlink(&(0x7f0000000040)='./file0\x00') 17:04:03 executing program 0: mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x44, &(0x7f000002eff0), 0x8) 17:04:03 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r2, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000080)=0x4, 0x4) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r1, 0xc038563b, &(0x7f0000000040)={0x1, 0x0, {0x6, 0x7, 0x3, 0x4}}) 17:04:03 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f00000000c0)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00'}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) r5 = socket$inet6(0xa, 0x3, 0x3a) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r2, 0x0, r4, 0x0, 0x4ffe0, 0x0) 17:04:03 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x0, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:04 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 394.153715][T12616] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 394.153715][T12616] program syz-executor.4 not setting count and/or reply_len properly 17:04:04 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac141436"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:04 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, &(0x7f0000000040)={0x7ff, 0xc74, 0x1}) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000003070000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000100000004040000f5067d60b7030000000000006a0a00fe18000000850000002b000000b70000000000000095000000000000000d7a28073a82f5e4aeb54e36633e27c279341bf489903cfdb4c05e96e3046f04e77949c306340ee6af0d499a0d063518598e7e290b39f2fc2a5e019bc692f1bc83f86413e4887e83fbb2215b8a34e6bdc4dc1af6d3c6958da4bddac602e0048bec11e874602f060000002af21b753af0a0cc85ae281993bfa2139a3bb755c1f1abd1964007000000e27b2121a5f03dff9787dfd6e7608eb638e6fc4e0bc6bd5ff35928a5b5fa723028eb6ddd35ea79b92beeb52265a4b04ba50fd46a504146a159dce7a1688da6c9daf3f24ad7b965af8f522371c9a43c80ee6b397bea247e2d714090d43fe66bbf4f4ffe410bd701d035f867de2a20695033d91ee238c824e0b7a0aeffb9843947c3bc96e1f95c245168d2aeed2e00463d9c039bfdd58709e898c7ebad73fc48673c75c8b50db852621ad19c854622f7c7d79ec3ab4494353b458c718021442bbc6456bf0c9f6b822211eb1aa488fcaebb109382c7ab6db9c100f24e466494e7b8549cc139a74b5aaaf261f35e8347eaabe01afe21d7b7a958e9cd04b5bfa5cf78dd2fa958dbb605cd1a99613369185b2bcfe0bf0e31c83fdcb254da7cd3b68983d0798b455c8c5a5a8565d83d28437895929fa0896cf45eda77c4feae29d96568c487a74dd4f9e8465f09818c12dfc93fdb09a1d04a087d3bf219efab764d3cd676f101d3b6c9177c57340b245f15af472f1b837081969db2d58ceab0b432005a86e6c450ae4241c08a6469ac65af64737af961cc90132cd2ccb6d7adf63846af1554cfcaa4eb357142a5b525a18d9d88d42520c0903bc444dc0eec4d26e586eff7c432cd12be4c796f9ebe4481f971c52a8cc7b0edab7ae8185bb7cd1fb78ff9e194e17c65acd8d015443a21815bf56f08f1d2293ced278899a972056380b4f343d39737b149e16b060000005d362cde82509ead8932869d3d9b3e87d56ac5c41f4d711c8b68a0a16c018ce2a24832cddb18bec414d78f886d1ebf7300384b13efefa03ad55fbaefc026eaa571d5deb4495ebd6fc7d457af008e74855562bbb4f255c5a6819ae0ccfdd7403d13938b4bae98b98b621c309b18df38a1cd779bf479096c09851c1f2e1765212094ffb97ebf972e48871f76b5e0cdfda81df28e5f721f8a63c0fbd8ac992d7535452f7af68f5ae22020afd0a6036d51cda98fef44b69139315832d49fef81198f15ebe3a7548ba46451d93da03b99becd85851e7157d7e23b2803358d060fc4fa989796900a9d76008d537275a8fb1d419408248ddc98113e884991726bf0540100000086e0f6bc373e438df8508198cb61a4640684d02f9f97cedee66fb92098eaa9ee8dedc0003731c511efcfa620075518635230b3467b92bf76b271bdab823dc284323acc4fc92e8fe452351272730702208f63ebf791adae9111d09727ed1d6fa159ee87aed74e5bfc1c93da96da4f3d0d8c03273b474bd194d2579541f86370d3f5258941be9285191261a6139090e32cd51089d136548ccdabfe1d2cc8e151cc6ecc1b91551eabca418e41289498d659f2ab89bbe5d40ed966b5ff74b12db521c36ce6c1daaafd9dca802bac19ed4e70a64d2a99092098493764662cc153f57deaff4f68ae76f3451daf9b27a11744b9b69f6ce477d6ee279bba72df0f04e22eb2650df6cde761917dea7c34e113ec765bb5fa0c71b8c2e25f001118fbc496a153a0d6e08a8f9117165e01044cb9fb0bb4026372effb9490290541a3930b38705e05758b90f8cf42b4886d417da85e8ab3c9efb8ad688491ba005eb7a798e935f7308ddbd001e478ccb308bc6596ccae90f5037c4dc020cf21bacc3cfa51db4e4ab6f92a355d4382802fdd9d746a1495489de7c21e3c6055d8a2dae048c10942fa9fe7a02dabf2c563dc4b81afa900000000d72299776a348fe7cce33e4138e7b26ab7630d407b82ee3ef340fb5794faf22c63c309ce6d3f0f292bee2f1172674fe921ae23008f352d85541c902f0a9209d558642ef490017d4f37e21a501dd5e39a5b0cfc9cb1b638459b65a2b2d5a7a5b95c87434ef38b4e0905e6347eee4c8c88d370433bc227749e1b870dd742d569da8d372d2af0f1fd3490dca52f4cb8bae142859e0650f3b958201491529569e27f3d7079f9df47af3eda8f7090d27826f61cee56063c23bae60d932e84e1f26519b3e1d34fa4a386c1ba82ba0b5778c717a20a99498be4f239d70b4789b9237df3ae59fcf96b68709257b5bc83e29738281a06bc2a4dcd6a21deecb2440166b74a617dbfeaaf17bc57f2967650f6dd757b803408ce3ede97303e626b42966b613fb6692000dace36b2977edee0847182dacf6f543185be2cbf90030c41c260b2d0057748c9f1650d6a5c692b1c62112f65b2c713a02b9ed0f28b22cafa1cabf3270e230f1a8456295e078a6ee96ea37458817d0bc27cd0a3274a0cca3eb07b8c65cf474263a5c7fb7174bacbf853bec6a7ceee35c51dfa636021dab8f8f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r0, 0x703, 0xe, 0x4d2f, &(0x7f0000000080)="1c04ff01de6da9725f90c5a06d0f9f2400844d0044a98db225a47ecb10b429441dec77009050d9560e58f2e162226d4fe467a890b6c4c556c6894acf3d4cd49c4dd5a2d05d6ce642e3abc0e0cb0a7de568fb3f30013c74eb73383ebaf4257042ec5277fa18a9b201882996c7b8de5080c75756094ac8e258ff1673c27fb2f2bffc290edbc5dec9e44b6fab8d5fcbd12ae8339b04701b316bd5eccc3961ce80", 0x0, 0xf0, 0x0, 0x0, 0xfffffffffffffe19}, 0x28) 17:04:04 executing program 2: socket(0x10, 0x3, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040)='/dev/snd/midiC#D#\x00', 0x100, 0x101000) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020101020800038005000000", 0xffffffa0) 17:04:04 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:04:04 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x0, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 394.709938][T12642] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 394.709938][T12642] program syz-executor.4 not setting count and/or reply_len properly 17:04:04 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0) 17:04:04 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f0000000000)) 17:04:04 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) ioctl$KVM_PPC_GET_PVINFO(r1, 0x4080aea1, &(0x7f0000000040)=""/189) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:04:05 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:04:05 executing program 5: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xa3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=@newlink={0x4c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ip6gre={{0xb, 0x1, 'ip6gre\x00'}, {0x4}}}, @IFLA_MASTER={0x8}, @IFLA_NUM_TX_QUEUES={0x8}, @IFLA_MTU={0x8}]}, 0x4c}}, 0x0) 17:04:05 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x0, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:05 executing program 0: perf_event_open(&(0x7f00000002c0)={0x2, 0x78, 0xa4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00') sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x18, r1, 0x301, 0x0, 0x0, {0xb}, [@ETHTOOL_A_LINKMODES_HEADER={0x4}]}, 0x18}}, 0x0) 17:04:05 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0) 17:04:05 executing program 2: setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000040)=0xb1, 0x8) write(0xffffffffffffffff, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 395.437458][T12664] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.5'. [ 395.473199][T12665] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 395.473199][T12665] program syz-executor.4 not setting count and/or reply_len properly [ 395.602698][T12674] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.5'. 17:04:05 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:04:05 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$vcs(0xffffff9c, 0x0, 0x0, 0x0) exit_group(0x0) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540), 0xc, &(0x7f00000005c0)={0x0}}, 0x4) r0 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f9e, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0xc2) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, 0x0, &(0x7f0000000300)) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000340)='./file0\x00', 0x80800, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000006c0)='./file0\x00', 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="00fb730000070000000000000000000000000000000ff05ab5ea32cc10ede8d7ce44eb646b62baa2ddd17ccba29b25a9954ca46a5d66ecb428b5d07687bd7e1186ab5b3fa90c11c032bc53bc6516d196cccdf97178012dcb5f363dc6647489506ad3e51f2827546f2a02db"], 0xfffffffffffffe18, 0x3) write$cgroup_subtree(r2, &(0x7f00000000c0)={[{0x2d, 'io'}]}, 0x4) fsetxattr$system_posix_acl(r0, 0x0, &(0x7f0000000640)=ANY=[@ANYRES32=0x0, @ANYBLOB="040004000000", @ANYBLOB="3a060500000000"], 0x3c, 0x0) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, 0x0) write$cgroup_subtree(r2, &(0x7f0000000280)={[{0x2b, 'io'}, {0x0, 'pids'}]}, 0xa) 17:04:05 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0) 17:04:05 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) r3 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r3, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000140), 0x4) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r4 = pidfd_getfd(r1, r2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_TRAP_SET(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="58100000", @ANYRES16=r6, @ANYBLOB="01000000000000000000330000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000"], 0x58}}, 0x0) sendmsg$DEVLINK_CMD_SB_GET(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, r6, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x19}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000884}, 0x0) r7 = openat$mice(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/input/mice\x00', 0x8202) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="8496a8280b65e3fe2efefe07000000dddf45f80ff7d800000000cda55517a9aead90ada877558340e84c3394a75bbbc56ce9aa1b430fdb56b7", @ANYRES16=r8], 0x1c}, 0x1, 0x50000}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r7, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="00042cbd7000fe00"/23], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x11) 17:04:05 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:05 executing program 5: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000180)) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff7ff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b70500000000e000720a23fe000000008500000012000000b70000000100000095000000000000004e6258941c823b7505608756ba4ababb42684e890d31ae450400373a0a5447a801b8c1c4f0c4bd97c6555e61345400f9bd42abeb9ade0105000000000000a21902ff07000094a2b51c21df74924f5436a6ed89b98f75e800230c49c90fe1336481f3b92a63336c36fcd745d61d7739c6554ca201000000bebbe8282f8b1e26407437a397bf8f50e87ed4d27adfd876bffc402887781979461c4363bc5c9b6202ea471428197ec0ea4334844d2322e8965c79435883df6c10ce86188c92292b2d0226082960be682836bdff860971f2a5405e453228e7b1005bd73479358a90df3e481947de6453736aa572158af6ea63d6d418fbbd2bba050000001da098ef78dffcff5e1ed19913a5fb25c79dac2e489f681278926581f9e7ffb588a71dffffff951b8535167ab8069a2c92a3aa18e22517e92c26637b4c34bf2d0aa304ed42bf7048ffffff7f3fd169331f37fddd1f7fbe16dbbc0f307bceb5064f388a0350c3dc928b0e638b1e2b2a9d25264233e5d45eb377f56b95241024dbe30f67191c2b56b7032ed6d3215dfffe5d89af1d10599bd494d921d1fb2db99b6aba04a978f41e8ed4c553e5a9326ed550c13f8dd36716a899a1e79234294707c5312b924d142c17b20bb80ee202222c03fa84ccc374e7171094018630366397266090a12343aedfbf7afe892390c2eb775b0d16073da2229958db05de7df6ab7600004000010004006d80810da0e23b50465f8394820be571e3592d0000c7ef10fdc462e7040e7074ec43aa461fc54401a76406db718d4efd6c95524c85df0952d32093082b7aa71304e0d2d9cc310d1b676b378a5879e47941de1a28c3a8f4be28628bd443537d0e032b7d2badd0bc6617a859b7ac273b63040000006f43291829030f06cc0ca1765838eb5590264736fbccfc3a8f10daf6a275daf5db2dac70b0fedb05e68d0300000073ce6b144503d31408fa20140c9d2db1c59ac8a3ce28e489d67d87d3a107ccea3007f58f2c5017e8807107f79ac50cc1d4f546b4443d137eb706b71b1767a10cca7a7c82b76c96e874aff249f36329a6636b354b6e674b08f7b7f72bd7dbc96aef53be267d79fd782027318cd7632e22d2faa16209272b39b5ec8d239832ea02cc88e249a2e77753a58987547571fbc8de5b7faab724bebb6401412b496e0711d759fc5a9c441a8fcb6c78ab447e871b76a8b0506f49594aa1d610567e14d739a60ff3ce04d0d2e5681e787c7e1ad25467bb81f2f448128207de07a83759ec30cf9e0a3fd3f2fcee97fe8d273f8e712a8a64eaf2d89a1fa44554357fcd7ab531ff7a41c27164fca430a62d010a63642ec32ece2ff3bb5883deb895f52a923b5c744d8dccdd6a09ded8b90f1eeda8e6e884a4f090edb6ab9fc8107846508d51f3735493d5860cf80200ce31b92eb3563d485b5a7d192092d7a9fd2bc67d305d1d4573aad5f6501d1cd27657ce17330402dacb78d72d776330713045eed7d4c292f4448733c0826c4eb950f3dc0457f82d013a2d106518f6bde874aff9e2bea7d73f74bebeeacfc700000000000000000000d40d73be47803297dbe34264c8c70b7761b22a7114a078a87d63d6ba212abef4181ad9e4872e328c0f105d51e3d167a2b717051d7681f92a2d0e1e8e38ba04552eeba18a000000b22b50d76d85040c9000ea68a528049a60d5e26b20455194f4be3b8466fd66d0e6cefcff7891c485d61cb66f4076cd60a22733cb00cf7cc12ca7d9bb864c0e650236a79a5c85349a9b1e6bbc3bbbace197e72490c566431cd3a08e9d1b641c1ba1f661d01573b904c3fa152737d294ac21fefe3d161fdf58e8bc5957ef145839f4370176e1be88d2e3516a1998c1621a00b4438b85a4dfee6f61827a1e50e158078b037dfda3ffb35069e41fc740ae720800de53948f176c3c0400a529c02434b920d87f12a6e3420a2fdcb3559e7a5b1ddbb06b7a5977f63bfac701e673bf626d126b213c92e7169a9302eb8d76f9db34e8098bea301baa96916d6458c923866dc192928b320738d1b298fb55f2a6450000000000000000ea00000000509885a38d9d995a46817e7ff7acddccce8f3ba739d90ddc5d62a85f9253c63f86baf33f92820c9ff497cf76b6482c3ab53fb6ecea6d220b91b99b2fb4279ab09ae0645ab92df309000000000000a4868411948f8e3e259b717d722a1eebd3f6860a17f1ae9e10a1178f6aef4951b192d13e9600c1f708ca7b1d127e451034469bf2a8f93dbae6ad8e932e431dc18323794156238625bb9c45c5a76a68a8646e701b29a71ffbd854f50f195823106a5625ff94221f1f04c72525b50aae69ff1ce9626de9847bf53475d90642d973c654d80b1b99b466e2e9ec660ee99ae2e90000000000000000000000da70573b0fc71b0790eec435926520d8f905306cffd1f2ffd725b8a7d22d97211a7ff2f52b55fce702041bed4d07aaf30d3229b4529eafa7fc265ce6f569ad98cc630c8b2492f0b1b6c4c4b80e5cc0d1b0969cc59394b298179c39c8607ca6d1302ef382c0218156981d21a826c4b4cc6eafbc1bc7b4f49a3f8505eb8f70462f91f3ab0a9510708d4689fb26e5c58904700a5083d81198f42c537823b0fe431d4c0b2bfa6a0aeaaccbb14f0fa9a4f9362f6f"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1d4}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r0, 0x3000000, 0xe, 0x0, &(0x7f00000003c0)="0069c2704ade28eddb0000200000", 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 17:04:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000000)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0xa4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:06 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 396.116486][T12693] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 396.116486][T12693] program syz-executor.4 not setting count and/or reply_len properly 17:04:06 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0) 17:04:06 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) close(r1) 17:04:06 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/key-users\x00', 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:06 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x6c, r2, 0xc573de0d27bdfe6f, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}, {0x20, 0x3, @in6={0xa, 0x0, 0x0, @remote}}}}]}]}, 0x6c}}, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x1fc, r2, 0x18, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}]}, @TIPC_NLA_MEDIA={0xe8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x27}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc99}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_BEARER={0x7c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e20, @multicast1}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x80000000, @private2, 0xfffffffd}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x12, 0x1, @l2={'ib', 0x3a, 'ip6erspan0\x00'}}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000000}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffe}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x392}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x34c0a710}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x40008040}, 0x59fefa7e352924cc) 17:04:06 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 396.659744][T12720] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 396.659744][T12720] program syz-executor.4 not setting count and/or reply_len properly [ 396.800877][T12723] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 17:04:06 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) 17:04:06 executing program 5: r0 = socket(0x2, 0x5, 0x0) connect$unix(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="8202f3899c"], 0x10) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x13, &(0x7f0000000000)=ANY=[], 0x8) 17:04:06 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 396.978064][T12736] tipc: Invalid UDP bearer configuration [ 396.978138][T12736] tipc: Enabling of bearer rejected, failed to enable media 17:04:07 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r2, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r4 = socket$inet6_sctp(0x1c, 0x5, 0x84) r5 = dup2(r4, r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x21, &(0x7f0000000000)={0x7fff, 0x0, 0x0, 0x0, r6}, 0x10) 17:04:07 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) [ 397.242848][T12750] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 397.242848][T12750] program syz-executor.4 not setting count and/or reply_len properly 17:04:07 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 17:04:07 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) accept$alg(r0, 0x0, 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) readv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/12, 0xc}], 0x1) r3 = dup3(r1, r2, 0x80000) openat$cgroup_ro(r3, &(0x7f0000000180)='cgroup.stat\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x84) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:04:07 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup(r0) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x1d, &(0x7f0000000140), 0x8) 17:04:07 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:07 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500), &(0x7f0000000040)=0x10eef0f1) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:07 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 17:04:07 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc1004110, &(0x7f00000000c0)={0x2, [0x101, 0x0, 0xffff7fff], [{0x1ff, 0x4, 0x0, 0x0, 0x1}, {0x3, 0x10000, 0x1, 0x0, 0x1, 0x1}, {0x5, 0x3, 0x0, 0x1, 0x1}, {0x81, 0x2, 0x0, 0x1, 0x1, 0x1}, {0x9, 0x9, 0x0, 0x1, 0x1}, {0x1ff, 0x6, 0x0, 0x0, 0x1, 0x1}, {0x33, 0x5, 0x0, 0x1, 0x0, 0x1}, {0x8, 0x2, 0x0, 0x0, 0x1, 0x1}, {0x1, 0xfffffc00, 0x1, 0x0, 0x0, 0x1}, {0xffffff7f, 0x2, 0x0, 0x0, 0x0, 0x1}, {0x67a9, 0x2, 0x0, 0x0, 0x1, 0x1}, {0x0, 0x2c5, 0x0, 0x0, 0x0, 0x1}], 0x3}) r1 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r1, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000000)={0x1, 0x3, 0x0, 'queue0\x00', 0xbad}) 17:04:07 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c}, 0x1c) [ 397.931956][T12789] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 397.931956][T12789] program syz-executor.4 not setting count and/or reply_len properly 17:04:07 executing program 5: r0 = socket(0x2, 0x5, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=[@init={0x14}, @authinfo={0x10}], 0x24}, 0x0) 17:04:08 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500), &(0x7f0000000040)=0x10eef0f1) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:08 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:08 executing program 2: r0 = socket(0x1d, 0x800, 0x5) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:04:08 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, &(0x7f0000000080)="ee", 0x1, 0x0, &(0x7f0000000040)=@in6={0x1c, 0x1c, 0x3}, 0x1c) 17:04:08 executing program 0: r0 = socket(0x2, 0x5, 0x0) connect$unix(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="8202f3899c"], 0x10) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x13, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES16], 0x8) 17:04:08 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500), &(0x7f0000000040)=0x10eef0f1) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) [ 398.506547][T12814] can: request_module (can-proto-5) failed. [ 398.521439][T12816] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 398.521439][T12816] program syz-executor.4 not setting count and/or reply_len properly [ 398.562214][T12814] can: request_module (can-proto-5) failed. 17:04:08 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x10, &(0x7f0000000000), &(0x7f00000000c0)=0x4) 17:04:08 executing program 2: r0 = socket(0x8, 0x1, 0x80000004) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) 17:04:08 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:08 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0xffffffffffffffd7, 0x1c, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c}, 0x1c) connect(r0, &(0x7f00000004c0)=@in6={0x1c, 0x1c, 0x1}, 0x1c) 17:04:08 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:08 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendmsg(r0, &(0x7f0000000080)={&(0x7f0000000280)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) getsockname(r0, 0x0, &(0x7f0000000040)) 17:04:09 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)) getdents64(r0, &(0x7f0000000df0)=""/526, 0xa9dceadb052c07c7) r1 = socket(0xa, 0x1, 0x0) close(r1) sendmmsg$inet_sctp(r1, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="30000000000000008400a800010000000100000004"], 0x30}], 0x1, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x7b, &(0x7f0000000100)={r3}, 0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000100)={r3}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000180)={r4, 0x64}, 0x8) r5 = socket(0x10, 0x3, 0x0) r6 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r6, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000040)=""/91, &(0x7f00000000c0)=0x5b) write(r5, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 399.129631][T12840] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 399.129631][T12840] program syz-executor.4 not setting count and/or reply_len properly 17:04:09 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) sendmsg$inet_sctp(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="020084"], 0x14}, 0x104) 17:04:09 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:09 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) sendmsg$inet_sctp(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@dstaddrv6={0x1c, 0x84, 0xa, @rand_addr=' \x01\x00'}], 0x1c}, 0x104) 17:04:09 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:09 executing program 5: r0 = socket(0x2, 0x5, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000180)={&(0x7f0000000000)=@in6={0x1c, 0x1c, 0x1}, 0x1c, 0x0, 0x0, &(0x7f0000000880)=[@init={0x14}, @authinfo={0x10}, @dstaddrv4={0x10, 0x84, 0x9, @local={0xac, 0x14, 0x0}}], 0x34}, 0x0) 17:04:09 executing program 2: r0 = socket(0x19, 0x6, 0x0) write(r0, &(0x7f0000000000)="2400000058001f000307f4f9002304000a04f51108000100020100020800038005000000", 0x24) [ 399.704781][T12876] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 399.704781][T12876] program syz-executor.4 not setting count and/or reply_len properly 17:04:09 executing program 1: r0 = socket(0x2, 0x10000001, 0x84) bind$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) 17:04:09 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:09 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x2e}, 0x10) 17:04:09 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000700)=[{&(0x7f0000000380)=""/82, 0x52}], 0x1) r1 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r1, 0x0) accept$inet(r1, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000000)=""/169, 0xa9}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0xd}, 0x42) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r4, 0x0, 0xffffff2e, 0x0, 0x0, 0x800e005ae) shutdown(r3, 0x0) shutdown(r4, 0x0) 17:04:10 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:10 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendmsg(r0, &(0x7f0000000b80)={&(0x7f00000001c0)=@in6={0x1c, 0x1c, 0x3}, 0x1c, &(0x7f0000000680)=[{&(0x7f00000003c0)="17", 0x1}], 0x1, &(0x7f00000006c0)=[{0x10}], 0x10}, 0x0) 17:04:10 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r2, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r4 = socket$inet6_sctp(0x1c, 0x5, 0x84) r5 = dup2(r4, r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x29, &(0x7f0000000040)={r6}, 0x8) 17:04:10 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendmsg(r0, &(0x7f0000000040)={&(0x7f0000000080)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) 17:04:10 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00'}) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) [ 400.352386][T12909] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 400.352386][T12909] program syz-executor.4 not setting count and/or reply_len properly 17:04:10 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000300)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0x100, &(0x7f0000000100), &(0x7f0000000040)=0xb0) 17:04:10 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:10 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00'}) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:10 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) sendmsg$inet_sctp(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@authinfo={0x10}], 0x10}, 0x104) 17:04:10 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) sendmsg$inet_sctp(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@dstaddrv6={0x1c, 0x84, 0xa, @rand_addr=' \x01\x00'}, @sndinfo={0x1c}], 0x38}, 0x104) [ 400.869207][T12930] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 400.869207][T12930] program syz-executor.4 not setting count and/or reply_len properly 17:04:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000700)=[{&(0x7f0000000380)=""/82, 0x52}], 0x1) r1 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r1, 0x0) accept$inet(r1, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000000)=""/169, 0xa9}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0xd}, 0x42) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r4, 0x0, 0xffffff2e, 0x0, 0x0, 0x800e005ae) shutdown(r3, 0x0) r5 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r5, 0x0) accept$inet(r5, 0x0, 0x0) shutdown(r4, 0x0) 17:04:11 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x903, &(0x7f00000000c0), 0x6) 17:04:11 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, r1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:11 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00'}) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:11 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect(r0, &(0x7f00000004c0)=@in6={0x1c, 0x1c, 0x1}, 0x1c) connect(r0, &(0x7f0000000080)=@in6={0x1c, 0x1c, 0x3}, 0x1c) [ 401.361240][T12954] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 401.361240][T12954] program syz-executor.4 not setting count and/or reply_len properly 17:04:11 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) dup2(r0, r1) r2 = fcntl$dupfd(r1, 0x0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x23, &(0x7f0000000000)=0x1c00, 0xfe6a) 17:04:11 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, r1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:11 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bind$packet(r1, &(0x7f0000000240), 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r2, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:11 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)=@in6={0x1c, 0x1c, 0x3}, 0x1c) listen(r0, 0x0) 17:04:11 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) bind(r1, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c) [ 401.799785][T12980] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 401.799785][T12980] program syz-executor.4 not setting count and/or reply_len properly 17:04:11 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bind$packet(r1, &(0x7f0000000240), 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r2, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:12 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, r1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:12 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x4, 0x0, 0xfffffff7}, 0x10) 17:04:12 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f0000001580)={&(0x7f0000000000)=@in6={0x1c, 0x1c, 0x1}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x104) 17:04:12 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x1, &(0x7f00000001c0), 0x10) 17:04:12 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) r2 = dup2(r0, r1) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x108, &(0x7f0000000140)={0x0, 0x0, 0x3}, &(0x7f0000000180)=0x18) [ 402.363046][T13005] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 402.363046][T13005] program syz-executor.4 not setting count and/or reply_len properly 17:04:12 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bind$packet(r1, &(0x7f0000000240), 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r2, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:12 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000cab000)) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:12 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000300)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000000040), &(0x7f0000000080)=0x8) 17:04:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000700)=[{&(0x7f0000000380)=""/82, 0x52}], 0x1) r1 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r1, 0x0) accept$inet(r1, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000), 0x1000000000000341}, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r4, 0x0, 0xffffff2e, 0x0, 0x0, 0x800e005ae) shutdown(r3, 0x0) accept$inet(r1, 0x0, 0x0) shutdown(r4, 0x0) 17:04:12 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, &(0x7f00000000c0)="4a8299e558d8ead5f68db9699e5bc701520c9d633aaa433883c4530c7b40e6bb7e5e79a376bb9f6d0e0e0443471b46ce918989d555d240a21c569b907cbb294374263c5ac4fda1afdf668c7a4488ec3469e503fd60206ae99197f981c4e5c00ab9f2bab5187e443fb25787f441", 0x6d, 0x20004, &(0x7f0000000040)=@in6={0x1c, 0x1c, 0x3}, 0xa) [ 402.974502][T13038] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 402.974502][T13038] program syz-executor.4 not setting count and/or reply_len properly 17:04:12 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f0000001580)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) sendmsg$inet_sctp(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@sndinfo={0x1c}], 0x1c}, 0x104) 17:04:12 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r2}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:13 executing program 2: 17:04:13 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000cab000)) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:13 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r2}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:13 executing program 5: [ 403.582898][T13062] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 403.582898][T13062] program syz-executor.4 not setting count and/or reply_len properly 17:04:13 executing program 2: 17:04:13 executing program 0: 17:04:13 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000cab000)) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r2, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:13 executing program 5: [ 404.030107][T13074] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 404.030107][T13074] program syz-executor.4 not setting count and/or reply_len properly 17:04:14 executing program 1: 17:04:14 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r2}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:14 executing program 2: 17:04:14 executing program 0: 17:04:14 executing program 5: 17:04:14 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, 0x0) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:14 executing program 2: 17:04:14 executing program 1: 17:04:14 executing program 0: 17:04:14 executing program 5: 17:04:14 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, r2}, 0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) [ 404.560125][T13086] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 404.560125][T13086] program syz-executor.4 not setting count and/or reply_len properly 17:04:14 executing program 2: 17:04:14 executing program 0: 17:04:14 executing program 5: 17:04:14 executing program 1: 17:04:14 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, 0x0) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:14 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, r2}, 0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:14 executing program 2: 17:04:15 executing program 1: [ 405.075500][T13099] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 405.075500][T13099] program syz-executor.4 not setting count and/or reply_len properly 17:04:15 executing program 0: 17:04:15 executing program 5: 17:04:15 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, r2}, 0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:15 executing program 2: 17:04:15 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, 0x0) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:15 executing program 1: 17:04:15 executing program 0: 17:04:15 executing program 5: [ 405.634405][T13113] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 405.634405][T13113] program syz-executor.4 not setting count and/or reply_len properly 17:04:15 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r0, &(0x7f0000000240)={0x11, 0x0, r2}, 0x14) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:15 executing program 2: 17:04:15 executing program 1: 17:04:15 executing program 0: 17:04:15 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:16 executing program 5: 17:04:16 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r0, &(0x7f0000000240)={0x11, 0x0, r2}, 0x14) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:16 executing program 2: 17:04:16 executing program 1: [ 406.263247][T13123] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 406.263247][T13123] program syz-executor.4 not setting count and/or reply_len properly 17:04:16 executing program 5: 17:04:16 executing program 0: 17:04:16 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r0, &(0x7f0000000240)={0x11, 0x0, r2}, 0x14) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:16 executing program 2: 17:04:16 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:16 executing program 1: 17:04:16 executing program 0: 17:04:16 executing program 5: socket$inet_tcp(0x2, 0x1, 0x0) getrandom(&(0x7f0000000080)=""/4069, 0xfe5, 0x0) lsetxattr$trusted_overlay_origin(&(0x7f0000000040)='.\x00', 0x0, 0x0, 0x0, 0x4) 17:04:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) getrandom(&(0x7f0000001ac0)=""/4096, 0x1000, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8983, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) dup2(0xffffffffffffffff, 0xffffffffffffffff) accept$inet6(0xffffffffffffffff, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) socket$nl_generic(0x10, 0x3, 0x10) [ 406.857131][T13138] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 406.857131][T13138] program syz-executor.4 not setting count and/or reply_len properly 17:04:16 executing program 2: 17:04:16 executing program 3: r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:17 executing program 0: 17:04:17 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:17 executing program 5: 17:04:17 executing program 2: 17:04:17 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000a80)={@void, @val, @ipv6=@gre_packet={0x0, 0x6, '\x00', 0x4c, 0x2c, 0x0, @local, @mcast2, {[@dstopts={0x2f}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}}}}}, 0x7e) 17:04:17 executing program 3: r0 = socket(0x0, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) [ 407.447037][T13155] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 407.447037][T13155] program syz-executor.4 not setting count and/or reply_len properly 17:04:17 executing program 5: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20040f7c, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='cdg\x00', 0x4) connect(r0, &(0x7f0000000180)=@un=@file={0x0, './file0\x00'}, 0x80) 17:04:17 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000004d80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffe0}}], 0x1, 0x0) 17:04:17 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20040f7c, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='hybla\x00', 0xce) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95433a3a07e758044ab4ea6f7ae55d88f5ef93a1a7511bf746bec66ba", 0x4d, 0x0, 0x0, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) 17:04:17 executing program 3: r0 = socket(0x0, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='hybla\x00', 0x6) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4), 0x1c) 17:04:17 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:18 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x20000000021) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x0, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0x78) 17:04:18 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20040f7c, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='hybla\x00', 0xce) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95433a3a07e758044ab4ea6f7ae55d88f5ef93a1a7511bf746bec66ba", 0x4d, 0x0, 0x0, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) [ 408.140817][T13182] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 408.140817][T13182] program syz-executor.4 not setting count and/or reply_len properly [ 408.332569][ C0] dccp_invalid_packet: P.Data Offset(0) too small [ 408.352991][ C0] dccp_invalid_packet: P.Data Offset(0) too small 17:04:18 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='hybla\x00', 0x6) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4), 0x1c) 17:04:18 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 408.649705][T13201] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 408.649705][T13201] program syz-executor.4 not setting count and/or reply_len properly 17:04:18 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000340)=""/248, 0xf8}], 0xf8) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, "000072000032eb00"}) syz_open_procfs(0x0, 0x0) r1 = syz_open_pts(r0, 0x2002) dup3(r1, r0, 0x0) write(r0, &(0x7f0000c34fff), 0xffffff0b) 17:04:18 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20040f7c, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='hybla\x00', 0xce) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95433a3a07e758044ab4ea6f7ae55d88f5ef93a1a7511bf746bec66ba", 0x4d, 0x0, 0x0, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) 17:04:18 executing program 0: mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x7a00, 0x0) chdir(&(0x7f0000000440)='./file0\x00') r0 = open(&(0x7f00000001c0)='./bus\x00', 0x140042, 0x0) fallocate(r0, 0x0, 0x0, 0x4000004) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) sendfile(r1, r1, 0x0, 0x8080fffffffe) creat(&(0x7f0000000240)='./bus\x00', 0x0) 17:04:18 executing program 3: r0 = socket(0x0, 0x2, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:18 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='hybla\x00', 0x6) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4), 0x1c) 17:04:18 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000470000006bf1bdd64d77a2d2a9d56e62c7295de4dfce62ba952dddeeb4a2f09139a19fba49a7681e86160a24f0e568d40cd9a4b0767fd1b0625936f02a05eb32b3f1541eae15"], &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) [ 409.115443][T13215] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 409.115443][T13215] program syz-executor.4 not setting count and/or reply_len properly 17:04:19 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20040f7c, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='hybla\x00', 0xce) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95433a3a07e758044ab4ea6f7ae55d88f5ef93a1a7511bf746bec66ba", 0x4d, 0x0, 0x0, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) 17:04:19 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='hybla\x00', 0x6) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4), 0x1c) 17:04:19 executing program 3: r0 = socket(0x10, 0x0, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002000000", @ANYRES32=r4, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) 17:04:19 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1}}) prctl$PR_GET_DUMPABLE(0x3) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) connect$inet6(0xffffffffffffffff, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback, 0xa572}, 0x1c) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, 0x0, &(0x7f0000000200)=0x6b) keyctl$chown(0x4, r3, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$P9_RSTAT(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="5b0000007d0200000054000600700b000004020000001f0000e21f00000000008c0000100000360400003f000000000000000f002f6465762f736e642f74696d65720004002d04242e05005e2d7d253b09002f6465762f73672300"], 0x5b) 17:04:19 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00') r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000100)=ANY=[@ANYBLOB="66696c746572000000ffffffffee230000000500000000581dfa3f3dce2f7f000e00000004000000800300000801000000000000d8010000d8010000d8e5ffffaf020000b0020000b0020000b0020000b002000004000000edffffffffffffff00000000000000ecff0000ffc400001ab74a075eddb91b000000000000edffffffffffffff000400000000000000001000000000000000000000000000000000f4ca000001000002000000000000000000005a9ed1d837ca73ef00ddffff194adafbb6000000000000000000000000000000001a140000000000080000000700000000000000000400000000a8000801000000ecfffff60507e3ff7f7faf000095650000000000006000484d41524b00000040000000000000000001000006000000000000000000ff0100000000faffffff0000000600e50000400000000004003f050000000000000000000000ed000001000000000000008e7ea9570000000000000000000000fe92ec64ab0303f146000000001b7f5c0b8800000001010000000000000000010000000000af00030000000000f6d864277672af04f20000000000010000020072f93f0000000000000000000000000600657464657673696d300000000000ff07000000000000000000000000000000000000000000000008d62744c200f9ffffff00000000000000000000a800d000000700002200000049020000000000088100000000000000280052454a4543540000dfb70000000000000000000004000000000000000000ef0000000000f0ff000000000000000000000000ff0773000000000000000100000000000000000000000000000000000000000200000000000000000d2adc0000000000000000000000000004000000000000000000ffff000000000000000000009a940000000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000044442a800d800008600010000000000000d00000000000000000000400000300053455400000000000015020000000000000000b041d2c6000037c7ca4002000006000000060600000000910082000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d00000c70700000000000000080000000000aefc00000000000128000000000000000000cd00423c000000000000000000000000000000000000feffffff"], 0x1) sendfile(r0, r1, 0x0, 0xa808) 17:04:19 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0xa0900) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) [ 409.631525][T13236] sg_write: data in/out 601/49 bytes for SCSI command 0x0-- guessing data in; [ 409.631525][T13236] program syz-executor.4 not setting count and/or reply_len properly [ 409.636142][T13237] x_tables: duplicate underflow at hook 2 [ 409.709340][T13238] ===================================================== [ 409.716353][T13238] BUG: KMSAN: uninit-value in nf_conntrack_invert_icmp_tuple+0xaa/0x2c0 [ 409.724710][T13238] CPU: 0 PID: 13238 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 409.733394][T13238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 409.743463][T13238] Call Trace: [ 409.746777][T13238] dump_stack+0x1df/0x240 [ 409.751131][T13238] kmsan_report+0xf7/0x1e0 [ 409.755570][T13238] __msan_warning+0x58/0xa0 [ 409.761046][T13238] nf_conntrack_invert_icmp_tuple+0xaa/0x2c0 [ 409.767051][T13238] nf_ct_invert_tuple+0x346/0x590 [ 409.772081][T13238] init_conntrack+0x116/0x1ff0 [ 409.776852][T13238] nf_conntrack_in+0x1341/0x26b1 [ 409.781805][T13238] ipv6_conntrack_local+0x68/0x80 [ 409.786826][T13238] ? ipv6_conntrack_in+0x80/0x80 [ 409.791755][T13238] nf_hook_slow+0x16e/0x400 [ 409.796253][T13238] __ip6_local_out+0x56d/0x750 [ 409.801028][T13238] ? __ip6_local_out+0x750/0x750 [ 409.806826][T13238] ip6_local_out+0xa4/0x1d0 [ 409.811328][T13238] ip6_push_pending_frames+0x213/0x4f0 [ 409.816782][T13238] rawv6_sendmsg+0x4233/0x5c30 [ 409.821546][T13238] ? is_module_text_address+0x4d/0x2a0 [ 409.827022][T13238] ? kmsan_get_metadata+0x11d/0x180 [ 409.832402][T13238] ? kmsan_get_metadata+0x11d/0x180 [ 409.837589][T13238] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 409.843391][T13238] ? udp_cmsg_send+0x5d0/0x5d0 [ 409.848146][T13238] ? compat_rawv6_ioctl+0x100/0x100 [ 409.853336][T13238] inet_sendmsg+0x2d8/0x2e0 [ 409.857838][T13238] ? inet_send_prepare+0x600/0x600 [ 409.862946][T13238] kernel_sendmsg+0x384/0x440 [ 409.867619][T13238] sock_no_sendpage+0x235/0x300 [ 409.872467][T13238] ? sock_no_mmap+0x30/0x30 [ 409.876965][T13238] sock_sendpage+0x1e1/0x2c0 [ 409.881552][T13238] pipe_to_sendpage+0x38c/0x4c0 [ 409.886394][T13238] ? sock_fasync+0x250/0x250 [ 409.890982][T13238] __splice_from_pipe+0x565/0xf00 [ 409.895995][T13238] ? generic_splice_sendpage+0x2d0/0x2d0 [ 409.901632][T13238] generic_splice_sendpage+0x1d5/0x2d0 [ 409.907086][T13238] ? iter_file_splice_write+0x1800/0x1800 [ 409.912885][T13238] direct_splice_actor+0x1fd/0x580 [ 409.917992][T13238] ? kmsan_get_metadata+0x4f/0x180 [ 409.923098][T13238] splice_direct_to_actor+0x6b2/0xf50 [ 409.928460][T13238] ? do_splice_direct+0x580/0x580 [ 409.933495][T13238] do_splice_direct+0x342/0x580 [ 409.938346][T13238] do_sendfile+0x101b/0x1d40 [ 409.942943][T13238] __se_sys_sendfile64+0x2bb/0x360 [ 409.948048][T13238] ? kmsan_get_metadata+0x4f/0x180 [ 409.953149][T13238] __x64_sys_sendfile64+0x56/0x70 [ 409.958165][T13238] do_syscall_64+0xb0/0x150 [ 409.962657][T13238] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 409.968548][T13238] RIP: 0033:0x45c1d9 [ 409.972431][T13238] Code: Bad RIP value. [ 409.976482][T13238] RSP: 002b:00007fad9c1c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 409.984879][T13238] RAX: ffffffffffffffda RBX: 00000000000260c0 RCX: 000000000045c1d9 [ 409.992838][T13238] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 410.000891][T13238] RBP: 000000000078bfe8 R08: 0000000000000000 R09: 0000000000000000 [ 410.008948][T13238] R10: 000000000000a808 R11: 0000000000000246 R12: 000000000078bfac [ 410.016906][T13238] R13: 0000000000c9fb6f R14: 00007fad9c1c19c0 R15: 000000000078bfac [ 410.024880][T13238] [ 410.027211][T13238] Uninit was stored to memory at: [ 410.032223][T13238] kmsan_internal_chain_origin+0xad/0x130 [ 410.037929][T13238] __msan_chain_origin+0x50/0x90 [ 410.042856][T13238] icmp_pkt_to_tuple+0x35a/0x400 [ 410.047779][T13238] nf_ct_get_tuple+0xb9a/0x1530 [ 410.052615][T13238] nf_conntrack_in+0x6e0/0x26b1 [ 410.057452][T13238] ipv6_conntrack_local+0x68/0x80 [ 410.062464][T13238] nf_hook_slow+0x16e/0x400 [ 410.066955][T13238] __ip6_local_out+0x56d/0x750 [ 410.071704][T13238] ip6_local_out+0xa4/0x1d0 [ 410.076191][T13238] ip6_push_pending_frames+0x213/0x4f0 [ 410.081634][T13238] rawv6_sendmsg+0x4233/0x5c30 [ 410.086386][T13238] inet_sendmsg+0x2d8/0x2e0 [ 410.090876][T13238] kernel_sendmsg+0x384/0x440 [ 410.095537][T13238] sock_no_sendpage+0x235/0x300 [ 410.100373][T13238] sock_sendpage+0x1e1/0x2c0 [ 410.104950][T13238] pipe_to_sendpage+0x38c/0x4c0 [ 410.109873][T13238] __splice_from_pipe+0x565/0xf00 [ 410.114969][T13238] generic_splice_sendpage+0x1d5/0x2d0 [ 410.120412][T13238] direct_splice_actor+0x1fd/0x580 [ 410.125509][T13238] splice_direct_to_actor+0x6b2/0xf50 [ 410.130867][T13238] do_splice_direct+0x342/0x580 [ 410.136745][T13238] do_sendfile+0x101b/0x1d40 [ 410.141343][T13238] __se_sys_sendfile64+0x2bb/0x360 [ 410.146452][T13238] __x64_sys_sendfile64+0x56/0x70 [ 410.151464][T13238] do_syscall_64+0xb0/0x150 [ 410.155956][T13238] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 410.161836][T13238] [ 410.164146][T13238] Uninit was stored to memory at: [ 410.169180][T13238] kmsan_internal_chain_origin+0xad/0x130 [ 410.174888][T13238] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 410.181117][T13238] kmsan_memcpy_metadata+0xb/0x10 [ 410.186141][T13238] __msan_memcpy+0x43/0x50 [ 410.190558][T13238] csum_partial_copy+0xae/0x100 [ 410.195398][T13238] csum_and_copy_from_iter_full+0xdca/0x1800 [ 410.201374][T13238] ip_generic_getfrag+0x1fb/0x3c0 [ 410.206387][T13238] raw6_getfrag+0x552/0x600 [ 410.210878][T13238] __ip6_append_data+0x507b/0x6320 [ 410.216014][T13238] ip6_append_data+0x3cb/0x660 [ 410.220769][T13238] rawv6_sendmsg+0x32bb/0x5c30 [ 410.226993][T13238] inet_sendmsg+0x2d8/0x2e0 [ 410.231481][T13238] kernel_sendmsg+0x384/0x440 [ 410.236154][T13238] sock_no_sendpage+0x235/0x300 [ 410.241112][T13238] sock_sendpage+0x1e1/0x2c0 [ 410.245721][T13238] pipe_to_sendpage+0x38c/0x4c0 [ 410.250560][T13238] __splice_from_pipe+0x565/0xf00 [ 410.255571][T13238] generic_splice_sendpage+0x1d5/0x2d0 [ 410.261011][T13238] direct_splice_actor+0x1fd/0x580 [ 410.266105][T13238] splice_direct_to_actor+0x6b2/0xf50 [ 410.271461][T13238] do_splice_direct+0x342/0x580 [ 410.276293][T13238] do_sendfile+0x101b/0x1d40 [ 410.280891][T13238] __se_sys_sendfile64+0x2bb/0x360 [ 410.285984][T13238] __x64_sys_sendfile64+0x56/0x70 [ 410.291076][T13238] do_syscall_64+0xb0/0x150 [ 410.295563][T13238] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 410.301434][T13238] [ 410.303742][T13238] Uninit was created at: [ 410.307967][T13238] kmsan_save_stack_with_flags+0x3c/0x90 [ 410.313579][T13238] kmsan_alloc_page+0xb9/0x180 [ 410.318325][T13238] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 410.323856][T13238] alloc_pages_current+0x672/0x990 [ 410.329107][T13238] push_pipe+0x605/0xb70 [ 410.333342][T13238] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 410.339057][T13238] do_splice_to+0x4fc/0x14f0 [ 410.343638][T13238] splice_direct_to_actor+0x45c/0xf50 [ 410.349000][T13238] do_splice_direct+0x342/0x580 [ 410.353897][T13238] do_sendfile+0x101b/0x1d40 [ 410.358508][T13238] __se_sys_sendfile64+0x2bb/0x360 [ 410.363615][T13238] __x64_sys_sendfile64+0x56/0x70 [ 410.368677][T13238] do_syscall_64+0xb0/0x150 [ 410.373253][T13238] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 410.379124][T13238] ===================================================== [ 410.386035][T13238] Disabling lock debugging due to kernel taint [ 410.392169][T13238] Kernel panic - not syncing: panic_on_warn set ... [ 410.398742][T13238] CPU: 0 PID: 13238 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 410.408783][T13238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.418838][T13238] Call Trace: [ 410.422134][T13238] dump_stack+0x1df/0x240 [ 410.426458][T13238] panic+0x3d5/0xc3e [ 410.430373][T13238] kmsan_report+0x1df/0x1e0 [ 410.434866][T13238] __msan_warning+0x58/0xa0 [ 410.439374][T13238] nf_conntrack_invert_icmp_tuple+0xaa/0x2c0 [ 410.445340][T13238] nf_ct_invert_tuple+0x346/0x590 [ 410.450399][T13238] init_conntrack+0x116/0x1ff0 [ 410.455181][T13238] nf_conntrack_in+0x1341/0x26b1 [ 410.460176][T13238] ipv6_conntrack_local+0x68/0x80 [ 410.465194][T13238] ? ipv6_conntrack_in+0x80/0x80 [ 410.470126][T13238] nf_hook_slow+0x16e/0x400 [ 410.474626][T13238] __ip6_local_out+0x56d/0x750 [ 410.479381][T13238] ? __ip6_local_out+0x750/0x750 [ 410.484304][T13238] ip6_local_out+0xa4/0x1d0 [ 410.488800][T13238] ip6_push_pending_frames+0x213/0x4f0 [ 410.494256][T13238] rawv6_sendmsg+0x4233/0x5c30 [ 410.499005][T13238] ? is_module_text_address+0x4d/0x2a0 [ 410.504454][T13238] ? kmsan_get_metadata+0x11d/0x180 [ 410.509692][T13238] ? kmsan_get_metadata+0x11d/0x180 [ 410.514892][T13238] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 410.520706][T13238] ? udp_cmsg_send+0x5d0/0x5d0 [ 410.525469][T13238] ? compat_rawv6_ioctl+0x100/0x100 [ 410.530655][T13238] inet_sendmsg+0x2d8/0x2e0 [ 410.535155][T13238] ? inet_send_prepare+0x600/0x600 [ 410.540254][T13238] kernel_sendmsg+0x384/0x440 [ 410.544923][T13238] sock_no_sendpage+0x235/0x300 [ 410.549772][T13238] ? sock_no_mmap+0x30/0x30 [ 410.554287][T13238] sock_sendpage+0x1e1/0x2c0 [ 410.558872][T13238] pipe_to_sendpage+0x38c/0x4c0 [ 410.563708][T13238] ? sock_fasync+0x250/0x250 [ 410.568292][T13238] __splice_from_pipe+0x565/0xf00 [ 410.573305][T13238] ? generic_splice_sendpage+0x2d0/0x2d0 [ 410.578996][T13238] generic_splice_sendpage+0x1d5/0x2d0 [ 410.584536][T13238] ? iter_file_splice_write+0x1800/0x1800 [ 410.590240][T13238] direct_splice_actor+0x1fd/0x580 [ 410.595370][T13238] ? kmsan_get_metadata+0x4f/0x180 [ 410.600485][T13238] splice_direct_to_actor+0x6b2/0xf50 [ 410.605858][T13238] ? do_splice_direct+0x580/0x580 [ 410.610889][T13238] do_splice_direct+0x342/0x580 [ 410.615741][T13238] do_sendfile+0x101b/0x1d40 [ 410.620338][T13238] __se_sys_sendfile64+0x2bb/0x360 [ 410.625435][T13238] ? kmsan_get_metadata+0x4f/0x180 [ 410.631247][T13238] __x64_sys_sendfile64+0x56/0x70 [ 410.636263][T13238] do_syscall_64+0xb0/0x150 [ 410.640756][T13238] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 410.646633][T13238] RIP: 0033:0x45c1d9 [ 410.650521][T13238] Code: Bad RIP value. [ 410.654581][T13238] RSP: 002b:00007fad9c1c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 410.663076][T13238] RAX: ffffffffffffffda RBX: 00000000000260c0 RCX: 000000000045c1d9 [ 410.671039][T13238] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 410.679027][T13238] RBP: 000000000078bfe8 R08: 0000000000000000 R09: 0000000000000000 [ 410.686981][T13238] R10: 000000000000a808 R11: 0000000000000246 R12: 000000000078bfac [ 410.694934][T13238] R13: 0000000000c9fb6f R14: 00007fad9c1c19c0 R15: 000000000078bfac [ 410.704586][T13238] Kernel Offset: 0x16600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 410.716203][T13238] Rebooting in 86400 seconds..